diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml index 65001ead9fc28..f3ad03a4e7598 100644 --- a/.buildkite/ftr_configs.yml +++ b/.buildkite/ftr_configs.yml @@ -193,7 +193,6 @@ enabled: - x-pack/test/api_integration/config_security_basic.ts - x-pack/test/api_integration/config_security_trial.ts - x-pack/test/api_integration/apis/aiops/config.ts - - x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts - x-pack/test/api_integration/apis/cases/config.ts - x-pack/test/api_integration/apis/content_management/config.ts - x-pack/test/api_integration/apis/cloud_security_posture/config.ts diff --git a/.buildkite/package-lock.json b/.buildkite/package-lock.json index b782b9c1d34eb..763e8fb659c9b 100644 --- a/.buildkite/package-lock.json +++ b/.buildkite/package-lock.json @@ -388,11 +388,11 @@ } }, "node_modules/braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dependencies": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" }, "engines": { "node": ">=8" @@ -660,9 +660,9 @@ } }, "node_modules/fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dependencies": { "to-regex-range": "^5.0.1" }, @@ -1980,11 +1980,11 @@ } }, "braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "requires": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" } }, "browser-stdout": { @@ -2176,9 +2176,9 @@ } }, "fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "requires": { "to-regex-range": "^5.0.1" } diff --git a/.buildkite/pipeline-utils/agent_images.ts b/.buildkite/pipeline-utils/agent_images.ts index 0d1c2f859b0a1..0606f036b1c64 100644 --- a/.buildkite/pipeline-utils/agent_images.ts +++ b/.buildkite/pipeline-utils/agent_images.ts @@ -20,7 +20,7 @@ const DEFAULT_AGENT_IMAGE_CONFIG: AgentImageConfig = { const FIPS_AGENT_IMAGE_CONFIG: AgentImageConfig = { provider: 'gcp', image: 'family/kibana-fips-ubuntu-2004', - imageProject: 'elastic-images-qa', + imageProject: 'elastic-images-prod', }; const GITHUB_PR_LABELS = process.env.GITHUB_PR_LABELS ?? ''; diff --git a/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml b/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml index 81f04f933208c..aae27bd38af0f 100644 --- a/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml +++ b/.buildkite/pipelines/es_serverless/verify_es_serverless_image.yml @@ -5,7 +5,7 @@ # SKIP_VERIFICATION: if set to 1/true, it will skip running all tests # SKIP_CYPRESS: if set to 1/true, it will skip running the cypress tests # FTR_EXTRA_ARGS: a string argument, if passed, it will be forwarded verbatim to the FTR run script -# ES_SERVERLESS_IMAGE: the tag for the docker image to test, in the form of docker.elastic.co/elasticsearch-ci/elasticsearch-serverless:$TAG +# ES_SERVERLESS_IMAGE: the full image path for the docker image to test # BUILDKITE_COMMIT: the commit hash of the kibana branch to test agents: @@ -16,16 +16,7 @@ agents: steps: - label: "Annotate runtime parameters" - command: | - buildkite-agent annotate --context kibana-commit --style info "Kibana build hash: $BUILDKITE_BRANCH / $BUILDKITE_COMMIT" - cat << EOF | buildkite-agent annotate --context es-serverless-image --style info - ES Serverless image: \`$ES_SERVERLESS_IMAGE\` - - To run this locally: - \`\`\` - node scripts/es serverless --image $ES_SERVERLESS_IMAGE - \`\`\` - EOF + command: .buildkite/scripts/steps/es_serverless/annotate_runtime_parameters.sh - group: "(:kibana: x :elastic:) Trigger Kibana Serverless suite" if: "build.env('SKIP_VERIFICATION') != '1' && build.env('SKIP_VERIFICATION') != 'true'" diff --git a/.buildkite/pipelines/fips.yml b/.buildkite/pipelines/fips.yml index d1dde1c08bfb1..09ae10496456f 100644 --- a/.buildkite/pipelines/fips.yml +++ b/.buildkite/pipelines/fips.yml @@ -1,32 +1,63 @@ env: - DISABLE_CI_STATS_SHIPPING: "true" + DISABLE_CI_STATS_SHIPPING: 'true' + KBN_ENABLE_FIPS: 'true' + TEST_BROWSER_HEADLESS: 1 +agents: + provider: 'gcp' + image: 'family/kibana-fips-ubuntu-2004' + imageProject: 'elastic-images-prod' steps: + - command: .buildkite/scripts/lifecycle/pre_build.sh + label: Pre-Build + key: pre-build + timeout_in_minutes: 10 + agents: + machineType: n2-standard-2 + + - wait + - command: .buildkite/scripts/steps/build_kibana.sh label: Build Kibana Distribution and Plugins agents: - image: family/kibana-ubuntu-2004 - imageProject: elastic-images-prod - provider: gcp machineType: n2-standard-16 preemptible: true key: build if: "build.env('KIBANA_BUILD_ID') == null || build.env('KIBANA_BUILD_ID') == ''" + depends_on: pre-build timeout_in_minutes: 60 retry: automatic: - - exit_status: "-1" + - exit_status: '-1' limit: 3 - wait - - command: TEST_PACKAGE=fips .buildkite/scripts/steps/package_testing/test.sh - label: "Smoke testing for FIPS" + - command: .buildkite/scripts/steps/checks/verify_fips_enabled.sh + label: 'Verify FIPS Enabled' + depends_on: build + timeout_in_minutes: 10 + agents: + machineType: n2-standard-2 + preemptible: true + + - command: .buildkite/scripts/steps/fips/smoke_test.sh + label: 'Pick Smoke Test Group Run Order' + depends_on: build + timeout_in_minutes: 10 + env: + FTR_CONFIGS_SCRIPT: '.buildkite/scripts/steps/test/ftr_configs.sh' + FTR_EXTRA_ARGS: '$FTR_EXTRA_ARGS' + LIMIT_CONFIG_TYPE: 'functional' + retry: + automatic: + - exit_status: '*' + limit: 1 + + - wait: ~ + continue_on_failure: true + + - command: .buildkite/scripts/lifecycle/post_build.sh + label: Post-Build + timeout_in_minutes: 10 agents: - image: family/kibana-ubuntu-2004 - imageProject: elastic-images-prod - provider: gcp - enableNestedVirtualization: true - localSsds: 1 - localSsdInterface: nvme - machineType: n2-standard-4 - timeout_in_minutes: 600 + machineType: n2-standard-2 diff --git a/.buildkite/pipelines/pull_request/observability_onboarding_cypress.yml b/.buildkite/pipelines/pull_request/observability_onboarding_cypress.yml index 300c148a09b3f..b5831e7bb471d 100644 --- a/.buildkite/pipelines/pull_request/observability_onboarding_cypress.yml +++ b/.buildkite/pipelines/pull_request/observability_onboarding_cypress.yml @@ -8,7 +8,6 @@ steps: - build - quick_checks timeout_in_minutes: 120 - parallelism: 2 retry: automatic: - exit_status: '-1' diff --git a/.buildkite/scripts/pipelines/pull_request/pipeline.ts b/.buildkite/scripts/pipelines/pull_request/pipeline.ts index 035ab108a6b88..c6b28bc20c6f3 100644 --- a/.buildkite/scripts/pipelines/pull_request/pipeline.ts +++ b/.buildkite/scripts/pipelines/pull_request/pipeline.ts @@ -83,7 +83,7 @@ const getPipeline = (filename: string, removeSteps = true) => { if ( (await doAnyChangesMatch([ - /^x-pack\/plugins\/observability_onboarding/, + /^x-pack\/plugins\/observability_solution\/observability_onboarding/, /^x-pack\/plugins\/fleet/, ])) || GITHUB_PR_LABELS.includes('ci:all-cypress-suites') diff --git a/.buildkite/scripts/steps/checks.sh b/.buildkite/scripts/steps/checks.sh index ef2b14c3e2f82..2844d8eee212f 100755 --- a/.buildkite/scripts/steps/checks.sh +++ b/.buildkite/scripts/steps/checks.sh @@ -5,7 +5,7 @@ set -euo pipefail export DISABLE_BOOTSTRAP_VALIDATION=false .buildkite/scripts/bootstrap.sh -if [[ "${FIPS_ENABLED:-}" == "true" ]]; then +if [[ "${FTR_ENABLE_FIPS_AGENT:-}" == "true" ]]; then .buildkite/scripts/steps/checks/verify_fips_enabled.sh fi .buildkite/scripts/steps/checks/saved_objects_compat_changes.sh diff --git a/.buildkite/scripts/steps/checks/verify_fips_enabled.sh b/.buildkite/scripts/steps/checks/verify_fips_enabled.sh index 6a4a7e2ebd35c..49b2864bcaa74 100755 --- a/.buildkite/scripts/steps/checks/verify_fips_enabled.sh +++ b/.buildkite/scripts/steps/checks/verify_fips_enabled.sh @@ -2,7 +2,11 @@ set -euo pipefail -source .buildkite/scripts/common/util.sh +# This script is part of checks.sh in the PR pipeline but is called directly in the FIPS pipeline, so we need to bootstrap +if [[ -z "${BASH_SOURCE[1]+x}" || "${BASH_SOURCE[1]}" != *"checks.sh"* ]]; then + export DISABLE_BOOTSTRAP_VALIDATION=false + .buildkite/scripts/bootstrap.sh +fi .buildkite/scripts/download_build_artifacts.sh diff --git a/.buildkite/scripts/steps/es_serverless/annotate_runtime_parameters.sh b/.buildkite/scripts/steps/es_serverless/annotate_runtime_parameters.sh new file mode 100644 index 0000000000000..c3cc571f8a4dc --- /dev/null +++ b/.buildkite/scripts/steps/es_serverless/annotate_runtime_parameters.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash + +set -euo pipefail + +KIBANA_GITHUB_URL="https://github.com/elastic/kibana" +ES_SERVERLESS_GITHUB_URL="https://github.com/elastic/elasticsearch-serverless" + +if [[ -z "$ES_SERVERLESS_IMAGE" ]]; then + echo "ES_SERVERLESS_IMAGE is not set" + exit 1 +elif [[ "$ES_SERVERLESS_IMAGE" != *"docker.elastic.co"* ]]; then + echo "ES_SERVERLESS_IMAGE should be a docker.elastic.co image" + exit 1 +fi + +# Pull the target image +if [[ $ES_SERVERLESS_IMAGE != *":git-"* ]]; then + docker pull "$ES_SERVERLESS_IMAGE" + ES_SERVERLESS_VERSION=$(docker inspect --format='{{json .Config.Labels}}' "$ES_SERVERLESS_IMAGE" | jq -r '.["org.opencontainers.image.revision"]' | cut -c1-12) + + IMAGE_WITHOUT_TAG=$(echo "$ES_SERVERLESS_IMAGE" | cut -d: -f1) + ES_SERVERLESS_IMAGE_FULL="${IMAGE_WITHOUT_TAG}:git-${ES_SERVERLESS_VERSION}" +else + ES_SERVERLESS_IMAGE_FULL=$ES_SERVERLESS_IMAGE + ES_SERVERLESS_VERSION=$(echo "$ES_SERVERLESS_IMAGE_FULL" | cut -d: -f2 | cut -d- -f2) +fi + +buildkite-agent annotate --context kibana-commit --style info "Kibana version: $BUILDKITE_BRANCH / [$BUILDKITE_COMMIT]($KIBANA_GITHUB_URL/commit/$BUILDKITE_COMMIT)" +buildkite-agent annotate --context es-serverless-commit --style info "ES Serverless version: [$ES_SERVERLESS_VERSION]($ES_SERVERLESS_GITHUB_URL/commit/$ES_SERVERLESS_VERSION)" + +cat << EOF | buildkite-agent annotate --context es-serverless-image --style info + ES Serverless image: \`${ES_SERVERLESS_IMAGE_FULL}\` + + To run this locally: + \`\`\` + node scripts/es serverless --image $ES_SERVERLESS_IMAGE_FULL + \`\`\` +EOF diff --git a/.buildkite/scripts/steps/fips/smoke_test.sh b/.buildkite/scripts/steps/fips/smoke_test.sh index 5c70e8c2057df..685bb111ff81a 100755 --- a/.buildkite/scripts/steps/fips/smoke_test.sh +++ b/.buildkite/scripts/steps/fips/smoke_test.sh @@ -1,12 +1,10 @@ #!/usr/bin/env bash -if [ -z "$KIBANA_BUILD_LOCATION" ]; then - export KIBANA_BUILD_LOCATION="/usr/share/kibana" -fi - -# a FTR failure will result in the script returning an exit code of 10 -exitCode=0 +set -euo pipefail +# Limit the FTR configs for now to avoid running all the tests. Once we're +# ready to utilize the full FTR suite in FIPS mode, we can remove this file and +# call pick_test_group_run_order.sh directly in .buildkite/pipelines/fips.yml. configs=( "x-pack/test/reporting_functional/reporting_and_security.config.ts" "x-pack/test/saved_object_api_integration/security_and_spaces/config_trial.ts" @@ -19,34 +17,8 @@ configs=( "x-pack/test/functional/apps/security/config.ts" ) -cd /home/vagrant/kibana - -for config in "${configs[@]}"; do - set +e - node /home/vagrant/kibana/scripts/functional_tests \ - --bail \ - --kibana-install-dir "$KIBANA_BUILD_LOCATION" \ - --config="$config" - lastCode=$? - set -e - - if [ $lastCode -ne 0 ]; then - exitCode=10 - echo "FTR exited with code $lastCode" - echo "^^^ +++" - - if [[ "$failedConfigs" ]]; then - failedConfigs="${failedConfigs}"$'\n'"- ${config}" - else - failedConfigs="### Failed FTR Configs"$'\n'"- ${config}" - fi - fi -done - -if [[ "$failedConfigs" ]]; then - echo "$failedConfigs" >/home/vagrant/ftr_failed_configs -fi - -echo "--- FIPS smoke test complete" +printf -v FTR_CONFIG_PATTERNS '%s,' "${configs[@]}" +FTR_CONFIG_PATTERNS="${FTR_CONFIG_PATTERNS%,}" +export FTR_CONFIG_PATTERNS -exit $exitCode +.buildkite/scripts/steps/test/pick_test_group_run_order.sh diff --git a/.buildkite/scripts/steps/package_testing/test.sh b/.buildkite/scripts/steps/package_testing/test.sh index 4917932e05228..c16d5cf98b5f5 100755 --- a/.buildkite/scripts/steps/package_testing/test.sh +++ b/.buildkite/scripts/steps/package_testing/test.sh @@ -21,25 +21,17 @@ elif [[ "$TEST_PACKAGE" == "rpm" ]]; then elif [[ "$TEST_PACKAGE" == "docker" ]]; then download_artifact "kibana-$KIBANA_PKG_VERSION*-docker-image.tar.gz" . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}" KIBANA_IP_ADDRESS="192.168.56.7" -elif [[ "$TEST_PACKAGE" == "fips" ]]; then - download_artifact kibana-default.tar.gz . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}" - download_artifact kibana-default-plugins.tar.gz . --build "${KIBANA_BUILD_ID:-$BUILDKITE_BUILD_ID}" fi cd .. export VAGRANT_CWD=$PWD/test/package +vagrant up "$TEST_PACKAGE" --no-provision -if [[ "$TEST_PACKAGE" == "fips" ]]; then - vagrant up "$TEST_PACKAGE" -else - vagrant up "$TEST_PACKAGE" --no-provision - - node scripts/es snapshot \ - -E network.bind_host=127.0.0.1,192.168.56.1 \ - -E discovery.type=single-node \ - --license=trial & - while ! timeout 1 bash -c "echo > /dev/tcp/localhost/9200"; do sleep 30; done -fi +node scripts/es snapshot \ + -E network.bind_host=127.0.0.1,192.168.56.1 \ + -E discovery.type=single-node \ + --license=trial & +while ! timeout 1 bash -c "echo > /dev/tcp/localhost/9200"; do sleep 30; done function echoKibanaLogs { if [[ "$TEST_PACKAGE" == "deb" ]] || [[ "$TEST_PACKAGE" == "rpm" ]]; then @@ -55,29 +47,13 @@ function echoKibanaLogs { } trap "echoKibanaLogs" EXIT -if [[ "$TEST_PACKAGE" == "fips" ]]; then - set +e - vagrant ssh $TEST_PACKAGE -t -c "/home/vagrant/kibana/.buildkite/scripts/steps/fips/smoke_test.sh" - exitCode=$? - - vagrant ssh $TEST_PACKAGE -t -c "cat /home/vagrant/ftr_failed_configs 2>/dev/null" >ftr_failed_configs - set -e - - if [ -s ftr_failed_configs ]; then - cat ftr_failed_configs | buildkite-agent annotate --style "error" - fi - - exit $exitCode -else - vagrant provision "$TEST_PACKAGE" +vagrant provision "$TEST_PACKAGE" - export TEST_BROWSER_HEADLESS=1 - export TEST_KIBANA_URL="http://elastic:changeme@$KIBANA_IP_ADDRESS:5601" - export TEST_ES_URL="http://elastic:changeme@192.168.56.1:9200" +export TEST_BROWSER_HEADLESS=1 +export TEST_KIBANA_URL="http://elastic:changeme@$KIBANA_IP_ADDRESS:5601" +export TEST_ES_URL="http://elastic:changeme@192.168.56.1:9200" - echo "--- FTR - Reporting" +cd x-pack - cd x-pack - - node scripts/functional_test_runner.js --config test/functional/apps/visualize/config.ts --include-tag=smoke --quiet -fi +echo "--- FTR - Reporting" +node scripts/functional_test_runner.js --config test/functional/apps/visualize/config.ts --include-tag=smoke --quiet diff --git a/.buildkite/scripts/steps/test/pick_test_group_run_order.sh b/.buildkite/scripts/steps/test/pick_test_group_run_order.sh old mode 100644 new mode 100755 diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 27be6bf2a7c1d..2dd7f2a8c6aee 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -47,7 +47,6 @@ packages/kbn-apm-synthtrace-client @elastic/obs-ux-infra_services-team @elastic/ packages/kbn-apm-utils @elastic/obs-ux-infra_services-team test/plugin_functional/plugins/app_link_test @elastic/kibana-core x-pack/test/usage_collection/plugins/application_usage_test @elastic/kibana-core -x-pack/plugins/observability_solution/asset_manager @elastic/obs-knowledge-team x-pack/plugins/observability_solution/assets_data_access @elastic/obs-knowledge-team x-pack/test/security_api_integration/plugins/audit_log @elastic/kibana-security packages/kbn-axe-config @elastic/kibana-qa @@ -391,6 +390,7 @@ x-pack/examples/embedded_lens_example @elastic/kibana-visualizations x-pack/plugins/encrypted_saved_objects @elastic/kibana-security x-pack/plugins/enterprise_search @elastic/search-kibana x-pack/packages/kbn-entities-schema @elastic/obs-knowledge-team +x-pack/plugins/observability_solution/entity_manager @elastic/obs-knowledge-team examples/error_boundary @elastic/appex-sharedux packages/kbn-es @elastic/kibana-operations packages/kbn-es-archiver @elastic/kibana-operations @elastic/appex-qa @@ -727,6 +727,8 @@ packages/kbn-search-response-warnings @elastic/kibana-data-discovery packages/kbn-search-types @elastic/kibana-data-discovery x-pack/plugins/searchprofiler @elastic/kibana-management x-pack/test/security_api_integration/packages/helpers @elastic/kibana-security +x-pack/packages/security/api_key_management @elastic/kibana-security +x-pack/packages/security/form_components @elastic/kibana-security packages/kbn-security-hardening @elastic/kibana-security x-pack/plugins/security @elastic/kibana-security x-pack/packages/security/plugin_types_common @elastic/kibana-security @@ -1350,7 +1352,7 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib # Enterprise Search /x-pack/test/functional_enterprise_search/ @elastic/search-kibana -/x-pack/plugins/enterprise_search/public/applications/shared/doc_links @elastic/ent-search-docs-team +/x-pack/plugins/enterprise_search/public/applications/shared/doc_links @elastic/platform-docs /x-pack/test_serverless/api_integration/test_suites/search/serverless_search @elastic/search-kibana /x-pack/test_serverless/functional/test_suites/search/ @elastic/search-kibana diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx index 95ec7e2f71c8d..94aa9d8c2910b 100644 --- a/api_docs/actions.mdx +++ b/api_docs/actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/actions title: "actions" image: https://source.unsplash.com/400x175/?github description: API docs for the actions plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'actions'] --- import actionsObj from './actions.devdocs.json'; diff --git a/api_docs/advanced_settings.mdx b/api_docs/advanced_settings.mdx index 719ce6dd0a41c..baabdd1cf4bad 100644 --- a/api_docs/advanced_settings.mdx +++ b/api_docs/advanced_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/advancedSettings title: "advancedSettings" image: https://source.unsplash.com/400x175/?github description: API docs for the advancedSettings plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'advancedSettings'] --- import advancedSettingsObj from './advanced_settings.devdocs.json'; diff --git a/api_docs/ai_assistant_management_selection.mdx b/api_docs/ai_assistant_management_selection.mdx index 6ce3ab8045bd1..0e41a8d0f3e77 100644 --- a/api_docs/ai_assistant_management_selection.mdx +++ b/api_docs/ai_assistant_management_selection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiAssistantManagementSelection title: "aiAssistantManagementSelection" image: https://source.unsplash.com/400x175/?github description: API docs for the aiAssistantManagementSelection plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiAssistantManagementSelection'] --- import aiAssistantManagementSelectionObj from './ai_assistant_management_selection.devdocs.json'; diff --git a/api_docs/aiops.mdx b/api_docs/aiops.mdx index df8650b0a7fe0..e79131097f8cf 100644 --- a/api_docs/aiops.mdx +++ b/api_docs/aiops.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiops title: "aiops" image: https://source.unsplash.com/400x175/?github description: API docs for the aiops plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiops'] --- import aiopsObj from './aiops.devdocs.json'; diff --git a/api_docs/alerting.devdocs.json b/api_docs/alerting.devdocs.json index ae254deee2fc2..010cbaafd57b4 100644 --- a/api_docs/alerting.devdocs.json +++ b/api_docs/alerting.devdocs.json @@ -1546,6 +1546,27 @@ "path": "packages/kbn-alerting-types/action_group_types.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "alerting", + "id": "def-server.ActionGroup.severity", + "type": "Object", + "tags": [], + "label": "severity", + "description": [], + "signature": [ + { + "pluginId": "@kbn/alerting-types", + "scope": "common", + "docId": "kibKbnAlertingTypesPluginApi", + "section": "def-common.ActionGroupSeverity", + "text": "ActionGroupSeverity" + }, + " | undefined" + ], + "path": "packages/kbn-alerting-types/action_group_types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false @@ -5389,7 +5410,7 @@ }, ">, \"id\" | \"snoozeSchedule\">; version?: string | undefined; }) => Promise; unmuteAll: (options: { id: string; }) => Promise; muteInstance: (options: Readonly<{} & { alertId: string; alertInstanceId: string; }>) => Promise; unmuteInstance: (options: Readonly<{} & { alertId: string; alertInstanceId: string; }>) => Promise; bulkUntrackAlerts: (options: Readonly<{ indices?: string[] | undefined; featureIds?: string[] | undefined; alertUuids?: string[] | undefined; query?: any[] | undefined; } & { isUsingQuery: boolean; }>) => Promise; runSoon: (options: { id: string; }) => Promise; listRuleTypes: () => Promise>; scheduleBackfill: (params: Readonly<{ end?: string | undefined; } & { start: string; ruleId: string; }>[]) => Promise<(Readonly<{ end?: string | undefined; } & { id: string; spaceId: string; start: string; rule: Readonly<{ apiKeyCreatedByUser?: boolean | null | undefined; } & { params: Record; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }> | Readonly<{} & { error: Readonly<{} & { error: string; message: string; }>; }>)[]>; getBackfill: (id: string) => Promise; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }>>; findBackfill: (params: Readonly<{ start?: string | undefined; end?: string | undefined; sortField?: \"start\" | \"createdAt\" | undefined; sortOrder?: \"asc\" | \"desc\" | undefined; ruleIds?: string | undefined; } & { page: number; perPage: number; }>) => Promise; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }>[]; }>>; deleteBackfill: (id: string) => Promise<{}>; getSpaceId: () => string | undefined; getAuthorization: () => ", + ">>; scheduleBackfill: (params: Readonly<{ end?: string | undefined; } & { start: string; ruleId: string; }>[]) => Promise<(Readonly<{ end?: string | undefined; } & { id: string; spaceId: string; start: string; rule: Readonly<{ apiKeyCreatedByUser?: boolean | null | undefined; } & { params: Record; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }> | Readonly<{} & { error: Readonly<{ status?: number | undefined; } & { message: string; rule: Readonly<{ name?: string | undefined; } & { id: string; }>; }>; }>)[]>; getBackfill: (id: string) => Promise; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }>>; findBackfill: (params: Readonly<{ start?: string | undefined; end?: string | undefined; sortField?: \"start\" | \"createdAt\" | undefined; sortOrder?: \"asc\" | \"desc\" | undefined; ruleIds?: string | undefined; } & { page: number; perPage: number; }>) => Promise; id: string; consumer: string; name: string; tags: string[]; enabled: boolean; alertTypeId: string; schedule: Readonly<{} & { interval: string; }>; createdBy: string | null; updatedBy: string | null; createdAt: string; updatedAt: string; apiKeyOwner: string | null; revision: number; }>; enabled: boolean; schedule: Readonly<{} & { interval: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; runAt: string; }>[]; createdAt: string; duration: string; status: \"error\" | \"running\" | \"complete\" | \"pending\" | \"timeout\"; }>[]; }>>; deleteBackfill: (id: string) => Promise<{}>; getSpaceId: () => string | undefined; getAuthorization: () => ", { "pluginId": "alerting", "scope": "server", @@ -6565,6 +6586,27 @@ "path": "packages/kbn-alerting-types/action_group_types.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "alerting", + "id": "def-common.ActionGroup.severity", + "type": "Object", + "tags": [], + "label": "severity", + "description": [], + "signature": [ + { + "pluginId": "@kbn/alerting-types", + "scope": "common", + "docId": "kibKbnAlertingTypesPluginApi", + "section": "def-common.ActionGroupSeverity", + "text": "ActionGroupSeverity" + }, + " | undefined" + ], + "path": "packages/kbn-alerting-types/action_group_types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false @@ -14609,7 +14651,15 @@ "label": "RecoveredActionGroup", "description": [], "signature": [ - "{ readonly id: \"recovered\"; readonly name: string; }" + "{ readonly id: \"recovered\"; readonly name: string; readonly severity?: ", + { + "pluginId": "@kbn/alerting-types", + "scope": "common", + "docId": "kibKbnAlertingTypesPluginApi", + "section": "def-common.ActionGroupSeverity", + "text": "ActionGroupSeverity" + }, + " | undefined; }" ], "path": "packages/kbn-alerting-types/builtin_action_groups_types.ts", "deprecated": false, diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx index 39cbffb464ce2..870312c561bff 100644 --- a/api_docs/alerting.mdx +++ b/api_docs/alerting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/alerting title: "alerting" image: https://source.unsplash.com/400x175/?github description: API docs for the alerting plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'alerting'] --- import alertingObj from './alerting.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-o | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 868 | 1 | 836 | 54 | +| 870 | 1 | 838 | 52 | ## Client diff --git a/api_docs/apm.mdx b/api_docs/apm.mdx index 662623f517252..3a9e6a2f743a4 100644 --- a/api_docs/apm.mdx +++ b/api_docs/apm.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apm title: "apm" image: https://source.unsplash.com/400x175/?github description: API docs for the apm plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apm'] --- import apmObj from './apm.devdocs.json'; diff --git a/api_docs/apm_data_access.mdx b/api_docs/apm_data_access.mdx index bc150f5b76144..f82e6d1ebb83a 100644 --- a/api_docs/apm_data_access.mdx +++ b/api_docs/apm_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apmDataAccess title: "apmDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the apmDataAccess plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apmDataAccess'] --- import apmDataAccessObj from './apm_data_access.devdocs.json'; diff --git a/api_docs/asset_manager.devdocs.json b/api_docs/asset_manager.devdocs.json deleted file mode 100644 index cb0687b7f9922..0000000000000 --- a/api_docs/asset_manager.devdocs.json +++ /dev/null @@ -1,193 +0,0 @@ -{ - "id": "assetManager", - "client": { - "classes": [], - "functions": [], - "interfaces": [ - { - "parentPluginId": "assetManager", - "id": "def-public.AssetManagerPublicPluginSetup", - "type": "Interface", - "tags": [], - "label": "AssetManagerPublicPluginSetup", - "description": [], - "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "assetManager", - "id": "def-public.AssetManagerPublicPluginSetup.publicAssetsClient", - "type": "Object", - "tags": [], - "label": "publicAssetsClient", - "description": [], - "signature": [ - "IPublicAssetsClient" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts", - "deprecated": false, - "trackAdoption": false - }, - { - "parentPluginId": "assetManager", - "id": "def-public.AssetManagerPublicPluginSetup.entityClient", - "type": "Object", - "tags": [], - "label": "entityClient", - "description": [], - "signature": [ - "IEntityClient" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts", - "deprecated": false, - "trackAdoption": false - } - ], - "initialIsOpen": false - }, - { - "parentPluginId": "assetManager", - "id": "def-public.AssetManagerPublicPluginStart", - "type": "Interface", - "tags": [], - "label": "AssetManagerPublicPluginStart", - "description": [], - "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "assetManager", - "id": "def-public.AssetManagerPublicPluginStart.publicAssetsClient", - "type": "Object", - "tags": [], - "label": "publicAssetsClient", - "description": [], - "signature": [ - "IPublicAssetsClient" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts", - "deprecated": false, - "trackAdoption": false - }, - { - "parentPluginId": "assetManager", - "id": "def-public.AssetManagerPublicPluginStart.entityClient", - "type": "Object", - "tags": [], - "label": "entityClient", - "description": [], - "signature": [ - "IEntityClient" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/public/types.ts", - "deprecated": false, - "trackAdoption": false - } - ], - "initialIsOpen": false - } - ], - "enums": [], - "misc": [ - { - "parentPluginId": "assetManager", - "id": "def-public.AssetManagerAppId", - "type": "Type", - "tags": [], - "label": "AssetManagerAppId", - "description": [], - "signature": [ - "\"assetManager\"" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/public/index.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - } - ], - "objects": [] - }, - "server": { - "classes": [], - "functions": [], - "interfaces": [], - "enums": [], - "misc": [ - { - "parentPluginId": "assetManager", - "id": "def-server.AssetManagerConfig", - "type": "Type", - "tags": [], - "label": "AssetManagerConfig", - "description": [], - "signature": [ - "{ readonly alphaEnabled?: boolean | undefined; readonly sourceIndices: Readonly<{} & { logs: string; }>; }" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/common/config.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - }, - { - "parentPluginId": "assetManager", - "id": "def-server.WriteSamplesPostBody", - "type": "Type", - "tags": [], - "label": "WriteSamplesPostBody", - "description": [], - "signature": [ - "{ baseDateTime?: string | number | undefined; excludeEans?: string[] | undefined; refresh?: boolean | \"wait_for\" | undefined; } | null" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - } - ], - "objects": [], - "setup": { - "parentPluginId": "assetManager", - "id": "def-server.AssetManagerServerPluginSetup", - "type": "Type", - "tags": [], - "label": "AssetManagerServerPluginSetup", - "description": [], - "signature": [ - "{ assetClient: ", - "AssetClient", - "; } | undefined" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/server/plugin.ts", - "deprecated": false, - "trackAdoption": false, - "lifecycle": "setup", - "initialIsOpen": true - }, - "start": { - "parentPluginId": "assetManager", - "id": "def-server.AssetManagerServerPluginStart", - "type": "Type", - "tags": [], - "label": "AssetManagerServerPluginStart", - "description": [], - "signature": [ - "{} | undefined" - ], - "path": "x-pack/plugins/observability_solution/asset_manager/server/plugin.ts", - "deprecated": false, - "trackAdoption": false, - "lifecycle": "start", - "initialIsOpen": true - } - }, - "common": { - "classes": [], - "functions": [], - "interfaces": [], - "enums": [], - "misc": [], - "objects": [] - } -} \ No newline at end of file diff --git a/api_docs/asset_manager.mdx b/api_docs/asset_manager.mdx deleted file mode 100644 index ca9527a761f5b..0000000000000 --- a/api_docs/asset_manager.mdx +++ /dev/null @@ -1,44 +0,0 @@ ---- -#### -#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. -#### Reach out in #docs-engineering for more info. -#### -id: kibAssetManagerPluginApi -slug: /kibana-dev-docs/api/assetManager -title: "assetManager" -image: https://source.unsplash.com/400x175/?github -description: API docs for the assetManager plugin -date: 2024-06-24 -tags: ['contributor', 'dev', 'apidocs', 'kibana', 'assetManager'] ---- -import assetManagerObj from './asset_manager.devdocs.json'; - -Asset manager plugin for entity assets (inventory, topology, etc) - -Contact [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) for questions regarding this plugin. - -**Code health stats** - -| Public API count | Any count | Items lacking comments | Missing exports | -|-------------------|-----------|------------------------|-----------------| -| 11 | 0 | 11 | 3 | - -## Client - -### Interfaces - - -### Consts, variables and types - - -## Server - -### Setup - - -### Start - - -### Consts, variables and types - - diff --git a/api_docs/assets_data_access.mdx b/api_docs/assets_data_access.mdx index 483fa485f35c3..544db5d9e6b5e 100644 --- a/api_docs/assets_data_access.mdx +++ b/api_docs/assets_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/assetsDataAccess title: "assetsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the assetsDataAccess plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'assetsDataAccess'] --- import assetsDataAccessObj from './assets_data_access.devdocs.json'; diff --git a/api_docs/banners.mdx b/api_docs/banners.mdx index 86496c5ab5c71..d0113c00c5beb 100644 --- a/api_docs/banners.mdx +++ b/api_docs/banners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/banners title: "banners" image: https://source.unsplash.com/400x175/?github description: API docs for the banners plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'banners'] --- import bannersObj from './banners.devdocs.json'; diff --git a/api_docs/bfetch.mdx b/api_docs/bfetch.mdx index 04a3131bd1f41..faab13ec1686a 100644 --- a/api_docs/bfetch.mdx +++ b/api_docs/bfetch.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/bfetch title: "bfetch" image: https://source.unsplash.com/400x175/?github description: API docs for the bfetch plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'bfetch'] --- import bfetchObj from './bfetch.devdocs.json'; diff --git a/api_docs/canvas.mdx b/api_docs/canvas.mdx index 8c5b2f165e34d..dbaee092a69ff 100644 --- a/api_docs/canvas.mdx +++ b/api_docs/canvas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/canvas title: "canvas" image: https://source.unsplash.com/400x175/?github description: API docs for the canvas plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'canvas'] --- import canvasObj from './canvas.devdocs.json'; diff --git a/api_docs/cases.devdocs.json b/api_docs/cases.devdocs.json index f0e42450539c8..c62a4c8d7c4c2 100644 --- a/api_docs/cases.devdocs.json +++ b/api_docs/cases.devdocs.json @@ -483,7 +483,7 @@ "section": "def-common.CaseSeverity", "text": "CaseSeverity" }, - "[] | undefined; assignees?: string | string[] | undefined; reporters?: string | string[] | undefined; defaultSearchOperator?: \"AND\" | \"OR\" | undefined; from?: string | undefined; search?: string | undefined; searchFields?: \"title\" | \"description\" | (\"title\" | \"description\")[] | undefined; sortField?: \"title\" | \"createdAt\" | \"updatedAt\" | \"status\" | \"category\" | \"severity\" | \"closedAt\" | undefined; sortOrder?: \"asc\" | \"desc\" | undefined; to?: string | undefined; owner?: string | string[] | undefined; category?: string | string[] | undefined; } & Partial<", + "[] | undefined; assignees?: string | string[] | undefined; reporters?: string | string[] | undefined; defaultSearchOperator?: \"AND\" | \"OR\" | undefined; from?: string | undefined; search?: string | undefined; searchFields?: \"title\" | \"description\" | (\"title\" | \"description\")[] | undefined; sortField?: \"title\" | \"createdAt\" | \"updatedAt\" | \"status\" | \"severity\" | \"category\" | \"closedAt\" | undefined; sortOrder?: \"asc\" | \"desc\" | undefined; to?: string | undefined; owner?: string | string[] | undefined; category?: string | string[] | undefined; } & Partial<", "Pagination", ">, signal?: AbortSignal | undefined) => Promise<", { diff --git a/api_docs/cases.mdx b/api_docs/cases.mdx index f088e34ffc626..fe85630efe016 100644 --- a/api_docs/cases.mdx +++ b/api_docs/cases.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cases title: "cases" image: https://source.unsplash.com/400x175/?github description: API docs for the cases plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cases'] --- import casesObj from './cases.devdocs.json'; diff --git a/api_docs/charts.mdx b/api_docs/charts.mdx index 7f09a4002570b..961009ee52d19 100644 --- a/api_docs/charts.mdx +++ b/api_docs/charts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/charts title: "charts" image: https://source.unsplash.com/400x175/?github description: API docs for the charts plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'charts'] --- import chartsObj from './charts.devdocs.json'; diff --git a/api_docs/cloud.mdx b/api_docs/cloud.mdx index e24d2f4c39842..74a1f886bfe2e 100644 --- a/api_docs/cloud.mdx +++ b/api_docs/cloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloud title: "cloud" image: https://source.unsplash.com/400x175/?github description: API docs for the cloud plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloud'] --- import cloudObj from './cloud.devdocs.json'; diff --git a/api_docs/cloud_data_migration.mdx b/api_docs/cloud_data_migration.mdx index 7f579dc0703cf..15fc14cfd7052 100644 --- a/api_docs/cloud_data_migration.mdx +++ b/api_docs/cloud_data_migration.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDataMigration title: "cloudDataMigration" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDataMigration plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDataMigration'] --- import cloudDataMigrationObj from './cloud_data_migration.devdocs.json'; diff --git a/api_docs/cloud_defend.mdx b/api_docs/cloud_defend.mdx index b7936513fd197..c881aa164ce9c 100644 --- a/api_docs/cloud_defend.mdx +++ b/api_docs/cloud_defend.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDefend title: "cloudDefend" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDefend plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDefend'] --- import cloudDefendObj from './cloud_defend.devdocs.json'; diff --git a/api_docs/cloud_experiments.mdx b/api_docs/cloud_experiments.mdx index 781d3f481b0ee..edcec43b19573 100644 --- a/api_docs/cloud_experiments.mdx +++ b/api_docs/cloud_experiments.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudExperiments title: "cloudExperiments" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudExperiments plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudExperiments'] --- import cloudExperimentsObj from './cloud_experiments.devdocs.json'; diff --git a/api_docs/cloud_security_posture.mdx b/api_docs/cloud_security_posture.mdx index d8bcf045593ed..645c246aea777 100644 --- a/api_docs/cloud_security_posture.mdx +++ b/api_docs/cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudSecurityPosture title: "cloudSecurityPosture" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudSecurityPosture plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudSecurityPosture'] --- import cloudSecurityPostureObj from './cloud_security_posture.devdocs.json'; diff --git a/api_docs/console.mdx b/api_docs/console.mdx index 1472e0899e7d2..590e6156569b8 100644 --- a/api_docs/console.mdx +++ b/api_docs/console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/console title: "console" image: https://source.unsplash.com/400x175/?github description: API docs for the console plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'console'] --- import consoleObj from './console.devdocs.json'; diff --git a/api_docs/content_management.mdx b/api_docs/content_management.mdx index 831923d729cde..e274518fae88a 100644 --- a/api_docs/content_management.mdx +++ b/api_docs/content_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/contentManagement title: "contentManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the contentManagement plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'contentManagement'] --- import contentManagementObj from './content_management.devdocs.json'; diff --git a/api_docs/controls.mdx b/api_docs/controls.mdx index 342c057c2f277..54a6c04ae1905 100644 --- a/api_docs/controls.mdx +++ b/api_docs/controls.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/controls title: "controls" image: https://source.unsplash.com/400x175/?github description: API docs for the controls plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'controls'] --- import controlsObj from './controls.devdocs.json'; diff --git a/api_docs/custom_integrations.mdx b/api_docs/custom_integrations.mdx index d542ce8567330..e8f2c826af759 100644 --- a/api_docs/custom_integrations.mdx +++ b/api_docs/custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/customIntegrations title: "customIntegrations" image: https://source.unsplash.com/400x175/?github description: API docs for the customIntegrations plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'customIntegrations'] --- import customIntegrationsObj from './custom_integrations.devdocs.json'; diff --git a/api_docs/dashboard.devdocs.json b/api_docs/dashboard.devdocs.json index d22dda4cd015b..de3639ca81e09 100644 --- a/api_docs/dashboard.devdocs.json +++ b/api_docs/dashboard.devdocs.json @@ -2559,7 +2559,7 @@ "\nFor BWC reasons, dashboard state is stored with panels as an array instead of a map" ], "signature": [ - "{ id?: string | undefined; tags?: string[] | undefined; title?: string | undefined; query?: ", + "{ id?: string | undefined; version?: string | undefined; tags?: string[] | undefined; title?: string | undefined; query?: ", { "pluginId": "@kbn/es-query", "scope": "common", @@ -2575,7 +2575,7 @@ "section": "def-common.Filter", "text": "Filter" }, - "[] | undefined; description?: string | undefined; version?: string | undefined; refreshInterval?: ", + "[] | undefined; description?: string | undefined; refreshInterval?: ", { "pluginId": "data", "scope": "common", diff --git a/api_docs/dashboard.mdx b/api_docs/dashboard.mdx index 39e7e68dee996..bcf167380d6b6 100644 --- a/api_docs/dashboard.mdx +++ b/api_docs/dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboard title: "dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboard plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboard'] --- import dashboardObj from './dashboard.devdocs.json'; diff --git a/api_docs/dashboard_enhanced.mdx b/api_docs/dashboard_enhanced.mdx index 844667abcfa11..0081e5f4b048d 100644 --- a/api_docs/dashboard_enhanced.mdx +++ b/api_docs/dashboard_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboardEnhanced title: "dashboardEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboardEnhanced plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboardEnhanced'] --- import dashboardEnhancedObj from './dashboard_enhanced.devdocs.json'; diff --git a/api_docs/data.mdx b/api_docs/data.mdx index 72205401036fd..cd28bc6067afa 100644 --- a/api_docs/data.mdx +++ b/api_docs/data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data title: "data" image: https://source.unsplash.com/400x175/?github description: API docs for the data plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data'] --- import dataObj from './data.devdocs.json'; diff --git a/api_docs/data_quality.mdx b/api_docs/data_quality.mdx index 01525ef61b93c..8387ace532b46 100644 --- a/api_docs/data_quality.mdx +++ b/api_docs/data_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataQuality title: "dataQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the dataQuality plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataQuality'] --- import dataQualityObj from './data_quality.devdocs.json'; diff --git a/api_docs/data_query.mdx b/api_docs/data_query.mdx index 42f33bcd387cb..189ada182ea05 100644 --- a/api_docs/data_query.mdx +++ b/api_docs/data_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-query title: "data.query" image: https://source.unsplash.com/400x175/?github description: API docs for the data.query plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.query'] --- import dataQueryObj from './data_query.devdocs.json'; diff --git a/api_docs/data_search.mdx b/api_docs/data_search.mdx index 7dfe59461fab2..45be31fd5c9df 100644 --- a/api_docs/data_search.mdx +++ b/api_docs/data_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-search title: "data.search" image: https://source.unsplash.com/400x175/?github description: API docs for the data.search plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.search'] --- import dataSearchObj from './data_search.devdocs.json'; diff --git a/api_docs/data_view_editor.mdx b/api_docs/data_view_editor.mdx index 85bf29acf3b91..57a8c348a9ba4 100644 --- a/api_docs/data_view_editor.mdx +++ b/api_docs/data_view_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewEditor title: "dataViewEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewEditor plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewEditor'] --- import dataViewEditorObj from './data_view_editor.devdocs.json'; diff --git a/api_docs/data_view_field_editor.mdx b/api_docs/data_view_field_editor.mdx index fa97a7a360bc0..1aee3d2994966 100644 --- a/api_docs/data_view_field_editor.mdx +++ b/api_docs/data_view_field_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewFieldEditor title: "dataViewFieldEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewFieldEditor plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewFieldEditor'] --- import dataViewFieldEditorObj from './data_view_field_editor.devdocs.json'; diff --git a/api_docs/data_view_management.mdx b/api_docs/data_view_management.mdx index 77003b58ea98d..0f59f3eb1a6db 100644 --- a/api_docs/data_view_management.mdx +++ b/api_docs/data_view_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewManagement title: "dataViewManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewManagement plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewManagement'] --- import dataViewManagementObj from './data_view_management.devdocs.json'; diff --git a/api_docs/data_views.mdx b/api_docs/data_views.mdx index 5b609446fe242..e308b8c3c30a3 100644 --- a/api_docs/data_views.mdx +++ b/api_docs/data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViews title: "dataViews" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViews plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViews'] --- import dataViewsObj from './data_views.devdocs.json'; diff --git a/api_docs/data_visualizer.mdx b/api_docs/data_visualizer.mdx index 9aeeaa74818d9..058c40b461a5f 100644 --- a/api_docs/data_visualizer.mdx +++ b/api_docs/data_visualizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataVisualizer title: "dataVisualizer" image: https://source.unsplash.com/400x175/?github description: API docs for the dataVisualizer plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataVisualizer'] --- import dataVisualizerObj from './data_visualizer.devdocs.json'; diff --git a/api_docs/dataset_quality.mdx b/api_docs/dataset_quality.mdx index f23c4d7d6e8fb..1a04bc039e320 100644 --- a/api_docs/dataset_quality.mdx +++ b/api_docs/dataset_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/datasetQuality title: "datasetQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the datasetQuality plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'datasetQuality'] --- import datasetQualityObj from './dataset_quality.devdocs.json'; diff --git a/api_docs/deprecations_by_api.mdx b/api_docs/deprecations_by_api.mdx index f8ddad4a7c6da..4e5dfd9a88edf 100644 --- a/api_docs/deprecations_by_api.mdx +++ b/api_docs/deprecations_by_api.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByApi slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-api title: Deprecated API usage by API description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -39,7 +39,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | securitySolution | - | | | cloudDefend, osquery, securitySolution, synthetics | - | | | cloudDefend, osquery, securitySolution, synthetics | - | -| | actions, alerting, files, cases, observabilityAIAssistant, fleet, cloudDefend, cloudSecurityPosture, elasticAssistant, enterpriseSearch, lists, osquery, securitySolution, reporting, serverlessSearch, transform, upgradeAssistant, apm, assetManager, synthetics, security | - | +| | actions, alerting, cases, observabilityAIAssistant, fleet, cloudDefend, cloudSecurityPosture, elasticAssistant, enterpriseSearch, lists, osquery, securitySolution, reporting, serverlessSearch, transform, upgradeAssistant, apm, entityManager, observabilityOnboarding, synthetics, security | - | | | cases, securitySolution, security | - | | | @kbn/securitysolution-data-table, securitySolution | - | | | @kbn/securitysolution-data-table, securitySolution | - | @@ -50,7 +50,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | securitySolution | - | | | @kbn/core-saved-objects-api-browser, @kbn/core-saved-objects-browser-internal, @kbn/core-saved-objects-api-server, @kbn/core, home, savedObjectsTagging, canvas, savedObjects, @kbn/core-saved-objects-browser-mocks, @kbn/core-saved-objects-import-export-server-internal, savedObjectsTaggingOss, lists, securitySolution, upgradeAssistant, savedObjectsManagement, @kbn/core-ui-settings-server-internal | - | | | @kbn/core-saved-objects-migration-server-internal, actions, dataViews, data, alerting, lens, cases, savedSearch, canvas, savedObjectsTagging, graph, lists, maps, visualizations, securitySolution, dashboard, @kbn/core-test-helpers-so-type-serializer | - | -| | dataViews, security, maps, imageEmbeddable, securitySolution, serverlessSearch, cloudLinks, observabilityAIAssistantApp, cases, apm | - | +| | dataViews, security, securitySolution, serverlessSearch, cloudLinks, observabilityAIAssistantApp, cases, apm | - | | | security, cases, searchPlayground, securitySolution | - | | | lists, securitySolution, @kbn/securitysolution-io-ts-list-types | - | | | lists, securitySolution, @kbn/securitysolution-io-ts-list-types | - | @@ -118,7 +118,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | dashboard | - | | | embeddable, dashboard | - | | | dashboard, maps | - | -| | dataVisualizer, security | - | | | dataViews, maps | - | | | dataViews, dataViewManagement | - | | | dataViews, dataViewManagement | - | @@ -151,6 +150,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | visTypePie | - | | | visTypePie | - | | | @kbn/core-logging-server-internal, security | - | +| | security | - | | | observabilityShared | - | | | @kbn/react-kibana-context-styled, kibanaReact | - | | | encryptedSavedObjects | - | @@ -232,6 +232,7 @@ Safe to remove. | | lists | | | lists | | | savedObjects | +| | security | | | serverless | | | taskManager | | | taskManager | diff --git a/api_docs/deprecations_by_plugin.mdx b/api_docs/deprecations_by_plugin.mdx index e556ed4d57839..5288e5a2fbf02 100644 --- a/api_docs/deprecations_by_plugin.mdx +++ b/api_docs/deprecations_by_plugin.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByPlugin slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-plugin title: Deprecated API usage by plugin description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -511,14 +511,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] -## assetManager - -| Deprecated API | Reference location(s) | Remove By | -| ---------------|-----------|-----------| -| | [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [enable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/enable.ts#:~:text=authc), [disable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/disable.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [enable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/enable.ts#:~:text=authc), [disable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/disable.ts#:~:text=authc) | - | - - - ## canvas | Deprecated API | Reference location(s) | Remove By | @@ -713,7 +705,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | ---------------|-----------|-----------| | | [document_stats.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/components/field_data_row/document_stats.tsx#:~:text=fieldFormats), [distinct_values.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/components/field_data_row/distinct_values.tsx#:~:text=fieldFormats), [top_values.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/top_values/top_values.tsx#:~:text=fieldFormats), [choropleth_map.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/stats_table/components/field_data_expanded_row/choropleth_map.tsx#:~:text=fieldFormats), [default_value_formatter.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/data_drift/charts/default_value_formatter.ts#:~:text=fieldFormats) | - | | | [use_data_visualizer_grid_data.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts#:~:text=title) | - | -| | [filebeat_config_flyout.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx#:~:text=authc), [use_data_visualizer_grid_data.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts#:~:text=authc), [filebeat_config_flyout.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx#:~:text=authc), [use_data_visualizer_grid_data.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts#:~:text=authc) | - | | | [index_data_visualizer.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx#:~:text=savedObjects) | - | | | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/common/types/index.ts#:~:text=SimpleSavedObject), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/data_visualizer/common/types/index.ts#:~:text=SimpleSavedObject) | - | @@ -786,6 +777,14 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] +## entityManager + +| Deprecated API | Reference location(s) | Remove By | +| ---------------|-----------|-----------| +| | [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [enable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts#:~:text=authc), [disable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [api_key.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts#:~:text=authc), [enable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts#:~:text=authc), [disable.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts#:~:text=authc) | - | + + + ## eventAnnotation | Deprecated API | Reference location(s) | Remove By | @@ -842,7 +841,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | Deprecated API | Reference location(s) | Remove By | | ---------------|-----------|-----------| -| | [create.ts](https://github.com/elastic/kibana/tree/main/src/plugins/files/server/routes/file_kind/create.ts#:~:text=authc), [create.ts](https://github.com/elastic/kibana/tree/main/src/plugins/files/server/routes/file_kind/create.ts#:~:text=authc) | - | | | [file_service_factory.ts](https://github.com/elastic/kibana/tree/main/src/plugins/files/server/file_service/file_service_factory.ts#:~:text=audit), [file_service_factory.ts](https://github.com/elastic/kibana/tree/main/src/plugins/files/server/file_service/file_service_factory.ts#:~:text=audit) | - | @@ -920,7 +918,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | Deprecated API | Reference location(s) | Remove By | | ---------------|-----------|-----------| | | [image_embeddable.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/image_embeddable/public/components/image_embeddable.tsx#:~:text=executeTriggerActions) | - | -| | [open_image_editor.tsx](https://github.com/elastic/kibana/tree/main/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx#:~:text=authc) | - | @@ -1078,7 +1075,6 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [setup_saved_objects.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/server/saved_objects/setup_saved_objects.ts#:~:text=migrations) | - | | | [setup_saved_objects.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/server/saved_objects/setup_saved_objects.ts#:~:text=convertToMultiNamespaceTypeVersion) | - | | | [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/react_embeddable/types.ts#:~:text=HasLibraryTransforms), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/react_embeddable/types.ts#:~:text=HasLibraryTransforms), [library_transforms.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/react_embeddable/library_transforms.ts#:~:text=HasLibraryTransforms), [library_transforms.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/react_embeddable/library_transforms.ts#:~:text=HasLibraryTransforms) | - | -| | [es_search_source.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx#:~:text=authc) | - | @@ -1135,6 +1131,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | Deprecated API | Reference location(s) | Remove By | | ---------------|-----------|-----------| +| | [route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts#:~:text=authc), [route.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts#:~:text=authc) | - | | | [plugin.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/observability_solution/observability_onboarding/server/plugin.ts#:~:text=legacy) | - | @@ -1366,8 +1363,8 @@ migrates to using the Kibana Privilege model: https://github.com/elastic/kibana/ | | [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx#:~:text=DeprecatedCellValueElementProps), [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx#:~:text=DeprecatedCellValueElementProps) | - | | | [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx#:~:text=DeprecatedRowRenderer), [index.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx#:~:text=DeprecatedRowRenderer) | - | | | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BeatFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=BeatFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=BeatFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=BeatFields) | - | -| | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [table_tab.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx#:~:text=BrowserField), [table_tab.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx#:~:text=BrowserField), [enrichment_summary.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/enrichment_summary.tsx#:~:text=BrowserField)+ 33 more | - | -| | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/timeline/cells/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/timeline/cells/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/header_actions/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/header_actions/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields)+ 109 more | - | +| | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [helpers.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [columns.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx#:~:text=BrowserField), [enrichment_summary.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/enrichment_summary.tsx#:~:text=BrowserField), [enrichment_summary.tsx](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/components/event_details/cti_details/enrichment_summary.tsx#:~:text=BrowserField)+ 32 more | - | +| | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/timeline/cells/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/timeline/cells/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/header_actions/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/types/header_actions/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/lib/kuery/index.ts#:~:text=BrowserFields)+ 105 more | - | | | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=IndexFieldsStrategyRequest), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyRequest), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyRequest), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyRequest), [middleware.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts#:~:text=IndexFieldsStrategyRequest), [middleware.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts#:~:text=IndexFieldsStrategyRequest) | - | | | [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/common/search_strategy/index_fields/index.ts#:~:text=IndexFieldsStrategyResponse), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyResponse), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyResponse), [index.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/server/search_strategy/endpoint_fields/index.ts#:~:text=IndexFieldsStrategyResponse), [middleware.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts#:~:text=IndexFieldsStrategyResponse), [middleware.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts#:~:text=IndexFieldsStrategyResponse) | - | | | [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/hooks/types.ts#:~:text=SimpleSavedObject), [types.ts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/security_solution/public/common/hooks/types.ts#:~:text=SimpleSavedObject) | - | diff --git a/api_docs/deprecations_by_team.mdx b/api_docs/deprecations_by_team.mdx index 5c561ee1f8b01..dabdf41be221b 100644 --- a/api_docs/deprecations_by_team.mdx +++ b/api_docs/deprecations_by_team.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsDueByTeam slug: /kibana-dev-docs/api-meta/deprecations-due-by-team title: Deprecated APIs due to be removed, by team description: Lists the teams that are referencing deprecated APIs with a remove by date. -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/dev_tools.mdx b/api_docs/dev_tools.mdx index af89e55d3c136..1ef3cf24bdccb 100644 --- a/api_docs/dev_tools.mdx +++ b/api_docs/dev_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/devTools title: "devTools" image: https://source.unsplash.com/400x175/?github description: API docs for the devTools plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'devTools'] --- import devToolsObj from './dev_tools.devdocs.json'; diff --git a/api_docs/discover.mdx b/api_docs/discover.mdx index cfae70394bb79..0d8cbc70a4775 100644 --- a/api_docs/discover.mdx +++ b/api_docs/discover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discover title: "discover" image: https://source.unsplash.com/400x175/?github description: API docs for the discover plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discover'] --- import discoverObj from './discover.devdocs.json'; diff --git a/api_docs/discover_enhanced.mdx b/api_docs/discover_enhanced.mdx index d873dc5f192f9..c6952e00544b8 100644 --- a/api_docs/discover_enhanced.mdx +++ b/api_docs/discover_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverEnhanced title: "discoverEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverEnhanced plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverEnhanced'] --- import discoverEnhancedObj from './discover_enhanced.devdocs.json'; diff --git a/api_docs/discover_shared.mdx b/api_docs/discover_shared.mdx index 44f9ffb416a11..308ae984ea93c 100644 --- a/api_docs/discover_shared.mdx +++ b/api_docs/discover_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverShared title: "discoverShared" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverShared plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverShared'] --- import discoverSharedObj from './discover_shared.devdocs.json'; diff --git a/api_docs/ecs_data_quality_dashboard.mdx b/api_docs/ecs_data_quality_dashboard.mdx index cbd4c6b821731..e6fd4d6be3cd5 100644 --- a/api_docs/ecs_data_quality_dashboard.mdx +++ b/api_docs/ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ecsDataQualityDashboard title: "ecsDataQualityDashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the ecsDataQualityDashboard plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ecsDataQualityDashboard'] --- import ecsDataQualityDashboardObj from './ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/elastic_assistant.devdocs.json b/api_docs/elastic_assistant.devdocs.json index e543e43a16801..595bd103d2f58 100644 --- a/api_docs/elastic_assistant.devdocs.json +++ b/api_docs/elastic_assistant.devdocs.json @@ -1609,7 +1609,7 @@ "section": "def-common.KibanaRequest", "text": "KibanaRequest" }, - " | undefined; }, any>" + " | undefined; }, any>" ], "path": "x-pack/plugins/elastic_assistant/server/types.ts", "deprecated": false, diff --git a/api_docs/elastic_assistant.mdx b/api_docs/elastic_assistant.mdx index 54efa9e1a47e3..e716b48cba4fd 100644 --- a/api_docs/elastic_assistant.mdx +++ b/api_docs/elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/elasticAssistant title: "elasticAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the elasticAssistant plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'elasticAssistant'] --- import elasticAssistantObj from './elastic_assistant.devdocs.json'; diff --git a/api_docs/embeddable.devdocs.json b/api_docs/embeddable.devdocs.json index 6cdd1e2b0f739..8219bbabc6b24 100644 --- a/api_docs/embeddable.devdocs.json +++ b/api_docs/embeddable.devdocs.json @@ -10465,6 +10465,20 @@ } ], "returnComment": [] + }, + { + "parentPluginId": "embeddable", + "id": "def-public.EmbeddableFactory.order", + "type": "number", + "tags": [], + "label": "order", + "description": [], + "signature": [ + "number | undefined" + ], + "path": "src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false @@ -13696,6 +13710,178 @@ ], "initialIsOpen": false }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING", + "type": "Object", + "tags": [], + "label": "COMMON_EMBEDDABLE_GROUPING", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.legacy", + "type": "Object", + "tags": [], + "label": "legacy", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.legacy.id", + "type": "string", + "tags": [], + "label": "id", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.legacy.getDisplayName", + "type": "Function", + "tags": [], + "label": "getDisplayName", + "description": [], + "signature": [ + "() => string" + ], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [], + "returnComment": [] + }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.legacy.order", + "type": "number", + "tags": [], + "label": "order", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false + } + ] + }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.annotation", + "type": "Object", + "tags": [], + "label": "annotation", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.annotation.id", + "type": "string", + "tags": [], + "label": "id", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.annotation.getDisplayName", + "type": "Function", + "tags": [], + "label": "getDisplayName", + "description": [], + "signature": [ + "() => string" + ], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [], + "returnComment": [] + } + ] + }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other", + "type": "Object", + "tags": [], + "label": "other", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other.id", + "type": "string", + "tags": [], + "label": "id", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other.getDisplayName", + "type": "Function", + "tags": [], + "label": "getDisplayName", + "description": [], + "signature": [ + "() => string" + ], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [], + "returnComment": [] + }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other.getIconType", + "type": "Function", + "tags": [], + "label": "getIconType", + "description": [], + "signature": [ + "() => string" + ], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [], + "returnComment": [] + }, + { + "parentPluginId": "embeddable", + "id": "def-public.COMMON_EMBEDDABLE_GROUPING.other.order", + "type": "number", + "tags": [], + "label": "order", + "description": [], + "path": "src/plugins/embeddable/public/lib/embeddables/common/constants.ts", + "deprecated": false, + "trackAdoption": false + } + ] + } + ], + "initialIsOpen": false + }, { "parentPluginId": "embeddable", "id": "def-public.contextMenuTrigger", diff --git a/api_docs/embeddable.mdx b/api_docs/embeddable.mdx index 5836e2ec42a39..147996e6c925b 100644 --- a/api_docs/embeddable.mdx +++ b/api_docs/embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddable title: "embeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddable plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddable'] --- import embeddableObj from './embeddable.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kib | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 557 | 1 | 447 | 9 | +| 571 | 1 | 461 | 9 | ## Client diff --git a/api_docs/embeddable_enhanced.mdx b/api_docs/embeddable_enhanced.mdx index 92294555e6820..37268cd6229b9 100644 --- a/api_docs/embeddable_enhanced.mdx +++ b/api_docs/embeddable_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddableEnhanced title: "embeddableEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddableEnhanced plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddableEnhanced'] --- import embeddableEnhancedObj from './embeddable_enhanced.devdocs.json'; diff --git a/api_docs/encrypted_saved_objects.mdx b/api_docs/encrypted_saved_objects.mdx index 2438c148887aa..9c7ed9bf26be7 100644 --- a/api_docs/encrypted_saved_objects.mdx +++ b/api_docs/encrypted_saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/encryptedSavedObjects title: "encryptedSavedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the encryptedSavedObjects plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'encryptedSavedObjects'] --- import encryptedSavedObjectsObj from './encrypted_saved_objects.devdocs.json'; diff --git a/api_docs/enterprise_search.mdx b/api_docs/enterprise_search.mdx index 77afd4f71c6df..caae50998fc8f 100644 --- a/api_docs/enterprise_search.mdx +++ b/api_docs/enterprise_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/enterpriseSearch title: "enterpriseSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the enterpriseSearch plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'enterpriseSearch'] --- import enterpriseSearchObj from './enterprise_search.devdocs.json'; diff --git a/api_docs/entity_manager.devdocs.json b/api_docs/entity_manager.devdocs.json new file mode 100644 index 0000000000000..f8f2a8dde90aa --- /dev/null +++ b/api_docs/entity_manager.devdocs.json @@ -0,0 +1,132 @@ +{ + "id": "entityManager", + "client": { + "classes": [], + "functions": [], + "interfaces": [ + { + "parentPluginId": "entityManager", + "id": "def-public.EntityManagerPublicPluginSetup", + "type": "Interface", + "tags": [], + "label": "EntityManagerPublicPluginSetup", + "description": [], + "path": "x-pack/plugins/observability_solution/entity_manager/public/types.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "entityManager", + "id": "def-public.EntityManagerPublicPluginSetup.entityClient", + "type": "Object", + "tags": [], + "label": "entityClient", + "description": [], + "signature": [ + "IEntityClient" + ], + "path": "x-pack/plugins/observability_solution/entity_manager/public/types.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "entityManager", + "id": "def-public.EntityManagerPublicPluginStart", + "type": "Interface", + "tags": [], + "label": "EntityManagerPublicPluginStart", + "description": [], + "path": "x-pack/plugins/observability_solution/entity_manager/public/types.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "entityManager", + "id": "def-public.EntityManagerPublicPluginStart.entityClient", + "type": "Object", + "tags": [], + "label": "entityClient", + "description": [], + "signature": [ + "IEntityClient" + ], + "path": "x-pack/plugins/observability_solution/entity_manager/public/types.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + } + ], + "enums": [], + "misc": [ + { + "parentPluginId": "entityManager", + "id": "def-public.EntityManagerAppId", + "type": "Type", + "tags": [], + "label": "EntityManagerAppId", + "description": [], + "signature": [ + "\"entityManager\"" + ], + "path": "x-pack/plugins/observability_solution/entity_manager/public/index.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ], + "objects": [] + }, + "server": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [ + { + "parentPluginId": "entityManager", + "id": "def-server.EntityManagerConfig", + "type": "Type", + "tags": [], + "label": "EntityManagerConfig", + "description": [], + "signature": [ + "{}" + ], + "path": "x-pack/plugins/observability_solution/entity_manager/common/config.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ], + "objects": [], + "start": { + "parentPluginId": "entityManager", + "id": "def-server.EntityManagerServerPluginStart", + "type": "Type", + "tags": [], + "label": "EntityManagerServerPluginStart", + "description": [], + "signature": [ + "{}" + ], + "path": "x-pack/plugins/observability_solution/entity_manager/server/plugin.ts", + "deprecated": false, + "trackAdoption": false, + "lifecycle": "start", + "initialIsOpen": true + } + }, + "common": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + } +} \ No newline at end of file diff --git a/api_docs/entity_manager.mdx b/api_docs/entity_manager.mdx new file mode 100644 index 0000000000000..d8eb57aaf72b6 --- /dev/null +++ b/api_docs/entity_manager.mdx @@ -0,0 +1,41 @@ +--- +#### +#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. +#### Reach out in #docs-engineering for more info. +#### +id: kibEntityManagerPluginApi +slug: /kibana-dev-docs/api/entityManager +title: "entityManager" +image: https://source.unsplash.com/400x175/?github +description: API docs for the entityManager plugin +date: 2024-06-27 +tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entityManager'] +--- +import entityManagerObj from './entity_manager.devdocs.json'; + +Entity manager plugin for entity assets (inventory, topology, etc) + +Contact [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) for questions regarding this plugin. + +**Code health stats** + +| Public API count | Any count | Items lacking comments | Missing exports | +|-------------------|-----------|------------------------|-----------------| +| 8 | 0 | 8 | 1 | + +## Client + +### Interfaces + + +### Consts, variables and types + + +## Server + +### Start + + +### Consts, variables and types + + diff --git a/api_docs/es_ui_shared.mdx b/api_docs/es_ui_shared.mdx index 0f2bb0c45995e..10f725aa3acb2 100644 --- a/api_docs/es_ui_shared.mdx +++ b/api_docs/es_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esUiShared title: "esUiShared" image: https://source.unsplash.com/400x175/?github description: API docs for the esUiShared plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esUiShared'] --- import esUiSharedObj from './es_ui_shared.devdocs.json'; diff --git a/api_docs/esql_data_grid.mdx b/api_docs/esql_data_grid.mdx index c94d7fe40f352..035fac0f319af 100644 --- a/api_docs/esql_data_grid.mdx +++ b/api_docs/esql_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esqlDataGrid title: "esqlDataGrid" image: https://source.unsplash.com/400x175/?github description: API docs for the esqlDataGrid plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esqlDataGrid'] --- import esqlDataGridObj from './esql_data_grid.devdocs.json'; diff --git a/api_docs/event_annotation.mdx b/api_docs/event_annotation.mdx index 9a429350c22c1..205df0fcc5305 100644 --- a/api_docs/event_annotation.mdx +++ b/api_docs/event_annotation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotation title: "eventAnnotation" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotation plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotation'] --- import eventAnnotationObj from './event_annotation.devdocs.json'; diff --git a/api_docs/event_annotation_listing.mdx b/api_docs/event_annotation_listing.mdx index 3259481247cf1..2f7322b55f1b2 100644 --- a/api_docs/event_annotation_listing.mdx +++ b/api_docs/event_annotation_listing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotationListing title: "eventAnnotationListing" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotationListing plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotationListing'] --- import eventAnnotationListingObj from './event_annotation_listing.devdocs.json'; diff --git a/api_docs/event_log.devdocs.json b/api_docs/event_log.devdocs.json index 76c10e0330333..489f4f8e7496c 100644 --- a/api_docs/event_log.devdocs.json +++ b/api_docs/event_log.devdocs.json @@ -1450,7 +1450,7 @@ "label": "data", "description": [], "signature": [ - "(Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; version?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; version?: string | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; severity?: string | number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; provider?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}> | undefined)[]" + "(Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; version?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; version?: string | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; severity?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; provider?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}> | undefined)[]" ], "path": "x-pack/plugins/event_log/server/es/cluster_client_adapter.ts", "deprecated": false, @@ -1470,7 +1470,7 @@ "label": "IEvent", "description": [], "signature": [ - "DeepPartial | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; version?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; version?: string | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; severity?: string | number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; provider?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}>>> | undefined" + "DeepPartial | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; version?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; version?: string | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; severity?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; provider?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}>>> | undefined" ], "path": "x-pack/plugins/event_log/generated/schemas.ts", "deprecated": false, @@ -1485,7 +1485,7 @@ "label": "IValidatedEvent", "description": [], "signature": [ - "Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; version?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; version?: string | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; severity?: string | number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; provider?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}> | undefined" + "Readonly<{ log?: Readonly<{ logger?: string | undefined; level?: string | undefined; } & {}> | undefined; error?: Readonly<{ id?: string | undefined; type?: string | undefined; message?: string | undefined; code?: string | undefined; stack_trace?: string | undefined; } & {}> | undefined; '@timestamp'?: string | undefined; message?: string | undefined; tags?: string[] | undefined; rule?: Readonly<{ id?: string | undefined; version?: string | undefined; name?: string | undefined; license?: string | undefined; uuid?: string | undefined; category?: string | undefined; description?: string | undefined; reference?: string | undefined; author?: string[] | undefined; ruleset?: string | undefined; } & {}> | undefined; kibana?: Readonly<{ task?: Readonly<{ id?: string | undefined; schedule_delay?: string | number | undefined; scheduled?: string | undefined; } & {}> | undefined; action?: Readonly<{ id?: string | undefined; name?: string | undefined; execution?: Readonly<{ source?: string | undefined; uuid?: string | undefined; gen_ai?: Readonly<{ usage?: Readonly<{ prompt_tokens?: string | number | undefined; completion_tokens?: string | number | undefined; total_tokens?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; } & {}> | undefined; version?: string | undefined; alerting?: Readonly<{ outcome?: string | undefined; status?: string | undefined; summary?: Readonly<{ recovered?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; new?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; ongoing?: Readonly<{ count?: string | number | undefined; } & {}> | undefined; } & {}> | undefined; instance_id?: string | undefined; action_group_id?: string | undefined; action_subgroup?: string | undefined; } & {}> | undefined; alert?: Readonly<{ rule?: Readonly<{ consumer?: string | undefined; revision?: string | number | undefined; execution?: Readonly<{ uuid?: string | undefined; status?: string | undefined; metrics?: Readonly<{ total_search_duration_ms?: string | number | undefined; total_indexing_duration_ms?: string | number | undefined; number_of_triggered_actions?: string | number | undefined; number_of_generated_actions?: string | number | undefined; alert_counts?: Readonly<{ recovered?: string | number | undefined; active?: string | number | undefined; new?: string | number | undefined; } & {}> | undefined; number_of_delayed_alerts?: string | number | undefined; number_of_searches?: string | number | undefined; es_search_duration_ms?: string | number | undefined; execution_gap_duration_s?: string | number | undefined; rule_type_run_duration_ms?: string | number | undefined; process_alerts_duration_ms?: string | number | undefined; trigger_actions_duration_ms?: string | number | undefined; process_rule_duration_ms?: string | number | undefined; claim_to_start_duration_ms?: string | number | undefined; persist_alerts_duration_ms?: string | number | undefined; prepare_rule_duration_ms?: string | number | undefined; total_run_duration_ms?: string | number | undefined; total_enrichment_duration_ms?: string | number | undefined; } & {}> | undefined; status_order?: string | number | undefined; backfill?: Readonly<{ id?: string | undefined; start?: string | undefined; interval?: string | undefined; } & {}> | undefined; } & {}> | undefined; rule_type_id?: string | undefined; } & {}> | undefined; uuid?: string | undefined; flapping?: boolean | undefined; maintenance_window_ids?: string[] | undefined; } & {}> | undefined; server_uuid?: string | undefined; saved_objects?: Readonly<{ id?: string | undefined; type?: string | undefined; namespace?: string | undefined; rel?: string | undefined; type_id?: string | undefined; space_agnostic?: boolean | undefined; } & {}>[] | undefined; space_ids?: string[] | undefined; } & {}> | undefined; event?: Readonly<{ id?: string | undefined; type?: string[] | undefined; reason?: string | undefined; action?: string | undefined; start?: string | undefined; end?: string | undefined; outcome?: string | undefined; duration?: string | number | undefined; severity?: string | number | undefined; category?: string[] | undefined; timezone?: string | undefined; risk_score?: number | undefined; url?: string | undefined; created?: string | undefined; dataset?: string | undefined; code?: string | undefined; provider?: string | undefined; hash?: string | undefined; ingested?: string | undefined; kind?: string | undefined; module?: string | undefined; original?: string | undefined; reference?: string | undefined; risk_score_norm?: number | undefined; sequence?: string | number | undefined; } & {}> | undefined; ecs?: Readonly<{ version?: string | undefined; } & {}> | undefined; user?: Readonly<{ id?: string | undefined; name?: string | undefined; } & {}> | undefined; } & {}> | undefined" ], "path": "x-pack/plugins/event_log/generated/schemas.ts", "deprecated": false, diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx index b0b7c4da4394c..f793dffed2ac2 100644 --- a/api_docs/event_log.mdx +++ b/api_docs/event_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventLog title: "eventLog" image: https://source.unsplash.com/400x175/?github description: API docs for the eventLog plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventLog'] --- import eventLogObj from './event_log.devdocs.json'; diff --git a/api_docs/exploratory_view.mdx b/api_docs/exploratory_view.mdx index 57176a3df612a..536adaf9273ce 100644 --- a/api_docs/exploratory_view.mdx +++ b/api_docs/exploratory_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/exploratoryView title: "exploratoryView" image: https://source.unsplash.com/400x175/?github description: API docs for the exploratoryView plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'exploratoryView'] --- import exploratoryViewObj from './exploratory_view.devdocs.json'; diff --git a/api_docs/expression_error.mdx b/api_docs/expression_error.mdx index 2737f2f96017a..32c57475399d9 100644 --- a/api_docs/expression_error.mdx +++ b/api_docs/expression_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionError title: "expressionError" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionError plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionError'] --- import expressionErrorObj from './expression_error.devdocs.json'; diff --git a/api_docs/expression_gauge.mdx b/api_docs/expression_gauge.mdx index 2c03e71217117..5bbd4d6e1ecf6 100644 --- a/api_docs/expression_gauge.mdx +++ b/api_docs/expression_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionGauge title: "expressionGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionGauge plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionGauge'] --- import expressionGaugeObj from './expression_gauge.devdocs.json'; diff --git a/api_docs/expression_heatmap.mdx b/api_docs/expression_heatmap.mdx index 582c1a7877c66..899a07e8ab348 100644 --- a/api_docs/expression_heatmap.mdx +++ b/api_docs/expression_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionHeatmap title: "expressionHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionHeatmap plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionHeatmap'] --- import expressionHeatmapObj from './expression_heatmap.devdocs.json'; diff --git a/api_docs/expression_image.mdx b/api_docs/expression_image.mdx index e82ad8ffccf74..8ba143891d3d9 100644 --- a/api_docs/expression_image.mdx +++ b/api_docs/expression_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionImage title: "expressionImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionImage plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionImage'] --- import expressionImageObj from './expression_image.devdocs.json'; diff --git a/api_docs/expression_legacy_metric_vis.mdx b/api_docs/expression_legacy_metric_vis.mdx index 5ab530f6c81eb..cd225efefd743 100644 --- a/api_docs/expression_legacy_metric_vis.mdx +++ b/api_docs/expression_legacy_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionLegacyMetricVis title: "expressionLegacyMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionLegacyMetricVis plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionLegacyMetricVis'] --- import expressionLegacyMetricVisObj from './expression_legacy_metric_vis.devdocs.json'; diff --git a/api_docs/expression_metric.mdx b/api_docs/expression_metric.mdx index 844a5025ff2f8..d37d280043e95 100644 --- a/api_docs/expression_metric.mdx +++ b/api_docs/expression_metric.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetric title: "expressionMetric" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetric plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetric'] --- import expressionMetricObj from './expression_metric.devdocs.json'; diff --git a/api_docs/expression_metric_vis.mdx b/api_docs/expression_metric_vis.mdx index 4f8d4cc15fb16..f3ac55cf74d30 100644 --- a/api_docs/expression_metric_vis.mdx +++ b/api_docs/expression_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetricVis title: "expressionMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetricVis plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetricVis'] --- import expressionMetricVisObj from './expression_metric_vis.devdocs.json'; diff --git a/api_docs/expression_partition_vis.mdx b/api_docs/expression_partition_vis.mdx index 18a868b0878dc..24521e766817e 100644 --- a/api_docs/expression_partition_vis.mdx +++ b/api_docs/expression_partition_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionPartitionVis title: "expressionPartitionVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionPartitionVis plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionPartitionVis'] --- import expressionPartitionVisObj from './expression_partition_vis.devdocs.json'; diff --git a/api_docs/expression_repeat_image.mdx b/api_docs/expression_repeat_image.mdx index f7260afe7754b..05e36aa6a31ab 100644 --- a/api_docs/expression_repeat_image.mdx +++ b/api_docs/expression_repeat_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRepeatImage title: "expressionRepeatImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRepeatImage plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRepeatImage'] --- import expressionRepeatImageObj from './expression_repeat_image.devdocs.json'; diff --git a/api_docs/expression_reveal_image.mdx b/api_docs/expression_reveal_image.mdx index 3c559621ff8e0..d7c8619e0239d 100644 --- a/api_docs/expression_reveal_image.mdx +++ b/api_docs/expression_reveal_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRevealImage title: "expressionRevealImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRevealImage plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRevealImage'] --- import expressionRevealImageObj from './expression_reveal_image.devdocs.json'; diff --git a/api_docs/expression_shape.mdx b/api_docs/expression_shape.mdx index 59aa52f503273..fc053252dc05c 100644 --- a/api_docs/expression_shape.mdx +++ b/api_docs/expression_shape.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionShape title: "expressionShape" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionShape plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionShape'] --- import expressionShapeObj from './expression_shape.devdocs.json'; diff --git a/api_docs/expression_tagcloud.mdx b/api_docs/expression_tagcloud.mdx index 6e5e998002b10..bfa8013ae1480 100644 --- a/api_docs/expression_tagcloud.mdx +++ b/api_docs/expression_tagcloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionTagcloud title: "expressionTagcloud" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionTagcloud plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionTagcloud'] --- import expressionTagcloudObj from './expression_tagcloud.devdocs.json'; diff --git a/api_docs/expression_x_y.mdx b/api_docs/expression_x_y.mdx index d26b3c3103cee..68dbe5eaf199e 100644 --- a/api_docs/expression_x_y.mdx +++ b/api_docs/expression_x_y.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionXY title: "expressionXY" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionXY plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionXY'] --- import expressionXYObj from './expression_x_y.devdocs.json'; diff --git a/api_docs/expressions.mdx b/api_docs/expressions.mdx index b2f981d72ef55..d5ae939161bc6 100644 --- a/api_docs/expressions.mdx +++ b/api_docs/expressions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressions title: "expressions" image: https://source.unsplash.com/400x175/?github description: API docs for the expressions plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressions'] --- import expressionsObj from './expressions.devdocs.json'; diff --git a/api_docs/features.mdx b/api_docs/features.mdx index b4448e99fc49f..f5fe66a117d2a 100644 --- a/api_docs/features.mdx +++ b/api_docs/features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/features title: "features" image: https://source.unsplash.com/400x175/?github description: API docs for the features plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'features'] --- import featuresObj from './features.devdocs.json'; diff --git a/api_docs/field_formats.mdx b/api_docs/field_formats.mdx index 0d8a71e707d71..4e5edb9454123 100644 --- a/api_docs/field_formats.mdx +++ b/api_docs/field_formats.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldFormats title: "fieldFormats" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldFormats plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldFormats'] --- import fieldFormatsObj from './field_formats.devdocs.json'; diff --git a/api_docs/fields_metadata.mdx b/api_docs/fields_metadata.mdx index 3dce80cd4d915..34296a316a589 100644 --- a/api_docs/fields_metadata.mdx +++ b/api_docs/fields_metadata.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldsMetadata title: "fieldsMetadata" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldsMetadata plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldsMetadata'] --- import fieldsMetadataObj from './fields_metadata.devdocs.json'; diff --git a/api_docs/file_upload.mdx b/api_docs/file_upload.mdx index 9b4e56d4da684..0068ee88bead0 100644 --- a/api_docs/file_upload.mdx +++ b/api_docs/file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fileUpload title: "fileUpload" image: https://source.unsplash.com/400x175/?github description: API docs for the fileUpload plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fileUpload'] --- import fileUploadObj from './file_upload.devdocs.json'; diff --git a/api_docs/files.mdx b/api_docs/files.mdx index c8a729937f898..5a9cfa59f0864 100644 --- a/api_docs/files.mdx +++ b/api_docs/files.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/files title: "files" image: https://source.unsplash.com/400x175/?github description: API docs for the files plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'files'] --- import filesObj from './files.devdocs.json'; diff --git a/api_docs/files_management.mdx b/api_docs/files_management.mdx index 55f880ad4d69a..4606f16deb838 100644 --- a/api_docs/files_management.mdx +++ b/api_docs/files_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/filesManagement title: "filesManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the filesManagement plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'filesManagement'] --- import filesManagementObj from './files_management.devdocs.json'; diff --git a/api_docs/fleet.devdocs.json b/api_docs/fleet.devdocs.json index 3f58aa158d15a..fec8ffac9edc5 100644 --- a/api_docs/fleet.devdocs.json +++ b/api_docs/fleet.devdocs.json @@ -21706,7 +21706,7 @@ "section": "def-common.PackagePolicyPackage", "text": "PackagePolicyPackage" }, - ", \"name\" | \"version\"> | undefined; } | undefined" + ", \"version\" | \"name\"> | undefined; } | undefined" ], "path": "x-pack/plugins/fleet/common/types/models/agent_policy.ts", "deprecated": false, @@ -22449,6 +22449,28 @@ "deprecated": false, "trackAdoption": false }, + { + "parentPluginId": "fleet", + "id": "def-common.Installation.additional_spaces_installed_kibana", + "type": "Object", + "tags": [], + "label": "additional_spaces_installed_kibana", + "description": [], + "signature": [ + "Record | undefined" + ], + "path": "x-pack/plugins/fleet/common/types/models/epm.ts", + "deprecated": false, + "trackAdoption": false + }, { "parentPluginId": "fleet", "id": "def-common.Installation.installed_es", @@ -22837,6 +22859,20 @@ "deprecated": false, "trackAdoption": false }, + { + "parentPluginId": "fleet", + "id": "def-common.KibanaAssetReference.originId", + "type": "string", + "tags": [], + "label": "originId", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "x-pack/plugins/fleet/common/types/models/epm.ts", + "deprecated": false, + "trackAdoption": false + }, { "parentPluginId": "fleet", "id": "def-common.KibanaAssetReference.type", @@ -27688,7 +27724,7 @@ "label": "RegistrySearchResult", "description": [], "signature": [ - "{ type?: \"input\" | \"integration\" | undefined; name: string; title: string; description: string; version: string; path: string; download: string; internal?: boolean | undefined; icons?: (", + "{ type?: \"input\" | \"integration\" | undefined; version: string; name: string; title: string; description: string; path: string; download: string; internal?: boolean | undefined; icons?: (", { "pluginId": "fleet", "scope": "common", @@ -29541,6 +29577,28 @@ "deprecated": false, "trackAdoption": false }, + { + "parentPluginId": "fleet", + "id": "def-common.EPM_API_ROUTES.INSTALL_KIBANA_ASSETS_PATTERN", + "type": "string", + "tags": [], + "label": "INSTALL_KIBANA_ASSETS_PATTERN", + "description": [], + "path": "x-pack/plugins/fleet/common/constants/routes.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "fleet", + "id": "def-common.EPM_API_ROUTES.DELETE_KIBANA_ASSETS_PATTERN", + "type": "string", + "tags": [], + "label": "DELETE_KIBANA_ASSETS_PATTERN", + "description": [], + "path": "x-pack/plugins/fleet/common/constants/routes.ts", + "deprecated": false, + "trackAdoption": false + }, { "parentPluginId": "fleet", "id": "def-common.EPM_API_ROUTES.FILEPATH_PATTERN", @@ -29950,6 +30008,53 @@ ], "returnComment": [] }, + { + "parentPluginId": "fleet", + "id": "def-common.epmRouteService.getInstallKibanaAssetsPath", + "type": "Function", + "tags": [], + "label": "getInstallKibanaAssetsPath", + "description": [], + "signature": [ + "(pkgName: string, pkgVersion: string) => string" + ], + "path": "x-pack/plugins/fleet/common/services/routes.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "fleet", + "id": "def-common.epmRouteService.getInstallKibanaAssetsPath.$1", + "type": "string", + "tags": [], + "label": "pkgName", + "description": [], + "signature": [ + "string" + ], + "path": "x-pack/plugins/fleet/common/services/routes.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + }, + { + "parentPluginId": "fleet", + "id": "def-common.epmRouteService.getInstallKibanaAssetsPath.$2", + "type": "string", + "tags": [], + "label": "pkgVersion", + "description": [], + "signature": [ + "string" + ], + "path": "x-pack/plugins/fleet/common/services/routes.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [] + }, { "parentPluginId": "fleet", "id": "def-common.epmRouteService.getUpdatePath", diff --git a/api_docs/fleet.mdx b/api_docs/fleet.mdx index f7c471c4c2867..5236dda7c8ac3 100644 --- a/api_docs/fleet.mdx +++ b/api_docs/fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fleet title: "fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the fleet plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fleet'] --- import fleetObj from './fleet.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/fleet](https://github.com/orgs/elastic/teams/fleet) for questi | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 1341 | 5 | 1219 | 72 | +| 1348 | 5 | 1226 | 72 | ## Client diff --git a/api_docs/global_search.mdx b/api_docs/global_search.mdx index c43bf1b24e0d5..889b0128f8d95 100644 --- a/api_docs/global_search.mdx +++ b/api_docs/global_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/globalSearch title: "globalSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the globalSearch plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'globalSearch'] --- import globalSearchObj from './global_search.devdocs.json'; diff --git a/api_docs/guided_onboarding.mdx b/api_docs/guided_onboarding.mdx index 0f44044899341..dce0b82766d09 100644 --- a/api_docs/guided_onboarding.mdx +++ b/api_docs/guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/guidedOnboarding title: "guidedOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the guidedOnboarding plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'guidedOnboarding'] --- import guidedOnboardingObj from './guided_onboarding.devdocs.json'; diff --git a/api_docs/home.mdx b/api_docs/home.mdx index 974de336d0c77..6b33a11afcb11 100644 --- a/api_docs/home.mdx +++ b/api_docs/home.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/home title: "home" image: https://source.unsplash.com/400x175/?github description: API docs for the home plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'home'] --- import homeObj from './home.devdocs.json'; diff --git a/api_docs/image_embeddable.mdx b/api_docs/image_embeddable.mdx index 0eaa83388ff55..186e014ff5948 100644 --- a/api_docs/image_embeddable.mdx +++ b/api_docs/image_embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/imageEmbeddable title: "imageEmbeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the imageEmbeddable plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'imageEmbeddable'] --- import imageEmbeddableObj from './image_embeddable.devdocs.json'; diff --git a/api_docs/index_lifecycle_management.mdx b/api_docs/index_lifecycle_management.mdx index 9d4a802477213..e894d94d70ec5 100644 --- a/api_docs/index_lifecycle_management.mdx +++ b/api_docs/index_lifecycle_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexLifecycleManagement title: "indexLifecycleManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexLifecycleManagement plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexLifecycleManagement'] --- import indexLifecycleManagementObj from './index_lifecycle_management.devdocs.json'; diff --git a/api_docs/index_management.mdx b/api_docs/index_management.mdx index ae9d09ace64ac..e0bbe031e3208 100644 --- a/api_docs/index_management.mdx +++ b/api_docs/index_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexManagement title: "indexManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexManagement plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexManagement'] --- import indexManagementObj from './index_management.devdocs.json'; diff --git a/api_docs/infra.mdx b/api_docs/infra.mdx index 2537cc76277e2..7813b51666117 100644 --- a/api_docs/infra.mdx +++ b/api_docs/infra.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/infra title: "infra" image: https://source.unsplash.com/400x175/?github description: API docs for the infra plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'infra'] --- import infraObj from './infra.devdocs.json'; diff --git a/api_docs/ingest_pipelines.mdx b/api_docs/ingest_pipelines.mdx index 5d4e344cbbb42..c06511a91b596 100644 --- a/api_docs/ingest_pipelines.mdx +++ b/api_docs/ingest_pipelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ingestPipelines title: "ingestPipelines" image: https://source.unsplash.com/400x175/?github description: API docs for the ingestPipelines plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ingestPipelines'] --- import ingestPipelinesObj from './ingest_pipelines.devdocs.json'; diff --git a/api_docs/inspector.mdx b/api_docs/inspector.mdx index 924dabaeddade..f70b25e8cbdc4 100644 --- a/api_docs/inspector.mdx +++ b/api_docs/inspector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inspector title: "inspector" image: https://source.unsplash.com/400x175/?github description: API docs for the inspector plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inspector'] --- import inspectorObj from './inspector.devdocs.json'; diff --git a/api_docs/integration_assistant.mdx b/api_docs/integration_assistant.mdx index 919c82eb8d055..37de8c8d9adaa 100644 --- a/api_docs/integration_assistant.mdx +++ b/api_docs/integration_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/integrationAssistant title: "integrationAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the integrationAssistant plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'integrationAssistant'] --- import integrationAssistantObj from './integration_assistant.devdocs.json'; diff --git a/api_docs/interactive_setup.mdx b/api_docs/interactive_setup.mdx index 107ac96052adb..3690167b55961 100644 --- a/api_docs/interactive_setup.mdx +++ b/api_docs/interactive_setup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/interactiveSetup title: "interactiveSetup" image: https://source.unsplash.com/400x175/?github description: API docs for the interactiveSetup plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'interactiveSetup'] --- import interactiveSetupObj from './interactive_setup.devdocs.json'; diff --git a/api_docs/investigate.mdx b/api_docs/investigate.mdx index c9ad6bf242a26..9efa40480cb39 100644 --- a/api_docs/investigate.mdx +++ b/api_docs/investigate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigate title: "investigate" image: https://source.unsplash.com/400x175/?github description: API docs for the investigate plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigate'] --- import investigateObj from './investigate.devdocs.json'; diff --git a/api_docs/kbn_ace.mdx b/api_docs/kbn_ace.mdx index 803ae6e96fbc1..ba097c91cb44f 100644 --- a/api_docs/kbn_ace.mdx +++ b/api_docs/kbn_ace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ace title: "@kbn/ace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ace plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ace'] --- import kbnAceObj from './kbn_ace.devdocs.json'; diff --git a/api_docs/kbn_actions_types.mdx b/api_docs/kbn_actions_types.mdx index 005699727d9c4..c8ea311c51026 100644 --- a/api_docs/kbn_actions_types.mdx +++ b/api_docs/kbn_actions_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-actions-types title: "@kbn/actions-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/actions-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/actions-types'] --- import kbnActionsTypesObj from './kbn_actions_types.devdocs.json'; diff --git a/api_docs/kbn_aiops_components.mdx b/api_docs/kbn_aiops_components.mdx index 2367ad9450e23..b0195e8e8ab01 100644 --- a/api_docs/kbn_aiops_components.mdx +++ b/api_docs/kbn_aiops_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-components title: "@kbn/aiops-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-components plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-components'] --- import kbnAiopsComponentsObj from './kbn_aiops_components.devdocs.json'; diff --git a/api_docs/kbn_aiops_log_pattern_analysis.mdx b/api_docs/kbn_aiops_log_pattern_analysis.mdx index 7fa087634a542..5ae4be250983c 100644 --- a/api_docs/kbn_aiops_log_pattern_analysis.mdx +++ b/api_docs/kbn_aiops_log_pattern_analysis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-pattern-analysis title: "@kbn/aiops-log-pattern-analysis" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-log-pattern-analysis plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-pattern-analysis'] --- import kbnAiopsLogPatternAnalysisObj from './kbn_aiops_log_pattern_analysis.devdocs.json'; diff --git a/api_docs/kbn_aiops_log_rate_analysis.mdx b/api_docs/kbn_aiops_log_rate_analysis.mdx index dfdb76efdb88d..bf4fc03851dfa 100644 --- a/api_docs/kbn_aiops_log_rate_analysis.mdx +++ b/api_docs/kbn_aiops_log_rate_analysis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-rate-analysis title: "@kbn/aiops-log-rate-analysis" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-log-rate-analysis plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-rate-analysis'] --- import kbnAiopsLogRateAnalysisObj from './kbn_aiops_log_rate_analysis.devdocs.json'; diff --git a/api_docs/kbn_alerting_api_integration_helpers.mdx b/api_docs/kbn_alerting_api_integration_helpers.mdx index 2e633c63023e1..f1b06ea211d20 100644 --- a/api_docs/kbn_alerting_api_integration_helpers.mdx +++ b/api_docs/kbn_alerting_api_integration_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-api-integration-helpers title: "@kbn/alerting-api-integration-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-api-integration-helpers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-api-integration-helpers'] --- import kbnAlertingApiIntegrationHelpersObj from './kbn_alerting_api_integration_helpers.devdocs.json'; diff --git a/api_docs/kbn_alerting_comparators.mdx b/api_docs/kbn_alerting_comparators.mdx index e3550d59a34f9..46f968f337c53 100644 --- a/api_docs/kbn_alerting_comparators.mdx +++ b/api_docs/kbn_alerting_comparators.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-comparators title: "@kbn/alerting-comparators" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-comparators plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-comparators'] --- import kbnAlertingComparatorsObj from './kbn_alerting_comparators.devdocs.json'; diff --git a/api_docs/kbn_alerting_state_types.mdx b/api_docs/kbn_alerting_state_types.mdx index 59d6ac40120f7..06bfae59c2764 100644 --- a/api_docs/kbn_alerting_state_types.mdx +++ b/api_docs/kbn_alerting_state_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-state-types title: "@kbn/alerting-state-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-state-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-state-types'] --- import kbnAlertingStateTypesObj from './kbn_alerting_state_types.devdocs.json'; diff --git a/api_docs/kbn_alerting_types.devdocs.json b/api_docs/kbn_alerting_types.devdocs.json index 8dafb52da895c..0ac97eba41479 100644 --- a/api_docs/kbn_alerting_types.devdocs.json +++ b/api_docs/kbn_alerting_types.devdocs.json @@ -256,6 +256,52 @@ "path": "packages/kbn-alerting-types/action_group_types.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "@kbn/alerting-types", + "id": "def-common.ActionGroup.severity", + "type": "Object", + "tags": [], + "label": "severity", + "description": [], + "signature": [ + { + "pluginId": "@kbn/alerting-types", + "scope": "common", + "docId": "kibKbnAlertingTypesPluginApi", + "section": "def-common.ActionGroupSeverity", + "text": "ActionGroupSeverity" + }, + " | undefined" + ], + "path": "packages/kbn-alerting-types/action_group_types.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/alerting-types", + "id": "def-common.ActionGroupSeverity", + "type": "Interface", + "tags": [], + "label": "ActionGroupSeverity", + "description": [], + "path": "packages/kbn-alerting-types/action_group_types.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/alerting-types", + "id": "def-common.ActionGroupSeverity.level", + "type": "number", + "tags": [], + "label": "level", + "description": [], + "path": "packages/kbn-alerting-types/action_group_types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false @@ -3152,7 +3198,15 @@ "label": "RecoveredActionGroup", "description": [], "signature": [ - "{ readonly id: \"recovered\"; readonly name: string; }" + "{ readonly id: \"recovered\"; readonly name: string; readonly severity?: ", + { + "pluginId": "@kbn/alerting-types", + "scope": "common", + "docId": "kibKbnAlertingTypesPluginApi", + "section": "def-common.ActionGroupSeverity", + "text": "ActionGroupSeverity" + }, + " | undefined; }" ], "path": "packages/kbn-alerting-types/builtin_action_groups_types.ts", "deprecated": false, diff --git a/api_docs/kbn_alerting_types.mdx b/api_docs/kbn_alerting_types.mdx index 1837a91dcb433..8ea5a593ca06e 100644 --- a/api_docs/kbn_alerting_types.mdx +++ b/api_docs/kbn_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-types title: "@kbn/alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-types'] --- import kbnAlertingTypesObj from './kbn_alerting_types.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-o | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 190 | 0 | 187 | 0 | +| 193 | 0 | 190 | 0 | ## Common diff --git a/api_docs/kbn_alerts_as_data_utils.devdocs.json b/api_docs/kbn_alerts_as_data_utils.devdocs.json index ddb8b8183ad05..286db5a809802 100644 --- a/api_docs/kbn_alerts_as_data_utils.devdocs.json +++ b/api_docs/kbn_alerts_as_data_utils.devdocs.json @@ -196,7 +196,7 @@ "label": "AADAlert", "description": [], "signature": [ - "({ '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & {} & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'agent.name'?: string | undefined; 'container.id'?: string | undefined; 'error.grouping_key'?: string | undefined; 'error.grouping_name'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; labels?: unknown; 'processor.event'?: string | undefined; 'service.environment'?: string | undefined; 'service.language.name'?: string | undefined; 'service.name'?: string | undefined; 'transaction.name'?: string | undefined; 'transaction.type'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'slo.id'?: string | undefined; 'slo.instanceId'?: string | undefined; 'slo.revision'?: string | number | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'agent.name'?: string | undefined; 'anomaly.bucket_span.minutes'?: string | undefined; 'anomaly.start'?: string | number | undefined; 'error.message'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'monitor.id'?: string | undefined; 'monitor.name'?: string | undefined; 'monitor.type'?: string | undefined; 'observer.geo.name'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.x509.issuer.common_name'?: string | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.subject.common_name'?: string | undefined; 'url.full'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({ '@timestamp': string | number; 'kibana.alert.ancestors': { depth: string | number; id: string; index: string; type: string; }[]; 'kibana.alert.depth': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.original_event.action': string; 'kibana.alert.original_event.category': string[]; 'kibana.alert.original_event.created': string | number; 'kibana.alert.original_event.dataset': string; 'kibana.alert.original_event.id': string; 'kibana.alert.original_event.ingested': string | number; 'kibana.alert.original_event.kind': string; 'kibana.alert.original_event.module': string; 'kibana.alert.original_event.original': string; 'kibana.alert.original_event.outcome': string; 'kibana.alert.original_event.provider': string; 'kibana.alert.original_event.sequence': string | number; 'kibana.alert.original_event.type': string[]; 'kibana.alert.original_time': string | number; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.false_positives': string[]; 'kibana.alert.rule.max_signals': (string | number)[]; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.threat.framework': string; 'kibana.alert.rule.threat.tactic.id': string; 'kibana.alert.rule.threat.tactic.name': string; 'kibana.alert.rule.threat.tactic.reference': string; 'kibana.alert.rule.threat.technique.id': string; 'kibana.alert.rule.threat.technique.name': string; 'kibana.alert.rule.threat.technique.reference': string; 'kibana.alert.rule.threat.technique.subtechnique.id': string; 'kibana.alert.rule.threat.technique.subtechnique.name': string; 'kibana.alert.rule.threat.technique.subtechnique.reference': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'ecs.version'?: string | undefined; 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'host.asset.criticality'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.ancestors.rule'?: string | undefined; 'kibana.alert.building_block_type'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.group.id'?: string | undefined; 'kibana.alert.group.index'?: number | undefined; 'kibana.alert.host.criticality_level'?: string | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.new_terms'?: string[] | undefined; 'kibana.alert.original_event.agent_id_status'?: string | undefined; 'kibana.alert.original_event.code'?: string | undefined; 'kibana.alert.original_event.duration'?: string | undefined; 'kibana.alert.original_event.end'?: string | number | undefined; 'kibana.alert.original_event.hash'?: string | undefined; 'kibana.alert.original_event.reason'?: string | undefined; 'kibana.alert.original_event.reference'?: string | undefined; 'kibana.alert.original_event.risk_score'?: number | undefined; 'kibana.alert.original_event.risk_score_norm'?: number | undefined; 'kibana.alert.original_event.severity'?: string | number | undefined; 'kibana.alert.original_event.start'?: string | number | undefined; 'kibana.alert.original_event.timezone'?: string | undefined; 'kibana.alert.original_event.url'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.building_block_type'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.immutable'?: string[] | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.rule.timeline_id'?: string[] | undefined; 'kibana.alert.rule.timeline_title'?: string[] | undefined; 'kibana.alert.rule.timestamp_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.threshold_result.cardinality'?: unknown; 'kibana.alert.threshold_result.count'?: string | number | undefined; 'kibana.alert.threshold_result.from'?: string | number | undefined; 'kibana.alert.threshold_result.terms'?: { field?: string | undefined; value?: string | undefined; }[] | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.user.criticality_level'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.alert.workflow_user'?: string | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; 'user.asset.criticality'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({ 'kibana.alert.job_id': string; } & { 'kibana.alert.anomaly_score'?: number[] | undefined; 'kibana.alert.anomaly_timestamp'?: string | number | undefined; 'kibana.alert.is_interim'?: boolean | undefined; 'kibana.alert.top_influencers'?: { influencer_field_name?: string | undefined; influencer_field_value?: string | undefined; influencer_score?: number | undefined; initial_influencer_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; timestamp?: string | number | undefined; }[] | undefined; 'kibana.alert.top_records'?: { actual?: number | undefined; by_field_name?: string | undefined; by_field_value?: string | undefined; detector_index?: number | undefined; field_name?: string | undefined; function?: string | undefined; initial_record_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; over_field_name?: string | undefined; over_field_value?: string | undefined; partition_field_name?: string | undefined; partition_field_value?: string | undefined; record_score?: number | undefined; timestamp?: string | number | undefined; typical?: number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'kibana.alert.datafeed_results'?: { datafeed_id?: string | undefined; datafeed_state?: string | undefined; job_id?: string | undefined; job_state?: string | undefined; }[] | undefined; 'kibana.alert.delayed_data_results'?: { annotation?: string | undefined; end_timestamp?: string | number | undefined; job_id?: string | undefined; missed_docs_count?: string | number | undefined; }[] | undefined; 'kibana.alert.job_errors_results'?: { errors?: unknown; job_id?: string | undefined; }[] | undefined; 'kibana.alert.mml_results'?: { job_id?: string | undefined; log_time?: string | number | undefined; memory_status?: string | undefined; model_bytes?: string | number | undefined; model_bytes_exceeded?: string | number | undefined; model_bytes_memory_limit?: string | number | undefined; peak_model_bytes?: string | number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'kibana.alert.results'?: { description?: string | undefined; health_status?: string | undefined; issues?: unknown; node_name?: string | undefined; transform_id?: string | undefined; transform_state?: string | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; })" + "({ '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & {} & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'agent.name'?: string | undefined; 'container.id'?: string | undefined; 'error.grouping_key'?: string | undefined; 'error.grouping_name'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; labels?: unknown; 'processor.event'?: string | undefined; 'service.environment'?: string | undefined; 'service.language.name'?: string | undefined; 'service.name'?: string | undefined; 'transaction.name'?: string | undefined; 'transaction.type'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'slo.id'?: string | undefined; 'slo.instanceId'?: string | undefined; 'slo.revision'?: string | number | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({} & { 'agent.name'?: string | undefined; 'anomaly.bucket_span.minutes'?: string | undefined; 'anomaly.start'?: string | number | undefined; 'error.message'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'monitor.id'?: string | undefined; 'monitor.name'?: string | undefined; 'monitor.type'?: string | undefined; 'observer.geo.name'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.x509.issuer.common_name'?: string | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.subject.common_name'?: string | undefined; 'url.full'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({ '@timestamp': string | number; 'kibana.alert.ancestors': { depth: string | number; id: string; index: string; type: string; }[]; 'kibana.alert.depth': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.original_event.action': string; 'kibana.alert.original_event.category': string[]; 'kibana.alert.original_event.created': string | number; 'kibana.alert.original_event.dataset': string; 'kibana.alert.original_event.id': string; 'kibana.alert.original_event.ingested': string | number; 'kibana.alert.original_event.kind': string; 'kibana.alert.original_event.module': string; 'kibana.alert.original_event.original': string; 'kibana.alert.original_event.outcome': string; 'kibana.alert.original_event.provider': string; 'kibana.alert.original_event.sequence': string | number; 'kibana.alert.original_event.type': string[]; 'kibana.alert.original_time': string | number; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.false_positives': string[]; 'kibana.alert.rule.max_signals': (string | number)[]; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.threat.framework': string; 'kibana.alert.rule.threat.tactic.id': string; 'kibana.alert.rule.threat.tactic.name': string; 'kibana.alert.rule.threat.tactic.reference': string; 'kibana.alert.rule.threat.technique.id': string; 'kibana.alert.rule.threat.technique.name': string; 'kibana.alert.rule.threat.technique.reference': string; 'kibana.alert.rule.threat.technique.subtechnique.id': string; 'kibana.alert.rule.threat.technique.subtechnique.name': string; 'kibana.alert.rule.threat.technique.subtechnique.reference': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'ecs.version'?: string | undefined; 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'host.asset.criticality'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.ancestors.rule'?: string | undefined; 'kibana.alert.building_block_type'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.group.id'?: string | undefined; 'kibana.alert.group.index'?: number | undefined; 'kibana.alert.host.criticality_level'?: string | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.new_terms'?: string[] | undefined; 'kibana.alert.original_event.agent_id_status'?: string | undefined; 'kibana.alert.original_event.code'?: string | undefined; 'kibana.alert.original_event.duration'?: string | undefined; 'kibana.alert.original_event.end'?: string | number | undefined; 'kibana.alert.original_event.hash'?: string | undefined; 'kibana.alert.original_event.reason'?: string | undefined; 'kibana.alert.original_event.reference'?: string | undefined; 'kibana.alert.original_event.risk_score'?: number | undefined; 'kibana.alert.original_event.risk_score_norm'?: number | undefined; 'kibana.alert.original_event.severity'?: string | number | undefined; 'kibana.alert.original_event.start'?: string | number | undefined; 'kibana.alert.original_event.timezone'?: string | undefined; 'kibana.alert.original_event.url'?: string | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.building_block_type'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.immutable'?: string[] | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.rule.timeline_id'?: string[] | undefined; 'kibana.alert.rule.timeline_title'?: string[] | undefined; 'kibana.alert.rule.timestamp_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.threshold_result.cardinality'?: unknown; 'kibana.alert.threshold_result.count'?: string | number | undefined; 'kibana.alert.threshold_result.from'?: string | number | undefined; 'kibana.alert.threshold_result.terms'?: { field?: string | undefined; value?: string | undefined; }[] | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.user.criticality_level'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.alert.workflow_user'?: string | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; 'user.asset.criticality'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }) | ({ 'kibana.alert.job_id': string; } & { 'kibana.alert.anomaly_score'?: number[] | undefined; 'kibana.alert.anomaly_timestamp'?: string | number | undefined; 'kibana.alert.is_interim'?: boolean | undefined; 'kibana.alert.top_influencers'?: { influencer_field_name?: string | undefined; influencer_field_value?: string | undefined; influencer_score?: number | undefined; initial_influencer_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; timestamp?: string | number | undefined; }[] | undefined; 'kibana.alert.top_records'?: { actual?: number | undefined; by_field_name?: string | undefined; by_field_value?: string | undefined; detector_index?: number | undefined; field_name?: string | undefined; function?: string | undefined; initial_record_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; over_field_name?: string | undefined; over_field_value?: string | undefined; partition_field_name?: string | undefined; partition_field_value?: string | undefined; record_score?: number | undefined; timestamp?: string | number | undefined; typical?: number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'kibana.alert.datafeed_results'?: { datafeed_id?: string | undefined; datafeed_state?: string | undefined; job_id?: string | undefined; job_state?: string | undefined; }[] | undefined; 'kibana.alert.delayed_data_results'?: { annotation?: string | undefined; end_timestamp?: string | number | undefined; job_id?: string | undefined; missed_docs_count?: string | number | undefined; }[] | undefined; 'kibana.alert.job_errors_results'?: { errors?: unknown; job_id?: string | undefined; }[] | undefined; 'kibana.alert.mml_results'?: { job_id?: string | undefined; log_time?: string | number | undefined; memory_status?: string | undefined; model_bytes?: string | number | undefined; model_bytes_exceeded?: string | number | undefined; model_bytes_memory_limit?: string | number | undefined; peak_model_bytes?: string | number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }) | ({} & { 'kibana.alert.results'?: { description?: string | undefined; health_status?: string | undefined; issues?: unknown; node_name?: string | undefined; transform_id?: string | undefined; transform_state?: string | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; })" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/index.ts", "deprecated": false, @@ -211,7 +211,7 @@ "label": "Alert", "description": [], "signature": [ - "{ '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" + "{ '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts", "deprecated": false, @@ -241,7 +241,7 @@ "label": "AlertFieldMap", "description": [], "signature": [ - "{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ", + "{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ", { "pluginId": "@kbn/alerts-as-data-utils", "scope": "common", @@ -249,7 +249,7 @@ "section": "def-common.MultiField", "text": "MultiField" }, - "[]; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }" + "[]; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }" ], "path": "packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts", "deprecated": false, @@ -264,7 +264,7 @@ "label": "DefaultAlert", "description": [], "signature": [ - "{} & {} & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" + "{} & {} & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/default_schema.ts", "deprecated": false, @@ -330,7 +330,7 @@ "label": "MlAnomalyDetectionAlert", "description": [], "signature": [ - "{ 'kibana.alert.job_id': string; } & { 'kibana.alert.anomaly_score'?: number[] | undefined; 'kibana.alert.anomaly_timestamp'?: string | number | undefined; 'kibana.alert.is_interim'?: boolean | undefined; 'kibana.alert.top_influencers'?: { influencer_field_name?: string | undefined; influencer_field_value?: string | undefined; influencer_score?: number | undefined; initial_influencer_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; timestamp?: string | number | undefined; }[] | undefined; 'kibana.alert.top_records'?: { actual?: number | undefined; by_field_name?: string | undefined; by_field_value?: string | undefined; detector_index?: number | undefined; field_name?: string | undefined; function?: string | undefined; initial_record_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; over_field_name?: string | undefined; over_field_value?: string | undefined; partition_field_name?: string | undefined; partition_field_value?: string | undefined; record_score?: number | undefined; timestamp?: string | number | undefined; typical?: number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" + "{ 'kibana.alert.job_id': string; } & { 'kibana.alert.anomaly_score'?: number[] | undefined; 'kibana.alert.anomaly_timestamp'?: string | number | undefined; 'kibana.alert.is_interim'?: boolean | undefined; 'kibana.alert.top_influencers'?: { influencer_field_name?: string | undefined; influencer_field_value?: string | undefined; influencer_score?: number | undefined; initial_influencer_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; timestamp?: string | number | undefined; }[] | undefined; 'kibana.alert.top_records'?: { actual?: number | undefined; by_field_name?: string | undefined; by_field_value?: string | undefined; detector_index?: number | undefined; field_name?: string | undefined; function?: string | undefined; initial_record_score?: number | undefined; is_interim?: boolean | undefined; job_id?: string | undefined; over_field_name?: string | undefined; over_field_value?: string | undefined; partition_field_name?: string | undefined; partition_field_value?: string | undefined; record_score?: number | undefined; timestamp?: string | number | undefined; typical?: number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/ml_anomaly_detection_schema.ts", "deprecated": false, @@ -345,7 +345,7 @@ "label": "MlAnomalyDetectionHealthAlert", "description": [], "signature": [ - "{} & { 'kibana.alert.datafeed_results'?: { datafeed_id?: string | undefined; datafeed_state?: string | undefined; job_id?: string | undefined; job_state?: string | undefined; }[] | undefined; 'kibana.alert.delayed_data_results'?: { annotation?: string | undefined; end_timestamp?: string | number | undefined; job_id?: string | undefined; missed_docs_count?: string | number | undefined; }[] | undefined; 'kibana.alert.job_errors_results'?: { errors?: unknown; job_id?: string | undefined; }[] | undefined; 'kibana.alert.mml_results'?: { job_id?: string | undefined; log_time?: string | number | undefined; memory_status?: string | undefined; model_bytes?: string | number | undefined; model_bytes_exceeded?: string | number | undefined; model_bytes_memory_limit?: string | number | undefined; peak_model_bytes?: string | number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" + "{} & { 'kibana.alert.datafeed_results'?: { datafeed_id?: string | undefined; datafeed_state?: string | undefined; job_id?: string | undefined; job_state?: string | undefined; }[] | undefined; 'kibana.alert.delayed_data_results'?: { annotation?: string | undefined; end_timestamp?: string | number | undefined; job_id?: string | undefined; missed_docs_count?: string | number | undefined; }[] | undefined; 'kibana.alert.job_errors_results'?: { errors?: unknown; job_id?: string | undefined; }[] | undefined; 'kibana.alert.mml_results'?: { job_id?: string | undefined; log_time?: string | number | undefined; memory_status?: string | undefined; model_bytes?: string | number | undefined; model_bytes_exceeded?: string | number | undefined; model_bytes_memory_limit?: string | number | undefined; peak_model_bytes?: string | number | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/ml_anomaly_detection_health_schema.ts", "deprecated": false, @@ -360,7 +360,7 @@ "label": "ObservabilityApmAlert", "description": [], "signature": [ - "{} & { 'agent.name'?: string | undefined; 'container.id'?: string | undefined; 'error.grouping_key'?: string | undefined; 'error.grouping_name'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; labels?: unknown; 'processor.event'?: string | undefined; 'service.environment'?: string | undefined; 'service.language.name'?: string | undefined; 'service.name'?: string | undefined; 'transaction.name'?: string | undefined; 'transaction.type'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" + "{} & { 'agent.name'?: string | undefined; 'container.id'?: string | undefined; 'error.grouping_key'?: string | undefined; 'error.grouping_name'?: string | undefined; 'host.name'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; labels?: unknown; 'processor.event'?: string | undefined; 'service.environment'?: string | undefined; 'service.language.name'?: string | undefined; 'service.name'?: string | undefined; 'transaction.name'?: string | undefined; 'transaction.type'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_apm_schema.ts", "deprecated": false, @@ -375,7 +375,7 @@ "label": "ObservabilityLogsAlert", "description": [], "signature": [ - "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" + "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_logs_schema.ts", "deprecated": false, @@ -390,7 +390,7 @@ "label": "ObservabilityMetricsAlert", "description": [], "signature": [ - "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" + "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_metrics_schema.ts", "deprecated": false, @@ -405,7 +405,7 @@ "label": "ObservabilitySloAlert", "description": [], "signature": [ - "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'slo.id'?: string | undefined; 'slo.instanceId'?: string | undefined; 'slo.revision'?: string | number | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" + "{} & { 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'slo.id'?: string | undefined; 'slo.instanceId'?: string | undefined; 'slo.revision'?: string | number | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_slo_schema.ts", "deprecated": false, @@ -420,7 +420,7 @@ "label": "ObservabilityUptimeAlert", "description": [], "signature": [ - "{} & { 'agent.name'?: string | undefined; 'anomaly.bucket_span.minutes'?: string | undefined; 'anomaly.start'?: string | number | undefined; 'error.message'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'monitor.id'?: string | undefined; 'monitor.name'?: string | undefined; 'monitor.type'?: string | undefined; 'observer.geo.name'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.x509.issuer.common_name'?: string | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.subject.common_name'?: string | undefined; 'url.full'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" + "{} & { 'agent.name'?: string | undefined; 'anomaly.bucket_span.minutes'?: string | undefined; 'anomaly.start'?: string | number | undefined; 'error.message'?: string | undefined; 'kibana.alert.context'?: unknown; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | number | undefined; 'kibana.alert.evaluation.values'?: (string | number)[] | undefined; 'kibana.alert.group'?: { field?: string[] | undefined; value?: string[] | undefined; }[] | undefined; 'monitor.id'?: string | undefined; 'monitor.name'?: string | undefined; 'monitor.type'?: string | undefined; 'observer.geo.name'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.x509.issuer.common_name'?: string | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.subject.common_name'?: string | undefined; 'url.full'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/observability_uptime_schema.ts", "deprecated": false, @@ -435,7 +435,7 @@ "label": "SecurityAlert", "description": [], "signature": [ - "{ '@timestamp': string | number; 'kibana.alert.ancestors': { depth: string | number; id: string; index: string; type: string; }[]; 'kibana.alert.depth': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.original_event.action': string; 'kibana.alert.original_event.category': string[]; 'kibana.alert.original_event.created': string | number; 'kibana.alert.original_event.dataset': string; 'kibana.alert.original_event.id': string; 'kibana.alert.original_event.ingested': string | number; 'kibana.alert.original_event.kind': string; 'kibana.alert.original_event.module': string; 'kibana.alert.original_event.original': string; 'kibana.alert.original_event.outcome': string; 'kibana.alert.original_event.provider': string; 'kibana.alert.original_event.sequence': string | number; 'kibana.alert.original_event.type': string[]; 'kibana.alert.original_time': string | number; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.false_positives': string[]; 'kibana.alert.rule.max_signals': (string | number)[]; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.threat.framework': string; 'kibana.alert.rule.threat.tactic.id': string; 'kibana.alert.rule.threat.tactic.name': string; 'kibana.alert.rule.threat.tactic.reference': string; 'kibana.alert.rule.threat.technique.id': string; 'kibana.alert.rule.threat.technique.name': string; 'kibana.alert.rule.threat.technique.reference': string; 'kibana.alert.rule.threat.technique.subtechnique.id': string; 'kibana.alert.rule.threat.technique.subtechnique.name': string; 'kibana.alert.rule.threat.technique.subtechnique.reference': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'ecs.version'?: string | undefined; 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'host.asset.criticality'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.ancestors.rule'?: string | undefined; 'kibana.alert.building_block_type'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.group.id'?: string | undefined; 'kibana.alert.group.index'?: number | undefined; 'kibana.alert.host.criticality_level'?: string | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.new_terms'?: string[] | undefined; 'kibana.alert.original_event.agent_id_status'?: string | undefined; 'kibana.alert.original_event.code'?: string | undefined; 'kibana.alert.original_event.duration'?: string | undefined; 'kibana.alert.original_event.end'?: string | number | undefined; 'kibana.alert.original_event.hash'?: string | undefined; 'kibana.alert.original_event.reason'?: string | undefined; 'kibana.alert.original_event.reference'?: string | undefined; 'kibana.alert.original_event.risk_score'?: number | undefined; 'kibana.alert.original_event.risk_score_norm'?: number | undefined; 'kibana.alert.original_event.severity'?: string | number | undefined; 'kibana.alert.original_event.start'?: string | number | undefined; 'kibana.alert.original_event.timezone'?: string | undefined; 'kibana.alert.original_event.url'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.building_block_type'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.immutable'?: string[] | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.rule.timeline_id'?: string[] | undefined; 'kibana.alert.rule.timeline_title'?: string[] | undefined; 'kibana.alert.rule.timestamp_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.threshold_result.cardinality'?: unknown; 'kibana.alert.threshold_result.count'?: string | number | undefined; 'kibana.alert.threshold_result.from'?: string | number | undefined; 'kibana.alert.threshold_result.terms'?: { field?: string | undefined; value?: string | undefined; }[] | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.user.criticality_level'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.alert.workflow_user'?: string | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; 'user.asset.criticality'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" + "{ '@timestamp': string | number; 'kibana.alert.ancestors': { depth: string | number; id: string; index: string; type: string; }[]; 'kibana.alert.depth': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.original_event.action': string; 'kibana.alert.original_event.category': string[]; 'kibana.alert.original_event.created': string | number; 'kibana.alert.original_event.dataset': string; 'kibana.alert.original_event.id': string; 'kibana.alert.original_event.ingested': string | number; 'kibana.alert.original_event.kind': string; 'kibana.alert.original_event.module': string; 'kibana.alert.original_event.original': string; 'kibana.alert.original_event.outcome': string; 'kibana.alert.original_event.provider': string; 'kibana.alert.original_event.sequence': string | number; 'kibana.alert.original_event.type': string[]; 'kibana.alert.original_time': string | number; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.false_positives': string[]; 'kibana.alert.rule.max_signals': (string | number)[]; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.threat.framework': string; 'kibana.alert.rule.threat.tactic.id': string; 'kibana.alert.rule.threat.tactic.name': string; 'kibana.alert.rule.threat.tactic.reference': string; 'kibana.alert.rule.threat.technique.id': string; 'kibana.alert.rule.threat.technique.name': string; 'kibana.alert.rule.threat.technique.reference': string; 'kibana.alert.rule.threat.technique.subtechnique.id': string; 'kibana.alert.rule.threat.technique.subtechnique.name': string; 'kibana.alert.rule.threat.technique.subtechnique.reference': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'ecs.version'?: string | undefined; 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'host.asset.criticality'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.ancestors.rule'?: string | undefined; 'kibana.alert.building_block_type'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.group.id'?: string | undefined; 'kibana.alert.group.index'?: number | undefined; 'kibana.alert.host.criticality_level'?: string | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.new_terms'?: string[] | undefined; 'kibana.alert.original_event.agent_id_status'?: string | undefined; 'kibana.alert.original_event.code'?: string | undefined; 'kibana.alert.original_event.duration'?: string | undefined; 'kibana.alert.original_event.end'?: string | number | undefined; 'kibana.alert.original_event.hash'?: string | undefined; 'kibana.alert.original_event.reason'?: string | undefined; 'kibana.alert.original_event.reference'?: string | undefined; 'kibana.alert.original_event.risk_score'?: number | undefined; 'kibana.alert.original_event.risk_score_norm'?: number | undefined; 'kibana.alert.original_event.severity'?: string | number | undefined; 'kibana.alert.original_event.start'?: string | number | undefined; 'kibana.alert.original_event.timezone'?: string | undefined; 'kibana.alert.original_event.url'?: string | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.building_block_type'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.immutable'?: string[] | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.rule.timeline_id'?: string[] | undefined; 'kibana.alert.rule.timeline_title'?: string[] | undefined; 'kibana.alert.rule.timestamp_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.threshold_result.cardinality'?: unknown; 'kibana.alert.threshold_result.count'?: string | number | undefined; 'kibana.alert.threshold_result.from'?: string | number | undefined; 'kibana.alert.threshold_result.terms'?: { field?: string | undefined; value?: string | undefined; }[] | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.user.criticality_level'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.alert.workflow_user'?: string | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; 'user.asset.criticality'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; } & {} & { 'ecs.version'?: string | undefined; 'kibana.alert.risk_score'?: number | undefined; 'kibana.alert.rule.author'?: string | undefined; 'kibana.alert.rule.created_at'?: string | number | undefined; 'kibana.alert.rule.created_by'?: string | undefined; 'kibana.alert.rule.description'?: string | undefined; 'kibana.alert.rule.enabled'?: string | undefined; 'kibana.alert.rule.from'?: string | undefined; 'kibana.alert.rule.interval'?: string | undefined; 'kibana.alert.rule.license'?: string | undefined; 'kibana.alert.rule.note'?: string | undefined; 'kibana.alert.rule.references'?: string[] | undefined; 'kibana.alert.rule.rule_id'?: string | undefined; 'kibana.alert.rule.rule_name_override'?: string | undefined; 'kibana.alert.rule.to'?: string | undefined; 'kibana.alert.rule.type'?: string | undefined; 'kibana.alert.rule.updated_at'?: string | number | undefined; 'kibana.alert.rule.updated_by'?: string | undefined; 'kibana.alert.rule.version'?: string | undefined; 'kibana.alert.severity'?: string | undefined; 'kibana.alert.suppression.docs_count'?: string | number | undefined; 'kibana.alert.suppression.end'?: string | number | undefined; 'kibana.alert.suppression.start'?: string | number | undefined; 'kibana.alert.suppression.terms.field'?: string[] | undefined; 'kibana.alert.suppression.terms.value'?: string[] | undefined; 'kibana.alert.system_status'?: string | undefined; 'kibana.alert.workflow_reason'?: string | undefined; 'kibana.alert.workflow_status_updated_at'?: string | number | undefined; 'kibana.alert.workflow_user'?: string | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts", "deprecated": false, @@ -450,7 +450,7 @@ "label": "StackAlert", "description": [], "signature": [ - "{} & { 'kibana.alert.evaluation.conditions'?: string | undefined; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | undefined; 'kibana.alert.title'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; }" + "{} & { 'kibana.alert.evaluation.conditions'?: string | undefined; 'kibana.alert.evaluation.threshold'?: string | number | undefined; 'kibana.alert.evaluation.value'?: string | undefined; 'kibana.alert.title'?: string | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; } & { '@timestamp': string | number; 'ecs.version': string; } & { 'agent.build.original'?: string | undefined; 'agent.ephemeral_id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'agent.type'?: string | undefined; 'agent.version'?: string | undefined; 'client.address'?: string | undefined; 'client.as.number'?: string | number | undefined; 'client.as.organization.name'?: string | undefined; 'client.bytes'?: string | number | undefined; 'client.domain'?: string | undefined; 'client.geo.city_name'?: string | undefined; 'client.geo.continent_code'?: string | undefined; 'client.geo.continent_name'?: string | undefined; 'client.geo.country_iso_code'?: string | undefined; 'client.geo.country_name'?: string | undefined; 'client.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'client.geo.name'?: string | undefined; 'client.geo.postal_code'?: string | undefined; 'client.geo.region_iso_code'?: string | undefined; 'client.geo.region_name'?: string | undefined; 'client.geo.timezone'?: string | undefined; 'client.ip'?: string | undefined; 'client.mac'?: string | undefined; 'client.nat.ip'?: string | undefined; 'client.nat.port'?: string | number | undefined; 'client.packets'?: string | number | undefined; 'client.port'?: string | number | undefined; 'client.registered_domain'?: string | undefined; 'client.subdomain'?: string | undefined; 'client.top_level_domain'?: string | undefined; 'client.user.domain'?: string | undefined; 'client.user.email'?: string | undefined; 'client.user.full_name'?: string | undefined; 'client.user.group.domain'?: string | undefined; 'client.user.group.id'?: string | undefined; 'client.user.group.name'?: string | undefined; 'client.user.hash'?: string | undefined; 'client.user.id'?: string | undefined; 'client.user.name'?: string | undefined; 'client.user.roles'?: string[] | undefined; 'cloud.account.id'?: string | undefined; 'cloud.account.name'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.instance.id'?: string | undefined; 'cloud.instance.name'?: string | undefined; 'cloud.machine.type'?: string | undefined; 'cloud.origin.account.id'?: string | undefined; 'cloud.origin.account.name'?: string | undefined; 'cloud.origin.availability_zone'?: string | undefined; 'cloud.origin.instance.id'?: string | undefined; 'cloud.origin.instance.name'?: string | undefined; 'cloud.origin.machine.type'?: string | undefined; 'cloud.origin.project.id'?: string | undefined; 'cloud.origin.project.name'?: string | undefined; 'cloud.origin.provider'?: string | undefined; 'cloud.origin.region'?: string | undefined; 'cloud.origin.service.name'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.project.name'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.service.name'?: string | undefined; 'cloud.target.account.id'?: string | undefined; 'cloud.target.account.name'?: string | undefined; 'cloud.target.availability_zone'?: string | undefined; 'cloud.target.instance.id'?: string | undefined; 'cloud.target.instance.name'?: string | undefined; 'cloud.target.machine.type'?: string | undefined; 'cloud.target.project.id'?: string | undefined; 'cloud.target.project.name'?: string | undefined; 'cloud.target.provider'?: string | undefined; 'cloud.target.region'?: string | undefined; 'cloud.target.service.name'?: string | undefined; 'container.cpu.usage'?: string | number | undefined; 'container.disk.read.bytes'?: string | number | undefined; 'container.disk.write.bytes'?: string | number | undefined; 'container.id'?: string | undefined; 'container.image.hash.all'?: string[] | undefined; 'container.image.name'?: string | undefined; 'container.image.tag'?: string[] | undefined; 'container.labels'?: unknown; 'container.memory.usage'?: string | number | undefined; 'container.name'?: string | undefined; 'container.network.egress.bytes'?: string | number | undefined; 'container.network.ingress.bytes'?: string | number | undefined; 'container.runtime'?: string | undefined; 'container.security_context.privileged'?: boolean | undefined; 'destination.address'?: string | undefined; 'destination.as.number'?: string | number | undefined; 'destination.as.organization.name'?: string | undefined; 'destination.bytes'?: string | number | undefined; 'destination.domain'?: string | undefined; 'destination.geo.city_name'?: string | undefined; 'destination.geo.continent_code'?: string | undefined; 'destination.geo.continent_name'?: string | undefined; 'destination.geo.country_iso_code'?: string | undefined; 'destination.geo.country_name'?: string | undefined; 'destination.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'destination.geo.name'?: string | undefined; 'destination.geo.postal_code'?: string | undefined; 'destination.geo.region_iso_code'?: string | undefined; 'destination.geo.region_name'?: string | undefined; 'destination.geo.timezone'?: string | undefined; 'destination.ip'?: string | undefined; 'destination.mac'?: string | undefined; 'destination.nat.ip'?: string | undefined; 'destination.nat.port'?: string | number | undefined; 'destination.packets'?: string | number | undefined; 'destination.port'?: string | number | undefined; 'destination.registered_domain'?: string | undefined; 'destination.subdomain'?: string | undefined; 'destination.top_level_domain'?: string | undefined; 'destination.user.domain'?: string | undefined; 'destination.user.email'?: string | undefined; 'destination.user.full_name'?: string | undefined; 'destination.user.group.domain'?: string | undefined; 'destination.user.group.id'?: string | undefined; 'destination.user.group.name'?: string | undefined; 'destination.user.hash'?: string | undefined; 'destination.user.id'?: string | undefined; 'destination.user.name'?: string | undefined; 'destination.user.roles'?: string[] | undefined; 'device.id'?: string | undefined; 'device.manufacturer'?: string | undefined; 'device.model.identifier'?: string | undefined; 'device.model.name'?: string | undefined; 'dll.code_signature.digest_algorithm'?: string | undefined; 'dll.code_signature.exists'?: boolean | undefined; 'dll.code_signature.signing_id'?: string | undefined; 'dll.code_signature.status'?: string | undefined; 'dll.code_signature.subject_name'?: string | undefined; 'dll.code_signature.team_id'?: string | undefined; 'dll.code_signature.timestamp'?: string | number | undefined; 'dll.code_signature.trusted'?: boolean | undefined; 'dll.code_signature.valid'?: boolean | undefined; 'dll.hash.md5'?: string | undefined; 'dll.hash.sha1'?: string | undefined; 'dll.hash.sha256'?: string | undefined; 'dll.hash.sha384'?: string | undefined; 'dll.hash.sha512'?: string | undefined; 'dll.hash.ssdeep'?: string | undefined; 'dll.hash.tlsh'?: string | undefined; 'dll.name'?: string | undefined; 'dll.path'?: string | undefined; 'dll.pe.architecture'?: string | undefined; 'dll.pe.company'?: string | undefined; 'dll.pe.description'?: string | undefined; 'dll.pe.file_version'?: string | undefined; 'dll.pe.go_import_hash'?: string | undefined; 'dll.pe.go_imports'?: unknown; 'dll.pe.go_imports_names_entropy'?: string | number | undefined; 'dll.pe.go_imports_names_var_entropy'?: string | number | undefined; 'dll.pe.go_stripped'?: boolean | undefined; 'dll.pe.imphash'?: string | undefined; 'dll.pe.import_hash'?: string | undefined; 'dll.pe.imports'?: unknown[] | undefined; 'dll.pe.imports_names_entropy'?: string | number | undefined; 'dll.pe.imports_names_var_entropy'?: string | number | undefined; 'dll.pe.original_file_name'?: string | undefined; 'dll.pe.pehash'?: string | undefined; 'dll.pe.product'?: string | undefined; 'dll.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'dns.answers'?: { class?: string | undefined; data?: string | undefined; name?: string | undefined; ttl?: string | number | undefined; type?: string | undefined; }[] | undefined; 'dns.header_flags'?: string[] | undefined; 'dns.id'?: string | undefined; 'dns.op_code'?: string | undefined; 'dns.question.class'?: string | undefined; 'dns.question.name'?: string | undefined; 'dns.question.registered_domain'?: string | undefined; 'dns.question.subdomain'?: string | undefined; 'dns.question.top_level_domain'?: string | undefined; 'dns.question.type'?: string | undefined; 'dns.resolved_ip'?: string[] | undefined; 'dns.response_code'?: string | undefined; 'dns.type'?: string | undefined; 'email.attachments'?: { 'file.extension'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.name'?: string | undefined; 'file.size'?: string | number | undefined; }[] | undefined; 'email.bcc.address'?: string[] | undefined; 'email.cc.address'?: string[] | undefined; 'email.content_type'?: string | undefined; 'email.delivery_timestamp'?: string | number | undefined; 'email.direction'?: string | undefined; 'email.from.address'?: string[] | undefined; 'email.local_id'?: string | undefined; 'email.message_id'?: string | undefined; 'email.origination_timestamp'?: string | number | undefined; 'email.reply_to.address'?: string[] | undefined; 'email.sender.address'?: string | undefined; 'email.subject'?: string | undefined; 'email.to.address'?: string[] | undefined; 'email.x_mailer'?: string | undefined; 'error.code'?: string | undefined; 'error.id'?: string | undefined; 'error.message'?: string | undefined; 'error.stack_trace'?: string | undefined; 'error.type'?: string | undefined; 'event.action'?: string | undefined; 'event.agent_id_status'?: string | undefined; 'event.category'?: string[] | undefined; 'event.code'?: string | undefined; 'event.created'?: string | number | undefined; 'event.dataset'?: string | undefined; 'event.duration'?: string | number | undefined; 'event.end'?: string | number | undefined; 'event.hash'?: string | undefined; 'event.id'?: string | undefined; 'event.ingested'?: string | number | undefined; 'event.kind'?: string | undefined; 'event.module'?: string | undefined; 'event.original'?: string | undefined; 'event.outcome'?: string | undefined; 'event.provider'?: string | undefined; 'event.reason'?: string | undefined; 'event.reference'?: string | undefined; 'event.risk_score'?: number | undefined; 'event.risk_score_norm'?: number | undefined; 'event.sequence'?: string | number | undefined; 'event.severity'?: string | number | undefined; 'event.start'?: string | number | undefined; 'event.timezone'?: string | undefined; 'event.type'?: string[] | undefined; 'event.url'?: string | undefined; 'faas.coldstart'?: boolean | undefined; 'faas.execution'?: string | undefined; 'faas.id'?: string | undefined; 'faas.name'?: string | undefined; 'faas.version'?: string | undefined; 'file.accessed'?: string | number | undefined; 'file.attributes'?: string[] | undefined; 'file.code_signature.digest_algorithm'?: string | undefined; 'file.code_signature.exists'?: boolean | undefined; 'file.code_signature.signing_id'?: string | undefined; 'file.code_signature.status'?: string | undefined; 'file.code_signature.subject_name'?: string | undefined; 'file.code_signature.team_id'?: string | undefined; 'file.code_signature.timestamp'?: string | number | undefined; 'file.code_signature.trusted'?: boolean | undefined; 'file.code_signature.valid'?: boolean | undefined; 'file.created'?: string | number | undefined; 'file.ctime'?: string | number | undefined; 'file.device'?: string | undefined; 'file.directory'?: string | undefined; 'file.drive_letter'?: string | undefined; 'file.elf.architecture'?: string | undefined; 'file.elf.byte_order'?: string | undefined; 'file.elf.cpu_type'?: string | undefined; 'file.elf.creation_date'?: string | number | undefined; 'file.elf.exports'?: unknown[] | undefined; 'file.elf.go_import_hash'?: string | undefined; 'file.elf.go_imports'?: unknown; 'file.elf.go_imports_names_entropy'?: string | number | undefined; 'file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'file.elf.go_stripped'?: boolean | undefined; 'file.elf.header.abi_version'?: string | undefined; 'file.elf.header.class'?: string | undefined; 'file.elf.header.data'?: string | undefined; 'file.elf.header.entrypoint'?: string | number | undefined; 'file.elf.header.object_version'?: string | undefined; 'file.elf.header.os_abi'?: string | undefined; 'file.elf.header.type'?: string | undefined; 'file.elf.header.version'?: string | undefined; 'file.elf.import_hash'?: string | undefined; 'file.elf.imports'?: unknown[] | undefined; 'file.elf.imports_names_entropy'?: string | number | undefined; 'file.elf.imports_names_var_entropy'?: string | number | undefined; 'file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'file.elf.shared_libraries'?: string[] | undefined; 'file.elf.telfhash'?: string | undefined; 'file.extension'?: string | undefined; 'file.fork_name'?: string | undefined; 'file.gid'?: string | undefined; 'file.group'?: string | undefined; 'file.hash.md5'?: string | undefined; 'file.hash.sha1'?: string | undefined; 'file.hash.sha256'?: string | undefined; 'file.hash.sha384'?: string | undefined; 'file.hash.sha512'?: string | undefined; 'file.hash.ssdeep'?: string | undefined; 'file.hash.tlsh'?: string | undefined; 'file.inode'?: string | undefined; 'file.macho.go_import_hash'?: string | undefined; 'file.macho.go_imports'?: unknown; 'file.macho.go_imports_names_entropy'?: string | number | undefined; 'file.macho.go_imports_names_var_entropy'?: string | number | undefined; 'file.macho.go_stripped'?: boolean | undefined; 'file.macho.import_hash'?: string | undefined; 'file.macho.imports'?: unknown[] | undefined; 'file.macho.imports_names_entropy'?: string | number | undefined; 'file.macho.imports_names_var_entropy'?: string | number | undefined; 'file.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.macho.symhash'?: string | undefined; 'file.mime_type'?: string | undefined; 'file.mode'?: string | undefined; 'file.mtime'?: string | number | undefined; 'file.name'?: string | undefined; 'file.owner'?: string | undefined; 'file.path'?: string | undefined; 'file.pe.architecture'?: string | undefined; 'file.pe.company'?: string | undefined; 'file.pe.description'?: string | undefined; 'file.pe.file_version'?: string | undefined; 'file.pe.go_import_hash'?: string | undefined; 'file.pe.go_imports'?: unknown; 'file.pe.go_imports_names_entropy'?: string | number | undefined; 'file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'file.pe.go_stripped'?: boolean | undefined; 'file.pe.imphash'?: string | undefined; 'file.pe.import_hash'?: string | undefined; 'file.pe.imports'?: unknown[] | undefined; 'file.pe.imports_names_entropy'?: string | number | undefined; 'file.pe.imports_names_var_entropy'?: string | number | undefined; 'file.pe.original_file_name'?: string | undefined; 'file.pe.pehash'?: string | undefined; 'file.pe.product'?: string | undefined; 'file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'file.size'?: string | number | undefined; 'file.target_path'?: string | undefined; 'file.type'?: string | undefined; 'file.uid'?: string | undefined; 'file.x509.alternative_names'?: string[] | undefined; 'file.x509.issuer.common_name'?: string[] | undefined; 'file.x509.issuer.country'?: string[] | undefined; 'file.x509.issuer.distinguished_name'?: string | undefined; 'file.x509.issuer.locality'?: string[] | undefined; 'file.x509.issuer.organization'?: string[] | undefined; 'file.x509.issuer.organizational_unit'?: string[] | undefined; 'file.x509.issuer.state_or_province'?: string[] | undefined; 'file.x509.not_after'?: string | number | undefined; 'file.x509.not_before'?: string | number | undefined; 'file.x509.public_key_algorithm'?: string | undefined; 'file.x509.public_key_curve'?: string | undefined; 'file.x509.public_key_exponent'?: string | number | undefined; 'file.x509.public_key_size'?: string | number | undefined; 'file.x509.serial_number'?: string | undefined; 'file.x509.signature_algorithm'?: string | undefined; 'file.x509.subject.common_name'?: string[] | undefined; 'file.x509.subject.country'?: string[] | undefined; 'file.x509.subject.distinguished_name'?: string | undefined; 'file.x509.subject.locality'?: string[] | undefined; 'file.x509.subject.organization'?: string[] | undefined; 'file.x509.subject.organizational_unit'?: string[] | undefined; 'file.x509.subject.state_or_province'?: string[] | undefined; 'file.x509.version_number'?: string | undefined; 'group.domain'?: string | undefined; 'group.id'?: string | undefined; 'group.name'?: string | undefined; 'host.architecture'?: string | undefined; 'host.boot.id'?: string | undefined; 'host.cpu.usage'?: string | number | undefined; 'host.disk.read.bytes'?: string | number | undefined; 'host.disk.write.bytes'?: string | number | undefined; 'host.domain'?: string | undefined; 'host.geo.city_name'?: string | undefined; 'host.geo.continent_code'?: string | undefined; 'host.geo.continent_name'?: string | undefined; 'host.geo.country_iso_code'?: string | undefined; 'host.geo.country_name'?: string | undefined; 'host.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'host.geo.name'?: string | undefined; 'host.geo.postal_code'?: string | undefined; 'host.geo.region_iso_code'?: string | undefined; 'host.geo.region_name'?: string | undefined; 'host.geo.timezone'?: string | undefined; 'host.hostname'?: string | undefined; 'host.id'?: string | undefined; 'host.ip'?: string[] | undefined; 'host.mac'?: string[] | undefined; 'host.name'?: string | undefined; 'host.network.egress.bytes'?: string | number | undefined; 'host.network.egress.packets'?: string | number | undefined; 'host.network.ingress.bytes'?: string | number | undefined; 'host.network.ingress.packets'?: string | number | undefined; 'host.os.family'?: string | undefined; 'host.os.full'?: string | undefined; 'host.os.kernel'?: string | undefined; 'host.os.name'?: string | undefined; 'host.os.platform'?: string | undefined; 'host.os.type'?: string | undefined; 'host.os.version'?: string | undefined; 'host.pid_ns_ino'?: string | undefined; 'host.risk.calculated_level'?: string | undefined; 'host.risk.calculated_score'?: number | undefined; 'host.risk.calculated_score_norm'?: number | undefined; 'host.risk.static_level'?: string | undefined; 'host.risk.static_score'?: number | undefined; 'host.risk.static_score_norm'?: number | undefined; 'host.type'?: string | undefined; 'host.uptime'?: string | number | undefined; 'http.request.body.bytes'?: string | number | undefined; 'http.request.body.content'?: string | undefined; 'http.request.bytes'?: string | number | undefined; 'http.request.id'?: string | undefined; 'http.request.method'?: string | undefined; 'http.request.mime_type'?: string | undefined; 'http.request.referrer'?: string | undefined; 'http.response.body.bytes'?: string | number | undefined; 'http.response.body.content'?: string | undefined; 'http.response.bytes'?: string | number | undefined; 'http.response.mime_type'?: string | undefined; 'http.response.status_code'?: string | number | undefined; 'http.version'?: string | undefined; labels?: unknown; 'log.file.path'?: string | undefined; 'log.level'?: string | undefined; 'log.logger'?: string | undefined; 'log.origin.file.line'?: string | number | undefined; 'log.origin.file.name'?: string | undefined; 'log.origin.function'?: string | undefined; 'log.syslog'?: unknown; message?: string | undefined; 'network.application'?: string | undefined; 'network.bytes'?: string | number | undefined; 'network.community_id'?: string | undefined; 'network.direction'?: string | undefined; 'network.forwarded_ip'?: string | undefined; 'network.iana_number'?: string | undefined; 'network.inner'?: unknown; 'network.name'?: string | undefined; 'network.packets'?: string | number | undefined; 'network.protocol'?: string | undefined; 'network.transport'?: string | undefined; 'network.type'?: string | undefined; 'network.vlan.id'?: string | undefined; 'network.vlan.name'?: string | undefined; 'observer.egress'?: unknown; 'observer.geo.city_name'?: string | undefined; 'observer.geo.continent_code'?: string | undefined; 'observer.geo.continent_name'?: string | undefined; 'observer.geo.country_iso_code'?: string | undefined; 'observer.geo.country_name'?: string | undefined; 'observer.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'observer.geo.name'?: string | undefined; 'observer.geo.postal_code'?: string | undefined; 'observer.geo.region_iso_code'?: string | undefined; 'observer.geo.region_name'?: string | undefined; 'observer.geo.timezone'?: string | undefined; 'observer.hostname'?: string | undefined; 'observer.ingress'?: unknown; 'observer.ip'?: string[] | undefined; 'observer.mac'?: string[] | undefined; 'observer.name'?: string | undefined; 'observer.os.family'?: string | undefined; 'observer.os.full'?: string | undefined; 'observer.os.kernel'?: string | undefined; 'observer.os.name'?: string | undefined; 'observer.os.platform'?: string | undefined; 'observer.os.type'?: string | undefined; 'observer.os.version'?: string | undefined; 'observer.product'?: string | undefined; 'observer.serial_number'?: string | undefined; 'observer.type'?: string | undefined; 'observer.vendor'?: string | undefined; 'observer.version'?: string | undefined; 'orchestrator.api_version'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.url'?: string | undefined; 'orchestrator.cluster.version'?: string | undefined; 'orchestrator.namespace'?: string | undefined; 'orchestrator.organization'?: string | undefined; 'orchestrator.resource.annotation'?: string[] | undefined; 'orchestrator.resource.id'?: string | undefined; 'orchestrator.resource.ip'?: string[] | undefined; 'orchestrator.resource.label'?: string[] | undefined; 'orchestrator.resource.name'?: string | undefined; 'orchestrator.resource.parent.type'?: string | undefined; 'orchestrator.resource.type'?: string | undefined; 'orchestrator.type'?: string | undefined; 'organization.id'?: string | undefined; 'organization.name'?: string | undefined; 'package.architecture'?: string | undefined; 'package.build_version'?: string | undefined; 'package.checksum'?: string | undefined; 'package.description'?: string | undefined; 'package.install_scope'?: string | undefined; 'package.installed'?: string | number | undefined; 'package.license'?: string | undefined; 'package.name'?: string | undefined; 'package.path'?: string | undefined; 'package.reference'?: string | undefined; 'package.size'?: string | number | undefined; 'package.type'?: string | undefined; 'package.version'?: string | undefined; 'process.args'?: string[] | undefined; 'process.args_count'?: string | number | undefined; 'process.code_signature.digest_algorithm'?: string | undefined; 'process.code_signature.exists'?: boolean | undefined; 'process.code_signature.signing_id'?: string | undefined; 'process.code_signature.status'?: string | undefined; 'process.code_signature.subject_name'?: string | undefined; 'process.code_signature.team_id'?: string | undefined; 'process.code_signature.timestamp'?: string | number | undefined; 'process.code_signature.trusted'?: boolean | undefined; 'process.code_signature.valid'?: boolean | undefined; 'process.command_line'?: string | undefined; 'process.elf.architecture'?: string | undefined; 'process.elf.byte_order'?: string | undefined; 'process.elf.cpu_type'?: string | undefined; 'process.elf.creation_date'?: string | number | undefined; 'process.elf.exports'?: unknown[] | undefined; 'process.elf.go_import_hash'?: string | undefined; 'process.elf.go_imports'?: unknown; 'process.elf.go_imports_names_entropy'?: string | number | undefined; 'process.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.elf.go_stripped'?: boolean | undefined; 'process.elf.header.abi_version'?: string | undefined; 'process.elf.header.class'?: string | undefined; 'process.elf.header.data'?: string | undefined; 'process.elf.header.entrypoint'?: string | number | undefined; 'process.elf.header.object_version'?: string | undefined; 'process.elf.header.os_abi'?: string | undefined; 'process.elf.header.type'?: string | undefined; 'process.elf.header.version'?: string | undefined; 'process.elf.import_hash'?: string | undefined; 'process.elf.imports'?: unknown[] | undefined; 'process.elf.imports_names_entropy'?: string | number | undefined; 'process.elf.imports_names_var_entropy'?: string | number | undefined; 'process.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.elf.shared_libraries'?: string[] | undefined; 'process.elf.telfhash'?: string | undefined; 'process.end'?: string | number | undefined; 'process.entity_id'?: string | undefined; 'process.entry_leader.args'?: string[] | undefined; 'process.entry_leader.args_count'?: string | number | undefined; 'process.entry_leader.attested_groups.name'?: string | undefined; 'process.entry_leader.attested_user.id'?: string | undefined; 'process.entry_leader.attested_user.name'?: string | undefined; 'process.entry_leader.command_line'?: string | undefined; 'process.entry_leader.entity_id'?: string | undefined; 'process.entry_leader.entry_meta.source.ip'?: string | undefined; 'process.entry_leader.entry_meta.type'?: string | undefined; 'process.entry_leader.executable'?: string | undefined; 'process.entry_leader.group.id'?: string | undefined; 'process.entry_leader.group.name'?: string | undefined; 'process.entry_leader.interactive'?: boolean | undefined; 'process.entry_leader.name'?: string | undefined; 'process.entry_leader.parent.entity_id'?: string | undefined; 'process.entry_leader.parent.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.entity_id'?: string | undefined; 'process.entry_leader.parent.session_leader.pid'?: string | number | undefined; 'process.entry_leader.parent.session_leader.start'?: string | number | undefined; 'process.entry_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.entry_leader.parent.start'?: string | number | undefined; 'process.entry_leader.parent.vpid'?: string | number | undefined; 'process.entry_leader.pid'?: string | number | undefined; 'process.entry_leader.real_group.id'?: string | undefined; 'process.entry_leader.real_group.name'?: string | undefined; 'process.entry_leader.real_user.id'?: string | undefined; 'process.entry_leader.real_user.name'?: string | undefined; 'process.entry_leader.same_as_process'?: boolean | undefined; 'process.entry_leader.saved_group.id'?: string | undefined; 'process.entry_leader.saved_group.name'?: string | undefined; 'process.entry_leader.saved_user.id'?: string | undefined; 'process.entry_leader.saved_user.name'?: string | undefined; 'process.entry_leader.start'?: string | number | undefined; 'process.entry_leader.supplemental_groups.id'?: string | undefined; 'process.entry_leader.supplemental_groups.name'?: string | undefined; 'process.entry_leader.tty'?: unknown; 'process.entry_leader.user.id'?: string | undefined; 'process.entry_leader.user.name'?: string | undefined; 'process.entry_leader.vpid'?: string | number | undefined; 'process.entry_leader.working_directory'?: string | undefined; 'process.env_vars'?: string[] | undefined; 'process.executable'?: string | undefined; 'process.exit_code'?: string | number | undefined; 'process.group_leader.args'?: string[] | undefined; 'process.group_leader.args_count'?: string | number | undefined; 'process.group_leader.command_line'?: string | undefined; 'process.group_leader.entity_id'?: string | undefined; 'process.group_leader.executable'?: string | undefined; 'process.group_leader.group.id'?: string | undefined; 'process.group_leader.group.name'?: string | undefined; 'process.group_leader.interactive'?: boolean | undefined; 'process.group_leader.name'?: string | undefined; 'process.group_leader.pid'?: string | number | undefined; 'process.group_leader.real_group.id'?: string | undefined; 'process.group_leader.real_group.name'?: string | undefined; 'process.group_leader.real_user.id'?: string | undefined; 'process.group_leader.real_user.name'?: string | undefined; 'process.group_leader.same_as_process'?: boolean | undefined; 'process.group_leader.saved_group.id'?: string | undefined; 'process.group_leader.saved_group.name'?: string | undefined; 'process.group_leader.saved_user.id'?: string | undefined; 'process.group_leader.saved_user.name'?: string | undefined; 'process.group_leader.start'?: string | number | undefined; 'process.group_leader.supplemental_groups.id'?: string | undefined; 'process.group_leader.supplemental_groups.name'?: string | undefined; 'process.group_leader.tty'?: unknown; 'process.group_leader.user.id'?: string | undefined; 'process.group_leader.user.name'?: string | undefined; 'process.group_leader.vpid'?: string | number | undefined; 'process.group_leader.working_directory'?: string | undefined; 'process.hash.md5'?: string | undefined; 'process.hash.sha1'?: string | undefined; 'process.hash.sha256'?: string | undefined; 'process.hash.sha384'?: string | undefined; 'process.hash.sha512'?: string | undefined; 'process.hash.ssdeep'?: string | undefined; 'process.hash.tlsh'?: string | undefined; 'process.interactive'?: boolean | undefined; 'process.io'?: unknown; 'process.macho.go_import_hash'?: string | undefined; 'process.macho.go_imports'?: unknown; 'process.macho.go_imports_names_entropy'?: string | number | undefined; 'process.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.macho.go_stripped'?: boolean | undefined; 'process.macho.import_hash'?: string | undefined; 'process.macho.imports'?: unknown[] | undefined; 'process.macho.imports_names_entropy'?: string | number | undefined; 'process.macho.imports_names_var_entropy'?: string | number | undefined; 'process.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.macho.symhash'?: string | undefined; 'process.name'?: string | undefined; 'process.parent.args'?: string[] | undefined; 'process.parent.args_count'?: string | number | undefined; 'process.parent.code_signature.digest_algorithm'?: string | undefined; 'process.parent.code_signature.exists'?: boolean | undefined; 'process.parent.code_signature.signing_id'?: string | undefined; 'process.parent.code_signature.status'?: string | undefined; 'process.parent.code_signature.subject_name'?: string | undefined; 'process.parent.code_signature.team_id'?: string | undefined; 'process.parent.code_signature.timestamp'?: string | number | undefined; 'process.parent.code_signature.trusted'?: boolean | undefined; 'process.parent.code_signature.valid'?: boolean | undefined; 'process.parent.command_line'?: string | undefined; 'process.parent.elf.architecture'?: string | undefined; 'process.parent.elf.byte_order'?: string | undefined; 'process.parent.elf.cpu_type'?: string | undefined; 'process.parent.elf.creation_date'?: string | number | undefined; 'process.parent.elf.exports'?: unknown[] | undefined; 'process.parent.elf.go_import_hash'?: string | undefined; 'process.parent.elf.go_imports'?: unknown; 'process.parent.elf.go_imports_names_entropy'?: string | number | undefined; 'process.parent.elf.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.go_stripped'?: boolean | undefined; 'process.parent.elf.header.abi_version'?: string | undefined; 'process.parent.elf.header.class'?: string | undefined; 'process.parent.elf.header.data'?: string | undefined; 'process.parent.elf.header.entrypoint'?: string | number | undefined; 'process.parent.elf.header.object_version'?: string | undefined; 'process.parent.elf.header.os_abi'?: string | undefined; 'process.parent.elf.header.type'?: string | undefined; 'process.parent.elf.header.version'?: string | undefined; 'process.parent.elf.import_hash'?: string | undefined; 'process.parent.elf.imports'?: unknown[] | undefined; 'process.parent.elf.imports_names_entropy'?: string | number | undefined; 'process.parent.elf.imports_names_var_entropy'?: string | number | undefined; 'process.parent.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'process.parent.elf.shared_libraries'?: string[] | undefined; 'process.parent.elf.telfhash'?: string | undefined; 'process.parent.end'?: string | number | undefined; 'process.parent.entity_id'?: string | undefined; 'process.parent.executable'?: string | undefined; 'process.parent.exit_code'?: string | number | undefined; 'process.parent.group.id'?: string | undefined; 'process.parent.group.name'?: string | undefined; 'process.parent.group_leader.entity_id'?: string | undefined; 'process.parent.group_leader.pid'?: string | number | undefined; 'process.parent.group_leader.start'?: string | number | undefined; 'process.parent.group_leader.vpid'?: string | number | undefined; 'process.parent.hash.md5'?: string | undefined; 'process.parent.hash.sha1'?: string | undefined; 'process.parent.hash.sha256'?: string | undefined; 'process.parent.hash.sha384'?: string | undefined; 'process.parent.hash.sha512'?: string | undefined; 'process.parent.hash.ssdeep'?: string | undefined; 'process.parent.hash.tlsh'?: string | undefined; 'process.parent.interactive'?: boolean | undefined; 'process.parent.macho.go_import_hash'?: string | undefined; 'process.parent.macho.go_imports'?: unknown; 'process.parent.macho.go_imports_names_entropy'?: string | number | undefined; 'process.parent.macho.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.go_stripped'?: boolean | undefined; 'process.parent.macho.import_hash'?: string | undefined; 'process.parent.macho.imports'?: unknown[] | undefined; 'process.parent.macho.imports_names_entropy'?: string | number | undefined; 'process.parent.macho.imports_names_var_entropy'?: string | number | undefined; 'process.parent.macho.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.macho.symhash'?: string | undefined; 'process.parent.name'?: string | undefined; 'process.parent.pe.architecture'?: string | undefined; 'process.parent.pe.company'?: string | undefined; 'process.parent.pe.description'?: string | undefined; 'process.parent.pe.file_version'?: string | undefined; 'process.parent.pe.go_import_hash'?: string | undefined; 'process.parent.pe.go_imports'?: unknown; 'process.parent.pe.go_imports_names_entropy'?: string | number | undefined; 'process.parent.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.go_stripped'?: boolean | undefined; 'process.parent.pe.imphash'?: string | undefined; 'process.parent.pe.import_hash'?: string | undefined; 'process.parent.pe.imports'?: unknown[] | undefined; 'process.parent.pe.imports_names_entropy'?: string | number | undefined; 'process.parent.pe.imports_names_var_entropy'?: string | number | undefined; 'process.parent.pe.original_file_name'?: string | undefined; 'process.parent.pe.pehash'?: string | undefined; 'process.parent.pe.product'?: string | undefined; 'process.parent.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.parent.pgid'?: string | number | undefined; 'process.parent.pid'?: string | number | undefined; 'process.parent.real_group.id'?: string | undefined; 'process.parent.real_group.name'?: string | undefined; 'process.parent.real_user.id'?: string | undefined; 'process.parent.real_user.name'?: string | undefined; 'process.parent.saved_group.id'?: string | undefined; 'process.parent.saved_group.name'?: string | undefined; 'process.parent.saved_user.id'?: string | undefined; 'process.parent.saved_user.name'?: string | undefined; 'process.parent.start'?: string | number | undefined; 'process.parent.supplemental_groups.id'?: string | undefined; 'process.parent.supplemental_groups.name'?: string | undefined; 'process.parent.thread.capabilities.effective'?: string[] | undefined; 'process.parent.thread.capabilities.permitted'?: string[] | undefined; 'process.parent.thread.id'?: string | number | undefined; 'process.parent.thread.name'?: string | undefined; 'process.parent.title'?: string | undefined; 'process.parent.tty'?: unknown; 'process.parent.uptime'?: string | number | undefined; 'process.parent.user.id'?: string | undefined; 'process.parent.user.name'?: string | undefined; 'process.parent.vpid'?: string | number | undefined; 'process.parent.working_directory'?: string | undefined; 'process.pe.architecture'?: string | undefined; 'process.pe.company'?: string | undefined; 'process.pe.description'?: string | undefined; 'process.pe.file_version'?: string | undefined; 'process.pe.go_import_hash'?: string | undefined; 'process.pe.go_imports'?: unknown; 'process.pe.go_imports_names_entropy'?: string | number | undefined; 'process.pe.go_imports_names_var_entropy'?: string | number | undefined; 'process.pe.go_stripped'?: boolean | undefined; 'process.pe.imphash'?: string | undefined; 'process.pe.import_hash'?: string | undefined; 'process.pe.imports'?: unknown[] | undefined; 'process.pe.imports_names_entropy'?: string | number | undefined; 'process.pe.imports_names_var_entropy'?: string | number | undefined; 'process.pe.original_file_name'?: string | undefined; 'process.pe.pehash'?: string | undefined; 'process.pe.product'?: string | undefined; 'process.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'process.pgid'?: string | number | undefined; 'process.pid'?: string | number | undefined; 'process.previous.args'?: string[] | undefined; 'process.previous.args_count'?: string | number | undefined; 'process.previous.executable'?: string | undefined; 'process.real_group.id'?: string | undefined; 'process.real_group.name'?: string | undefined; 'process.real_user.id'?: string | undefined; 'process.real_user.name'?: string | undefined; 'process.saved_group.id'?: string | undefined; 'process.saved_group.name'?: string | undefined; 'process.saved_user.id'?: string | undefined; 'process.saved_user.name'?: string | undefined; 'process.session_leader.args'?: string[] | undefined; 'process.session_leader.args_count'?: string | number | undefined; 'process.session_leader.command_line'?: string | undefined; 'process.session_leader.entity_id'?: string | undefined; 'process.session_leader.executable'?: string | undefined; 'process.session_leader.group.id'?: string | undefined; 'process.session_leader.group.name'?: string | undefined; 'process.session_leader.interactive'?: boolean | undefined; 'process.session_leader.name'?: string | undefined; 'process.session_leader.parent.entity_id'?: string | undefined; 'process.session_leader.parent.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.entity_id'?: string | undefined; 'process.session_leader.parent.session_leader.pid'?: string | number | undefined; 'process.session_leader.parent.session_leader.start'?: string | number | undefined; 'process.session_leader.parent.session_leader.vpid'?: string | number | undefined; 'process.session_leader.parent.start'?: string | number | undefined; 'process.session_leader.parent.vpid'?: string | number | undefined; 'process.session_leader.pid'?: string | number | undefined; 'process.session_leader.real_group.id'?: string | undefined; 'process.session_leader.real_group.name'?: string | undefined; 'process.session_leader.real_user.id'?: string | undefined; 'process.session_leader.real_user.name'?: string | undefined; 'process.session_leader.same_as_process'?: boolean | undefined; 'process.session_leader.saved_group.id'?: string | undefined; 'process.session_leader.saved_group.name'?: string | undefined; 'process.session_leader.saved_user.id'?: string | undefined; 'process.session_leader.saved_user.name'?: string | undefined; 'process.session_leader.start'?: string | number | undefined; 'process.session_leader.supplemental_groups.id'?: string | undefined; 'process.session_leader.supplemental_groups.name'?: string | undefined; 'process.session_leader.tty'?: unknown; 'process.session_leader.user.id'?: string | undefined; 'process.session_leader.user.name'?: string | undefined; 'process.session_leader.vpid'?: string | number | undefined; 'process.session_leader.working_directory'?: string | undefined; 'process.start'?: string | number | undefined; 'process.supplemental_groups.id'?: string | undefined; 'process.supplemental_groups.name'?: string | undefined; 'process.thread.capabilities.effective'?: string[] | undefined; 'process.thread.capabilities.permitted'?: string[] | undefined; 'process.thread.id'?: string | number | undefined; 'process.thread.name'?: string | undefined; 'process.title'?: string | undefined; 'process.tty'?: unknown; 'process.uptime'?: string | number | undefined; 'process.user.id'?: string | undefined; 'process.user.name'?: string | undefined; 'process.vpid'?: string | number | undefined; 'process.working_directory'?: string | undefined; 'registry.data.bytes'?: string | undefined; 'registry.data.strings'?: string[] | undefined; 'registry.data.type'?: string | undefined; 'registry.hive'?: string | undefined; 'registry.key'?: string | undefined; 'registry.path'?: string | undefined; 'registry.value'?: string | undefined; 'related.hash'?: string[] | undefined; 'related.hosts'?: string[] | undefined; 'related.ip'?: string[] | undefined; 'related.user'?: string[] | undefined; 'rule.author'?: string[] | undefined; 'rule.category'?: string | undefined; 'rule.description'?: string | undefined; 'rule.id'?: string | undefined; 'rule.license'?: string | undefined; 'rule.name'?: string | undefined; 'rule.reference'?: string | undefined; 'rule.ruleset'?: string | undefined; 'rule.uuid'?: string | undefined; 'rule.version'?: string | undefined; 'server.address'?: string | undefined; 'server.as.number'?: string | number | undefined; 'server.as.organization.name'?: string | undefined; 'server.bytes'?: string | number | undefined; 'server.domain'?: string | undefined; 'server.geo.city_name'?: string | undefined; 'server.geo.continent_code'?: string | undefined; 'server.geo.continent_name'?: string | undefined; 'server.geo.country_iso_code'?: string | undefined; 'server.geo.country_name'?: string | undefined; 'server.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'server.geo.name'?: string | undefined; 'server.geo.postal_code'?: string | undefined; 'server.geo.region_iso_code'?: string | undefined; 'server.geo.region_name'?: string | undefined; 'server.geo.timezone'?: string | undefined; 'server.ip'?: string | undefined; 'server.mac'?: string | undefined; 'server.nat.ip'?: string | undefined; 'server.nat.port'?: string | number | undefined; 'server.packets'?: string | number | undefined; 'server.port'?: string | number | undefined; 'server.registered_domain'?: string | undefined; 'server.subdomain'?: string | undefined; 'server.top_level_domain'?: string | undefined; 'server.user.domain'?: string | undefined; 'server.user.email'?: string | undefined; 'server.user.full_name'?: string | undefined; 'server.user.group.domain'?: string | undefined; 'server.user.group.id'?: string | undefined; 'server.user.group.name'?: string | undefined; 'server.user.hash'?: string | undefined; 'server.user.id'?: string | undefined; 'server.user.name'?: string | undefined; 'server.user.roles'?: string[] | undefined; 'service.address'?: string | undefined; 'service.environment'?: string | undefined; 'service.ephemeral_id'?: string | undefined; 'service.id'?: string | undefined; 'service.name'?: string | undefined; 'service.node.name'?: string | undefined; 'service.node.role'?: string | undefined; 'service.node.roles'?: string[] | undefined; 'service.origin.address'?: string | undefined; 'service.origin.environment'?: string | undefined; 'service.origin.ephemeral_id'?: string | undefined; 'service.origin.id'?: string | undefined; 'service.origin.name'?: string | undefined; 'service.origin.node.name'?: string | undefined; 'service.origin.node.role'?: string | undefined; 'service.origin.node.roles'?: string[] | undefined; 'service.origin.state'?: string | undefined; 'service.origin.type'?: string | undefined; 'service.origin.version'?: string | undefined; 'service.state'?: string | undefined; 'service.target.address'?: string | undefined; 'service.target.environment'?: string | undefined; 'service.target.ephemeral_id'?: string | undefined; 'service.target.id'?: string | undefined; 'service.target.name'?: string | undefined; 'service.target.node.name'?: string | undefined; 'service.target.node.role'?: string | undefined; 'service.target.node.roles'?: string[] | undefined; 'service.target.state'?: string | undefined; 'service.target.type'?: string | undefined; 'service.target.version'?: string | undefined; 'service.type'?: string | undefined; 'service.version'?: string | undefined; 'source.address'?: string | undefined; 'source.as.number'?: string | number | undefined; 'source.as.organization.name'?: string | undefined; 'source.bytes'?: string | number | undefined; 'source.domain'?: string | undefined; 'source.geo.city_name'?: string | undefined; 'source.geo.continent_code'?: string | undefined; 'source.geo.continent_name'?: string | undefined; 'source.geo.country_iso_code'?: string | undefined; 'source.geo.country_name'?: string | undefined; 'source.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'source.geo.name'?: string | undefined; 'source.geo.postal_code'?: string | undefined; 'source.geo.region_iso_code'?: string | undefined; 'source.geo.region_name'?: string | undefined; 'source.geo.timezone'?: string | undefined; 'source.ip'?: string | undefined; 'source.mac'?: string | undefined; 'source.nat.ip'?: string | undefined; 'source.nat.port'?: string | number | undefined; 'source.packets'?: string | number | undefined; 'source.port'?: string | number | undefined; 'source.registered_domain'?: string | undefined; 'source.subdomain'?: string | undefined; 'source.top_level_domain'?: string | undefined; 'source.user.domain'?: string | undefined; 'source.user.email'?: string | undefined; 'source.user.full_name'?: string | undefined; 'source.user.group.domain'?: string | undefined; 'source.user.group.id'?: string | undefined; 'source.user.group.name'?: string | undefined; 'source.user.hash'?: string | undefined; 'source.user.id'?: string | undefined; 'source.user.name'?: string | undefined; 'source.user.roles'?: string[] | undefined; 'span.id'?: string | undefined; tags?: string[] | undefined; 'threat.enrichments'?: { indicator?: unknown; 'matched.atomic'?: string | undefined; 'matched.field'?: string | undefined; 'matched.id'?: string | undefined; 'matched.index'?: string | undefined; 'matched.occurred'?: string | number | undefined; 'matched.type'?: string | undefined; }[] | undefined; 'threat.feed.dashboard_id'?: string | undefined; 'threat.feed.description'?: string | undefined; 'threat.feed.name'?: string | undefined; 'threat.feed.reference'?: string | undefined; 'threat.framework'?: string | undefined; 'threat.group.alias'?: string[] | undefined; 'threat.group.id'?: string | undefined; 'threat.group.name'?: string | undefined; 'threat.group.reference'?: string | undefined; 'threat.indicator.as.number'?: string | number | undefined; 'threat.indicator.as.organization.name'?: string | undefined; 'threat.indicator.confidence'?: string | undefined; 'threat.indicator.description'?: string | undefined; 'threat.indicator.email.address'?: string | undefined; 'threat.indicator.file.accessed'?: string | number | undefined; 'threat.indicator.file.attributes'?: string[] | undefined; 'threat.indicator.file.code_signature.digest_algorithm'?: string | undefined; 'threat.indicator.file.code_signature.exists'?: boolean | undefined; 'threat.indicator.file.code_signature.signing_id'?: string | undefined; 'threat.indicator.file.code_signature.status'?: string | undefined; 'threat.indicator.file.code_signature.subject_name'?: string | undefined; 'threat.indicator.file.code_signature.team_id'?: string | undefined; 'threat.indicator.file.code_signature.timestamp'?: string | number | undefined; 'threat.indicator.file.code_signature.trusted'?: boolean | undefined; 'threat.indicator.file.code_signature.valid'?: boolean | undefined; 'threat.indicator.file.created'?: string | number | undefined; 'threat.indicator.file.ctime'?: string | number | undefined; 'threat.indicator.file.device'?: string | undefined; 'threat.indicator.file.directory'?: string | undefined; 'threat.indicator.file.drive_letter'?: string | undefined; 'threat.indicator.file.elf.architecture'?: string | undefined; 'threat.indicator.file.elf.byte_order'?: string | undefined; 'threat.indicator.file.elf.cpu_type'?: string | undefined; 'threat.indicator.file.elf.creation_date'?: string | number | undefined; 'threat.indicator.file.elf.exports'?: unknown[] | undefined; 'threat.indicator.file.elf.go_import_hash'?: string | undefined; 'threat.indicator.file.elf.go_imports'?: unknown; 'threat.indicator.file.elf.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.go_stripped'?: boolean | undefined; 'threat.indicator.file.elf.header.abi_version'?: string | undefined; 'threat.indicator.file.elf.header.class'?: string | undefined; 'threat.indicator.file.elf.header.data'?: string | undefined; 'threat.indicator.file.elf.header.entrypoint'?: string | number | undefined; 'threat.indicator.file.elf.header.object_version'?: string | undefined; 'threat.indicator.file.elf.header.os_abi'?: string | undefined; 'threat.indicator.file.elf.header.type'?: string | undefined; 'threat.indicator.file.elf.header.version'?: string | undefined; 'threat.indicator.file.elf.import_hash'?: string | undefined; 'threat.indicator.file.elf.imports'?: unknown[] | undefined; 'threat.indicator.file.elf.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.elf.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.elf.sections'?: { chi2?: string | number | undefined; entropy?: string | number | undefined; flags?: string | undefined; name?: string | undefined; physical_offset?: string | undefined; physical_size?: string | number | undefined; type?: string | undefined; var_entropy?: string | number | undefined; virtual_address?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.elf.segments'?: { sections?: string | undefined; type?: string | undefined; }[] | undefined; 'threat.indicator.file.elf.shared_libraries'?: string[] | undefined; 'threat.indicator.file.elf.telfhash'?: string | undefined; 'threat.indicator.file.extension'?: string | undefined; 'threat.indicator.file.fork_name'?: string | undefined; 'threat.indicator.file.gid'?: string | undefined; 'threat.indicator.file.group'?: string | undefined; 'threat.indicator.file.hash.md5'?: string | undefined; 'threat.indicator.file.hash.sha1'?: string | undefined; 'threat.indicator.file.hash.sha256'?: string | undefined; 'threat.indicator.file.hash.sha384'?: string | undefined; 'threat.indicator.file.hash.sha512'?: string | undefined; 'threat.indicator.file.hash.ssdeep'?: string | undefined; 'threat.indicator.file.hash.tlsh'?: string | undefined; 'threat.indicator.file.inode'?: string | undefined; 'threat.indicator.file.mime_type'?: string | undefined; 'threat.indicator.file.mode'?: string | undefined; 'threat.indicator.file.mtime'?: string | number | undefined; 'threat.indicator.file.name'?: string | undefined; 'threat.indicator.file.owner'?: string | undefined; 'threat.indicator.file.path'?: string | undefined; 'threat.indicator.file.pe.architecture'?: string | undefined; 'threat.indicator.file.pe.company'?: string | undefined; 'threat.indicator.file.pe.description'?: string | undefined; 'threat.indicator.file.pe.file_version'?: string | undefined; 'threat.indicator.file.pe.go_import_hash'?: string | undefined; 'threat.indicator.file.pe.go_imports'?: unknown; 'threat.indicator.file.pe.go_imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.go_stripped'?: boolean | undefined; 'threat.indicator.file.pe.imphash'?: string | undefined; 'threat.indicator.file.pe.import_hash'?: string | undefined; 'threat.indicator.file.pe.imports'?: unknown[] | undefined; 'threat.indicator.file.pe.imports_names_entropy'?: string | number | undefined; 'threat.indicator.file.pe.imports_names_var_entropy'?: string | number | undefined; 'threat.indicator.file.pe.original_file_name'?: string | undefined; 'threat.indicator.file.pe.pehash'?: string | undefined; 'threat.indicator.file.pe.product'?: string | undefined; 'threat.indicator.file.pe.sections'?: { entropy?: string | number | undefined; name?: string | undefined; physical_size?: string | number | undefined; var_entropy?: string | number | undefined; virtual_size?: string | number | undefined; }[] | undefined; 'threat.indicator.file.size'?: string | number | undefined; 'threat.indicator.file.target_path'?: string | undefined; 'threat.indicator.file.type'?: string | undefined; 'threat.indicator.file.uid'?: string | undefined; 'threat.indicator.file.x509.alternative_names'?: string[] | undefined; 'threat.indicator.file.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.file.x509.issuer.country'?: string[] | undefined; 'threat.indicator.file.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.file.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.not_after'?: string | number | undefined; 'threat.indicator.file.x509.not_before'?: string | number | undefined; 'threat.indicator.file.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.file.x509.public_key_curve'?: string | undefined; 'threat.indicator.file.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.file.x509.public_key_size'?: string | number | undefined; 'threat.indicator.file.x509.serial_number'?: string | undefined; 'threat.indicator.file.x509.signature_algorithm'?: string | undefined; 'threat.indicator.file.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.file.x509.subject.country'?: string[] | undefined; 'threat.indicator.file.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.file.x509.subject.locality'?: string[] | undefined; 'threat.indicator.file.x509.subject.organization'?: string[] | undefined; 'threat.indicator.file.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.file.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.file.x509.version_number'?: string | undefined; 'threat.indicator.first_seen'?: string | number | undefined; 'threat.indicator.geo.city_name'?: string | undefined; 'threat.indicator.geo.continent_code'?: string | undefined; 'threat.indicator.geo.continent_name'?: string | undefined; 'threat.indicator.geo.country_iso_code'?: string | undefined; 'threat.indicator.geo.country_name'?: string | undefined; 'threat.indicator.geo.location'?: string | { type: string; coordinates: number[]; } | { lat: number; lon: number; } | { location: number[]; } | { location: string; } | undefined; 'threat.indicator.geo.name'?: string | undefined; 'threat.indicator.geo.postal_code'?: string | undefined; 'threat.indicator.geo.region_iso_code'?: string | undefined; 'threat.indicator.geo.region_name'?: string | undefined; 'threat.indicator.geo.timezone'?: string | undefined; 'threat.indicator.ip'?: string | undefined; 'threat.indicator.last_seen'?: string | number | undefined; 'threat.indicator.marking.tlp'?: string | undefined; 'threat.indicator.marking.tlp_version'?: string | undefined; 'threat.indicator.modified_at'?: string | number | undefined; 'threat.indicator.name'?: string | undefined; 'threat.indicator.port'?: string | number | undefined; 'threat.indicator.provider'?: string | undefined; 'threat.indicator.reference'?: string | undefined; 'threat.indicator.registry.data.bytes'?: string | undefined; 'threat.indicator.registry.data.strings'?: string[] | undefined; 'threat.indicator.registry.data.type'?: string | undefined; 'threat.indicator.registry.hive'?: string | undefined; 'threat.indicator.registry.key'?: string | undefined; 'threat.indicator.registry.path'?: string | undefined; 'threat.indicator.registry.value'?: string | undefined; 'threat.indicator.scanner_stats'?: string | number | undefined; 'threat.indicator.sightings'?: string | number | undefined; 'threat.indicator.type'?: string | undefined; 'threat.indicator.url.domain'?: string | undefined; 'threat.indicator.url.extension'?: string | undefined; 'threat.indicator.url.fragment'?: string | undefined; 'threat.indicator.url.full'?: string | undefined; 'threat.indicator.url.original'?: string | undefined; 'threat.indicator.url.password'?: string | undefined; 'threat.indicator.url.path'?: string | undefined; 'threat.indicator.url.port'?: string | number | undefined; 'threat.indicator.url.query'?: string | undefined; 'threat.indicator.url.registered_domain'?: string | undefined; 'threat.indicator.url.scheme'?: string | undefined; 'threat.indicator.url.subdomain'?: string | undefined; 'threat.indicator.url.top_level_domain'?: string | undefined; 'threat.indicator.url.username'?: string | undefined; 'threat.indicator.x509.alternative_names'?: string[] | undefined; 'threat.indicator.x509.issuer.common_name'?: string[] | undefined; 'threat.indicator.x509.issuer.country'?: string[] | undefined; 'threat.indicator.x509.issuer.distinguished_name'?: string | undefined; 'threat.indicator.x509.issuer.locality'?: string[] | undefined; 'threat.indicator.x509.issuer.organization'?: string[] | undefined; 'threat.indicator.x509.issuer.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.issuer.state_or_province'?: string[] | undefined; 'threat.indicator.x509.not_after'?: string | number | undefined; 'threat.indicator.x509.not_before'?: string | number | undefined; 'threat.indicator.x509.public_key_algorithm'?: string | undefined; 'threat.indicator.x509.public_key_curve'?: string | undefined; 'threat.indicator.x509.public_key_exponent'?: string | number | undefined; 'threat.indicator.x509.public_key_size'?: string | number | undefined; 'threat.indicator.x509.serial_number'?: string | undefined; 'threat.indicator.x509.signature_algorithm'?: string | undefined; 'threat.indicator.x509.subject.common_name'?: string[] | undefined; 'threat.indicator.x509.subject.country'?: string[] | undefined; 'threat.indicator.x509.subject.distinguished_name'?: string | undefined; 'threat.indicator.x509.subject.locality'?: string[] | undefined; 'threat.indicator.x509.subject.organization'?: string[] | undefined; 'threat.indicator.x509.subject.organizational_unit'?: string[] | undefined; 'threat.indicator.x509.subject.state_or_province'?: string[] | undefined; 'threat.indicator.x509.version_number'?: string | undefined; 'threat.software.alias'?: string[] | undefined; 'threat.software.id'?: string | undefined; 'threat.software.name'?: string | undefined; 'threat.software.platforms'?: string[] | undefined; 'threat.software.reference'?: string | undefined; 'threat.software.type'?: string | undefined; 'threat.tactic.id'?: string[] | undefined; 'threat.tactic.name'?: string[] | undefined; 'threat.tactic.reference'?: string[] | undefined; 'threat.technique.id'?: string[] | undefined; 'threat.technique.name'?: string[] | undefined; 'threat.technique.reference'?: string[] | undefined; 'threat.technique.subtechnique.id'?: string[] | undefined; 'threat.technique.subtechnique.name'?: string[] | undefined; 'threat.technique.subtechnique.reference'?: string[] | undefined; 'tls.cipher'?: string | undefined; 'tls.client.certificate'?: string | undefined; 'tls.client.certificate_chain'?: string[] | undefined; 'tls.client.hash.md5'?: string | undefined; 'tls.client.hash.sha1'?: string | undefined; 'tls.client.hash.sha256'?: string | undefined; 'tls.client.issuer'?: string | undefined; 'tls.client.ja3'?: string | undefined; 'tls.client.not_after'?: string | number | undefined; 'tls.client.not_before'?: string | number | undefined; 'tls.client.server_name'?: string | undefined; 'tls.client.subject'?: string | undefined; 'tls.client.supported_ciphers'?: string[] | undefined; 'tls.client.x509.alternative_names'?: string[] | undefined; 'tls.client.x509.issuer.common_name'?: string[] | undefined; 'tls.client.x509.issuer.country'?: string[] | undefined; 'tls.client.x509.issuer.distinguished_name'?: string | undefined; 'tls.client.x509.issuer.locality'?: string[] | undefined; 'tls.client.x509.issuer.organization'?: string[] | undefined; 'tls.client.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.client.x509.issuer.state_or_province'?: string[] | undefined; 'tls.client.x509.not_after'?: string | number | undefined; 'tls.client.x509.not_before'?: string | number | undefined; 'tls.client.x509.public_key_algorithm'?: string | undefined; 'tls.client.x509.public_key_curve'?: string | undefined; 'tls.client.x509.public_key_exponent'?: string | number | undefined; 'tls.client.x509.public_key_size'?: string | number | undefined; 'tls.client.x509.serial_number'?: string | undefined; 'tls.client.x509.signature_algorithm'?: string | undefined; 'tls.client.x509.subject.common_name'?: string[] | undefined; 'tls.client.x509.subject.country'?: string[] | undefined; 'tls.client.x509.subject.distinguished_name'?: string | undefined; 'tls.client.x509.subject.locality'?: string[] | undefined; 'tls.client.x509.subject.organization'?: string[] | undefined; 'tls.client.x509.subject.organizational_unit'?: string[] | undefined; 'tls.client.x509.subject.state_or_province'?: string[] | undefined; 'tls.client.x509.version_number'?: string | undefined; 'tls.curve'?: string | undefined; 'tls.established'?: boolean | undefined; 'tls.next_protocol'?: string | undefined; 'tls.resumed'?: boolean | undefined; 'tls.server.certificate'?: string | undefined; 'tls.server.certificate_chain'?: string[] | undefined; 'tls.server.hash.md5'?: string | undefined; 'tls.server.hash.sha1'?: string | undefined; 'tls.server.hash.sha256'?: string | undefined; 'tls.server.issuer'?: string | undefined; 'tls.server.ja3s'?: string | undefined; 'tls.server.not_after'?: string | number | undefined; 'tls.server.not_before'?: string | number | undefined; 'tls.server.subject'?: string | undefined; 'tls.server.x509.alternative_names'?: string[] | undefined; 'tls.server.x509.issuer.common_name'?: string[] | undefined; 'tls.server.x509.issuer.country'?: string[] | undefined; 'tls.server.x509.issuer.distinguished_name'?: string | undefined; 'tls.server.x509.issuer.locality'?: string[] | undefined; 'tls.server.x509.issuer.organization'?: string[] | undefined; 'tls.server.x509.issuer.organizational_unit'?: string[] | undefined; 'tls.server.x509.issuer.state_or_province'?: string[] | undefined; 'tls.server.x509.not_after'?: string | number | undefined; 'tls.server.x509.not_before'?: string | number | undefined; 'tls.server.x509.public_key_algorithm'?: string | undefined; 'tls.server.x509.public_key_curve'?: string | undefined; 'tls.server.x509.public_key_exponent'?: string | number | undefined; 'tls.server.x509.public_key_size'?: string | number | undefined; 'tls.server.x509.serial_number'?: string | undefined; 'tls.server.x509.signature_algorithm'?: string | undefined; 'tls.server.x509.subject.common_name'?: string[] | undefined; 'tls.server.x509.subject.country'?: string[] | undefined; 'tls.server.x509.subject.distinguished_name'?: string | undefined; 'tls.server.x509.subject.locality'?: string[] | undefined; 'tls.server.x509.subject.organization'?: string[] | undefined; 'tls.server.x509.subject.organizational_unit'?: string[] | undefined; 'tls.server.x509.subject.state_or_province'?: string[] | undefined; 'tls.server.x509.version_number'?: string | undefined; 'tls.version'?: string | undefined; 'tls.version_protocol'?: string | undefined; 'trace.id'?: string | undefined; 'transaction.id'?: string | undefined; 'url.domain'?: string | undefined; 'url.extension'?: string | undefined; 'url.fragment'?: string | undefined; 'url.full'?: string | undefined; 'url.original'?: string | undefined; 'url.password'?: string | undefined; 'url.path'?: string | undefined; 'url.port'?: string | number | undefined; 'url.query'?: string | undefined; 'url.registered_domain'?: string | undefined; 'url.scheme'?: string | undefined; 'url.subdomain'?: string | undefined; 'url.top_level_domain'?: string | undefined; 'url.username'?: string | undefined; 'user.changes.domain'?: string | undefined; 'user.changes.email'?: string | undefined; 'user.changes.full_name'?: string | undefined; 'user.changes.group.domain'?: string | undefined; 'user.changes.group.id'?: string | undefined; 'user.changes.group.name'?: string | undefined; 'user.changes.hash'?: string | undefined; 'user.changes.id'?: string | undefined; 'user.changes.name'?: string | undefined; 'user.changes.roles'?: string[] | undefined; 'user.domain'?: string | undefined; 'user.effective.domain'?: string | undefined; 'user.effective.email'?: string | undefined; 'user.effective.full_name'?: string | undefined; 'user.effective.group.domain'?: string | undefined; 'user.effective.group.id'?: string | undefined; 'user.effective.group.name'?: string | undefined; 'user.effective.hash'?: string | undefined; 'user.effective.id'?: string | undefined; 'user.effective.name'?: string | undefined; 'user.effective.roles'?: string[] | undefined; 'user.email'?: string | undefined; 'user.full_name'?: string | undefined; 'user.group.domain'?: string | undefined; 'user.group.id'?: string | undefined; 'user.group.name'?: string | undefined; 'user.hash'?: string | undefined; 'user.id'?: string | undefined; 'user.name'?: string | undefined; 'user.risk.calculated_level'?: string | undefined; 'user.risk.calculated_score'?: number | undefined; 'user.risk.calculated_score_norm'?: number | undefined; 'user.risk.static_level'?: string | undefined; 'user.risk.static_score'?: number | undefined; 'user.risk.static_score_norm'?: number | undefined; 'user.roles'?: string[] | undefined; 'user.target.domain'?: string | undefined; 'user.target.email'?: string | undefined; 'user.target.full_name'?: string | undefined; 'user.target.group.domain'?: string | undefined; 'user.target.group.id'?: string | undefined; 'user.target.group.name'?: string | undefined; 'user.target.hash'?: string | undefined; 'user.target.id'?: string | undefined; 'user.target.name'?: string | undefined; 'user.target.roles'?: string[] | undefined; 'user_agent.device.name'?: string | undefined; 'user_agent.name'?: string | undefined; 'user_agent.original'?: string | undefined; 'user_agent.os.family'?: string | undefined; 'user_agent.os.full'?: string | undefined; 'user_agent.os.kernel'?: string | undefined; 'user_agent.os.name'?: string | undefined; 'user_agent.os.platform'?: string | undefined; 'user_agent.os.type'?: string | undefined; 'user_agent.os.version'?: string | undefined; 'user_agent.version'?: string | undefined; 'vulnerability.category'?: string[] | undefined; 'vulnerability.classification'?: string | undefined; 'vulnerability.description'?: string | undefined; 'vulnerability.enumeration'?: string | undefined; 'vulnerability.id'?: string | undefined; 'vulnerability.reference'?: string | undefined; 'vulnerability.report_id'?: string | undefined; 'vulnerability.scanner.vendor'?: string | undefined; 'vulnerability.score.base'?: number | undefined; 'vulnerability.score.environmental'?: number | undefined; 'vulnerability.score.temporal'?: number | undefined; 'vulnerability.score.version'?: string | undefined; 'vulnerability.severity'?: string | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/stack_schema.ts", "deprecated": false, @@ -465,7 +465,7 @@ "label": "TransformHealthAlert", "description": [], "signature": [ - "{} & { 'kibana.alert.results'?: { description?: string | undefined; health_status?: string | undefined; issues?: unknown; node_name?: string | undefined; transform_id?: string | undefined; transform_state?: string | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" + "{} & { 'kibana.alert.results'?: { description?: string | undefined; health_status?: string | undefined; issues?: unknown; node_name?: string | undefined; transform_id?: string | undefined; transform_state?: string | undefined; }[] | undefined; } & { '@timestamp': string | number; 'kibana.alert.instance.id': string; 'kibana.alert.rule.category': string; 'kibana.alert.rule.consumer': string; 'kibana.alert.rule.name': string; 'kibana.alert.rule.producer': string; 'kibana.alert.rule.revision': string | number; 'kibana.alert.rule.rule_type_id': string; 'kibana.alert.rule.uuid': string; 'kibana.alert.status': string; 'kibana.alert.uuid': string; 'kibana.space_ids': string[]; } & { 'event.action'?: string | undefined; 'event.kind'?: string | undefined; 'kibana.alert.action_group'?: string | undefined; 'kibana.alert.case_ids'?: string[] | undefined; 'kibana.alert.consecutive_matches'?: string | number | undefined; 'kibana.alert.duration.us'?: string | number | undefined; 'kibana.alert.end'?: string | number | undefined; 'kibana.alert.flapping'?: boolean | undefined; 'kibana.alert.flapping_history'?: boolean[] | undefined; 'kibana.alert.last_detected'?: string | number | undefined; 'kibana.alert.maintenance_window_ids'?: string[] | undefined; 'kibana.alert.previous_action_group'?: string | undefined; 'kibana.alert.reason'?: string | undefined; 'kibana.alert.rule.execution.timestamp'?: string | number | undefined; 'kibana.alert.rule.execution.uuid'?: string | undefined; 'kibana.alert.rule.parameters'?: unknown; 'kibana.alert.rule.tags'?: string[] | undefined; 'kibana.alert.severity_improving'?: boolean | undefined; 'kibana.alert.start'?: string | number | undefined; 'kibana.alert.time_range'?: { gte?: string | number | undefined; lte?: string | number | undefined; } | undefined; 'kibana.alert.url'?: string | undefined; 'kibana.alert.workflow_assignee_ids'?: string[] | undefined; 'kibana.alert.workflow_status'?: string | undefined; 'kibana.alert.workflow_tags'?: string[] | undefined; 'kibana.version'?: string | undefined; tags?: string[] | undefined; }" ], "path": "packages/kbn-alerts-as-data-utils/src/schemas/generated/transform_health_schema.ts", "deprecated": false, @@ -482,7 +482,7 @@ "label": "alertFieldMap", "description": [], "signature": [ - "{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ", + "{ readonly \"kibana.alert.action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.case_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.duration.us\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.end\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.flapping_history\": { readonly type: \"boolean\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.maintenance_window_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.consecutive_matches\": { readonly type: \"long\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.instance.id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.last_detected\": { readonly type: \"date\"; readonly required: false; readonly array: false; }; readonly \"kibana.alert.previous_action_group\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.reason\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; readonly multi_fields: ", { "pluginId": "@kbn/alerts-as-data-utils", "scope": "common", @@ -490,7 +490,7 @@ "section": "def-common.MultiField", "text": "MultiField" }, - "[]; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }" + "[]; }; readonly \"kibana.alert.rule.category\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.consumer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.execution.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.name\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.producer\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.revision\": { readonly type: \"long\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.rule.rule_type_id\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.rule.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.status\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.uuid\": { readonly type: \"keyword\"; readonly array: false; readonly required: true; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"event.action\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"event.kind\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.space_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: true; }; readonly tags: { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"@timestamp\": { readonly type: \"date\"; readonly required: true; readonly array: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }" ], "path": "packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts", "deprecated": false, diff --git a/api_docs/kbn_alerts_as_data_utils.mdx b/api_docs/kbn_alerts_as_data_utils.mdx index 123d9b56f49d7..15e6cdc1bb493 100644 --- a/api_docs/kbn_alerts_as_data_utils.mdx +++ b/api_docs/kbn_alerts_as_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-as-data-utils title: "@kbn/alerts-as-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-as-data-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-as-data-utils'] --- import kbnAlertsAsDataUtilsObj from './kbn_alerts_as_data_utils.devdocs.json'; diff --git a/api_docs/kbn_alerts_ui_shared.mdx b/api_docs/kbn_alerts_ui_shared.mdx index 35d57f481ec7e..648cbf2744cfb 100644 --- a/api_docs/kbn_alerts_ui_shared.mdx +++ b/api_docs/kbn_alerts_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-ui-shared title: "@kbn/alerts-ui-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-ui-shared plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-ui-shared'] --- import kbnAlertsUiSharedObj from './kbn_alerts_ui_shared.devdocs.json'; diff --git a/api_docs/kbn_analytics.mdx b/api_docs/kbn_analytics.mdx index bbe9c75be8743..55fef90e0f881 100644 --- a/api_docs/kbn_analytics.mdx +++ b/api_docs/kbn_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics title: "@kbn/analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics'] --- import kbnAnalyticsObj from './kbn_analytics.devdocs.json'; diff --git a/api_docs/kbn_analytics_collection_utils.mdx b/api_docs/kbn_analytics_collection_utils.mdx index 5f27bf236bf6b..f58c34825aae1 100644 --- a/api_docs/kbn_analytics_collection_utils.mdx +++ b/api_docs/kbn_analytics_collection_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-collection-utils title: "@kbn/analytics-collection-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-collection-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-collection-utils'] --- import kbnAnalyticsCollectionUtilsObj from './kbn_analytics_collection_utils.devdocs.json'; diff --git a/api_docs/kbn_apm_config_loader.mdx b/api_docs/kbn_apm_config_loader.mdx index 3e623d9afd191..4aa1947b9c1c8 100644 --- a/api_docs/kbn_apm_config_loader.mdx +++ b/api_docs/kbn_apm_config_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-config-loader title: "@kbn/apm-config-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-config-loader plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-config-loader'] --- import kbnApmConfigLoaderObj from './kbn_apm_config_loader.devdocs.json'; diff --git a/api_docs/kbn_apm_data_view.mdx b/api_docs/kbn_apm_data_view.mdx index 3ae71f62a0ac5..1b7ad780cf13a 100644 --- a/api_docs/kbn_apm_data_view.mdx +++ b/api_docs/kbn_apm_data_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-data-view title: "@kbn/apm-data-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-data-view plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-data-view'] --- import kbnApmDataViewObj from './kbn_apm_data_view.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace.mdx b/api_docs/kbn_apm_synthtrace.mdx index df690dc3c0310..501cf8baf228e 100644 --- a/api_docs/kbn_apm_synthtrace.mdx +++ b/api_docs/kbn_apm_synthtrace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace title: "@kbn/apm-synthtrace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace'] --- import kbnApmSynthtraceObj from './kbn_apm_synthtrace.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace_client.devdocs.json b/api_docs/kbn_apm_synthtrace_client.devdocs.json index 78f8a4bcfa05a..0456a1802ee4f 100644 --- a/api_docs/kbn_apm_synthtrace_client.devdocs.json +++ b/api_docs/kbn_apm_synthtrace_client.devdocs.json @@ -787,7 +787,7 @@ "label": "error", "description": [], "signature": [ - "({ message, type, culprit }: { message: string; type?: string | undefined; culprit?: string | undefined; }) => ", + "({ message, type, culprit, groupingKey, }: { message: string; type?: string | undefined; culprit?: string | undefined; groupingKey?: string | undefined; }) => ", "ApmError" ], "path": "packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts", @@ -799,7 +799,7 @@ "id": "def-common.Instance.error.$1", "type": "Object", "tags": [], - "label": "{ message, type, culprit }", + "label": "{\n message,\n type,\n culprit,\n groupingKey,\n }", "description": [], "path": "packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts", "deprecated": false, @@ -843,6 +843,20 @@ "path": "packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "@kbn/apm-synthtrace-client", + "id": "def-common.Instance.error.$1.groupingKey", + "type": "string", + "tags": [], + "label": "groupingKey", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts", + "deprecated": false, + "trackAdoption": false } ] } diff --git a/api_docs/kbn_apm_synthtrace_client.mdx b/api_docs/kbn_apm_synthtrace_client.mdx index 622949eeb618b..685bb1416d39b 100644 --- a/api_docs/kbn_apm_synthtrace_client.mdx +++ b/api_docs/kbn_apm_synthtrace_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace-client title: "@kbn/apm-synthtrace-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace-client plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace-client'] --- import kbnApmSynthtraceClientObj from './kbn_apm_synthtrace_client.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/te | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 191 | 0 | 191 | 30 | +| 192 | 0 | 192 | 30 | ## Common diff --git a/api_docs/kbn_apm_utils.mdx b/api_docs/kbn_apm_utils.mdx index 3f99d82b0162b..8e4f474b3e55b 100644 --- a/api_docs/kbn_apm_utils.mdx +++ b/api_docs/kbn_apm_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-utils title: "@kbn/apm-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-utils'] --- import kbnApmUtilsObj from './kbn_apm_utils.devdocs.json'; diff --git a/api_docs/kbn_axe_config.mdx b/api_docs/kbn_axe_config.mdx index e1d4c2a94a4ec..24ea8921b5795 100644 --- a/api_docs/kbn_axe_config.mdx +++ b/api_docs/kbn_axe_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-axe-config title: "@kbn/axe-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/axe-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/axe-config'] --- import kbnAxeConfigObj from './kbn_axe_config.devdocs.json'; diff --git a/api_docs/kbn_bfetch_error.mdx b/api_docs/kbn_bfetch_error.mdx index 940e9b0ce4404..231a4f502494f 100644 --- a/api_docs/kbn_bfetch_error.mdx +++ b/api_docs/kbn_bfetch_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-bfetch-error title: "@kbn/bfetch-error" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/bfetch-error plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/bfetch-error'] --- import kbnBfetchErrorObj from './kbn_bfetch_error.devdocs.json'; diff --git a/api_docs/kbn_calculate_auto.mdx b/api_docs/kbn_calculate_auto.mdx index 7bf64ea657b07..1a9d8622072f1 100644 --- a/api_docs/kbn_calculate_auto.mdx +++ b/api_docs/kbn_calculate_auto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-auto title: "@kbn/calculate-auto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-auto plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-auto'] --- import kbnCalculateAutoObj from './kbn_calculate_auto.devdocs.json'; diff --git a/api_docs/kbn_calculate_width_from_char_count.mdx b/api_docs/kbn_calculate_width_from_char_count.mdx index a597f8fd32b3d..b40c009b786d4 100644 --- a/api_docs/kbn_calculate_width_from_char_count.mdx +++ b/api_docs/kbn_calculate_width_from_char_count.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-width-from-char-count title: "@kbn/calculate-width-from-char-count" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-width-from-char-count plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-width-from-char-count'] --- import kbnCalculateWidthFromCharCountObj from './kbn_calculate_width_from_char_count.devdocs.json'; diff --git a/api_docs/kbn_cases_components.mdx b/api_docs/kbn_cases_components.mdx index 21ee0e55c5670..4c50d36632348 100644 --- a/api_docs/kbn_cases_components.mdx +++ b/api_docs/kbn_cases_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cases-components title: "@kbn/cases-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cases-components plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cases-components'] --- import kbnCasesComponentsObj from './kbn_cases_components.devdocs.json'; diff --git a/api_docs/kbn_cell_actions.mdx b/api_docs/kbn_cell_actions.mdx index 8e2391484decc..6855f4fac3078 100644 --- a/api_docs/kbn_cell_actions.mdx +++ b/api_docs/kbn_cell_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cell-actions title: "@kbn/cell-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cell-actions plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cell-actions'] --- import kbnCellActionsObj from './kbn_cell_actions.devdocs.json'; diff --git a/api_docs/kbn_chart_expressions_common.mdx b/api_docs/kbn_chart_expressions_common.mdx index 654803c2a4edf..92d84cf121c81 100644 --- a/api_docs/kbn_chart_expressions_common.mdx +++ b/api_docs/kbn_chart_expressions_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-expressions-common title: "@kbn/chart-expressions-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-expressions-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-expressions-common'] --- import kbnChartExpressionsCommonObj from './kbn_chart_expressions_common.devdocs.json'; diff --git a/api_docs/kbn_chart_icons.mdx b/api_docs/kbn_chart_icons.mdx index f48ca618ff2e8..00ee1abb6a0d9 100644 --- a/api_docs/kbn_chart_icons.mdx +++ b/api_docs/kbn_chart_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-icons title: "@kbn/chart-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-icons plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-icons'] --- import kbnChartIconsObj from './kbn_chart_icons.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_core.mdx b/api_docs/kbn_ci_stats_core.mdx index ac20e5f25ba4f..53905bdb14c7a 100644 --- a/api_docs/kbn_ci_stats_core.mdx +++ b/api_docs/kbn_ci_stats_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-core title: "@kbn/ci-stats-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-core plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-core'] --- import kbnCiStatsCoreObj from './kbn_ci_stats_core.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_performance_metrics.mdx b/api_docs/kbn_ci_stats_performance_metrics.mdx index 9772be39a0311..b2d71c19f7c53 100644 --- a/api_docs/kbn_ci_stats_performance_metrics.mdx +++ b/api_docs/kbn_ci_stats_performance_metrics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-performance-metrics title: "@kbn/ci-stats-performance-metrics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-performance-metrics plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-performance-metrics'] --- import kbnCiStatsPerformanceMetricsObj from './kbn_ci_stats_performance_metrics.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_reporter.mdx b/api_docs/kbn_ci_stats_reporter.mdx index f176e6b5d2064..52d15a1253a06 100644 --- a/api_docs/kbn_ci_stats_reporter.mdx +++ b/api_docs/kbn_ci_stats_reporter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-reporter title: "@kbn/ci-stats-reporter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-reporter plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-reporter'] --- import kbnCiStatsReporterObj from './kbn_ci_stats_reporter.devdocs.json'; diff --git a/api_docs/kbn_cli_dev_mode.mdx b/api_docs/kbn_cli_dev_mode.mdx index fdaa76d559c45..b67475559dd67 100644 --- a/api_docs/kbn_cli_dev_mode.mdx +++ b/api_docs/kbn_cli_dev_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cli-dev-mode title: "@kbn/cli-dev-mode" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cli-dev-mode plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cli-dev-mode'] --- import kbnCliDevModeObj from './kbn_cli_dev_mode.devdocs.json'; diff --git a/api_docs/kbn_code_editor.mdx b/api_docs/kbn_code_editor.mdx index 932983d374bbb..8738fd7c818a6 100644 --- a/api_docs/kbn_code_editor.mdx +++ b/api_docs/kbn_code_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor title: "@kbn/code-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor'] --- import kbnCodeEditorObj from './kbn_code_editor.devdocs.json'; diff --git a/api_docs/kbn_code_editor_mock.mdx b/api_docs/kbn_code_editor_mock.mdx index 45b02a163f41c..7c40db1374b32 100644 --- a/api_docs/kbn_code_editor_mock.mdx +++ b/api_docs/kbn_code_editor_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor-mock title: "@kbn/code-editor-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor-mock plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor-mock'] --- import kbnCodeEditorMockObj from './kbn_code_editor_mock.devdocs.json'; diff --git a/api_docs/kbn_code_owners.mdx b/api_docs/kbn_code_owners.mdx index 8f8b6b5816a86..419f5f53c38ef 100644 --- a/api_docs/kbn_code_owners.mdx +++ b/api_docs/kbn_code_owners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-owners title: "@kbn/code-owners" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-owners plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-owners'] --- import kbnCodeOwnersObj from './kbn_code_owners.devdocs.json'; diff --git a/api_docs/kbn_coloring.mdx b/api_docs/kbn_coloring.mdx index b8b8b414cddd9..f06e8f940494b 100644 --- a/api_docs/kbn_coloring.mdx +++ b/api_docs/kbn_coloring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-coloring title: "@kbn/coloring" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/coloring plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/coloring'] --- import kbnColoringObj from './kbn_coloring.devdocs.json'; diff --git a/api_docs/kbn_config.mdx b/api_docs/kbn_config.mdx index 00104ad821bd6..65fd46e5f73dc 100644 --- a/api_docs/kbn_config.mdx +++ b/api_docs/kbn_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config title: "@kbn/config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config'] --- import kbnConfigObj from './kbn_config.devdocs.json'; diff --git a/api_docs/kbn_config_mocks.mdx b/api_docs/kbn_config_mocks.mdx index c82ca81ba6fe8..4f239b8379d8e 100644 --- a/api_docs/kbn_config_mocks.mdx +++ b/api_docs/kbn_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-mocks title: "@kbn/config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-mocks'] --- import kbnConfigMocksObj from './kbn_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_config_schema.mdx b/api_docs/kbn_config_schema.mdx index 049c51c6da309..563a0da08a520 100644 --- a/api_docs/kbn_config_schema.mdx +++ b/api_docs/kbn_config_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-schema title: "@kbn/config-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-schema plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-schema'] --- import kbnConfigSchemaObj from './kbn_config_schema.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_editor.mdx b/api_docs/kbn_content_management_content_editor.mdx index 8397d9a466a2e..21cd9d7136c8e 100644 --- a/api_docs/kbn_content_management_content_editor.mdx +++ b/api_docs/kbn_content_management_content_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-editor title: "@kbn/content-management-content-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-editor plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-editor'] --- import kbnContentManagementContentEditorObj from './kbn_content_management_content_editor.devdocs.json'; diff --git a/api_docs/kbn_content_management_tabbed_table_list_view.mdx b/api_docs/kbn_content_management_tabbed_table_list_view.mdx index 110d074bffe61..8c857dc4ed0d6 100644 --- a/api_docs/kbn_content_management_tabbed_table_list_view.mdx +++ b/api_docs/kbn_content_management_tabbed_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-tabbed-table-list-view title: "@kbn/content-management-tabbed-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-tabbed-table-list-view plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-tabbed-table-list-view'] --- import kbnContentManagementTabbedTableListViewObj from './kbn_content_management_tabbed_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view.mdx b/api_docs/kbn_content_management_table_list_view.mdx index 39be45762cb2e..2039ab5814c9e 100644 --- a/api_docs/kbn_content_management_table_list_view.mdx +++ b/api_docs/kbn_content_management_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view title: "@kbn/content-management-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view'] --- import kbnContentManagementTableListViewObj from './kbn_content_management_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_common.mdx b/api_docs/kbn_content_management_table_list_view_common.mdx index 9fab9685d8172..9716d1c640229 100644 --- a/api_docs/kbn_content_management_table_list_view_common.mdx +++ b/api_docs/kbn_content_management_table_list_view_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-common title: "@kbn/content-management-table-list-view-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-common'] --- import kbnContentManagementTableListViewCommonObj from './kbn_content_management_table_list_view_common.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_table.mdx b/api_docs/kbn_content_management_table_list_view_table.mdx index fe1006f46f9ef..7b9e40d6f66c1 100644 --- a/api_docs/kbn_content_management_table_list_view_table.mdx +++ b/api_docs/kbn_content_management_table_list_view_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-table title: "@kbn/content-management-table-list-view-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-table plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-table'] --- import kbnContentManagementTableListViewTableObj from './kbn_content_management_table_list_view_table.devdocs.json'; diff --git a/api_docs/kbn_content_management_user_profiles.mdx b/api_docs/kbn_content_management_user_profiles.mdx index d8cb6cfedba4f..042ad2452a1f6 100644 --- a/api_docs/kbn_content_management_user_profiles.mdx +++ b/api_docs/kbn_content_management_user_profiles.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-user-profiles title: "@kbn/content-management-user-profiles" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-user-profiles plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-user-profiles'] --- import kbnContentManagementUserProfilesObj from './kbn_content_management_user_profiles.devdocs.json'; diff --git a/api_docs/kbn_content_management_utils.devdocs.json b/api_docs/kbn_content_management_utils.devdocs.json index 2dee9c7bf646d..5b3b11e1e6daf 100644 --- a/api_docs/kbn_content_management_utils.devdocs.json +++ b/api_docs/kbn_content_management_utils.devdocs.json @@ -4065,7 +4065,7 @@ "section": "def-common.Type", "text": "Type" }, - "; statusCode: number; }> | undefined; namespaces?: string[] | undefined; createdAt?: string | undefined; updatedAt?: string | undefined; version?: string | undefined; originId?: string | undefined; } & { id: string; type: string; attributes: Readonly<{ [x: string]: any; } & {}>; references: Readonly<{ name?: string | undefined; } & { id: string; type: string; }>[]; }> | undefined>" + "; statusCode: number; }> | undefined; version?: string | undefined; namespaces?: string[] | undefined; createdAt?: string | undefined; updatedAt?: string | undefined; originId?: string | undefined; } & { id: string; type: string; attributes: Readonly<{ [x: string]: any; } & {}>; references: Readonly<{ name?: string | undefined; } & { id: string; type: string; }>[]; }> | undefined>" ], "path": "packages/kbn-content-management-utils/src/schema.ts", "deprecated": false, diff --git a/api_docs/kbn_content_management_utils.mdx b/api_docs/kbn_content_management_utils.mdx index cba538d516a80..edd77eb545cbb 100644 --- a/api_docs/kbn_content_management_utils.mdx +++ b/api_docs/kbn_content_management_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-utils title: "@kbn/content-management-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-utils'] --- import kbnContentManagementUtilsObj from './kbn_content_management_utils.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser.devdocs.json b/api_docs/kbn_core_analytics_browser.devdocs.json index 7f19ef23a3e2d..39750c189b184 100644 --- a/api_docs/kbn_core_analytics_browser.devdocs.json +++ b/api_docs/kbn_core_analytics_browser.devdocs.json @@ -731,6 +731,22 @@ "plugin": "elasticAssistant", "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts" }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, { "plugin": "globalSearchBar", "path": "x-pack/plugins/global_search_bar/public/telemetry/event_reporter.ts" @@ -907,10 +923,6 @@ "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts" }, - { - "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts" - }, { "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts" @@ -1183,6 +1195,38 @@ "plugin": "security", "path": "x-pack/plugins/security/server/analytics/analytics_service.test.ts" }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, { "plugin": "apm", "path": "x-pack/plugins/observability_solution/apm/public/services/telemetry/telemetry_service.test.ts" diff --git a/api_docs/kbn_core_analytics_browser.mdx b/api_docs/kbn_core_analytics_browser.mdx index 05e28d2345f84..14152336ebc4f 100644 --- a/api_docs/kbn_core_analytics_browser.mdx +++ b/api_docs/kbn_core_analytics_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser title: "@kbn/core-analytics-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser'] --- import kbnCoreAnalyticsBrowserObj from './kbn_core_analytics_browser.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_internal.mdx b/api_docs/kbn_core_analytics_browser_internal.mdx index 389ccf7454b07..ac4d5ad7787fc 100644 --- a/api_docs/kbn_core_analytics_browser_internal.mdx +++ b/api_docs/kbn_core_analytics_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-internal title: "@kbn/core-analytics-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-internal'] --- import kbnCoreAnalyticsBrowserInternalObj from './kbn_core_analytics_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_mocks.mdx b/api_docs/kbn_core_analytics_browser_mocks.mdx index 9a06ee06ff77c..d35cc2e535c73 100644 --- a/api_docs/kbn_core_analytics_browser_mocks.mdx +++ b/api_docs/kbn_core_analytics_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-mocks title: "@kbn/core-analytics-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-mocks'] --- import kbnCoreAnalyticsBrowserMocksObj from './kbn_core_analytics_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server.devdocs.json b/api_docs/kbn_core_analytics_server.devdocs.json index 5c4760eb2c883..d65f4d6171a88 100644 --- a/api_docs/kbn_core_analytics_server.devdocs.json +++ b/api_docs/kbn_core_analytics_server.devdocs.json @@ -731,6 +731,22 @@ "plugin": "elasticAssistant", "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts" }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, { "plugin": "globalSearchBar", "path": "x-pack/plugins/global_search_bar/public/telemetry/event_reporter.ts" @@ -907,10 +923,6 @@ "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts" }, - { - "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts" - }, { "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts" @@ -1183,6 +1195,38 @@ "plugin": "security", "path": "x-pack/plugins/security/server/analytics/analytics_service.test.ts" }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, { "plugin": "apm", "path": "x-pack/plugins/observability_solution/apm/public/services/telemetry/telemetry_service.test.ts" diff --git a/api_docs/kbn_core_analytics_server.mdx b/api_docs/kbn_core_analytics_server.mdx index 9b2c2dab87484..65b164ce8fd8d 100644 --- a/api_docs/kbn_core_analytics_server.mdx +++ b/api_docs/kbn_core_analytics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server title: "@kbn/core-analytics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server'] --- import kbnCoreAnalyticsServerObj from './kbn_core_analytics_server.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_internal.mdx b/api_docs/kbn_core_analytics_server_internal.mdx index d002b54654ce4..7cb300078cf77 100644 --- a/api_docs/kbn_core_analytics_server_internal.mdx +++ b/api_docs/kbn_core_analytics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-internal title: "@kbn/core-analytics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-internal'] --- import kbnCoreAnalyticsServerInternalObj from './kbn_core_analytics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_mocks.mdx b/api_docs/kbn_core_analytics_server_mocks.mdx index aaa480d715c00..13b0e1d75ad75 100644 --- a/api_docs/kbn_core_analytics_server_mocks.mdx +++ b/api_docs/kbn_core_analytics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-mocks title: "@kbn/core-analytics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-mocks'] --- import kbnCoreAnalyticsServerMocksObj from './kbn_core_analytics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser.mdx b/api_docs/kbn_core_application_browser.mdx index 19cdd73faaa5d..2e18d6346547e 100644 --- a/api_docs/kbn_core_application_browser.mdx +++ b/api_docs/kbn_core_application_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser title: "@kbn/core-application-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser'] --- import kbnCoreApplicationBrowserObj from './kbn_core_application_browser.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_internal.mdx b/api_docs/kbn_core_application_browser_internal.mdx index 787d902a8b078..9c8edfbdde6b3 100644 --- a/api_docs/kbn_core_application_browser_internal.mdx +++ b/api_docs/kbn_core_application_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-internal title: "@kbn/core-application-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-internal'] --- import kbnCoreApplicationBrowserInternalObj from './kbn_core_application_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_mocks.mdx b/api_docs/kbn_core_application_browser_mocks.mdx index 7660075dfd85c..063c2226fa09f 100644 --- a/api_docs/kbn_core_application_browser_mocks.mdx +++ b/api_docs/kbn_core_application_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-mocks title: "@kbn/core-application-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-mocks'] --- import kbnCoreApplicationBrowserMocksObj from './kbn_core_application_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_common.mdx b/api_docs/kbn_core_application_common.mdx index d1f42fcfc85e9..debf29dd67dc9 100644 --- a/api_docs/kbn_core_application_common.mdx +++ b/api_docs/kbn_core_application_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-common title: "@kbn/core-application-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-common'] --- import kbnCoreApplicationCommonObj from './kbn_core_application_common.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_internal.mdx b/api_docs/kbn_core_apps_browser_internal.mdx index 51883fd7f047d..9991163519d59 100644 --- a/api_docs/kbn_core_apps_browser_internal.mdx +++ b/api_docs/kbn_core_apps_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-internal title: "@kbn/core-apps-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-internal'] --- import kbnCoreAppsBrowserInternalObj from './kbn_core_apps_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_mocks.mdx b/api_docs/kbn_core_apps_browser_mocks.mdx index 8b245f852ea0e..163268cc21672 100644 --- a/api_docs/kbn_core_apps_browser_mocks.mdx +++ b/api_docs/kbn_core_apps_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-mocks title: "@kbn/core-apps-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-mocks'] --- import kbnCoreAppsBrowserMocksObj from './kbn_core_apps_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_apps_server_internal.mdx b/api_docs/kbn_core_apps_server_internal.mdx index 65116008e38cd..698337ca38e0a 100644 --- a/api_docs/kbn_core_apps_server_internal.mdx +++ b/api_docs/kbn_core_apps_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-server-internal title: "@kbn/core-apps-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-server-internal'] --- import kbnCoreAppsServerInternalObj from './kbn_core_apps_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_browser_mocks.mdx b/api_docs/kbn_core_base_browser_mocks.mdx index 4d063c19008c0..9f53c2d0c7e88 100644 --- a/api_docs/kbn_core_base_browser_mocks.mdx +++ b/api_docs/kbn_core_base_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-browser-mocks title: "@kbn/core-base-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-browser-mocks'] --- import kbnCoreBaseBrowserMocksObj from './kbn_core_base_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_base_common.mdx b/api_docs/kbn_core_base_common.mdx index c5f76a2f8b0f6..487c9f64b0540 100644 --- a/api_docs/kbn_core_base_common.mdx +++ b/api_docs/kbn_core_base_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-common title: "@kbn/core-base-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-common'] --- import kbnCoreBaseCommonObj from './kbn_core_base_common.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_internal.mdx b/api_docs/kbn_core_base_server_internal.mdx index 59b0c99bd5b44..0ce47657d6f39 100644 --- a/api_docs/kbn_core_base_server_internal.mdx +++ b/api_docs/kbn_core_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-internal title: "@kbn/core-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-internal'] --- import kbnCoreBaseServerInternalObj from './kbn_core_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_mocks.mdx b/api_docs/kbn_core_base_server_mocks.mdx index 947eda11b74bb..79a02419115e3 100644 --- a/api_docs/kbn_core_base_server_mocks.mdx +++ b/api_docs/kbn_core_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-mocks title: "@kbn/core-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-mocks'] --- import kbnCoreBaseServerMocksObj from './kbn_core_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_browser_mocks.mdx b/api_docs/kbn_core_capabilities_browser_mocks.mdx index c30da4562a288..7e98ac512388e 100644 --- a/api_docs/kbn_core_capabilities_browser_mocks.mdx +++ b/api_docs/kbn_core_capabilities_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-browser-mocks title: "@kbn/core-capabilities-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-browser-mocks'] --- import kbnCoreCapabilitiesBrowserMocksObj from './kbn_core_capabilities_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_common.mdx b/api_docs/kbn_core_capabilities_common.mdx index 6da157a8db923..d191a138ee8f3 100644 --- a/api_docs/kbn_core_capabilities_common.mdx +++ b/api_docs/kbn_core_capabilities_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-common title: "@kbn/core-capabilities-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-common'] --- import kbnCoreCapabilitiesCommonObj from './kbn_core_capabilities_common.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server.mdx b/api_docs/kbn_core_capabilities_server.mdx index 3e8dc699cf4cf..ea7bcc82ac693 100644 --- a/api_docs/kbn_core_capabilities_server.mdx +++ b/api_docs/kbn_core_capabilities_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server title: "@kbn/core-capabilities-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server'] --- import kbnCoreCapabilitiesServerObj from './kbn_core_capabilities_server.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server_mocks.mdx b/api_docs/kbn_core_capabilities_server_mocks.mdx index 9ceaf3f364992..c1022f4b48b73 100644 --- a/api_docs/kbn_core_capabilities_server_mocks.mdx +++ b/api_docs/kbn_core_capabilities_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server-mocks title: "@kbn/core-capabilities-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server-mocks'] --- import kbnCoreCapabilitiesServerMocksObj from './kbn_core_capabilities_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser.mdx b/api_docs/kbn_core_chrome_browser.mdx index 6e76951b31c6d..e2f6d6ba5d035 100644 --- a/api_docs/kbn_core_chrome_browser.mdx +++ b/api_docs/kbn_core_chrome_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser title: "@kbn/core-chrome-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser'] --- import kbnCoreChromeBrowserObj from './kbn_core_chrome_browser.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser_mocks.mdx b/api_docs/kbn_core_chrome_browser_mocks.mdx index 137cb6edbbd82..d57df86591e2f 100644 --- a/api_docs/kbn_core_chrome_browser_mocks.mdx +++ b/api_docs/kbn_core_chrome_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser-mocks title: "@kbn/core-chrome-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser-mocks'] --- import kbnCoreChromeBrowserMocksObj from './kbn_core_chrome_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_config_server_internal.mdx b/api_docs/kbn_core_config_server_internal.mdx index 87fa4d786f6c6..8bf81ea5ac3b2 100644 --- a/api_docs/kbn_core_config_server_internal.mdx +++ b/api_docs/kbn_core_config_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-config-server-internal title: "@kbn/core-config-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-config-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-config-server-internal'] --- import kbnCoreConfigServerInternalObj from './kbn_core_config_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser.mdx b/api_docs/kbn_core_custom_branding_browser.mdx index 7aaaba833eadc..d58a7d7635fcd 100644 --- a/api_docs/kbn_core_custom_branding_browser.mdx +++ b/api_docs/kbn_core_custom_branding_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser title: "@kbn/core-custom-branding-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser'] --- import kbnCoreCustomBrandingBrowserObj from './kbn_core_custom_branding_browser.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_internal.mdx b/api_docs/kbn_core_custom_branding_browser_internal.mdx index 6e963dfcf06ab..5739dc1278609 100644 --- a/api_docs/kbn_core_custom_branding_browser_internal.mdx +++ b/api_docs/kbn_core_custom_branding_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-internal title: "@kbn/core-custom-branding-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-internal'] --- import kbnCoreCustomBrandingBrowserInternalObj from './kbn_core_custom_branding_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_mocks.mdx b/api_docs/kbn_core_custom_branding_browser_mocks.mdx index bacbd48b5d75f..95fec25112f4a 100644 --- a/api_docs/kbn_core_custom_branding_browser_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-mocks title: "@kbn/core-custom-branding-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-mocks'] --- import kbnCoreCustomBrandingBrowserMocksObj from './kbn_core_custom_branding_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_common.mdx b/api_docs/kbn_core_custom_branding_common.mdx index 40fb84e7cef16..0a1bbf1c179c7 100644 --- a/api_docs/kbn_core_custom_branding_common.mdx +++ b/api_docs/kbn_core_custom_branding_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-common title: "@kbn/core-custom-branding-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-common'] --- import kbnCoreCustomBrandingCommonObj from './kbn_core_custom_branding_common.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server.mdx b/api_docs/kbn_core_custom_branding_server.mdx index 4edef97904583..f8e79f791d9d2 100644 --- a/api_docs/kbn_core_custom_branding_server.mdx +++ b/api_docs/kbn_core_custom_branding_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server title: "@kbn/core-custom-branding-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server'] --- import kbnCoreCustomBrandingServerObj from './kbn_core_custom_branding_server.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_internal.mdx b/api_docs/kbn_core_custom_branding_server_internal.mdx index 470c1450b724e..3a7661a66ecb4 100644 --- a/api_docs/kbn_core_custom_branding_server_internal.mdx +++ b/api_docs/kbn_core_custom_branding_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-internal title: "@kbn/core-custom-branding-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-internal'] --- import kbnCoreCustomBrandingServerInternalObj from './kbn_core_custom_branding_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_mocks.mdx b/api_docs/kbn_core_custom_branding_server_mocks.mdx index 61d6d51684165..3d1ee88553ea7 100644 --- a/api_docs/kbn_core_custom_branding_server_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-mocks title: "@kbn/core-custom-branding-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-mocks'] --- import kbnCoreCustomBrandingServerMocksObj from './kbn_core_custom_branding_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser.mdx b/api_docs/kbn_core_deprecations_browser.mdx index 85784252674be..394d972c73c7c 100644 --- a/api_docs/kbn_core_deprecations_browser.mdx +++ b/api_docs/kbn_core_deprecations_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser title: "@kbn/core-deprecations-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser'] --- import kbnCoreDeprecationsBrowserObj from './kbn_core_deprecations_browser.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_internal.mdx b/api_docs/kbn_core_deprecations_browser_internal.mdx index 9ab076a14bf30..8a4eed579de65 100644 --- a/api_docs/kbn_core_deprecations_browser_internal.mdx +++ b/api_docs/kbn_core_deprecations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-internal title: "@kbn/core-deprecations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-internal'] --- import kbnCoreDeprecationsBrowserInternalObj from './kbn_core_deprecations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_mocks.mdx b/api_docs/kbn_core_deprecations_browser_mocks.mdx index 1f94cd794e65f..f2560a3b5b588 100644 --- a/api_docs/kbn_core_deprecations_browser_mocks.mdx +++ b/api_docs/kbn_core_deprecations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-mocks title: "@kbn/core-deprecations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-mocks'] --- import kbnCoreDeprecationsBrowserMocksObj from './kbn_core_deprecations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_common.mdx b/api_docs/kbn_core_deprecations_common.mdx index b2fadd87a770f..89ada91bcb82b 100644 --- a/api_docs/kbn_core_deprecations_common.mdx +++ b/api_docs/kbn_core_deprecations_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-common title: "@kbn/core-deprecations-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-common'] --- import kbnCoreDeprecationsCommonObj from './kbn_core_deprecations_common.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server.mdx b/api_docs/kbn_core_deprecations_server.mdx index 4df0165fb5a7f..611be3cf47c5a 100644 --- a/api_docs/kbn_core_deprecations_server.mdx +++ b/api_docs/kbn_core_deprecations_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server title: "@kbn/core-deprecations-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server'] --- import kbnCoreDeprecationsServerObj from './kbn_core_deprecations_server.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_internal.mdx b/api_docs/kbn_core_deprecations_server_internal.mdx index aedbd3b86bc52..e7ed1c05f8b69 100644 --- a/api_docs/kbn_core_deprecations_server_internal.mdx +++ b/api_docs/kbn_core_deprecations_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-internal title: "@kbn/core-deprecations-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-internal'] --- import kbnCoreDeprecationsServerInternalObj from './kbn_core_deprecations_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_mocks.mdx b/api_docs/kbn_core_deprecations_server_mocks.mdx index 4bb11e3835022..1de96422f6385 100644 --- a/api_docs/kbn_core_deprecations_server_mocks.mdx +++ b/api_docs/kbn_core_deprecations_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-mocks title: "@kbn/core-deprecations-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-mocks'] --- import kbnCoreDeprecationsServerMocksObj from './kbn_core_deprecations_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser.mdx b/api_docs/kbn_core_doc_links_browser.mdx index b29dd1bac507b..d76893d72bf5b 100644 --- a/api_docs/kbn_core_doc_links_browser.mdx +++ b/api_docs/kbn_core_doc_links_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser title: "@kbn/core-doc-links-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser'] --- import kbnCoreDocLinksBrowserObj from './kbn_core_doc_links_browser.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser_mocks.mdx b/api_docs/kbn_core_doc_links_browser_mocks.mdx index 68763d0a7516b..1e89a89c198ca 100644 --- a/api_docs/kbn_core_doc_links_browser_mocks.mdx +++ b/api_docs/kbn_core_doc_links_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser-mocks title: "@kbn/core-doc-links-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser-mocks'] --- import kbnCoreDocLinksBrowserMocksObj from './kbn_core_doc_links_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server.mdx b/api_docs/kbn_core_doc_links_server.mdx index c3c7e6c6eb7d1..7f5f8b46cb31d 100644 --- a/api_docs/kbn_core_doc_links_server.mdx +++ b/api_docs/kbn_core_doc_links_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server title: "@kbn/core-doc-links-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server'] --- import kbnCoreDocLinksServerObj from './kbn_core_doc_links_server.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server_mocks.mdx b/api_docs/kbn_core_doc_links_server_mocks.mdx index 9103c5fa2af4f..5d5560e6e095b 100644 --- a/api_docs/kbn_core_doc_links_server_mocks.mdx +++ b/api_docs/kbn_core_doc_links_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server-mocks title: "@kbn/core-doc-links-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server-mocks'] --- import kbnCoreDocLinksServerMocksObj from './kbn_core_doc_links_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx index 59953830f9f12..9ab168013daf8 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-internal title: "@kbn/core-elasticsearch-client-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-internal'] --- import kbnCoreElasticsearchClientServerInternalObj from './kbn_core_elasticsearch_client_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx index 876e003635a3c..130bc641ff2ec 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-mocks title: "@kbn/core-elasticsearch-client-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-mocks'] --- import kbnCoreElasticsearchClientServerMocksObj from './kbn_core_elasticsearch_client_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server.mdx b/api_docs/kbn_core_elasticsearch_server.mdx index 40fa70441b5b2..635f3da698ba3 100644 --- a/api_docs/kbn_core_elasticsearch_server.mdx +++ b/api_docs/kbn_core_elasticsearch_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server title: "@kbn/core-elasticsearch-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server'] --- import kbnCoreElasticsearchServerObj from './kbn_core_elasticsearch_server.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_internal.mdx b/api_docs/kbn_core_elasticsearch_server_internal.mdx index 1f141a04ec147..adea55e5b48d8 100644 --- a/api_docs/kbn_core_elasticsearch_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-internal title: "@kbn/core-elasticsearch-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-internal'] --- import kbnCoreElasticsearchServerInternalObj from './kbn_core_elasticsearch_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_server_mocks.mdx index ad1809680fb8d..94d118ee2add2 100644 --- a/api_docs/kbn_core_elasticsearch_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-mocks title: "@kbn/core-elasticsearch-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-mocks'] --- import kbnCoreElasticsearchServerMocksObj from './kbn_core_elasticsearch_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_internal.mdx b/api_docs/kbn_core_environment_server_internal.mdx index d9a56515eab19..e49d8dc8528cf 100644 --- a/api_docs/kbn_core_environment_server_internal.mdx +++ b/api_docs/kbn_core_environment_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-internal title: "@kbn/core-environment-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-internal'] --- import kbnCoreEnvironmentServerInternalObj from './kbn_core_environment_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_mocks.mdx b/api_docs/kbn_core_environment_server_mocks.mdx index 7ba4bc429c383..681b74ed34e5d 100644 --- a/api_docs/kbn_core_environment_server_mocks.mdx +++ b/api_docs/kbn_core_environment_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-mocks title: "@kbn/core-environment-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-mocks'] --- import kbnCoreEnvironmentServerMocksObj from './kbn_core_environment_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser.mdx b/api_docs/kbn_core_execution_context_browser.mdx index e9c694e4d74df..89e17e5b355e2 100644 --- a/api_docs/kbn_core_execution_context_browser.mdx +++ b/api_docs/kbn_core_execution_context_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser title: "@kbn/core-execution-context-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser'] --- import kbnCoreExecutionContextBrowserObj from './kbn_core_execution_context_browser.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_internal.mdx b/api_docs/kbn_core_execution_context_browser_internal.mdx index 48e4c60ca7638..5f2d7600e0b73 100644 --- a/api_docs/kbn_core_execution_context_browser_internal.mdx +++ b/api_docs/kbn_core_execution_context_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-internal title: "@kbn/core-execution-context-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-internal'] --- import kbnCoreExecutionContextBrowserInternalObj from './kbn_core_execution_context_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_mocks.mdx b/api_docs/kbn_core_execution_context_browser_mocks.mdx index 0a3b051d2a9a7..7a40116ebf2d5 100644 --- a/api_docs/kbn_core_execution_context_browser_mocks.mdx +++ b/api_docs/kbn_core_execution_context_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-mocks title: "@kbn/core-execution-context-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-mocks'] --- import kbnCoreExecutionContextBrowserMocksObj from './kbn_core_execution_context_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_common.mdx b/api_docs/kbn_core_execution_context_common.mdx index eeb77a0a7122f..68d046b6e9c32 100644 --- a/api_docs/kbn_core_execution_context_common.mdx +++ b/api_docs/kbn_core_execution_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-common title: "@kbn/core-execution-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-common'] --- import kbnCoreExecutionContextCommonObj from './kbn_core_execution_context_common.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server.mdx b/api_docs/kbn_core_execution_context_server.mdx index 0065bae629739..a74b1dbeb7c69 100644 --- a/api_docs/kbn_core_execution_context_server.mdx +++ b/api_docs/kbn_core_execution_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server title: "@kbn/core-execution-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server'] --- import kbnCoreExecutionContextServerObj from './kbn_core_execution_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_internal.mdx b/api_docs/kbn_core_execution_context_server_internal.mdx index 684b27dc5fd33..ceae2108eaa97 100644 --- a/api_docs/kbn_core_execution_context_server_internal.mdx +++ b/api_docs/kbn_core_execution_context_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-internal title: "@kbn/core-execution-context-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-internal'] --- import kbnCoreExecutionContextServerInternalObj from './kbn_core_execution_context_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_mocks.mdx b/api_docs/kbn_core_execution_context_server_mocks.mdx index e8303aaf231e2..b3fc1256f1128 100644 --- a/api_docs/kbn_core_execution_context_server_mocks.mdx +++ b/api_docs/kbn_core_execution_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-mocks title: "@kbn/core-execution-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-mocks'] --- import kbnCoreExecutionContextServerMocksObj from './kbn_core_execution_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser.mdx b/api_docs/kbn_core_fatal_errors_browser.mdx index c5f50c0c67d58..e8d424d4b30a0 100644 --- a/api_docs/kbn_core_fatal_errors_browser.mdx +++ b/api_docs/kbn_core_fatal_errors_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser title: "@kbn/core-fatal-errors-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser'] --- import kbnCoreFatalErrorsBrowserObj from './kbn_core_fatal_errors_browser.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx index e5b83abee19f0..a8281760e16e0 100644 --- a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx +++ b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser-mocks title: "@kbn/core-fatal-errors-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser-mocks'] --- import kbnCoreFatalErrorsBrowserMocksObj from './kbn_core_fatal_errors_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser.mdx b/api_docs/kbn_core_http_browser.mdx index 833657e589b55..9e28f28f76880 100644 --- a/api_docs/kbn_core_http_browser.mdx +++ b/api_docs/kbn_core_http_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser title: "@kbn/core-http-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser'] --- import kbnCoreHttpBrowserObj from './kbn_core_http_browser.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_internal.mdx b/api_docs/kbn_core_http_browser_internal.mdx index f9ac2359dbabd..3ddb18d2126c9 100644 --- a/api_docs/kbn_core_http_browser_internal.mdx +++ b/api_docs/kbn_core_http_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-internal title: "@kbn/core-http-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-internal'] --- import kbnCoreHttpBrowserInternalObj from './kbn_core_http_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_mocks.mdx b/api_docs/kbn_core_http_browser_mocks.mdx index 1585ae433afac..21a8d3fb26e01 100644 --- a/api_docs/kbn_core_http_browser_mocks.mdx +++ b/api_docs/kbn_core_http_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-mocks title: "@kbn/core-http-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-mocks'] --- import kbnCoreHttpBrowserMocksObj from './kbn_core_http_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_common.mdx b/api_docs/kbn_core_http_common.mdx index 01226575e324d..2e10906af952b 100644 --- a/api_docs/kbn_core_http_common.mdx +++ b/api_docs/kbn_core_http_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-common title: "@kbn/core-http-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-common'] --- import kbnCoreHttpCommonObj from './kbn_core_http_common.devdocs.json'; diff --git a/api_docs/kbn_core_http_context_server_mocks.mdx b/api_docs/kbn_core_http_context_server_mocks.mdx index 95ec341de9d01..a787918c0336d 100644 --- a/api_docs/kbn_core_http_context_server_mocks.mdx +++ b/api_docs/kbn_core_http_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-context-server-mocks title: "@kbn/core-http-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-context-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-context-server-mocks'] --- import kbnCoreHttpContextServerMocksObj from './kbn_core_http_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_request_handler_context_server.mdx b/api_docs/kbn_core_http_request_handler_context_server.mdx index 52fb6b9110b96..cb8b4c02ef30e 100644 --- a/api_docs/kbn_core_http_request_handler_context_server.mdx +++ b/api_docs/kbn_core_http_request_handler_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-request-handler-context-server title: "@kbn/core-http-request-handler-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-request-handler-context-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-request-handler-context-server'] --- import kbnCoreHttpRequestHandlerContextServerObj from './kbn_core_http_request_handler_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server.mdx b/api_docs/kbn_core_http_resources_server.mdx index d2eda40628f90..37a22ecfbd395 100644 --- a/api_docs/kbn_core_http_resources_server.mdx +++ b/api_docs/kbn_core_http_resources_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server title: "@kbn/core-http-resources-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server'] --- import kbnCoreHttpResourcesServerObj from './kbn_core_http_resources_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_internal.mdx b/api_docs/kbn_core_http_resources_server_internal.mdx index 125257cd6e701..3888225adea66 100644 --- a/api_docs/kbn_core_http_resources_server_internal.mdx +++ b/api_docs/kbn_core_http_resources_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-internal title: "@kbn/core-http-resources-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-internal'] --- import kbnCoreHttpResourcesServerInternalObj from './kbn_core_http_resources_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_mocks.mdx b/api_docs/kbn_core_http_resources_server_mocks.mdx index 80e5cb3a3f826..440a9a93a2513 100644 --- a/api_docs/kbn_core_http_resources_server_mocks.mdx +++ b/api_docs/kbn_core_http_resources_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-mocks title: "@kbn/core-http-resources-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-mocks'] --- import kbnCoreHttpResourcesServerMocksObj from './kbn_core_http_resources_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_internal.mdx b/api_docs/kbn_core_http_router_server_internal.mdx index c3d8b405a11e2..b912cf433706b 100644 --- a/api_docs/kbn_core_http_router_server_internal.mdx +++ b/api_docs/kbn_core_http_router_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-internal title: "@kbn/core-http-router-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-internal'] --- import kbnCoreHttpRouterServerInternalObj from './kbn_core_http_router_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_mocks.mdx b/api_docs/kbn_core_http_router_server_mocks.mdx index 09e0757107184..56a536b9d37e2 100644 --- a/api_docs/kbn_core_http_router_server_mocks.mdx +++ b/api_docs/kbn_core_http_router_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-mocks title: "@kbn/core-http-router-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-mocks'] --- import kbnCoreHttpRouterServerMocksObj from './kbn_core_http_router_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_server.devdocs.json b/api_docs/kbn_core_http_server.devdocs.json index 38e820536eba9..df694b330d87a 100644 --- a/api_docs/kbn_core_http_server.devdocs.json +++ b/api_docs/kbn_core_http_server.devdocs.json @@ -4731,40 +4731,16 @@ "path": "x-pack/plugins/grokdebugger/server/lib/kibana_framework.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/ping.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/ping.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/entities/get.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/index.ts" - }, - { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/hosts.ts" - }, - { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/services.ts" - }, - { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/containers.ts" - }, - { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/assets/pods.ts" - }, - { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/entities/get.ts" - }, - { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/check.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/check.ts" }, { "plugin": "profiling", @@ -7249,16 +7225,12 @@ "path": "x-pack/plugins/grokdebugger/server/lib/kibana_framework.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/entities/create.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/entities/create.ts" - }, - { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/entities/reset.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/entities/reset.ts" }, { "plugin": "profiling", @@ -8759,8 +8731,8 @@ "path": "x-pack/plugins/grokdebugger/server/lib/kibana_framework.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/enable.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts" }, { "plugin": "synthetics", @@ -9683,16 +9655,12 @@ "path": "x-pack/plugins/grokdebugger/server/lib/kibana_framework.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts" - }, - { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/entities/delete.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/entities/delete.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/disable.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts" }, { "plugin": "synthetics", @@ -14514,6 +14482,10 @@ "plugin": "ml", "path": "x-pack/plugins/ml/server/routes/management.ts" }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.ts" + }, { "plugin": "elasticAssistant", "path": "x-pack/plugins/elastic_assistant/server/routes/user_conversations/read_route.ts" @@ -15281,6 +15253,10 @@ "plugin": "ml", "path": "x-pack/plugins/ml/server/routes/inference_models.ts" }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.ts" + }, { "plugin": "elasticAssistant", "path": "x-pack/plugins/elastic_assistant/server/routes/user_conversations/update_route.ts" @@ -16258,7 +16234,7 @@ }, { "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.ts" + "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts" }, { "plugin": "securitySolution", diff --git a/api_docs/kbn_core_http_server.mdx b/api_docs/kbn_core_http_server.mdx index 61fff777b7aef..31da9a28a0f76 100644 --- a/api_docs/kbn_core_http_server.mdx +++ b/api_docs/kbn_core_http_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server title: "@kbn/core-http-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server'] --- import kbnCoreHttpServerObj from './kbn_core_http_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_internal.mdx b/api_docs/kbn_core_http_server_internal.mdx index c59ae7f973041..247beaf6a24b3 100644 --- a/api_docs/kbn_core_http_server_internal.mdx +++ b/api_docs/kbn_core_http_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-internal title: "@kbn/core-http-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-internal'] --- import kbnCoreHttpServerInternalObj from './kbn_core_http_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_mocks.mdx b/api_docs/kbn_core_http_server_mocks.mdx index 419d32cd9c6e2..78c4ac91a5ff5 100644 --- a/api_docs/kbn_core_http_server_mocks.mdx +++ b/api_docs/kbn_core_http_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-mocks title: "@kbn/core-http-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-mocks'] --- import kbnCoreHttpServerMocksObj from './kbn_core_http_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser.mdx b/api_docs/kbn_core_i18n_browser.mdx index 70b0c9916ef52..c98e8d259572e 100644 --- a/api_docs/kbn_core_i18n_browser.mdx +++ b/api_docs/kbn_core_i18n_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser title: "@kbn/core-i18n-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser'] --- import kbnCoreI18nBrowserObj from './kbn_core_i18n_browser.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser_mocks.mdx b/api_docs/kbn_core_i18n_browser_mocks.mdx index dbd22716c1f32..4997e9b9b4189 100644 --- a/api_docs/kbn_core_i18n_browser_mocks.mdx +++ b/api_docs/kbn_core_i18n_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser-mocks title: "@kbn/core-i18n-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser-mocks'] --- import kbnCoreI18nBrowserMocksObj from './kbn_core_i18n_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server.mdx b/api_docs/kbn_core_i18n_server.mdx index b989ad97d916c..5d96a73bba948 100644 --- a/api_docs/kbn_core_i18n_server.mdx +++ b/api_docs/kbn_core_i18n_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server title: "@kbn/core-i18n-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server'] --- import kbnCoreI18nServerObj from './kbn_core_i18n_server.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_internal.mdx b/api_docs/kbn_core_i18n_server_internal.mdx index 7d1b9367e87f7..2a3dede45edef 100644 --- a/api_docs/kbn_core_i18n_server_internal.mdx +++ b/api_docs/kbn_core_i18n_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-internal title: "@kbn/core-i18n-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-internal'] --- import kbnCoreI18nServerInternalObj from './kbn_core_i18n_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_mocks.mdx b/api_docs/kbn_core_i18n_server_mocks.mdx index 66647273b293f..066b450114a81 100644 --- a/api_docs/kbn_core_i18n_server_mocks.mdx +++ b/api_docs/kbn_core_i18n_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-mocks title: "@kbn/core-i18n-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-mocks'] --- import kbnCoreI18nServerMocksObj from './kbn_core_i18n_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx index cb077ed17abb2..f8103bb2a00a1 100644 --- a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx +++ b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-injected-metadata-browser-mocks title: "@kbn/core-injected-metadata-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-injected-metadata-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-injected-metadata-browser-mocks'] --- import kbnCoreInjectedMetadataBrowserMocksObj from './kbn_core_injected_metadata_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_internal.mdx b/api_docs/kbn_core_integrations_browser_internal.mdx index 7a3a15ab76327..57bc944f27ce5 100644 --- a/api_docs/kbn_core_integrations_browser_internal.mdx +++ b/api_docs/kbn_core_integrations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-internal title: "@kbn/core-integrations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-internal'] --- import kbnCoreIntegrationsBrowserInternalObj from './kbn_core_integrations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_mocks.mdx b/api_docs/kbn_core_integrations_browser_mocks.mdx index 8d4811ec78316..fe89b702a38b2 100644 --- a/api_docs/kbn_core_integrations_browser_mocks.mdx +++ b/api_docs/kbn_core_integrations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-mocks title: "@kbn/core-integrations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-mocks'] --- import kbnCoreIntegrationsBrowserMocksObj from './kbn_core_integrations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser.mdx b/api_docs/kbn_core_lifecycle_browser.mdx index a3172b6d142cf..ee26e32bb0a2e 100644 --- a/api_docs/kbn_core_lifecycle_browser.mdx +++ b/api_docs/kbn_core_lifecycle_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser title: "@kbn/core-lifecycle-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser'] --- import kbnCoreLifecycleBrowserObj from './kbn_core_lifecycle_browser.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser_mocks.mdx b/api_docs/kbn_core_lifecycle_browser_mocks.mdx index 56cd8574393d4..dda6401cbe8d6 100644 --- a/api_docs/kbn_core_lifecycle_browser_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser-mocks title: "@kbn/core-lifecycle-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser-mocks'] --- import kbnCoreLifecycleBrowserMocksObj from './kbn_core_lifecycle_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server.mdx b/api_docs/kbn_core_lifecycle_server.mdx index 76e130b455b5b..9c788a541fe0e 100644 --- a/api_docs/kbn_core_lifecycle_server.mdx +++ b/api_docs/kbn_core_lifecycle_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server title: "@kbn/core-lifecycle-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server'] --- import kbnCoreLifecycleServerObj from './kbn_core_lifecycle_server.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server_mocks.mdx b/api_docs/kbn_core_lifecycle_server_mocks.mdx index 800e20158ced3..81e0d4dc61558 100644 --- a/api_docs/kbn_core_lifecycle_server_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server-mocks title: "@kbn/core-lifecycle-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server-mocks'] --- import kbnCoreLifecycleServerMocksObj from './kbn_core_lifecycle_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_browser_mocks.mdx b/api_docs/kbn_core_logging_browser_mocks.mdx index e3b614f917eda..673b2df0477cc 100644 --- a/api_docs/kbn_core_logging_browser_mocks.mdx +++ b/api_docs/kbn_core_logging_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-browser-mocks title: "@kbn/core-logging-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-browser-mocks'] --- import kbnCoreLoggingBrowserMocksObj from './kbn_core_logging_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_common_internal.mdx b/api_docs/kbn_core_logging_common_internal.mdx index 96d43e34ad8ac..ac84ee5ece5b8 100644 --- a/api_docs/kbn_core_logging_common_internal.mdx +++ b/api_docs/kbn_core_logging_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-common-internal title: "@kbn/core-logging-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-common-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-common-internal'] --- import kbnCoreLoggingCommonInternalObj from './kbn_core_logging_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server.mdx b/api_docs/kbn_core_logging_server.mdx index 228b94d927bc0..e0b6c8f36e321 100644 --- a/api_docs/kbn_core_logging_server.mdx +++ b/api_docs/kbn_core_logging_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server title: "@kbn/core-logging-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server'] --- import kbnCoreLoggingServerObj from './kbn_core_logging_server.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_internal.mdx b/api_docs/kbn_core_logging_server_internal.mdx index 884eff0c0ed88..01700240f2b4b 100644 --- a/api_docs/kbn_core_logging_server_internal.mdx +++ b/api_docs/kbn_core_logging_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-internal title: "@kbn/core-logging-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-internal'] --- import kbnCoreLoggingServerInternalObj from './kbn_core_logging_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_mocks.mdx b/api_docs/kbn_core_logging_server_mocks.mdx index 734642155ad14..2313fac9ead42 100644 --- a/api_docs/kbn_core_logging_server_mocks.mdx +++ b/api_docs/kbn_core_logging_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-mocks title: "@kbn/core-logging-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-mocks'] --- import kbnCoreLoggingServerMocksObj from './kbn_core_logging_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_internal.mdx b/api_docs/kbn_core_metrics_collectors_server_internal.mdx index b15255746c00c..541a23184b942 100644 --- a/api_docs/kbn_core_metrics_collectors_server_internal.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-internal title: "@kbn/core-metrics-collectors-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-internal'] --- import kbnCoreMetricsCollectorsServerInternalObj from './kbn_core_metrics_collectors_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx index e560942c8698b..ea561e0766b24 100644 --- a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-mocks title: "@kbn/core-metrics-collectors-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-mocks'] --- import kbnCoreMetricsCollectorsServerMocksObj from './kbn_core_metrics_collectors_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server.mdx b/api_docs/kbn_core_metrics_server.mdx index 01250dc74e4a2..0da6317b881bb 100644 --- a/api_docs/kbn_core_metrics_server.mdx +++ b/api_docs/kbn_core_metrics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server title: "@kbn/core-metrics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server'] --- import kbnCoreMetricsServerObj from './kbn_core_metrics_server.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_internal.mdx b/api_docs/kbn_core_metrics_server_internal.mdx index 91b66933c175d..e9f08dc3fa6df 100644 --- a/api_docs/kbn_core_metrics_server_internal.mdx +++ b/api_docs/kbn_core_metrics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-internal title: "@kbn/core-metrics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-internal'] --- import kbnCoreMetricsServerInternalObj from './kbn_core_metrics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_mocks.mdx b/api_docs/kbn_core_metrics_server_mocks.mdx index 19da4121b25dd..2eefd91215c45 100644 --- a/api_docs/kbn_core_metrics_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-mocks title: "@kbn/core-metrics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-mocks'] --- import kbnCoreMetricsServerMocksObj from './kbn_core_metrics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_mount_utils_browser.mdx b/api_docs/kbn_core_mount_utils_browser.mdx index 8d4cab0e70cb1..feaedeb8aed02 100644 --- a/api_docs/kbn_core_mount_utils_browser.mdx +++ b/api_docs/kbn_core_mount_utils_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-mount-utils-browser title: "@kbn/core-mount-utils-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-mount-utils-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-mount-utils-browser'] --- import kbnCoreMountUtilsBrowserObj from './kbn_core_mount_utils_browser.devdocs.json'; diff --git a/api_docs/kbn_core_node_server.mdx b/api_docs/kbn_core_node_server.mdx index 7ba42159a13d1..e656b0edef73b 100644 --- a/api_docs/kbn_core_node_server.mdx +++ b/api_docs/kbn_core_node_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server title: "@kbn/core-node-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server'] --- import kbnCoreNodeServerObj from './kbn_core_node_server.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_internal.mdx b/api_docs/kbn_core_node_server_internal.mdx index a16a17c78b890..18a51885f4395 100644 --- a/api_docs/kbn_core_node_server_internal.mdx +++ b/api_docs/kbn_core_node_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-internal title: "@kbn/core-node-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-internal'] --- import kbnCoreNodeServerInternalObj from './kbn_core_node_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_mocks.mdx b/api_docs/kbn_core_node_server_mocks.mdx index 14fd91d1be03e..31f3591d61dd0 100644 --- a/api_docs/kbn_core_node_server_mocks.mdx +++ b/api_docs/kbn_core_node_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-mocks title: "@kbn/core-node-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-mocks'] --- import kbnCoreNodeServerMocksObj from './kbn_core_node_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser.mdx b/api_docs/kbn_core_notifications_browser.mdx index dff4f94cd6628..20c3ae5bea6c0 100644 --- a/api_docs/kbn_core_notifications_browser.mdx +++ b/api_docs/kbn_core_notifications_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser title: "@kbn/core-notifications-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser'] --- import kbnCoreNotificationsBrowserObj from './kbn_core_notifications_browser.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_internal.mdx b/api_docs/kbn_core_notifications_browser_internal.mdx index f99e24147b6b7..55f807652a11f 100644 --- a/api_docs/kbn_core_notifications_browser_internal.mdx +++ b/api_docs/kbn_core_notifications_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-internal title: "@kbn/core-notifications-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-internal'] --- import kbnCoreNotificationsBrowserInternalObj from './kbn_core_notifications_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_mocks.mdx b/api_docs/kbn_core_notifications_browser_mocks.mdx index 126148aacb819..ce3bf91217411 100644 --- a/api_docs/kbn_core_notifications_browser_mocks.mdx +++ b/api_docs/kbn_core_notifications_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-mocks title: "@kbn/core-notifications-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-mocks'] --- import kbnCoreNotificationsBrowserMocksObj from './kbn_core_notifications_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser.mdx b/api_docs/kbn_core_overlays_browser.mdx index d1995ef5ddfd1..2fce259d03de8 100644 --- a/api_docs/kbn_core_overlays_browser.mdx +++ b/api_docs/kbn_core_overlays_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser title: "@kbn/core-overlays-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser'] --- import kbnCoreOverlaysBrowserObj from './kbn_core_overlays_browser.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_internal.mdx b/api_docs/kbn_core_overlays_browser_internal.mdx index f8009782ca4da..e545df2674dfa 100644 --- a/api_docs/kbn_core_overlays_browser_internal.mdx +++ b/api_docs/kbn_core_overlays_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-internal title: "@kbn/core-overlays-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-internal'] --- import kbnCoreOverlaysBrowserInternalObj from './kbn_core_overlays_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_mocks.mdx b/api_docs/kbn_core_overlays_browser_mocks.mdx index 29d4258e255cd..fe68d9c987369 100644 --- a/api_docs/kbn_core_overlays_browser_mocks.mdx +++ b/api_docs/kbn_core_overlays_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-mocks title: "@kbn/core-overlays-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-mocks'] --- import kbnCoreOverlaysBrowserMocksObj from './kbn_core_overlays_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser.mdx b/api_docs/kbn_core_plugins_browser.mdx index 1a061d4ad7442..c875c333b7281 100644 --- a/api_docs/kbn_core_plugins_browser.mdx +++ b/api_docs/kbn_core_plugins_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser title: "@kbn/core-plugins-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser'] --- import kbnCorePluginsBrowserObj from './kbn_core_plugins_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser_mocks.mdx b/api_docs/kbn_core_plugins_browser_mocks.mdx index 53a3a79e16c8d..3a7f0d68026b5 100644 --- a/api_docs/kbn_core_plugins_browser_mocks.mdx +++ b/api_docs/kbn_core_plugins_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser-mocks title: "@kbn/core-plugins-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser-mocks'] --- import kbnCorePluginsBrowserMocksObj from './kbn_core_plugins_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_browser.mdx b/api_docs/kbn_core_plugins_contracts_browser.mdx index a5c98d00dd6d7..df7b2c58a69f5 100644 --- a/api_docs/kbn_core_plugins_contracts_browser.mdx +++ b/api_docs/kbn_core_plugins_contracts_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-browser title: "@kbn/core-plugins-contracts-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-browser'] --- import kbnCorePluginsContractsBrowserObj from './kbn_core_plugins_contracts_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_server.mdx b/api_docs/kbn_core_plugins_contracts_server.mdx index 4baccc02f8de8..5ab96279cc13b 100644 --- a/api_docs/kbn_core_plugins_contracts_server.mdx +++ b/api_docs/kbn_core_plugins_contracts_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-server title: "@kbn/core-plugins-contracts-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-server'] --- import kbnCorePluginsContractsServerObj from './kbn_core_plugins_contracts_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server.mdx b/api_docs/kbn_core_plugins_server.mdx index be8d6043fe389..3f57671fea71b 100644 --- a/api_docs/kbn_core_plugins_server.mdx +++ b/api_docs/kbn_core_plugins_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server title: "@kbn/core-plugins-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server'] --- import kbnCorePluginsServerObj from './kbn_core_plugins_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server_mocks.mdx b/api_docs/kbn_core_plugins_server_mocks.mdx index 6337f3280c7a8..34db246dc64a4 100644 --- a/api_docs/kbn_core_plugins_server_mocks.mdx +++ b/api_docs/kbn_core_plugins_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server-mocks title: "@kbn/core-plugins-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server-mocks'] --- import kbnCorePluginsServerMocksObj from './kbn_core_plugins_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server.mdx b/api_docs/kbn_core_preboot_server.mdx index ec2875fadf9e6..29ed0899a23bf 100644 --- a/api_docs/kbn_core_preboot_server.mdx +++ b/api_docs/kbn_core_preboot_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server title: "@kbn/core-preboot-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server'] --- import kbnCorePrebootServerObj from './kbn_core_preboot_server.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server_mocks.mdx b/api_docs/kbn_core_preboot_server_mocks.mdx index 567adc7fbae36..2dce5199bb71d 100644 --- a/api_docs/kbn_core_preboot_server_mocks.mdx +++ b/api_docs/kbn_core_preboot_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server-mocks title: "@kbn/core-preboot-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server-mocks'] --- import kbnCorePrebootServerMocksObj from './kbn_core_preboot_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_browser_mocks.mdx b/api_docs/kbn_core_rendering_browser_mocks.mdx index 6b5d05cb1e8a5..7b6c7e56e6408 100644 --- a/api_docs/kbn_core_rendering_browser_mocks.mdx +++ b/api_docs/kbn_core_rendering_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-browser-mocks title: "@kbn/core-rendering-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-browser-mocks'] --- import kbnCoreRenderingBrowserMocksObj from './kbn_core_rendering_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_internal.mdx b/api_docs/kbn_core_rendering_server_internal.mdx index 8626540806456..5f2631c4a3e8e 100644 --- a/api_docs/kbn_core_rendering_server_internal.mdx +++ b/api_docs/kbn_core_rendering_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-internal title: "@kbn/core-rendering-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-internal'] --- import kbnCoreRenderingServerInternalObj from './kbn_core_rendering_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_mocks.mdx b/api_docs/kbn_core_rendering_server_mocks.mdx index a0667b8333333..f98c627e0b607 100644 --- a/api_docs/kbn_core_rendering_server_mocks.mdx +++ b/api_docs/kbn_core_rendering_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-mocks title: "@kbn/core-rendering-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-mocks'] --- import kbnCoreRenderingServerMocksObj from './kbn_core_rendering_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_root_server_internal.mdx b/api_docs/kbn_core_root_server_internal.mdx index 4decddf95a7c0..91f6cd9de93e4 100644 --- a/api_docs/kbn_core_root_server_internal.mdx +++ b/api_docs/kbn_core_root_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-root-server-internal title: "@kbn/core-root-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-root-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-root-server-internal'] --- import kbnCoreRootServerInternalObj from './kbn_core_root_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_browser.mdx b/api_docs/kbn_core_saved_objects_api_browser.mdx index b35e3a4acbd91..377e9f35b3136 100644 --- a/api_docs/kbn_core_saved_objects_api_browser.mdx +++ b/api_docs/kbn_core_saved_objects_api_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-browser title: "@kbn/core-saved-objects-api-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-browser'] --- import kbnCoreSavedObjectsApiBrowserObj from './kbn_core_saved_objects_api_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server.mdx b/api_docs/kbn_core_saved_objects_api_server.mdx index a768902c3eae9..e745ca1c4ab21 100644 --- a/api_docs/kbn_core_saved_objects_api_server.mdx +++ b/api_docs/kbn_core_saved_objects_api_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server title: "@kbn/core-saved-objects-api-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server'] --- import kbnCoreSavedObjectsApiServerObj from './kbn_core_saved_objects_api_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx index d606d2360c247..228f48ad7d009 100644 --- a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server-mocks title: "@kbn/core-saved-objects-api-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server-mocks'] --- import kbnCoreSavedObjectsApiServerMocksObj from './kbn_core_saved_objects_api_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_internal.mdx b/api_docs/kbn_core_saved_objects_base_server_internal.mdx index 542fd79d01c14..e8ade08d0c4ab 100644 --- a/api_docs/kbn_core_saved_objects_base_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-internal title: "@kbn/core-saved-objects-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-internal'] --- import kbnCoreSavedObjectsBaseServerInternalObj from './kbn_core_saved_objects_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx index 2bb3209e1972f..fcc94f2ea2f53 100644 --- a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-mocks title: "@kbn/core-saved-objects-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-mocks'] --- import kbnCoreSavedObjectsBaseServerMocksObj from './kbn_core_saved_objects_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser.mdx b/api_docs/kbn_core_saved_objects_browser.mdx index feb984da6b9be..4d9308d76a9ec 100644 --- a/api_docs/kbn_core_saved_objects_browser.mdx +++ b/api_docs/kbn_core_saved_objects_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser title: "@kbn/core-saved-objects-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser'] --- import kbnCoreSavedObjectsBrowserObj from './kbn_core_saved_objects_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_internal.mdx b/api_docs/kbn_core_saved_objects_browser_internal.mdx index 45e25323691d0..70b166c51e811 100644 --- a/api_docs/kbn_core_saved_objects_browser_internal.mdx +++ b/api_docs/kbn_core_saved_objects_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-internal title: "@kbn/core-saved-objects-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-internal'] --- import kbnCoreSavedObjectsBrowserInternalObj from './kbn_core_saved_objects_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_mocks.mdx b/api_docs/kbn_core_saved_objects_browser_mocks.mdx index 95fd2a7b07a35..d5c9417b01b92 100644 --- a/api_docs/kbn_core_saved_objects_browser_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-mocks title: "@kbn/core-saved-objects-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-mocks'] --- import kbnCoreSavedObjectsBrowserMocksObj from './kbn_core_saved_objects_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_common.mdx b/api_docs/kbn_core_saved_objects_common.mdx index 9c2d0e7c5f0c0..9f487732fc2cc 100644 --- a/api_docs/kbn_core_saved_objects_common.mdx +++ b/api_docs/kbn_core_saved_objects_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-common title: "@kbn/core-saved-objects-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-common'] --- import kbnCoreSavedObjectsCommonObj from './kbn_core_saved_objects_common.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx index 2bc6783582b40..99a48284b1c91 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-internal title: "@kbn/core-saved-objects-import-export-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-internal'] --- import kbnCoreSavedObjectsImportExportServerInternalObj from './kbn_core_saved_objects_import_export_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx index a8281a9f2fdd0..a897cf7c6b000 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-mocks title: "@kbn/core-saved-objects-import-export-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-mocks'] --- import kbnCoreSavedObjectsImportExportServerMocksObj from './kbn_core_saved_objects_import_export_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx index 1441f3d507017..b12df3139c943 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-internal title: "@kbn/core-saved-objects-migration-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-internal'] --- import kbnCoreSavedObjectsMigrationServerInternalObj from './kbn_core_saved_objects_migration_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx index 4ff18de7a399f..1ebc697f3b53b 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-mocks title: "@kbn/core-saved-objects-migration-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-mocks'] --- import kbnCoreSavedObjectsMigrationServerMocksObj from './kbn_core_saved_objects_migration_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server.mdx b/api_docs/kbn_core_saved_objects_server.mdx index 921753e0bb0e8..1c4483af3f6b4 100644 --- a/api_docs/kbn_core_saved_objects_server.mdx +++ b/api_docs/kbn_core_saved_objects_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server title: "@kbn/core-saved-objects-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server'] --- import kbnCoreSavedObjectsServerObj from './kbn_core_saved_objects_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_internal.mdx b/api_docs/kbn_core_saved_objects_server_internal.mdx index 15fc49eb12dab..e0d376d011e95 100644 --- a/api_docs/kbn_core_saved_objects_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-internal title: "@kbn/core-saved-objects-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-internal'] --- import kbnCoreSavedObjectsServerInternalObj from './kbn_core_saved_objects_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_mocks.mdx b/api_docs/kbn_core_saved_objects_server_mocks.mdx index accec656aea09..415f8a6628307 100644 --- a/api_docs/kbn_core_saved_objects_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-mocks title: "@kbn/core-saved-objects-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-mocks'] --- import kbnCoreSavedObjectsServerMocksObj from './kbn_core_saved_objects_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_utils_server.mdx b/api_docs/kbn_core_saved_objects_utils_server.mdx index 2a527182645e3..6ca1afe4eb7cf 100644 --- a/api_docs/kbn_core_saved_objects_utils_server.mdx +++ b/api_docs/kbn_core_saved_objects_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-utils-server title: "@kbn/core-saved-objects-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-utils-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-utils-server'] --- import kbnCoreSavedObjectsUtilsServerObj from './kbn_core_saved_objects_utils_server.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser.mdx b/api_docs/kbn_core_security_browser.mdx index c3f986dc13c74..12ac4d5c99d48 100644 --- a/api_docs/kbn_core_security_browser.mdx +++ b/api_docs/kbn_core_security_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser title: "@kbn/core-security-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser'] --- import kbnCoreSecurityBrowserObj from './kbn_core_security_browser.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser_internal.mdx b/api_docs/kbn_core_security_browser_internal.mdx index 50731f7639ea3..4d938a2037b44 100644 --- a/api_docs/kbn_core_security_browser_internal.mdx +++ b/api_docs/kbn_core_security_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-internal title: "@kbn/core-security-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-internal'] --- import kbnCoreSecurityBrowserInternalObj from './kbn_core_security_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser_mocks.mdx b/api_docs/kbn_core_security_browser_mocks.mdx index a8f2f2f0bbb1a..442a74b8373cf 100644 --- a/api_docs/kbn_core_security_browser_mocks.mdx +++ b/api_docs/kbn_core_security_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-mocks title: "@kbn/core-security-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-mocks'] --- import kbnCoreSecurityBrowserMocksObj from './kbn_core_security_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_security_common.mdx b/api_docs/kbn_core_security_common.mdx index 065e4033d3d78..a07160761e011 100644 --- a/api_docs/kbn_core_security_common.mdx +++ b/api_docs/kbn_core_security_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-common title: "@kbn/core-security-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-common'] --- import kbnCoreSecurityCommonObj from './kbn_core_security_common.devdocs.json'; diff --git a/api_docs/kbn_core_security_server.mdx b/api_docs/kbn_core_security_server.mdx index 4de7ccba6e803..8ebf15051ff0c 100644 --- a/api_docs/kbn_core_security_server.mdx +++ b/api_docs/kbn_core_security_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server title: "@kbn/core-security-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server'] --- import kbnCoreSecurityServerObj from './kbn_core_security_server.devdocs.json'; diff --git a/api_docs/kbn_core_security_server_internal.mdx b/api_docs/kbn_core_security_server_internal.mdx index e03e49cfe4569..977391df688e6 100644 --- a/api_docs/kbn_core_security_server_internal.mdx +++ b/api_docs/kbn_core_security_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-internal title: "@kbn/core-security-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-internal'] --- import kbnCoreSecurityServerInternalObj from './kbn_core_security_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_security_server_mocks.mdx b/api_docs/kbn_core_security_server_mocks.mdx index f81d46f9fe564..13e695d33b3b9 100644 --- a/api_docs/kbn_core_security_server_mocks.mdx +++ b/api_docs/kbn_core_security_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-mocks title: "@kbn/core-security-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-mocks'] --- import kbnCoreSecurityServerMocksObj from './kbn_core_security_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_status_common.mdx b/api_docs/kbn_core_status_common.mdx index 33059be7ca317..9933b0f152da0 100644 --- a/api_docs/kbn_core_status_common.mdx +++ b/api_docs/kbn_core_status_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common title: "@kbn/core-status-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common'] --- import kbnCoreStatusCommonObj from './kbn_core_status_common.devdocs.json'; diff --git a/api_docs/kbn_core_status_common_internal.mdx b/api_docs/kbn_core_status_common_internal.mdx index 7168b778f9d16..7e78a851294e0 100644 --- a/api_docs/kbn_core_status_common_internal.mdx +++ b/api_docs/kbn_core_status_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common-internal title: "@kbn/core-status-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common-internal'] --- import kbnCoreStatusCommonInternalObj from './kbn_core_status_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server.mdx b/api_docs/kbn_core_status_server.mdx index 32f5bda075bd1..d99d1f7a50fbf 100644 --- a/api_docs/kbn_core_status_server.mdx +++ b/api_docs/kbn_core_status_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server title: "@kbn/core-status-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server'] --- import kbnCoreStatusServerObj from './kbn_core_status_server.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_internal.mdx b/api_docs/kbn_core_status_server_internal.mdx index 21441e635c27d..4dc604078f9b6 100644 --- a/api_docs/kbn_core_status_server_internal.mdx +++ b/api_docs/kbn_core_status_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-internal title: "@kbn/core-status-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-internal'] --- import kbnCoreStatusServerInternalObj from './kbn_core_status_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_mocks.mdx b/api_docs/kbn_core_status_server_mocks.mdx index 50349c8f67969..fb3c53922d9f3 100644 --- a/api_docs/kbn_core_status_server_mocks.mdx +++ b/api_docs/kbn_core_status_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-mocks title: "@kbn/core-status-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-mocks'] --- import kbnCoreStatusServerMocksObj from './kbn_core_status_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx index b8fe871a8a747..21d5f2c39b1b2 100644 --- a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx +++ b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-deprecations-getters title: "@kbn/core-test-helpers-deprecations-getters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-deprecations-getters plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-deprecations-getters'] --- import kbnCoreTestHelpersDeprecationsGettersObj from './kbn_core_test_helpers_deprecations_getters.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx index 4f3491e1844cc..7e1f495c3bd39 100644 --- a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx +++ b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-http-setup-browser title: "@kbn/core-test-helpers-http-setup-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-http-setup-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-http-setup-browser'] --- import kbnCoreTestHelpersHttpSetupBrowserObj from './kbn_core_test_helpers_http_setup_browser.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_kbn_server.mdx b/api_docs/kbn_core_test_helpers_kbn_server.mdx index 62418ece88225..dbbb108decf47 100644 --- a/api_docs/kbn_core_test_helpers_kbn_server.mdx +++ b/api_docs/kbn_core_test_helpers_kbn_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-kbn-server title: "@kbn/core-test-helpers-kbn-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-kbn-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-kbn-server'] --- import kbnCoreTestHelpersKbnServerObj from './kbn_core_test_helpers_kbn_server.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_model_versions.mdx b/api_docs/kbn_core_test_helpers_model_versions.mdx index f1afa9fb6c8ee..6fc4a24260c41 100644 --- a/api_docs/kbn_core_test_helpers_model_versions.mdx +++ b/api_docs/kbn_core_test_helpers_model_versions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-model-versions title: "@kbn/core-test-helpers-model-versions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-model-versions plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-model-versions'] --- import kbnCoreTestHelpersModelVersionsObj from './kbn_core_test_helpers_model_versions.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx index 948d0854e10fe..d275ce54aa0c4 100644 --- a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx +++ b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-so-type-serializer title: "@kbn/core-test-helpers-so-type-serializer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-so-type-serializer plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-so-type-serializer'] --- import kbnCoreTestHelpersSoTypeSerializerObj from './kbn_core_test_helpers_so_type_serializer.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_test_utils.mdx b/api_docs/kbn_core_test_helpers_test_utils.mdx index 6c42a0369693b..4801a55f052e1 100644 --- a/api_docs/kbn_core_test_helpers_test_utils.mdx +++ b/api_docs/kbn_core_test_helpers_test_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-test-utils title: "@kbn/core-test-helpers-test-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-test-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-test-utils'] --- import kbnCoreTestHelpersTestUtilsObj from './kbn_core_test_helpers_test_utils.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser.mdx b/api_docs/kbn_core_theme_browser.mdx index 5febed68d1577..1f02da58b4d5b 100644 --- a/api_docs/kbn_core_theme_browser.mdx +++ b/api_docs/kbn_core_theme_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser title: "@kbn/core-theme-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser'] --- import kbnCoreThemeBrowserObj from './kbn_core_theme_browser.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser_mocks.mdx b/api_docs/kbn_core_theme_browser_mocks.mdx index 93de05a5c7ebc..83f4681646978 100644 --- a/api_docs/kbn_core_theme_browser_mocks.mdx +++ b/api_docs/kbn_core_theme_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser-mocks title: "@kbn/core-theme-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser-mocks'] --- import kbnCoreThemeBrowserMocksObj from './kbn_core_theme_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser.mdx b/api_docs/kbn_core_ui_settings_browser.mdx index 3fd4a077e8087..6805ba684df04 100644 --- a/api_docs/kbn_core_ui_settings_browser.mdx +++ b/api_docs/kbn_core_ui_settings_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser title: "@kbn/core-ui-settings-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser'] --- import kbnCoreUiSettingsBrowserObj from './kbn_core_ui_settings_browser.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_internal.mdx b/api_docs/kbn_core_ui_settings_browser_internal.mdx index debd8a3882ecb..6ae906f5c5a35 100644 --- a/api_docs/kbn_core_ui_settings_browser_internal.mdx +++ b/api_docs/kbn_core_ui_settings_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-internal title: "@kbn/core-ui-settings-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-internal'] --- import kbnCoreUiSettingsBrowserInternalObj from './kbn_core_ui_settings_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_mocks.mdx b/api_docs/kbn_core_ui_settings_browser_mocks.mdx index c381dc1584c14..da08d28f18127 100644 --- a/api_docs/kbn_core_ui_settings_browser_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-mocks title: "@kbn/core-ui-settings-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-mocks'] --- import kbnCoreUiSettingsBrowserMocksObj from './kbn_core_ui_settings_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_common.mdx b/api_docs/kbn_core_ui_settings_common.mdx index ddaf10664481d..d9d9ea2b35622 100644 --- a/api_docs/kbn_core_ui_settings_common.mdx +++ b/api_docs/kbn_core_ui_settings_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-common title: "@kbn/core-ui-settings-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-common'] --- import kbnCoreUiSettingsCommonObj from './kbn_core_ui_settings_common.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server.mdx b/api_docs/kbn_core_ui_settings_server.mdx index 325f629f9499e..3032f13c0e138 100644 --- a/api_docs/kbn_core_ui_settings_server.mdx +++ b/api_docs/kbn_core_ui_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server title: "@kbn/core-ui-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server'] --- import kbnCoreUiSettingsServerObj from './kbn_core_ui_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_internal.mdx b/api_docs/kbn_core_ui_settings_server_internal.mdx index a576d704151f4..91d8b0fc0bc41 100644 --- a/api_docs/kbn_core_ui_settings_server_internal.mdx +++ b/api_docs/kbn_core_ui_settings_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-internal title: "@kbn/core-ui-settings-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-internal'] --- import kbnCoreUiSettingsServerInternalObj from './kbn_core_ui_settings_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_mocks.mdx b/api_docs/kbn_core_ui_settings_server_mocks.mdx index e0edb1c11bb9e..2d5500a7a5739 100644 --- a/api_docs/kbn_core_ui_settings_server_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-mocks title: "@kbn/core-ui-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-mocks'] --- import kbnCoreUiSettingsServerMocksObj from './kbn_core_ui_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server.mdx b/api_docs/kbn_core_usage_data_server.mdx index 15f92bf6f5885..2b1742dc1d501 100644 --- a/api_docs/kbn_core_usage_data_server.mdx +++ b/api_docs/kbn_core_usage_data_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server title: "@kbn/core-usage-data-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server'] --- import kbnCoreUsageDataServerObj from './kbn_core_usage_data_server.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_internal.mdx b/api_docs/kbn_core_usage_data_server_internal.mdx index 80ed308295146..eb6d8f500ce6f 100644 --- a/api_docs/kbn_core_usage_data_server_internal.mdx +++ b/api_docs/kbn_core_usage_data_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-internal title: "@kbn/core-usage-data-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-internal'] --- import kbnCoreUsageDataServerInternalObj from './kbn_core_usage_data_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_mocks.mdx b/api_docs/kbn_core_usage_data_server_mocks.mdx index 50038465ae681..f764dc93e38c8 100644 --- a/api_docs/kbn_core_usage_data_server_mocks.mdx +++ b/api_docs/kbn_core_usage_data_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-mocks title: "@kbn/core-usage-data-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-mocks'] --- import kbnCoreUsageDataServerMocksObj from './kbn_core_usage_data_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser.mdx b/api_docs/kbn_core_user_profile_browser.mdx index af513a9d781d2..43d7456d469d0 100644 --- a/api_docs/kbn_core_user_profile_browser.mdx +++ b/api_docs/kbn_core_user_profile_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser title: "@kbn/core-user-profile-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser'] --- import kbnCoreUserProfileBrowserObj from './kbn_core_user_profile_browser.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser_internal.mdx b/api_docs/kbn_core_user_profile_browser_internal.mdx index fe4980aae6588..7ecf7d424b44c 100644 --- a/api_docs/kbn_core_user_profile_browser_internal.mdx +++ b/api_docs/kbn_core_user_profile_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-internal title: "@kbn/core-user-profile-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-internal'] --- import kbnCoreUserProfileBrowserInternalObj from './kbn_core_user_profile_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser_mocks.mdx b/api_docs/kbn_core_user_profile_browser_mocks.mdx index f4723e165dfc1..639909ae4fc1d 100644 --- a/api_docs/kbn_core_user_profile_browser_mocks.mdx +++ b/api_docs/kbn_core_user_profile_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-mocks title: "@kbn/core-user-profile-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-mocks'] --- import kbnCoreUserProfileBrowserMocksObj from './kbn_core_user_profile_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_common.mdx b/api_docs/kbn_core_user_profile_common.mdx index fae2df871c4d5..f5e186ca6efc8 100644 --- a/api_docs/kbn_core_user_profile_common.mdx +++ b/api_docs/kbn_core_user_profile_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-common title: "@kbn/core-user-profile-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-common'] --- import kbnCoreUserProfileCommonObj from './kbn_core_user_profile_common.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server.mdx b/api_docs/kbn_core_user_profile_server.mdx index 1a86cc09a3812..8ea6052ea144b 100644 --- a/api_docs/kbn_core_user_profile_server.mdx +++ b/api_docs/kbn_core_user_profile_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server title: "@kbn/core-user-profile-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server'] --- import kbnCoreUserProfileServerObj from './kbn_core_user_profile_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server_internal.mdx b/api_docs/kbn_core_user_profile_server_internal.mdx index fcf1d0020fcf3..9191088b33847 100644 --- a/api_docs/kbn_core_user_profile_server_internal.mdx +++ b/api_docs/kbn_core_user_profile_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-internal title: "@kbn/core-user-profile-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server-internal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-internal'] --- import kbnCoreUserProfileServerInternalObj from './kbn_core_user_profile_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server_mocks.mdx b/api_docs/kbn_core_user_profile_server_mocks.mdx index 3a995b1fd3006..145b4225613be 100644 --- a/api_docs/kbn_core_user_profile_server_mocks.mdx +++ b/api_docs/kbn_core_user_profile_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-mocks title: "@kbn/core-user-profile-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-mocks'] --- import kbnCoreUserProfileServerMocksObj from './kbn_core_user_profile_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server.mdx b/api_docs/kbn_core_user_settings_server.mdx index 49abbde3d1112..ea584711c2850 100644 --- a/api_docs/kbn_core_user_settings_server.mdx +++ b/api_docs/kbn_core_user_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server title: "@kbn/core-user-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server'] --- import kbnCoreUserSettingsServerObj from './kbn_core_user_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server_mocks.mdx b/api_docs/kbn_core_user_settings_server_mocks.mdx index daf0696a081bd..44f6119d2f0bb 100644 --- a/api_docs/kbn_core_user_settings_server_mocks.mdx +++ b/api_docs/kbn_core_user_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-mocks title: "@kbn/core-user-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-mocks'] --- import kbnCoreUserSettingsServerMocksObj from './kbn_core_user_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_crypto.mdx b/api_docs/kbn_crypto.mdx index c3fae18d3601c..066e8eb059eb5 100644 --- a/api_docs/kbn_crypto.mdx +++ b/api_docs/kbn_crypto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto title: "@kbn/crypto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto'] --- import kbnCryptoObj from './kbn_crypto.devdocs.json'; diff --git a/api_docs/kbn_crypto_browser.mdx b/api_docs/kbn_crypto_browser.mdx index 24e5a4e091074..fe62df7b13205 100644 --- a/api_docs/kbn_crypto_browser.mdx +++ b/api_docs/kbn_crypto_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto-browser title: "@kbn/crypto-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto-browser'] --- import kbnCryptoBrowserObj from './kbn_crypto_browser.devdocs.json'; diff --git a/api_docs/kbn_custom_icons.mdx b/api_docs/kbn_custom_icons.mdx index 289198e8d478d..a79cb3b9424b1 100644 --- a/api_docs/kbn_custom_icons.mdx +++ b/api_docs/kbn_custom_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-icons title: "@kbn/custom-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-icons plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-icons'] --- import kbnCustomIconsObj from './kbn_custom_icons.devdocs.json'; diff --git a/api_docs/kbn_custom_integrations.mdx b/api_docs/kbn_custom_integrations.mdx index 19ec5fbdcd51b..9faabedd76648 100644 --- a/api_docs/kbn_custom_integrations.mdx +++ b/api_docs/kbn_custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-integrations title: "@kbn/custom-integrations" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-integrations plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-integrations'] --- import kbnCustomIntegrationsObj from './kbn_custom_integrations.devdocs.json'; diff --git a/api_docs/kbn_cypress_config.mdx b/api_docs/kbn_cypress_config.mdx index 7d39ba6668d92..19110654dfc52 100644 --- a/api_docs/kbn_cypress_config.mdx +++ b/api_docs/kbn_cypress_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cypress-config title: "@kbn/cypress-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cypress-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cypress-config'] --- import kbnCypressConfigObj from './kbn_cypress_config.devdocs.json'; diff --git a/api_docs/kbn_data_forge.mdx b/api_docs/kbn_data_forge.mdx index b0efb0403e4ec..b206fd3e236fa 100644 --- a/api_docs/kbn_data_forge.mdx +++ b/api_docs/kbn_data_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-forge title: "@kbn/data-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-forge plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-forge'] --- import kbnDataForgeObj from './kbn_data_forge.devdocs.json'; diff --git a/api_docs/kbn_data_service.mdx b/api_docs/kbn_data_service.mdx index ccdad55deb6fc..e8d87a82b8960 100644 --- a/api_docs/kbn_data_service.mdx +++ b/api_docs/kbn_data_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-service title: "@kbn/data-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-service plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-service'] --- import kbnDataServiceObj from './kbn_data_service.devdocs.json'; diff --git a/api_docs/kbn_data_stream_adapter.mdx b/api_docs/kbn_data_stream_adapter.mdx index 742f48132eb2d..96014e8dec0eb 100644 --- a/api_docs/kbn_data_stream_adapter.mdx +++ b/api_docs/kbn_data_stream_adapter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-stream-adapter title: "@kbn/data-stream-adapter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-stream-adapter plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-stream-adapter'] --- import kbnDataStreamAdapterObj from './kbn_data_stream_adapter.devdocs.json'; diff --git a/api_docs/kbn_data_view_utils.mdx b/api_docs/kbn_data_view_utils.mdx index 63ab27eab291f..99786e6f877c7 100644 --- a/api_docs/kbn_data_view_utils.mdx +++ b/api_docs/kbn_data_view_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-view-utils title: "@kbn/data-view-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-view-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-view-utils'] --- import kbnDataViewUtilsObj from './kbn_data_view_utils.devdocs.json'; diff --git a/api_docs/kbn_datemath.mdx b/api_docs/kbn_datemath.mdx index 194c55aa4caef..6fcaaac311d04 100644 --- a/api_docs/kbn_datemath.mdx +++ b/api_docs/kbn_datemath.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-datemath title: "@kbn/datemath" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/datemath plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/datemath'] --- import kbnDatemathObj from './kbn_datemath.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_analytics.mdx b/api_docs/kbn_deeplinks_analytics.mdx index 8f6afbf7ce069..d40219dcaa29f 100644 --- a/api_docs/kbn_deeplinks_analytics.mdx +++ b/api_docs/kbn_deeplinks_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-analytics title: "@kbn/deeplinks-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-analytics plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-analytics'] --- import kbnDeeplinksAnalyticsObj from './kbn_deeplinks_analytics.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_devtools.mdx b/api_docs/kbn_deeplinks_devtools.mdx index 4010ace67feea..3b5b59c01c387 100644 --- a/api_docs/kbn_deeplinks_devtools.mdx +++ b/api_docs/kbn_deeplinks_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-devtools title: "@kbn/deeplinks-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-devtools plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-devtools'] --- import kbnDeeplinksDevtoolsObj from './kbn_deeplinks_devtools.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_fleet.mdx b/api_docs/kbn_deeplinks_fleet.mdx index d67dc69c255ee..d6b0392a052fe 100644 --- a/api_docs/kbn_deeplinks_fleet.mdx +++ b/api_docs/kbn_deeplinks_fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-fleet title: "@kbn/deeplinks-fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-fleet plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-fleet'] --- import kbnDeeplinksFleetObj from './kbn_deeplinks_fleet.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_management.mdx b/api_docs/kbn_deeplinks_management.mdx index 29063baabceb5..d369797ce083f 100644 --- a/api_docs/kbn_deeplinks_management.mdx +++ b/api_docs/kbn_deeplinks_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-management title: "@kbn/deeplinks-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-management plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-management'] --- import kbnDeeplinksManagementObj from './kbn_deeplinks_management.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_ml.mdx b/api_docs/kbn_deeplinks_ml.mdx index c5414a0a03e24..2ee1bc011b475 100644 --- a/api_docs/kbn_deeplinks_ml.mdx +++ b/api_docs/kbn_deeplinks_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-ml title: "@kbn/deeplinks-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-ml plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-ml'] --- import kbnDeeplinksMlObj from './kbn_deeplinks_ml.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_observability.mdx b/api_docs/kbn_deeplinks_observability.mdx index 4de675644f23f..b5ca2962de35a 100644 --- a/api_docs/kbn_deeplinks_observability.mdx +++ b/api_docs/kbn_deeplinks_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-observability title: "@kbn/deeplinks-observability" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-observability plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-observability'] --- import kbnDeeplinksObservabilityObj from './kbn_deeplinks_observability.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_search.mdx b/api_docs/kbn_deeplinks_search.mdx index cc2936da23089..4d6df126e3678 100644 --- a/api_docs/kbn_deeplinks_search.mdx +++ b/api_docs/kbn_deeplinks_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-search title: "@kbn/deeplinks-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-search plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-search'] --- import kbnDeeplinksSearchObj from './kbn_deeplinks_search.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_security.mdx b/api_docs/kbn_deeplinks_security.mdx index 17a37093674d4..20bdb711ab1c5 100644 --- a/api_docs/kbn_deeplinks_security.mdx +++ b/api_docs/kbn_deeplinks_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-security title: "@kbn/deeplinks-security" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-security plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-security'] --- import kbnDeeplinksSecurityObj from './kbn_deeplinks_security.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_shared.mdx b/api_docs/kbn_deeplinks_shared.mdx index 268c4ba2afdfb..8d2082ce8af03 100644 --- a/api_docs/kbn_deeplinks_shared.mdx +++ b/api_docs/kbn_deeplinks_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-shared title: "@kbn/deeplinks-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-shared plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-shared'] --- import kbnDeeplinksSharedObj from './kbn_deeplinks_shared.devdocs.json'; diff --git a/api_docs/kbn_default_nav_analytics.mdx b/api_docs/kbn_default_nav_analytics.mdx index b95f9f2d965db..efad7a0fbb359 100644 --- a/api_docs/kbn_default_nav_analytics.mdx +++ b/api_docs/kbn_default_nav_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-analytics title: "@kbn/default-nav-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-analytics plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-analytics'] --- import kbnDefaultNavAnalyticsObj from './kbn_default_nav_analytics.devdocs.json'; diff --git a/api_docs/kbn_default_nav_devtools.mdx b/api_docs/kbn_default_nav_devtools.mdx index 78e4ead602f7d..778c02c8bfd61 100644 --- a/api_docs/kbn_default_nav_devtools.mdx +++ b/api_docs/kbn_default_nav_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-devtools title: "@kbn/default-nav-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-devtools plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-devtools'] --- import kbnDefaultNavDevtoolsObj from './kbn_default_nav_devtools.devdocs.json'; diff --git a/api_docs/kbn_default_nav_management.mdx b/api_docs/kbn_default_nav_management.mdx index 6331c57ad5a30..f4d799219b1d3 100644 --- a/api_docs/kbn_default_nav_management.mdx +++ b/api_docs/kbn_default_nav_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-management title: "@kbn/default-nav-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-management plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-management'] --- import kbnDefaultNavManagementObj from './kbn_default_nav_management.devdocs.json'; diff --git a/api_docs/kbn_default_nav_ml.mdx b/api_docs/kbn_default_nav_ml.mdx index dd63675f798a8..836d43136afc8 100644 --- a/api_docs/kbn_default_nav_ml.mdx +++ b/api_docs/kbn_default_nav_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-ml title: "@kbn/default-nav-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-ml plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-ml'] --- import kbnDefaultNavMlObj from './kbn_default_nav_ml.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_errors.mdx b/api_docs/kbn_dev_cli_errors.mdx index 92fab0c9430ce..02b3165046c71 100644 --- a/api_docs/kbn_dev_cli_errors.mdx +++ b/api_docs/kbn_dev_cli_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-errors title: "@kbn/dev-cli-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-errors plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-errors'] --- import kbnDevCliErrorsObj from './kbn_dev_cli_errors.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_runner.mdx b/api_docs/kbn_dev_cli_runner.mdx index b698c3354254d..eebe3d53bda8e 100644 --- a/api_docs/kbn_dev_cli_runner.mdx +++ b/api_docs/kbn_dev_cli_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-runner title: "@kbn/dev-cli-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-runner plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-runner'] --- import kbnDevCliRunnerObj from './kbn_dev_cli_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_proc_runner.mdx b/api_docs/kbn_dev_proc_runner.mdx index c327f0518b0e5..1d47739ee213a 100644 --- a/api_docs/kbn_dev_proc_runner.mdx +++ b/api_docs/kbn_dev_proc_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-proc-runner title: "@kbn/dev-proc-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-proc-runner plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-proc-runner'] --- import kbnDevProcRunnerObj from './kbn_dev_proc_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_utils.mdx b/api_docs/kbn_dev_utils.mdx index dc25e9f8fff36..fbfc4cce53ced 100644 --- a/api_docs/kbn_dev_utils.mdx +++ b/api_docs/kbn_dev_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-utils title: "@kbn/dev-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-utils'] --- import kbnDevUtilsObj from './kbn_dev_utils.devdocs.json'; diff --git a/api_docs/kbn_discover_utils.mdx b/api_docs/kbn_discover_utils.mdx index 9a4616122d470..4aac68ae01bfc 100644 --- a/api_docs/kbn_discover_utils.mdx +++ b/api_docs/kbn_discover_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-utils title: "@kbn/discover-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/discover-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-utils'] --- import kbnDiscoverUtilsObj from './kbn_discover_utils.devdocs.json'; diff --git a/api_docs/kbn_doc_links.mdx b/api_docs/kbn_doc_links.mdx index 6ca7ec93cca1d..291e6feea78cb 100644 --- a/api_docs/kbn_doc_links.mdx +++ b/api_docs/kbn_doc_links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-doc-links title: "@kbn/doc-links" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/doc-links plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/doc-links'] --- import kbnDocLinksObj from './kbn_doc_links.devdocs.json'; diff --git a/api_docs/kbn_docs_utils.mdx b/api_docs/kbn_docs_utils.mdx index 1672d943e0e1c..b903d5840df95 100644 --- a/api_docs/kbn_docs_utils.mdx +++ b/api_docs/kbn_docs_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-docs-utils title: "@kbn/docs-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/docs-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/docs-utils'] --- import kbnDocsUtilsObj from './kbn_docs_utils.devdocs.json'; diff --git a/api_docs/kbn_dom_drag_drop.mdx b/api_docs/kbn_dom_drag_drop.mdx index 3858d2fecf1f3..37079204cdb60 100644 --- a/api_docs/kbn_dom_drag_drop.mdx +++ b/api_docs/kbn_dom_drag_drop.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dom-drag-drop title: "@kbn/dom-drag-drop" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dom-drag-drop plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dom-drag-drop'] --- import kbnDomDragDropObj from './kbn_dom_drag_drop.devdocs.json'; diff --git a/api_docs/kbn_ebt.devdocs.json b/api_docs/kbn_ebt.devdocs.json index 82e6770af4fac..82e5dbb2ad965 100644 --- a/api_docs/kbn_ebt.devdocs.json +++ b/api_docs/kbn_ebt.devdocs.json @@ -1866,6 +1866,22 @@ "plugin": "elasticAssistant", "path": "x-pack/plugins/elastic_assistant/server/lib/langchain/elasticsearch_store/elasticsearch_store.ts" }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts" + }, { "plugin": "globalSearchBar", "path": "x-pack/plugins/global_search_bar/public/telemetry/event_reporter.ts" @@ -2042,10 +2058,6 @@ "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts" }, - { - "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts" - }, { "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts" @@ -2174,6 +2186,38 @@ "plugin": "security", "path": "x-pack/plugins/security/server/analytics/analytics_service.test.ts" }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, + { + "plugin": "elasticAssistant", + "path": "x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts" + }, { "plugin": "apm", "path": "x-pack/plugins/observability_solution/apm/public/services/telemetry/telemetry_service.test.ts" diff --git a/api_docs/kbn_ebt.mdx b/api_docs/kbn_ebt.mdx index 49112f2b93ea0..9b4fe7bfb759f 100644 --- a/api_docs/kbn_ebt.mdx +++ b/api_docs/kbn_ebt.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt title: "@kbn/ebt" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ebt plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt'] --- import kbnEbtObj from './kbn_ebt.devdocs.json'; diff --git a/api_docs/kbn_ebt_tools.mdx b/api_docs/kbn_ebt_tools.mdx index 411f0a4699bc4..37014336cd5be 100644 --- a/api_docs/kbn_ebt_tools.mdx +++ b/api_docs/kbn_ebt_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt-tools title: "@kbn/ebt-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ebt-tools plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt-tools'] --- import kbnEbtToolsObj from './kbn_ebt_tools.devdocs.json'; diff --git a/api_docs/kbn_ecs_data_quality_dashboard.mdx b/api_docs/kbn_ecs_data_quality_dashboard.mdx index 5e8cd41f53d6e..bf2228c79eb89 100644 --- a/api_docs/kbn_ecs_data_quality_dashboard.mdx +++ b/api_docs/kbn_ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs-data-quality-dashboard title: "@kbn/ecs-data-quality-dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ecs-data-quality-dashboard plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs-data-quality-dashboard'] --- import kbnEcsDataQualityDashboardObj from './kbn_ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/kbn_elastic_agent_utils.mdx b/api_docs/kbn_elastic_agent_utils.mdx index 55ba5a6139ea3..2180b9d17025d 100644 --- a/api_docs/kbn_elastic_agent_utils.mdx +++ b/api_docs/kbn_elastic_agent_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-agent-utils title: "@kbn/elastic-agent-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-agent-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-agent-utils'] --- import kbnElasticAgentUtilsObj from './kbn_elastic_agent_utils.devdocs.json'; diff --git a/api_docs/kbn_elastic_assistant.mdx b/api_docs/kbn_elastic_assistant.mdx index 256e31996fb61..0e25df287ab9c 100644 --- a/api_docs/kbn_elastic_assistant.mdx +++ b/api_docs/kbn_elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant title: "@kbn/elastic-assistant" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant'] --- import kbnElasticAssistantObj from './kbn_elastic_assistant.devdocs.json'; diff --git a/api_docs/kbn_elastic_assistant_common.devdocs.json b/api_docs/kbn_elastic_assistant_common.devdocs.json index 7f5b1cccc8780..2e245eee05c74 100644 --- a/api_docs/kbn_elastic_assistant_common.devdocs.json +++ b/api_docs/kbn_elastic_assistant_common.devdocs.json @@ -851,6 +851,23 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveries", + "type": "Type", + "tags": [], + "label": "AttackDiscoveries", + "description": [ + "\nArray of attack discoveries" + ], + "signature": [ + "{ timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/elastic-assistant-common", "id": "def-common.AttackDiscovery", @@ -861,9 +878,114 @@ "\nAn attack discovery generated from one or more alerts" ], "signature": [ - "{ title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }" + "{ timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }" ], - "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts", + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryCancelRequestParams", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryCancelRequestParams", + "description": [], + "signature": [ + "{ connectorId: string; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryCancelRequestParamsInput", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryCancelRequestParamsInput", + "description": [], + "signature": [ + "{ connectorId: string; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryCancelResponse", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryCancelResponse", + "description": [], + "signature": [ + "{ id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryCreateProps", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryCreateProps", + "description": [], + "signature": [ + "{ status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; id?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryGetRequestParams", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryGetRequestParams", + "description": [], + "signature": [ + "{ connectorId: string; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryGetRequestParamsInput", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryGetRequestParamsInput", + "description": [], + "signature": [ + "{ connectorId: string; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryGetResponse", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryGetResponse", + "description": [], + "signature": [ + "{ entryExists: boolean; data?: { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; } | undefined; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts", "deprecated": false, "trackAdoption": false, "initialIsOpen": false @@ -876,7 +998,7 @@ "label": "AttackDiscoveryPostRequestBody", "description": [], "signature": [ - "{ connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }" + "{ size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }" ], "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts", "deprecated": false, @@ -891,7 +1013,7 @@ "label": "AttackDiscoveryPostRequestBodyInput", "description": [], "signature": [ - "{ connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }" + "{ size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }" ], "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts", "deprecated": false, @@ -906,13 +1028,75 @@ "label": "AttackDiscoveryPostResponse", "description": [], "signature": [ - "{ connector_id?: string | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; status?: string | undefined; trace_data?: { transactionId?: string | undefined; traceId?: string | undefined; } | undefined; }" + "{ id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }" ], "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts", "deprecated": false, "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryResponse", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryResponse", + "description": [], + "signature": [ + "{ id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryStatus", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryStatus", + "description": [ + "\nThe status of the attack discovery." + ], + "signature": [ + "\"running\" | \"succeeded\" | \"failed\" | \"canceled\"" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryStatusEnum", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryStatusEnum", + "description": [], + "signature": [ + "{ running: \"running\"; succeeded: \"succeeded\"; failed: \"failed\"; canceled: \"canceled\"; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryUpdateProps", + "type": "Type", + "tags": [], + "label": "AttackDiscoveryUpdateProps", + "description": [], + "signature": [ + "{ id: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; backingIndex: string; apiConfig?: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; } | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; generationIntervals?: { date: string; durationMs: number; }[] | undefined; failureReason?: string | undefined; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/elastic-assistant-common", "id": "def-common.BulkActionBase", @@ -1967,6 +2151,23 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.GenerationInterval", + "type": "Type", + "tags": [], + "label": "GenerationInterval", + "description": [ + "\nRun durations for the attack discovery" + ], + "signature": [ + "{ date: string; durationMs: number; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/elastic-assistant-common", "id": "def-common.GetCapabilitiesResponse", @@ -3088,6 +3289,21 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveries", + "type": "Object", + "tags": [], + "label": "AttackDiscoveries", + "description": [], + "signature": [ + "Zod.ZodArray; id: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/elastic-assistant-common", "id": "def-common.AttackDiscovery", @@ -3096,9 +3312,84 @@ "label": "AttackDiscovery", "description": [], "signature": [ - "Zod.ZodObject<{ alertIds: Zod.ZodArray; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }, { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }>" + "Zod.ZodObject<{ alertIds: Zod.ZodArray; id: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>" ], - "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts", + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryCancelRequestParams", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryCancelRequestParams", + "description": [], + "signature": [ + "Zod.ZodObject<{ connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; }, { connectorId: string; }>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryCancelResponse", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryCancelResponse", + "description": [], + "signature": [ + "Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional; updatedAt: Zod.ZodOptional; alertsContextCount: Zod.ZodOptional; createdAt: Zod.ZodString; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; users: Zod.ZodArray; name: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id?: string | undefined; name?: string | undefined; }, { id?: string | undefined; name?: string | undefined; }>, \"many\">; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; attackDiscoveries: Zod.ZodArray; id: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional; provider: Zod.ZodOptional>; model: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; namespace: Zod.ZodString; backingIndex: Zod.ZodString; generationIntervals: Zod.ZodArray, \"many\">; averageIntervalMs: Zod.ZodNumber; failureReason: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }, { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryCreateProps", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryCreateProps", + "description": [], + "signature": [ + "Zod.ZodObject<{ id: Zod.ZodOptional; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; alertsContextCount: Zod.ZodOptional; attackDiscoveries: Zod.ZodArray; id: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional; provider: Zod.ZodOptional>; model: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; }, \"strip\", Zod.ZodTypeAny, { status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; id?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }, { status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; id?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryGetRequestParams", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryGetRequestParams", + "description": [], + "signature": [ + "Zod.ZodObject<{ connectorId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; }, { connectorId: string; }>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryGetResponse", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryGetResponse", + "description": [], + "signature": [ + "Zod.ZodObject<{ data: Zod.ZodOptional; updatedAt: Zod.ZodOptional; alertsContextCount: Zod.ZodOptional; createdAt: Zod.ZodString; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; users: Zod.ZodArray; name: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id?: string | undefined; name?: string | undefined; }, { id?: string | undefined; name?: string | undefined; }>, \"many\">; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; attackDiscoveries: Zod.ZodArray; id: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional; provider: Zod.ZodOptional>; model: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; namespace: Zod.ZodString; backingIndex: Zod.ZodString; generationIntervals: Zod.ZodArray, \"many\">; averageIntervalMs: Zod.ZodNumber; failureReason: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }, { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }>>; entryExists: Zod.ZodBoolean; }, \"strip\", Zod.ZodTypeAny, { entryExists: boolean; data?: { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; } | undefined; }, { entryExists: boolean; data?: { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; } | undefined; }>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts", "deprecated": false, "trackAdoption": false, "initialIsOpen": false @@ -3111,7 +3402,7 @@ "label": "AttackDiscoveryPostRequestBody", "description": [], "signature": [ - "Zod.ZodObject<{ alertsIndexPattern: Zod.ZodString; anonymizationFields: Zod.ZodArray; field: Zod.ZodString; allowed: Zod.ZodOptional; anonymized: Zod.ZodOptional; updatedAt: Zod.ZodOptional; updatedBy: Zod.ZodOptional; createdAt: Zod.ZodOptional; createdBy: Zod.ZodOptional; namespace: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }, { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }>, \"many\">; connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; langSmithProject: Zod.ZodOptional; langSmithApiKey: Zod.ZodOptional; model: Zod.ZodOptional; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; size: Zod.ZodNumber; subAction: Zod.ZodEnum<[\"invokeAI\", \"invokeStream\"]>; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }, { connectorId: string; actionTypeId: string; size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }>" + "Zod.ZodObject<{ alertsIndexPattern: Zod.ZodString; anonymizationFields: Zod.ZodArray; field: Zod.ZodString; allowed: Zod.ZodOptional; anonymized: Zod.ZodOptional; updatedAt: Zod.ZodOptional; updatedBy: Zod.ZodOptional; createdAt: Zod.ZodOptional; createdBy: Zod.ZodOptional; namespace: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }, { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional; provider: Zod.ZodOptional>; model: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; langSmithProject: Zod.ZodOptional; langSmithApiKey: Zod.ZodOptional; model: Zod.ZodOptional; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; size: Zod.ZodNumber; subAction: Zod.ZodEnum<[\"invokeAI\", \"invokeStream\"]>; }, \"strip\", Zod.ZodTypeAny, { size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; }, { size: number; subAction: \"invokeAI\" | \"invokeStream\"; alertsIndexPattern: string; anonymizationFields: { id: string; field: string; timestamp?: string | undefined; allowed?: boolean | undefined; anonymized?: boolean | undefined; updatedAt?: string | undefined; updatedBy?: string | undefined; createdAt?: string | undefined; createdBy?: string | undefined; namespace?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; langSmithProject?: string | undefined; langSmithApiKey?: string | undefined; model?: string | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; }>" ], "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts", "deprecated": false, @@ -3126,13 +3417,73 @@ "label": "AttackDiscoveryPostResponse", "description": [], "signature": [ - "Zod.ZodObject<{ connector_id: Zod.ZodOptional; alertsContextCount: Zod.ZodOptional; attackDiscoveries: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }, { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }>, \"many\">>; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; status: Zod.ZodOptional; trace_data: Zod.ZodOptional; traceId: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { transactionId?: string | undefined; traceId?: string | undefined; }, { transactionId?: string | undefined; traceId?: string | undefined; }>>; }, \"strip\", Zod.ZodTypeAny, { connector_id?: string | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; status?: string | undefined; trace_data?: { transactionId?: string | undefined; traceId?: string | undefined; } | undefined; }, { connector_id?: string | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; status?: string | undefined; trace_data?: { transactionId?: string | undefined; traceId?: string | undefined; } | undefined; }>" + "Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional; updatedAt: Zod.ZodOptional; alertsContextCount: Zod.ZodOptional; createdAt: Zod.ZodString; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; users: Zod.ZodArray; name: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id?: string | undefined; name?: string | undefined; }, { id?: string | undefined; name?: string | undefined; }>, \"many\">; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; attackDiscoveries: Zod.ZodArray; id: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional; provider: Zod.ZodOptional>; model: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; namespace: Zod.ZodString; backingIndex: Zod.ZodString; generationIntervals: Zod.ZodArray, \"many\">; averageIntervalMs: Zod.ZodNumber; failureReason: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }, { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }>" ], "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts", "deprecated": false, "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryResponse", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryResponse", + "description": [], + "signature": [ + "Zod.ZodObject<{ id: Zod.ZodString; timestamp: Zod.ZodOptional; updatedAt: Zod.ZodOptional; alertsContextCount: Zod.ZodOptional; createdAt: Zod.ZodString; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; users: Zod.ZodArray; name: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id?: string | undefined; name?: string | undefined; }, { id?: string | undefined; name?: string | undefined; }>, \"many\">; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; attackDiscoveries: Zod.ZodArray; id: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">; apiConfig: Zod.ZodObject<{ connectorId: Zod.ZodString; actionTypeId: Zod.ZodString; defaultSystemPromptId: Zod.ZodOptional; provider: Zod.ZodOptional>; model: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>; namespace: Zod.ZodString; backingIndex: Zod.ZodString; generationIntervals: Zod.ZodArray, \"many\">; averageIntervalMs: Zod.ZodNumber; failureReason: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }, { id: string; namespace: string; createdAt: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; users: { id?: string | undefined; name?: string | undefined; }[]; apiConfig: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }; attackDiscoveries: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[]; backingIndex: string; generationIntervals: { date: string; durationMs: number; }[]; averageIntervalMs: number; timestamp?: string | undefined; updatedAt?: string | undefined; alertsContextCount?: number | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; failureReason?: string | undefined; }>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryStatus", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryStatus", + "description": [], + "signature": [ + "Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryStatusEnum", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryStatusEnum", + "description": [], + "signature": [ + "{ running: \"running\"; succeeded: \"succeeded\"; failed: \"failed\"; canceled: \"canceled\"; }" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.AttackDiscoveryUpdateProps", + "type": "Object", + "tags": [], + "label": "AttackDiscoveryUpdateProps", + "description": [], + "signature": [ + "Zod.ZodObject<{ id: Zod.ZodString; apiConfig: Zod.ZodOptional; provider: Zod.ZodOptional>; model: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }, { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; }>>; alertsContextCount: Zod.ZodOptional; attackDiscoveries: Zod.ZodOptional; id: Zod.ZodOptional; detailsMarkdown: Zod.ZodString; entitySummaryMarkdown: Zod.ZodString; mitreAttackTactics: Zod.ZodOptional>; summaryMarkdown: Zod.ZodString; title: Zod.ZodString; timestamp: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }, { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }>, \"many\">>; status: Zod.ZodEnum<[\"running\", \"succeeded\", \"failed\", \"canceled\"]>; replacements: Zod.ZodOptional, Zod.objectInputType<{}, Zod.ZodString, \"strip\">>>; generationIntervals: Zod.ZodOptional, \"many\">>; backingIndex: Zod.ZodString; failureReason: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { id: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; backingIndex: string; apiConfig?: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; } | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectOutputType<{}, Zod.ZodString, \"strip\"> | undefined; generationIntervals?: { date: string; durationMs: number; }[] | undefined; failureReason?: string | undefined; }, { id: string; status: \"running\" | \"succeeded\" | \"failed\" | \"canceled\"; backingIndex: string; apiConfig?: { connectorId: string; actionTypeId: string; defaultSystemPromptId?: string | undefined; provider?: \"OpenAI\" | \"Azure OpenAI\" | undefined; model?: string | undefined; } | undefined; alertsContextCount?: number | undefined; attackDiscoveries?: { timestamp: string; title: string; alertIds: string[]; detailsMarkdown: string; entitySummaryMarkdown: string; summaryMarkdown: string; id?: string | undefined; mitreAttackTactics?: string[] | undefined; }[] | undefined; replacements?: Zod.objectInputType<{}, Zod.ZodString, \"strip\"> | undefined; generationIntervals?: { date: string; durationMs: number; }[] | undefined; failureReason?: string | undefined; }>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/elastic-assistant-common", "id": "def-common.BulkActionBase", @@ -3810,6 +4161,21 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/elastic-assistant-common", + "id": "def-common.GenerationInterval", + "type": "Object", + "tags": [], + "label": "GenerationInterval", + "description": [], + "signature": [ + "Zod.ZodObject<{ date: Zod.ZodString; durationMs: Zod.ZodNumber; }, \"strip\", Zod.ZodTypeAny, { date: string; durationMs: number; }, { date: string; durationMs: number; }>" + ], + "path": "x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/elastic-assistant-common", "id": "def-common.GetCapabilitiesResponse", diff --git a/api_docs/kbn_elastic_assistant_common.mdx b/api_docs/kbn_elastic_assistant_common.mdx index 36e6d868ca841..69a6e5a28dcd4 100644 --- a/api_docs/kbn_elastic_assistant_common.mdx +++ b/api_docs/kbn_elastic_assistant_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant-common title: "@kbn/elastic-assistant-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant-common'] --- import kbnElasticAssistantCommonObj from './kbn_elastic_assistant_common.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/ | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 305 | 0 | 286 | 0 | +| 329 | 0 | 307 | 0 | ## Common diff --git a/api_docs/kbn_entities_schema.mdx b/api_docs/kbn_entities_schema.mdx index 97ce0a87ca2c7..3e4be2f2a7487 100644 --- a/api_docs/kbn_entities_schema.mdx +++ b/api_docs/kbn_entities_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-entities-schema title: "@kbn/entities-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/entities-schema plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/entities-schema'] --- import kbnEntitiesSchemaObj from './kbn_entities_schema.devdocs.json'; diff --git a/api_docs/kbn_es.mdx b/api_docs/kbn_es.mdx index aad1566fba8f1..4ca6499a198fd 100644 --- a/api_docs/kbn_es.mdx +++ b/api_docs/kbn_es.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es title: "@kbn/es" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es'] --- import kbnEsObj from './kbn_es.devdocs.json'; diff --git a/api_docs/kbn_es_archiver.mdx b/api_docs/kbn_es_archiver.mdx index dd1e20ad5bb60..72c66eecd1015 100644 --- a/api_docs/kbn_es_archiver.mdx +++ b/api_docs/kbn_es_archiver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-archiver title: "@kbn/es-archiver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-archiver plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-archiver'] --- import kbnEsArchiverObj from './kbn_es_archiver.devdocs.json'; diff --git a/api_docs/kbn_es_errors.mdx b/api_docs/kbn_es_errors.mdx index 2641cae133273..5ae6374455303 100644 --- a/api_docs/kbn_es_errors.mdx +++ b/api_docs/kbn_es_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-errors title: "@kbn/es-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-errors plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-errors'] --- import kbnEsErrorsObj from './kbn_es_errors.devdocs.json'; diff --git a/api_docs/kbn_es_query.mdx b/api_docs/kbn_es_query.mdx index 372c14356ab56..956090cf3e8db 100644 --- a/api_docs/kbn_es_query.mdx +++ b/api_docs/kbn_es_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-query title: "@kbn/es-query" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-query plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-query'] --- import kbnEsQueryObj from './kbn_es_query.devdocs.json'; diff --git a/api_docs/kbn_es_types.mdx b/api_docs/kbn_es_types.mdx index 474d4e80949bf..eb49930025745 100644 --- a/api_docs/kbn_es_types.mdx +++ b/api_docs/kbn_es_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-types title: "@kbn/es-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-types'] --- import kbnEsTypesObj from './kbn_es_types.devdocs.json'; diff --git a/api_docs/kbn_eslint_plugin_imports.mdx b/api_docs/kbn_eslint_plugin_imports.mdx index be2c2dd57c044..95347d0a0e181 100644 --- a/api_docs/kbn_eslint_plugin_imports.mdx +++ b/api_docs/kbn_eslint_plugin_imports.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-eslint-plugin-imports title: "@kbn/eslint-plugin-imports" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/eslint-plugin-imports plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/eslint-plugin-imports'] --- import kbnEslintPluginImportsObj from './kbn_eslint_plugin_imports.devdocs.json'; diff --git a/api_docs/kbn_esql_ast.mdx b/api_docs/kbn_esql_ast.mdx index edaebe0ae5e47..b60f50d8c1005 100644 --- a/api_docs/kbn_esql_ast.mdx +++ b/api_docs/kbn_esql_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-ast title: "@kbn/esql-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-ast plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-ast'] --- import kbnEsqlAstObj from './kbn_esql_ast.devdocs.json'; diff --git a/api_docs/kbn_esql_utils.mdx b/api_docs/kbn_esql_utils.mdx index 65be86b821b1b..47cd580854145 100644 --- a/api_docs/kbn_esql_utils.mdx +++ b/api_docs/kbn_esql_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-utils title: "@kbn/esql-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-utils'] --- import kbnEsqlUtilsObj from './kbn_esql_utils.devdocs.json'; diff --git a/api_docs/kbn_esql_validation_autocomplete.mdx b/api_docs/kbn_esql_validation_autocomplete.mdx index 3dfddbf675362..009abec822be6 100644 --- a/api_docs/kbn_esql_validation_autocomplete.mdx +++ b/api_docs/kbn_esql_validation_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-validation-autocomplete title: "@kbn/esql-validation-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-validation-autocomplete plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-validation-autocomplete'] --- import kbnEsqlValidationAutocompleteObj from './kbn_esql_validation_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_common.mdx b/api_docs/kbn_event_annotation_common.mdx index 746f00fa4fb9e..9efa5dfbeac91 100644 --- a/api_docs/kbn_event_annotation_common.mdx +++ b/api_docs/kbn_event_annotation_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-common title: "@kbn/event-annotation-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-common'] --- import kbnEventAnnotationCommonObj from './kbn_event_annotation_common.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_components.mdx b/api_docs/kbn_event_annotation_components.mdx index d814dadf736b9..94d7bb4c8b936 100644 --- a/api_docs/kbn_event_annotation_components.mdx +++ b/api_docs/kbn_event_annotation_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-components title: "@kbn/event-annotation-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-components plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-components'] --- import kbnEventAnnotationComponentsObj from './kbn_event_annotation_components.devdocs.json'; diff --git a/api_docs/kbn_expandable_flyout.mdx b/api_docs/kbn_expandable_flyout.mdx index add52d11aa19f..2b6dcd7f959c8 100644 --- a/api_docs/kbn_expandable_flyout.mdx +++ b/api_docs/kbn_expandable_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-expandable-flyout title: "@kbn/expandable-flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/expandable-flyout plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/expandable-flyout'] --- import kbnExpandableFlyoutObj from './kbn_expandable_flyout.devdocs.json'; diff --git a/api_docs/kbn_field_types.mdx b/api_docs/kbn_field_types.mdx index f2c2cc2f2fb9b..be24aa2cd71a0 100644 --- a/api_docs/kbn_field_types.mdx +++ b/api_docs/kbn_field_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-types title: "@kbn/field-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-types'] --- import kbnFieldTypesObj from './kbn_field_types.devdocs.json'; diff --git a/api_docs/kbn_field_utils.mdx b/api_docs/kbn_field_utils.mdx index b194361544091..dd67586fb6438 100644 --- a/api_docs/kbn_field_utils.mdx +++ b/api_docs/kbn_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-utils title: "@kbn/field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-utils'] --- import kbnFieldUtilsObj from './kbn_field_utils.devdocs.json'; diff --git a/api_docs/kbn_find_used_node_modules.mdx b/api_docs/kbn_find_used_node_modules.mdx index 5324cb3cce673..8cd3ebf400d2f 100644 --- a/api_docs/kbn_find_used_node_modules.mdx +++ b/api_docs/kbn_find_used_node_modules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-find-used-node-modules title: "@kbn/find-used-node-modules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/find-used-node-modules plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/find-used-node-modules'] --- import kbnFindUsedNodeModulesObj from './kbn_find_used_node_modules.devdocs.json'; diff --git a/api_docs/kbn_formatters.mdx b/api_docs/kbn_formatters.mdx index 040b73b42cf68..36a7b21e9270d 100644 --- a/api_docs/kbn_formatters.mdx +++ b/api_docs/kbn_formatters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-formatters title: "@kbn/formatters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/formatters plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/formatters'] --- import kbnFormattersObj from './kbn_formatters.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_services.mdx b/api_docs/kbn_ftr_common_functional_services.mdx index 42eabd9be75c6..48f9eabd38d7e 100644 --- a/api_docs/kbn_ftr_common_functional_services.mdx +++ b/api_docs/kbn_ftr_common_functional_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-services title: "@kbn/ftr-common-functional-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-services plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-services'] --- import kbnFtrCommonFunctionalServicesObj from './kbn_ftr_common_functional_services.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_ui_services.mdx b/api_docs/kbn_ftr_common_functional_ui_services.mdx index 543f6fc8808fc..0118717bb080f 100644 --- a/api_docs/kbn_ftr_common_functional_ui_services.mdx +++ b/api_docs/kbn_ftr_common_functional_ui_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-ui-services title: "@kbn/ftr-common-functional-ui-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-ui-services plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-ui-services'] --- import kbnFtrCommonFunctionalUiServicesObj from './kbn_ftr_common_functional_ui_services.devdocs.json'; diff --git a/api_docs/kbn_generate.mdx b/api_docs/kbn_generate.mdx index e9607edcd2db4..0995924c3cadb 100644 --- a/api_docs/kbn_generate.mdx +++ b/api_docs/kbn_generate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate title: "@kbn/generate" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate'] --- import kbnGenerateObj from './kbn_generate.devdocs.json'; diff --git a/api_docs/kbn_generate_console_definitions.mdx b/api_docs/kbn_generate_console_definitions.mdx index 58011ac7f5659..0411c724bce2e 100644 --- a/api_docs/kbn_generate_console_definitions.mdx +++ b/api_docs/kbn_generate_console_definitions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-console-definitions title: "@kbn/generate-console-definitions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-console-definitions plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-console-definitions'] --- import kbnGenerateConsoleDefinitionsObj from './kbn_generate_console_definitions.devdocs.json'; diff --git a/api_docs/kbn_generate_csv.mdx b/api_docs/kbn_generate_csv.mdx index 9f749dd849478..81ea5f92a9523 100644 --- a/api_docs/kbn_generate_csv.mdx +++ b/api_docs/kbn_generate_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-csv title: "@kbn/generate-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-csv plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-csv'] --- import kbnGenerateCsvObj from './kbn_generate_csv.devdocs.json'; diff --git a/api_docs/kbn_grouping.mdx b/api_docs/kbn_grouping.mdx index 517df06267e37..d3a5016409d6f 100644 --- a/api_docs/kbn_grouping.mdx +++ b/api_docs/kbn_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grouping title: "@kbn/grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/grouping plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grouping'] --- import kbnGroupingObj from './kbn_grouping.devdocs.json'; diff --git a/api_docs/kbn_guided_onboarding.mdx b/api_docs/kbn_guided_onboarding.mdx index 2a81a4ce5aa54..3a369dd86db1d 100644 --- a/api_docs/kbn_guided_onboarding.mdx +++ b/api_docs/kbn_guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-guided-onboarding title: "@kbn/guided-onboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/guided-onboarding plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/guided-onboarding'] --- import kbnGuidedOnboardingObj from './kbn_guided_onboarding.devdocs.json'; diff --git a/api_docs/kbn_handlebars.mdx b/api_docs/kbn_handlebars.mdx index 955096f54c39a..7f1c4ee605f10 100644 --- a/api_docs/kbn_handlebars.mdx +++ b/api_docs/kbn_handlebars.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-handlebars title: "@kbn/handlebars" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/handlebars plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/handlebars'] --- import kbnHandlebarsObj from './kbn_handlebars.devdocs.json'; diff --git a/api_docs/kbn_hapi_mocks.mdx b/api_docs/kbn_hapi_mocks.mdx index 5106f3617ace4..776a461781dc1 100644 --- a/api_docs/kbn_hapi_mocks.mdx +++ b/api_docs/kbn_hapi_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-hapi-mocks title: "@kbn/hapi-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/hapi-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/hapi-mocks'] --- import kbnHapiMocksObj from './kbn_hapi_mocks.devdocs.json'; diff --git a/api_docs/kbn_health_gateway_server.mdx b/api_docs/kbn_health_gateway_server.mdx index 560d5ec39eb7d..9dc77af5e1ae0 100644 --- a/api_docs/kbn_health_gateway_server.mdx +++ b/api_docs/kbn_health_gateway_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-health-gateway-server title: "@kbn/health-gateway-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/health-gateway-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/health-gateway-server'] --- import kbnHealthGatewayServerObj from './kbn_health_gateway_server.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_card.mdx b/api_docs/kbn_home_sample_data_card.mdx index ee15145e241a9..a16601865d71c 100644 --- a/api_docs/kbn_home_sample_data_card.mdx +++ b/api_docs/kbn_home_sample_data_card.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-card title: "@kbn/home-sample-data-card" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-card plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-card'] --- import kbnHomeSampleDataCardObj from './kbn_home_sample_data_card.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_tab.mdx b/api_docs/kbn_home_sample_data_tab.mdx index 43bfb8f70d7ec..3dde42c994096 100644 --- a/api_docs/kbn_home_sample_data_tab.mdx +++ b/api_docs/kbn_home_sample_data_tab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-tab title: "@kbn/home-sample-data-tab" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-tab plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-tab'] --- import kbnHomeSampleDataTabObj from './kbn_home_sample_data_tab.devdocs.json'; diff --git a/api_docs/kbn_i18n.mdx b/api_docs/kbn_i18n.mdx index 6dbe3756a11c3..6c3d3729674e4 100644 --- a/api_docs/kbn_i18n.mdx +++ b/api_docs/kbn_i18n.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n title: "@kbn/i18n" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n'] --- import kbnI18nObj from './kbn_i18n.devdocs.json'; diff --git a/api_docs/kbn_i18n_react.mdx b/api_docs/kbn_i18n_react.mdx index 7335309f1613a..c32c89bff0da2 100644 --- a/api_docs/kbn_i18n_react.mdx +++ b/api_docs/kbn_i18n_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n-react title: "@kbn/i18n-react" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n-react plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n-react'] --- import kbnI18nReactObj from './kbn_i18n_react.devdocs.json'; diff --git a/api_docs/kbn_import_resolver.mdx b/api_docs/kbn_import_resolver.mdx index 44ca01e86e21d..a8e3c57651290 100644 --- a/api_docs/kbn_import_resolver.mdx +++ b/api_docs/kbn_import_resolver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-import-resolver title: "@kbn/import-resolver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/import-resolver plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/import-resolver'] --- import kbnImportResolverObj from './kbn_import_resolver.devdocs.json'; diff --git a/api_docs/kbn_index_management.mdx b/api_docs/kbn_index_management.mdx index cc2da6153c168..e23b2b0227f90 100644 --- a/api_docs/kbn_index_management.mdx +++ b/api_docs/kbn_index_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-index-management title: "@kbn/index-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/index-management plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/index-management'] --- import kbnIndexManagementObj from './kbn_index_management.devdocs.json'; diff --git a/api_docs/kbn_inference_integration_flyout.mdx b/api_docs/kbn_inference_integration_flyout.mdx index aba87fefd0c55..faa3f342737ac 100644 --- a/api_docs/kbn_inference_integration_flyout.mdx +++ b/api_docs/kbn_inference_integration_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-inference_integration_flyout title: "@kbn/inference_integration_flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/inference_integration_flyout plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/inference_integration_flyout'] --- import kbnInferenceIntegrationFlyoutObj from './kbn_inference_integration_flyout.devdocs.json'; diff --git a/api_docs/kbn_infra_forge.mdx b/api_docs/kbn_infra_forge.mdx index 6f8067e393439..2e0df77cf5649 100644 --- a/api_docs/kbn_infra_forge.mdx +++ b/api_docs/kbn_infra_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-infra-forge title: "@kbn/infra-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/infra-forge plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/infra-forge'] --- import kbnInfraForgeObj from './kbn_infra_forge.devdocs.json'; diff --git a/api_docs/kbn_interpreter.mdx b/api_docs/kbn_interpreter.mdx index 7361363d3f261..3fa85bcb7c410 100644 --- a/api_docs/kbn_interpreter.mdx +++ b/api_docs/kbn_interpreter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-interpreter title: "@kbn/interpreter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/interpreter plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/interpreter'] --- import kbnInterpreterObj from './kbn_interpreter.devdocs.json'; diff --git a/api_docs/kbn_io_ts_utils.mdx b/api_docs/kbn_io_ts_utils.mdx index 7c54ee8650367..04aedbd9eea0a 100644 --- a/api_docs/kbn_io_ts_utils.mdx +++ b/api_docs/kbn_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-io-ts-utils title: "@kbn/io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/io-ts-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/io-ts-utils'] --- import kbnIoTsUtilsObj from './kbn_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_ipynb.mdx b/api_docs/kbn_ipynb.mdx index 565b0a9863d31..5fae35be8900f 100644 --- a/api_docs/kbn_ipynb.mdx +++ b/api_docs/kbn_ipynb.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ipynb title: "@kbn/ipynb" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ipynb plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ipynb'] --- import kbnIpynbObj from './kbn_ipynb.devdocs.json'; diff --git a/api_docs/kbn_jest_serializers.mdx b/api_docs/kbn_jest_serializers.mdx index c321ac44c978a..ef870cc54d6fb 100644 --- a/api_docs/kbn_jest_serializers.mdx +++ b/api_docs/kbn_jest_serializers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-jest-serializers title: "@kbn/jest-serializers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/jest-serializers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/jest-serializers'] --- import kbnJestSerializersObj from './kbn_jest_serializers.devdocs.json'; diff --git a/api_docs/kbn_journeys.mdx b/api_docs/kbn_journeys.mdx index 85ddb4af3ba07..93dc189684b28 100644 --- a/api_docs/kbn_journeys.mdx +++ b/api_docs/kbn_journeys.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-journeys title: "@kbn/journeys" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/journeys plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/journeys'] --- import kbnJourneysObj from './kbn_journeys.devdocs.json'; diff --git a/api_docs/kbn_json_ast.mdx b/api_docs/kbn_json_ast.mdx index 4d2427c3cd065..a84d4b246ff64 100644 --- a/api_docs/kbn_json_ast.mdx +++ b/api_docs/kbn_json_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-ast title: "@kbn/json-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-ast plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-ast'] --- import kbnJsonAstObj from './kbn_json_ast.devdocs.json'; diff --git a/api_docs/kbn_json_schemas.mdx b/api_docs/kbn_json_schemas.mdx index d0b403f174d0d..5baadee184b45 100644 --- a/api_docs/kbn_json_schemas.mdx +++ b/api_docs/kbn_json_schemas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-schemas title: "@kbn/json-schemas" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-schemas plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-schemas'] --- import kbnJsonSchemasObj from './kbn_json_schemas.devdocs.json'; diff --git a/api_docs/kbn_kibana_manifest_schema.mdx b/api_docs/kbn_kibana_manifest_schema.mdx index 5c98753c30275..dda31ed4c9303 100644 --- a/api_docs/kbn_kibana_manifest_schema.mdx +++ b/api_docs/kbn_kibana_manifest_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-kibana-manifest-schema title: "@kbn/kibana-manifest-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/kibana-manifest-schema plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/kibana-manifest-schema'] --- import kbnKibanaManifestSchemaObj from './kbn_kibana_manifest_schema.devdocs.json'; diff --git a/api_docs/kbn_language_documentation_popover.mdx b/api_docs/kbn_language_documentation_popover.mdx index 16e2231ef6085..4ea513694a701 100644 --- a/api_docs/kbn_language_documentation_popover.mdx +++ b/api_docs/kbn_language_documentation_popover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-language-documentation-popover title: "@kbn/language-documentation-popover" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/language-documentation-popover plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/language-documentation-popover'] --- import kbnLanguageDocumentationPopoverObj from './kbn_language_documentation_popover.devdocs.json'; diff --git a/api_docs/kbn_lens_embeddable_utils.mdx b/api_docs/kbn_lens_embeddable_utils.mdx index 983e1bee55b50..3a6c6df581abb 100644 --- a/api_docs/kbn_lens_embeddable_utils.mdx +++ b/api_docs/kbn_lens_embeddable_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-embeddable-utils title: "@kbn/lens-embeddable-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-embeddable-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-embeddable-utils'] --- import kbnLensEmbeddableUtilsObj from './kbn_lens_embeddable_utils.devdocs.json'; diff --git a/api_docs/kbn_lens_formula_docs.mdx b/api_docs/kbn_lens_formula_docs.mdx index 35a9af4c1cc24..f35c7650cc906 100644 --- a/api_docs/kbn_lens_formula_docs.mdx +++ b/api_docs/kbn_lens_formula_docs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-formula-docs title: "@kbn/lens-formula-docs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-formula-docs plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-formula-docs'] --- import kbnLensFormulaDocsObj from './kbn_lens_formula_docs.devdocs.json'; diff --git a/api_docs/kbn_logging.mdx b/api_docs/kbn_logging.mdx index 70d3ee006bc14..b59734b96b624 100644 --- a/api_docs/kbn_logging.mdx +++ b/api_docs/kbn_logging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging title: "@kbn/logging" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging'] --- import kbnLoggingObj from './kbn_logging.devdocs.json'; diff --git a/api_docs/kbn_logging_mocks.mdx b/api_docs/kbn_logging_mocks.mdx index 5213a8195a86a..9a9607c09f0d6 100644 --- a/api_docs/kbn_logging_mocks.mdx +++ b/api_docs/kbn_logging_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging-mocks title: "@kbn/logging-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging-mocks'] --- import kbnLoggingMocksObj from './kbn_logging_mocks.devdocs.json'; diff --git a/api_docs/kbn_managed_content_badge.mdx b/api_docs/kbn_managed_content_badge.mdx index 76b85dffd98e0..a4f46af6d935f 100644 --- a/api_docs/kbn_managed_content_badge.mdx +++ b/api_docs/kbn_managed_content_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-content-badge title: "@kbn/managed-content-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-content-badge plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-content-badge'] --- import kbnManagedContentBadgeObj from './kbn_managed_content_badge.devdocs.json'; diff --git a/api_docs/kbn_managed_vscode_config.mdx b/api_docs/kbn_managed_vscode_config.mdx index c2ad992c16b91..e4aa1218bf53a 100644 --- a/api_docs/kbn_managed_vscode_config.mdx +++ b/api_docs/kbn_managed_vscode_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-vscode-config title: "@kbn/managed-vscode-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-vscode-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-vscode-config'] --- import kbnManagedVscodeConfigObj from './kbn_managed_vscode_config.devdocs.json'; diff --git a/api_docs/kbn_management_cards_navigation.mdx b/api_docs/kbn_management_cards_navigation.mdx index e6c067ec218f6..c6ae9e129b7b3 100644 --- a/api_docs/kbn_management_cards_navigation.mdx +++ b/api_docs/kbn_management_cards_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-cards-navigation title: "@kbn/management-cards-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-cards-navigation plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-cards-navigation'] --- import kbnManagementCardsNavigationObj from './kbn_management_cards_navigation.devdocs.json'; diff --git a/api_docs/kbn_management_settings_application.mdx b/api_docs/kbn_management_settings_application.mdx index 98d3b23fd9962..7483abe507946 100644 --- a/api_docs/kbn_management_settings_application.mdx +++ b/api_docs/kbn_management_settings_application.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-application title: "@kbn/management-settings-application" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-application plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-application'] --- import kbnManagementSettingsApplicationObj from './kbn_management_settings_application.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_category.mdx b/api_docs/kbn_management_settings_components_field_category.mdx index 9342caa0c6867..445be245160d3 100644 --- a/api_docs/kbn_management_settings_components_field_category.mdx +++ b/api_docs/kbn_management_settings_components_field_category.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-category title: "@kbn/management-settings-components-field-category" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-category plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-category'] --- import kbnManagementSettingsComponentsFieldCategoryObj from './kbn_management_settings_components_field_category.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_input.mdx b/api_docs/kbn_management_settings_components_field_input.mdx index e07fabf4dd932..73d6119afeb03 100644 --- a/api_docs/kbn_management_settings_components_field_input.mdx +++ b/api_docs/kbn_management_settings_components_field_input.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-input title: "@kbn/management-settings-components-field-input" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-input plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-input'] --- import kbnManagementSettingsComponentsFieldInputObj from './kbn_management_settings_components_field_input.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_row.mdx b/api_docs/kbn_management_settings_components_field_row.mdx index 02a21cddfbd9b..1c0f24e140521 100644 --- a/api_docs/kbn_management_settings_components_field_row.mdx +++ b/api_docs/kbn_management_settings_components_field_row.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-row title: "@kbn/management-settings-components-field-row" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-row plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-row'] --- import kbnManagementSettingsComponentsFieldRowObj from './kbn_management_settings_components_field_row.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_form.mdx b/api_docs/kbn_management_settings_components_form.mdx index 00676de01d494..57442950cb231 100644 --- a/api_docs/kbn_management_settings_components_form.mdx +++ b/api_docs/kbn_management_settings_components_form.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-form title: "@kbn/management-settings-components-form" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-form plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-form'] --- import kbnManagementSettingsComponentsFormObj from './kbn_management_settings_components_form.devdocs.json'; diff --git a/api_docs/kbn_management_settings_field_definition.mdx b/api_docs/kbn_management_settings_field_definition.mdx index 55817c5e99ed3..e0ec451640c43 100644 --- a/api_docs/kbn_management_settings_field_definition.mdx +++ b/api_docs/kbn_management_settings_field_definition.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-field-definition title: "@kbn/management-settings-field-definition" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-field-definition plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-field-definition'] --- import kbnManagementSettingsFieldDefinitionObj from './kbn_management_settings_field_definition.devdocs.json'; diff --git a/api_docs/kbn_management_settings_ids.mdx b/api_docs/kbn_management_settings_ids.mdx index 314aa1268edd5..8466e95c1ac39 100644 --- a/api_docs/kbn_management_settings_ids.mdx +++ b/api_docs/kbn_management_settings_ids.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-ids title: "@kbn/management-settings-ids" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-ids plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-ids'] --- import kbnManagementSettingsIdsObj from './kbn_management_settings_ids.devdocs.json'; diff --git a/api_docs/kbn_management_settings_section_registry.mdx b/api_docs/kbn_management_settings_section_registry.mdx index 9675cbd2ed705..11e27f1e02937 100644 --- a/api_docs/kbn_management_settings_section_registry.mdx +++ b/api_docs/kbn_management_settings_section_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-section-registry title: "@kbn/management-settings-section-registry" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-section-registry plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-section-registry'] --- import kbnManagementSettingsSectionRegistryObj from './kbn_management_settings_section_registry.devdocs.json'; diff --git a/api_docs/kbn_management_settings_types.mdx b/api_docs/kbn_management_settings_types.mdx index 0021e7658e2c7..dcd0977739aa8 100644 --- a/api_docs/kbn_management_settings_types.mdx +++ b/api_docs/kbn_management_settings_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-types title: "@kbn/management-settings-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-types'] --- import kbnManagementSettingsTypesObj from './kbn_management_settings_types.devdocs.json'; diff --git a/api_docs/kbn_management_settings_utilities.mdx b/api_docs/kbn_management_settings_utilities.mdx index debc8f41f5a74..b7386d3526b28 100644 --- a/api_docs/kbn_management_settings_utilities.mdx +++ b/api_docs/kbn_management_settings_utilities.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-utilities title: "@kbn/management-settings-utilities" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-utilities plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-utilities'] --- import kbnManagementSettingsUtilitiesObj from './kbn_management_settings_utilities.devdocs.json'; diff --git a/api_docs/kbn_management_storybook_config.mdx b/api_docs/kbn_management_storybook_config.mdx index a3177e27fb10a..aec8b15e44e2b 100644 --- a/api_docs/kbn_management_storybook_config.mdx +++ b/api_docs/kbn_management_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-storybook-config title: "@kbn/management-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-storybook-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-storybook-config'] --- import kbnManagementStorybookConfigObj from './kbn_management_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_mapbox_gl.mdx b/api_docs/kbn_mapbox_gl.mdx index aca6829809fc7..be33c837a44ad 100644 --- a/api_docs/kbn_mapbox_gl.mdx +++ b/api_docs/kbn_mapbox_gl.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mapbox-gl title: "@kbn/mapbox-gl" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mapbox-gl plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mapbox-gl'] --- import kbnMapboxGlObj from './kbn_mapbox_gl.devdocs.json'; diff --git a/api_docs/kbn_maps_vector_tile_utils.mdx b/api_docs/kbn_maps_vector_tile_utils.mdx index 4f08abe3c4e59..04824a7e5728f 100644 --- a/api_docs/kbn_maps_vector_tile_utils.mdx +++ b/api_docs/kbn_maps_vector_tile_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-maps-vector-tile-utils title: "@kbn/maps-vector-tile-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/maps-vector-tile-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/maps-vector-tile-utils'] --- import kbnMapsVectorTileUtilsObj from './kbn_maps_vector_tile_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_agg_utils.mdx b/api_docs/kbn_ml_agg_utils.mdx index 62e90e33f5bd3..bccf9002659f5 100644 --- a/api_docs/kbn_ml_agg_utils.mdx +++ b/api_docs/kbn_ml_agg_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-agg-utils title: "@kbn/ml-agg-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-agg-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-agg-utils'] --- import kbnMlAggUtilsObj from './kbn_ml_agg_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_anomaly_utils.mdx b/api_docs/kbn_ml_anomaly_utils.mdx index 26d42f58625af..df0a8f0d17962 100644 --- a/api_docs/kbn_ml_anomaly_utils.mdx +++ b/api_docs/kbn_ml_anomaly_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-anomaly-utils title: "@kbn/ml-anomaly-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-anomaly-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-anomaly-utils'] --- import kbnMlAnomalyUtilsObj from './kbn_ml_anomaly_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_cancellable_search.mdx b/api_docs/kbn_ml_cancellable_search.mdx index 8cd020b94d995..626072cba9863 100644 --- a/api_docs/kbn_ml_cancellable_search.mdx +++ b/api_docs/kbn_ml_cancellable_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-cancellable-search title: "@kbn/ml-cancellable-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-cancellable-search plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-cancellable-search'] --- import kbnMlCancellableSearchObj from './kbn_ml_cancellable_search.devdocs.json'; diff --git a/api_docs/kbn_ml_category_validator.mdx b/api_docs/kbn_ml_category_validator.mdx index ad09b8643d928..250d48d2731d1 100644 --- a/api_docs/kbn_ml_category_validator.mdx +++ b/api_docs/kbn_ml_category_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-category-validator title: "@kbn/ml-category-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-category-validator plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-category-validator'] --- import kbnMlCategoryValidatorObj from './kbn_ml_category_validator.devdocs.json'; diff --git a/api_docs/kbn_ml_chi2test.mdx b/api_docs/kbn_ml_chi2test.mdx index f075495784a9a..44869c20e88f9 100644 --- a/api_docs/kbn_ml_chi2test.mdx +++ b/api_docs/kbn_ml_chi2test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-chi2test title: "@kbn/ml-chi2test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-chi2test plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-chi2test'] --- import kbnMlChi2testObj from './kbn_ml_chi2test.devdocs.json'; diff --git a/api_docs/kbn_ml_data_frame_analytics_utils.mdx b/api_docs/kbn_ml_data_frame_analytics_utils.mdx index b0375c66dd0dc..da0169decfe7c 100644 --- a/api_docs/kbn_ml_data_frame_analytics_utils.mdx +++ b/api_docs/kbn_ml_data_frame_analytics_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-frame-analytics-utils title: "@kbn/ml-data-frame-analytics-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-frame-analytics-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-frame-analytics-utils'] --- import kbnMlDataFrameAnalyticsUtilsObj from './kbn_ml_data_frame_analytics_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_data_grid.mdx b/api_docs/kbn_ml_data_grid.mdx index 4177d5ef9dd12..73e4ddeea0f19 100644 --- a/api_docs/kbn_ml_data_grid.mdx +++ b/api_docs/kbn_ml_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-grid title: "@kbn/ml-data-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-grid plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-grid'] --- import kbnMlDataGridObj from './kbn_ml_data_grid.devdocs.json'; diff --git a/api_docs/kbn_ml_date_picker.mdx b/api_docs/kbn_ml_date_picker.mdx index deddd4bb74423..0a25e699d93dc 100644 --- a/api_docs/kbn_ml_date_picker.mdx +++ b/api_docs/kbn_ml_date_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-picker title: "@kbn/ml-date-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-picker plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-picker'] --- import kbnMlDatePickerObj from './kbn_ml_date_picker.devdocs.json'; diff --git a/api_docs/kbn_ml_date_utils.mdx b/api_docs/kbn_ml_date_utils.mdx index fd756cf8b784e..901edc35af913 100644 --- a/api_docs/kbn_ml_date_utils.mdx +++ b/api_docs/kbn_ml_date_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-utils title: "@kbn/ml-date-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-utils'] --- import kbnMlDateUtilsObj from './kbn_ml_date_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_error_utils.mdx b/api_docs/kbn_ml_error_utils.mdx index f46240d29b707..6fcaa1ef20120 100644 --- a/api_docs/kbn_ml_error_utils.mdx +++ b/api_docs/kbn_ml_error_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-error-utils title: "@kbn/ml-error-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-error-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-error-utils'] --- import kbnMlErrorUtilsObj from './kbn_ml_error_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_in_memory_table.mdx b/api_docs/kbn_ml_in_memory_table.mdx index 80e45f1b3387a..2086e238eea43 100644 --- a/api_docs/kbn_ml_in_memory_table.mdx +++ b/api_docs/kbn_ml_in_memory_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-in-memory-table title: "@kbn/ml-in-memory-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-in-memory-table plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-in-memory-table'] --- import kbnMlInMemoryTableObj from './kbn_ml_in_memory_table.devdocs.json'; diff --git a/api_docs/kbn_ml_is_defined.mdx b/api_docs/kbn_ml_is_defined.mdx index 02ac080d3ea9c..9156e26819b54 100644 --- a/api_docs/kbn_ml_is_defined.mdx +++ b/api_docs/kbn_ml_is_defined.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-defined title: "@kbn/ml-is-defined" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-defined plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-defined'] --- import kbnMlIsDefinedObj from './kbn_ml_is_defined.devdocs.json'; diff --git a/api_docs/kbn_ml_is_populated_object.mdx b/api_docs/kbn_ml_is_populated_object.mdx index da579b78764dc..8a6c1c4d860b0 100644 --- a/api_docs/kbn_ml_is_populated_object.mdx +++ b/api_docs/kbn_ml_is_populated_object.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-populated-object title: "@kbn/ml-is-populated-object" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-populated-object plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-populated-object'] --- import kbnMlIsPopulatedObjectObj from './kbn_ml_is_populated_object.devdocs.json'; diff --git a/api_docs/kbn_ml_kibana_theme.mdx b/api_docs/kbn_ml_kibana_theme.mdx index 937b860021ec6..7333b2680dc7b 100644 --- a/api_docs/kbn_ml_kibana_theme.mdx +++ b/api_docs/kbn_ml_kibana_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-kibana-theme title: "@kbn/ml-kibana-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-kibana-theme plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-kibana-theme'] --- import kbnMlKibanaThemeObj from './kbn_ml_kibana_theme.devdocs.json'; diff --git a/api_docs/kbn_ml_local_storage.mdx b/api_docs/kbn_ml_local_storage.mdx index 4dbd123a3ba83..8178350fc6c8c 100644 --- a/api_docs/kbn_ml_local_storage.mdx +++ b/api_docs/kbn_ml_local_storage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-local-storage title: "@kbn/ml-local-storage" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-local-storage plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-local-storage'] --- import kbnMlLocalStorageObj from './kbn_ml_local_storage.devdocs.json'; diff --git a/api_docs/kbn_ml_nested_property.mdx b/api_docs/kbn_ml_nested_property.mdx index ec4e61de12ab8..0cb903c6c5bce 100644 --- a/api_docs/kbn_ml_nested_property.mdx +++ b/api_docs/kbn_ml_nested_property.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-nested-property title: "@kbn/ml-nested-property" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-nested-property plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-nested-property'] --- import kbnMlNestedPropertyObj from './kbn_ml_nested_property.devdocs.json'; diff --git a/api_docs/kbn_ml_number_utils.mdx b/api_docs/kbn_ml_number_utils.mdx index 5cad4cbf7c2ff..78e9dba95849c 100644 --- a/api_docs/kbn_ml_number_utils.mdx +++ b/api_docs/kbn_ml_number_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-number-utils title: "@kbn/ml-number-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-number-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-number-utils'] --- import kbnMlNumberUtilsObj from './kbn_ml_number_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_query_utils.mdx b/api_docs/kbn_ml_query_utils.mdx index 1b98d793c4298..822a0d64ba1d7 100644 --- a/api_docs/kbn_ml_query_utils.mdx +++ b/api_docs/kbn_ml_query_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-query-utils title: "@kbn/ml-query-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-query-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-query-utils'] --- import kbnMlQueryUtilsObj from './kbn_ml_query_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_random_sampler_utils.mdx b/api_docs/kbn_ml_random_sampler_utils.mdx index bbff6033b7721..3ae038a5ca5ba 100644 --- a/api_docs/kbn_ml_random_sampler_utils.mdx +++ b/api_docs/kbn_ml_random_sampler_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-random-sampler-utils title: "@kbn/ml-random-sampler-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-random-sampler-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-random-sampler-utils'] --- import kbnMlRandomSamplerUtilsObj from './kbn_ml_random_sampler_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_route_utils.mdx b/api_docs/kbn_ml_route_utils.mdx index 60f56dae6b1cd..07394a1515aa3 100644 --- a/api_docs/kbn_ml_route_utils.mdx +++ b/api_docs/kbn_ml_route_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-route-utils title: "@kbn/ml-route-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-route-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-route-utils'] --- import kbnMlRouteUtilsObj from './kbn_ml_route_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_runtime_field_utils.mdx b/api_docs/kbn_ml_runtime_field_utils.mdx index fb003a4c0f291..b7ee66e5ca0c6 100644 --- a/api_docs/kbn_ml_runtime_field_utils.mdx +++ b/api_docs/kbn_ml_runtime_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-runtime-field-utils title: "@kbn/ml-runtime-field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-runtime-field-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-runtime-field-utils'] --- import kbnMlRuntimeFieldUtilsObj from './kbn_ml_runtime_field_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_string_hash.mdx b/api_docs/kbn_ml_string_hash.mdx index 55797bdbd203f..cadd61ac8a40c 100644 --- a/api_docs/kbn_ml_string_hash.mdx +++ b/api_docs/kbn_ml_string_hash.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-string-hash title: "@kbn/ml-string-hash" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-string-hash plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-string-hash'] --- import kbnMlStringHashObj from './kbn_ml_string_hash.devdocs.json'; diff --git a/api_docs/kbn_ml_time_buckets.mdx b/api_docs/kbn_ml_time_buckets.mdx index c585c452ef772..557addcd16147 100644 --- a/api_docs/kbn_ml_time_buckets.mdx +++ b/api_docs/kbn_ml_time_buckets.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-time-buckets title: "@kbn/ml-time-buckets" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-time-buckets plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-time-buckets'] --- import kbnMlTimeBucketsObj from './kbn_ml_time_buckets.devdocs.json'; diff --git a/api_docs/kbn_ml_trained_models_utils.mdx b/api_docs/kbn_ml_trained_models_utils.mdx index 4554f24c755d7..0bfcea6c9331c 100644 --- a/api_docs/kbn_ml_trained_models_utils.mdx +++ b/api_docs/kbn_ml_trained_models_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-trained-models-utils title: "@kbn/ml-trained-models-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-trained-models-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-trained-models-utils'] --- import kbnMlTrainedModelsUtilsObj from './kbn_ml_trained_models_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_ui_actions.mdx b/api_docs/kbn_ml_ui_actions.mdx index 1964cdc29f7de..6493f88a1c350 100644 --- a/api_docs/kbn_ml_ui_actions.mdx +++ b/api_docs/kbn_ml_ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-ui-actions title: "@kbn/ml-ui-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-ui-actions plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-ui-actions'] --- import kbnMlUiActionsObj from './kbn_ml_ui_actions.devdocs.json'; diff --git a/api_docs/kbn_ml_url_state.mdx b/api_docs/kbn_ml_url_state.mdx index beeb8d64a63f5..b5e7a500ec99d 100644 --- a/api_docs/kbn_ml_url_state.mdx +++ b/api_docs/kbn_ml_url_state.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-url-state title: "@kbn/ml-url-state" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-url-state plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-url-state'] --- import kbnMlUrlStateObj from './kbn_ml_url_state.devdocs.json'; diff --git a/api_docs/kbn_mock_idp_utils.mdx b/api_docs/kbn_mock_idp_utils.mdx index d1b7734ff9e8c..275c388032922 100644 --- a/api_docs/kbn_mock_idp_utils.mdx +++ b/api_docs/kbn_mock_idp_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mock-idp-utils title: "@kbn/mock-idp-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mock-idp-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mock-idp-utils'] --- import kbnMockIdpUtilsObj from './kbn_mock_idp_utils.devdocs.json'; diff --git a/api_docs/kbn_monaco.mdx b/api_docs/kbn_monaco.mdx index 812a5b2c62f65..a219ebed69527 100644 --- a/api_docs/kbn_monaco.mdx +++ b/api_docs/kbn_monaco.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-monaco title: "@kbn/monaco" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/monaco plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/monaco'] --- import kbnMonacoObj from './kbn_monaco.devdocs.json'; diff --git a/api_docs/kbn_object_versioning.mdx b/api_docs/kbn_object_versioning.mdx index 3f4adc75e995f..5915ba8c537dd 100644 --- a/api_docs/kbn_object_versioning.mdx +++ b/api_docs/kbn_object_versioning.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning title: "@kbn/object-versioning" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning'] --- import kbnObjectVersioningObj from './kbn_object_versioning.devdocs.json'; diff --git a/api_docs/kbn_observability_alert_details.mdx b/api_docs/kbn_observability_alert_details.mdx index 5a0ed1895c0b9..ebeccd9789e9b 100644 --- a/api_docs/kbn_observability_alert_details.mdx +++ b/api_docs/kbn_observability_alert_details.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alert-details title: "@kbn/observability-alert-details" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alert-details plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alert-details'] --- import kbnObservabilityAlertDetailsObj from './kbn_observability_alert_details.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_test_data.mdx b/api_docs/kbn_observability_alerting_test_data.mdx index 41b34106fd4af..3f69913502c96 100644 --- a/api_docs/kbn_observability_alerting_test_data.mdx +++ b/api_docs/kbn_observability_alerting_test_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-test-data title: "@kbn/observability-alerting-test-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-test-data plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-test-data'] --- import kbnObservabilityAlertingTestDataObj from './kbn_observability_alerting_test_data.devdocs.json'; diff --git a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx index 1889f495ee3dd..75a93bcd5d40b 100644 --- a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx +++ b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-get-padded-alert-time-range-util title: "@kbn/observability-get-padded-alert-time-range-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-get-padded-alert-time-range-util plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-get-padded-alert-time-range-util'] --- import kbnObservabilityGetPaddedAlertTimeRangeUtilObj from './kbn_observability_get_padded_alert_time_range_util.devdocs.json'; diff --git a/api_docs/kbn_openapi_bundler.mdx b/api_docs/kbn_openapi_bundler.mdx index 774461c970770..7634f5986d3ff 100644 --- a/api_docs/kbn_openapi_bundler.mdx +++ b/api_docs/kbn_openapi_bundler.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-bundler title: "@kbn/openapi-bundler" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-bundler plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-bundler'] --- import kbnOpenapiBundlerObj from './kbn_openapi_bundler.devdocs.json'; diff --git a/api_docs/kbn_openapi_generator.mdx b/api_docs/kbn_openapi_generator.mdx index 57d2e314d41c3..41fae8cbf23dc 100644 --- a/api_docs/kbn_openapi_generator.mdx +++ b/api_docs/kbn_openapi_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-generator title: "@kbn/openapi-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-generator plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-generator'] --- import kbnOpenapiGeneratorObj from './kbn_openapi_generator.devdocs.json'; diff --git a/api_docs/kbn_optimizer.mdx b/api_docs/kbn_optimizer.mdx index 4c180ef710a08..2c72fcaa1dc9d 100644 --- a/api_docs/kbn_optimizer.mdx +++ b/api_docs/kbn_optimizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer title: "@kbn/optimizer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer'] --- import kbnOptimizerObj from './kbn_optimizer.devdocs.json'; diff --git a/api_docs/kbn_optimizer_webpack_helpers.mdx b/api_docs/kbn_optimizer_webpack_helpers.mdx index c6b5ff6f206e3..4bd8dcd1da217 100644 --- a/api_docs/kbn_optimizer_webpack_helpers.mdx +++ b/api_docs/kbn_optimizer_webpack_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer-webpack-helpers title: "@kbn/optimizer-webpack-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer-webpack-helpers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer-webpack-helpers'] --- import kbnOptimizerWebpackHelpersObj from './kbn_optimizer_webpack_helpers.devdocs.json'; diff --git a/api_docs/kbn_osquery_io_ts_types.mdx b/api_docs/kbn_osquery_io_ts_types.mdx index b061c64998c77..c9cfbac06a6a8 100644 --- a/api_docs/kbn_osquery_io_ts_types.mdx +++ b/api_docs/kbn_osquery_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-osquery-io-ts-types title: "@kbn/osquery-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/osquery-io-ts-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/osquery-io-ts-types'] --- import kbnOsqueryIoTsTypesObj from './kbn_osquery_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_panel_loader.mdx b/api_docs/kbn_panel_loader.mdx index 6f6017be81d87..9b1a71c76e62e 100644 --- a/api_docs/kbn_panel_loader.mdx +++ b/api_docs/kbn_panel_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-panel-loader title: "@kbn/panel-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/panel-loader plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/panel-loader'] --- import kbnPanelLoaderObj from './kbn_panel_loader.devdocs.json'; diff --git a/api_docs/kbn_performance_testing_dataset_extractor.mdx b/api_docs/kbn_performance_testing_dataset_extractor.mdx index 28b6fc59a377e..8f938e0afa271 100644 --- a/api_docs/kbn_performance_testing_dataset_extractor.mdx +++ b/api_docs/kbn_performance_testing_dataset_extractor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-performance-testing-dataset-extractor title: "@kbn/performance-testing-dataset-extractor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/performance-testing-dataset-extractor plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/performance-testing-dataset-extractor'] --- import kbnPerformanceTestingDatasetExtractorObj from './kbn_performance_testing_dataset_extractor.devdocs.json'; diff --git a/api_docs/kbn_plugin_check.mdx b/api_docs/kbn_plugin_check.mdx index ddbc4511ef3d5..cb9da0b0fa1a9 100644 --- a/api_docs/kbn_plugin_check.mdx +++ b/api_docs/kbn_plugin_check.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-check title: "@kbn/plugin-check" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-check plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-check'] --- import kbnPluginCheckObj from './kbn_plugin_check.devdocs.json'; diff --git a/api_docs/kbn_plugin_generator.mdx b/api_docs/kbn_plugin_generator.mdx index f9e4eace669f9..23b563bcd82b3 100644 --- a/api_docs/kbn_plugin_generator.mdx +++ b/api_docs/kbn_plugin_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-generator title: "@kbn/plugin-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-generator plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-generator'] --- import kbnPluginGeneratorObj from './kbn_plugin_generator.devdocs.json'; diff --git a/api_docs/kbn_plugin_helpers.mdx b/api_docs/kbn_plugin_helpers.mdx index e18365d2d8615..869ca61c6c00b 100644 --- a/api_docs/kbn_plugin_helpers.mdx +++ b/api_docs/kbn_plugin_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-helpers title: "@kbn/plugin-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-helpers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-helpers'] --- import kbnPluginHelpersObj from './kbn_plugin_helpers.devdocs.json'; diff --git a/api_docs/kbn_presentation_containers.mdx b/api_docs/kbn_presentation_containers.mdx index 635fd433e21e7..4558b0e494990 100644 --- a/api_docs/kbn_presentation_containers.mdx +++ b/api_docs/kbn_presentation_containers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-containers title: "@kbn/presentation-containers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/presentation-containers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-containers'] --- import kbnPresentationContainersObj from './kbn_presentation_containers.devdocs.json'; diff --git a/api_docs/kbn_presentation_publishing.mdx b/api_docs/kbn_presentation_publishing.mdx index 9746c4b6e099d..7d44d8a491458 100644 --- a/api_docs/kbn_presentation_publishing.mdx +++ b/api_docs/kbn_presentation_publishing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-publishing title: "@kbn/presentation-publishing" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/presentation-publishing plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-publishing'] --- import kbnPresentationPublishingObj from './kbn_presentation_publishing.devdocs.json'; diff --git a/api_docs/kbn_profiling_utils.mdx b/api_docs/kbn_profiling_utils.mdx index 56e2a699aad74..4bdbc6a36bba7 100644 --- a/api_docs/kbn_profiling_utils.mdx +++ b/api_docs/kbn_profiling_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-profiling-utils title: "@kbn/profiling-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/profiling-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/profiling-utils'] --- import kbnProfilingUtilsObj from './kbn_profiling_utils.devdocs.json'; diff --git a/api_docs/kbn_random_sampling.mdx b/api_docs/kbn_random_sampling.mdx index de1181c916cac..50ab5cb325a06 100644 --- a/api_docs/kbn_random_sampling.mdx +++ b/api_docs/kbn_random_sampling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-random-sampling title: "@kbn/random-sampling" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/random-sampling plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/random-sampling'] --- import kbnRandomSamplingObj from './kbn_random_sampling.devdocs.json'; diff --git a/api_docs/kbn_react_field.mdx b/api_docs/kbn_react_field.mdx index 1d68e4cd6bd62..8b78e7ed88a19 100644 --- a/api_docs/kbn_react_field.mdx +++ b/api_docs/kbn_react_field.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-field title: "@kbn/react-field" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-field plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-field'] --- import kbnReactFieldObj from './kbn_react_field.devdocs.json'; diff --git a/api_docs/kbn_react_hooks.mdx b/api_docs/kbn_react_hooks.mdx index 5ecefd3e47087..5520407a9b3ca 100644 --- a/api_docs/kbn_react_hooks.mdx +++ b/api_docs/kbn_react_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-hooks title: "@kbn/react-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-hooks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-hooks'] --- import kbnReactHooksObj from './kbn_react_hooks.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_common.mdx b/api_docs/kbn_react_kibana_context_common.mdx index 834442e8293fd..9a274c872e0e0 100644 --- a/api_docs/kbn_react_kibana_context_common.mdx +++ b/api_docs/kbn_react_kibana_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-common title: "@kbn/react-kibana-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-common'] --- import kbnReactKibanaContextCommonObj from './kbn_react_kibana_context_common.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_render.mdx b/api_docs/kbn_react_kibana_context_render.mdx index 76ee1d303fc21..a00bab8013011 100644 --- a/api_docs/kbn_react_kibana_context_render.mdx +++ b/api_docs/kbn_react_kibana_context_render.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-render title: "@kbn/react-kibana-context-render" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-render plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-render'] --- import kbnReactKibanaContextRenderObj from './kbn_react_kibana_context_render.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_root.mdx b/api_docs/kbn_react_kibana_context_root.mdx index a7e98278821f4..b4ce56faf5663 100644 --- a/api_docs/kbn_react_kibana_context_root.mdx +++ b/api_docs/kbn_react_kibana_context_root.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-root title: "@kbn/react-kibana-context-root" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-root plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-root'] --- import kbnReactKibanaContextRootObj from './kbn_react_kibana_context_root.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_styled.mdx b/api_docs/kbn_react_kibana_context_styled.mdx index bf422a7d1fc46..c45899ef9cc5f 100644 --- a/api_docs/kbn_react_kibana_context_styled.mdx +++ b/api_docs/kbn_react_kibana_context_styled.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-styled title: "@kbn/react-kibana-context-styled" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-styled plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-styled'] --- import kbnReactKibanaContextStyledObj from './kbn_react_kibana_context_styled.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_theme.mdx b/api_docs/kbn_react_kibana_context_theme.mdx index b7e789fc07e83..d4497419db7a1 100644 --- a/api_docs/kbn_react_kibana_context_theme.mdx +++ b/api_docs/kbn_react_kibana_context_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-theme title: "@kbn/react-kibana-context-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-theme plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-theme'] --- import kbnReactKibanaContextThemeObj from './kbn_react_kibana_context_theme.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_mount.mdx b/api_docs/kbn_react_kibana_mount.mdx index fc915290be483..3899a1674ab5c 100644 --- a/api_docs/kbn_react_kibana_mount.mdx +++ b/api_docs/kbn_react_kibana_mount.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-mount title: "@kbn/react-kibana-mount" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-mount plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-mount'] --- import kbnReactKibanaMountObj from './kbn_react_kibana_mount.devdocs.json'; diff --git a/api_docs/kbn_repo_file_maps.mdx b/api_docs/kbn_repo_file_maps.mdx index 9f2ec25c83c5a..df63b21056f16 100644 --- a/api_docs/kbn_repo_file_maps.mdx +++ b/api_docs/kbn_repo_file_maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-file-maps title: "@kbn/repo-file-maps" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-file-maps plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-file-maps'] --- import kbnRepoFileMapsObj from './kbn_repo_file_maps.devdocs.json'; diff --git a/api_docs/kbn_repo_linter.mdx b/api_docs/kbn_repo_linter.mdx index dcda5a90f40bc..34c8dc6beb895 100644 --- a/api_docs/kbn_repo_linter.mdx +++ b/api_docs/kbn_repo_linter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-linter title: "@kbn/repo-linter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-linter plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-linter'] --- import kbnRepoLinterObj from './kbn_repo_linter.devdocs.json'; diff --git a/api_docs/kbn_repo_path.mdx b/api_docs/kbn_repo_path.mdx index 7276c62f2a960..26380672f3513 100644 --- a/api_docs/kbn_repo_path.mdx +++ b/api_docs/kbn_repo_path.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-path title: "@kbn/repo-path" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-path plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-path'] --- import kbnRepoPathObj from './kbn_repo_path.devdocs.json'; diff --git a/api_docs/kbn_repo_source_classifier.mdx b/api_docs/kbn_repo_source_classifier.mdx index 0694c231ca8fd..33b20468a274e 100644 --- a/api_docs/kbn_repo_source_classifier.mdx +++ b/api_docs/kbn_repo_source_classifier.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-source-classifier title: "@kbn/repo-source-classifier" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-source-classifier plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-source-classifier'] --- import kbnRepoSourceClassifierObj from './kbn_repo_source_classifier.devdocs.json'; diff --git a/api_docs/kbn_reporting_common.mdx b/api_docs/kbn_reporting_common.mdx index eccdc43a8ff83..bd5a73396adcf 100644 --- a/api_docs/kbn_reporting_common.mdx +++ b/api_docs/kbn_reporting_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-common title: "@kbn/reporting-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-common'] --- import kbnReportingCommonObj from './kbn_reporting_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_csv_share_panel.mdx b/api_docs/kbn_reporting_csv_share_panel.mdx index 8ec54f0436588..e0fc0eb58d093 100644 --- a/api_docs/kbn_reporting_csv_share_panel.mdx +++ b/api_docs/kbn_reporting_csv_share_panel.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-csv-share-panel title: "@kbn/reporting-csv-share-panel" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-csv-share-panel plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-csv-share-panel'] --- import kbnReportingCsvSharePanelObj from './kbn_reporting_csv_share_panel.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv.mdx b/api_docs/kbn_reporting_export_types_csv.mdx index 7911a78dc080b..afbb868baa591 100644 --- a/api_docs/kbn_reporting_export_types_csv.mdx +++ b/api_docs/kbn_reporting_export_types_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv title: "@kbn/reporting-export-types-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv'] --- import kbnReportingExportTypesCsvObj from './kbn_reporting_export_types_csv.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv_common.mdx b/api_docs/kbn_reporting_export_types_csv_common.mdx index aa8e6c258faf9..1b37feb8569cd 100644 --- a/api_docs/kbn_reporting_export_types_csv_common.mdx +++ b/api_docs/kbn_reporting_export_types_csv_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv-common title: "@kbn/reporting-export-types-csv-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv-common'] --- import kbnReportingExportTypesCsvCommonObj from './kbn_reporting_export_types_csv_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf.mdx b/api_docs/kbn_reporting_export_types_pdf.mdx index 49ba5278df991..9a5b1c2e1a540 100644 --- a/api_docs/kbn_reporting_export_types_pdf.mdx +++ b/api_docs/kbn_reporting_export_types_pdf.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf title: "@kbn/reporting-export-types-pdf" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf'] --- import kbnReportingExportTypesPdfObj from './kbn_reporting_export_types_pdf.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf_common.mdx b/api_docs/kbn_reporting_export_types_pdf_common.mdx index 07304a20c0ce6..5aebfd8139822 100644 --- a/api_docs/kbn_reporting_export_types_pdf_common.mdx +++ b/api_docs/kbn_reporting_export_types_pdf_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf-common title: "@kbn/reporting-export-types-pdf-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf-common'] --- import kbnReportingExportTypesPdfCommonObj from './kbn_reporting_export_types_pdf_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png.mdx b/api_docs/kbn_reporting_export_types_png.mdx index 35129a2de4935..ff7f4c1454ccc 100644 --- a/api_docs/kbn_reporting_export_types_png.mdx +++ b/api_docs/kbn_reporting_export_types_png.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png title: "@kbn/reporting-export-types-png" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png'] --- import kbnReportingExportTypesPngObj from './kbn_reporting_export_types_png.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png_common.mdx b/api_docs/kbn_reporting_export_types_png_common.mdx index eab4d2cd82780..2e604fc6d8f8c 100644 --- a/api_docs/kbn_reporting_export_types_png_common.mdx +++ b/api_docs/kbn_reporting_export_types_png_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png-common title: "@kbn/reporting-export-types-png-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png-common'] --- import kbnReportingExportTypesPngCommonObj from './kbn_reporting_export_types_png_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_mocks_server.mdx b/api_docs/kbn_reporting_mocks_server.mdx index 0f18dd56b9c85..e8be119ad091e 100644 --- a/api_docs/kbn_reporting_mocks_server.mdx +++ b/api_docs/kbn_reporting_mocks_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-mocks-server title: "@kbn/reporting-mocks-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-mocks-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-mocks-server'] --- import kbnReportingMocksServerObj from './kbn_reporting_mocks_server.devdocs.json'; diff --git a/api_docs/kbn_reporting_public.devdocs.json b/api_docs/kbn_reporting_public.devdocs.json index aaa1f39f74c06..76ca0bd88d956 100644 --- a/api_docs/kbn_reporting_public.devdocs.json +++ b/api_docs/kbn_reporting_public.devdocs.json @@ -21,7 +21,7 @@ "label": "payload", "description": [], "signature": [ - "{ spaceId?: string | undefined; isDeprecated?: boolean | undefined; title: string; version: string; layout?: { id?: ", + "{ spaceId?: string | undefined; version: string; isDeprecated?: boolean | undefined; title: string; layout?: { id?: ", { "pluginId": "screenshotting", "scope": "common", diff --git a/api_docs/kbn_reporting_public.mdx b/api_docs/kbn_reporting_public.mdx index 666b3a1a9d8a0..fdcfbd0a4ab6c 100644 --- a/api_docs/kbn_reporting_public.mdx +++ b/api_docs/kbn_reporting_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-public title: "@kbn/reporting-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-public plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-public'] --- import kbnReportingPublicObj from './kbn_reporting_public.devdocs.json'; diff --git a/api_docs/kbn_reporting_server.mdx b/api_docs/kbn_reporting_server.mdx index 151ab9632b2a5..72990a9f3ab0f 100644 --- a/api_docs/kbn_reporting_server.mdx +++ b/api_docs/kbn_reporting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-server title: "@kbn/reporting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-server'] --- import kbnReportingServerObj from './kbn_reporting_server.devdocs.json'; diff --git a/api_docs/kbn_resizable_layout.mdx b/api_docs/kbn_resizable_layout.mdx index 334f5763277eb..29d1d3d852187 100644 --- a/api_docs/kbn_resizable_layout.mdx +++ b/api_docs/kbn_resizable_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-resizable-layout title: "@kbn/resizable-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/resizable-layout plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/resizable-layout'] --- import kbnResizableLayoutObj from './kbn_resizable_layout.devdocs.json'; diff --git a/api_docs/kbn_response_ops_feature_flag_service.mdx b/api_docs/kbn_response_ops_feature_flag_service.mdx index cf349fe5638d0..ab8225b825151 100644 --- a/api_docs/kbn_response_ops_feature_flag_service.mdx +++ b/api_docs/kbn_response_ops_feature_flag_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-response-ops-feature-flag-service title: "@kbn/response-ops-feature-flag-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/response-ops-feature-flag-service plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/response-ops-feature-flag-service'] --- import kbnResponseOpsFeatureFlagServiceObj from './kbn_response_ops_feature_flag_service.devdocs.json'; diff --git a/api_docs/kbn_rison.mdx b/api_docs/kbn_rison.mdx index c5d59e2f5b155..758b2d0db5b9c 100644 --- a/api_docs/kbn_rison.mdx +++ b/api_docs/kbn_rison.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rison title: "@kbn/rison" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rison plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rison'] --- import kbnRisonObj from './kbn_rison.devdocs.json'; diff --git a/api_docs/kbn_rollup.mdx b/api_docs/kbn_rollup.mdx index e2dad7edb6479..74efc42858972 100644 --- a/api_docs/kbn_rollup.mdx +++ b/api_docs/kbn_rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rollup title: "@kbn/rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rollup plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rollup'] --- import kbnRollupObj from './kbn_rollup.devdocs.json'; diff --git a/api_docs/kbn_router_to_openapispec.mdx b/api_docs/kbn_router_to_openapispec.mdx index 65e3e715c7a2f..87d977258d214 100644 --- a/api_docs/kbn_router_to_openapispec.mdx +++ b/api_docs/kbn_router_to_openapispec.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-to-openapispec title: "@kbn/router-to-openapispec" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/router-to-openapispec plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-to-openapispec'] --- import kbnRouterToOpenapispecObj from './kbn_router_to_openapispec.devdocs.json'; diff --git a/api_docs/kbn_router_utils.mdx b/api_docs/kbn_router_utils.mdx index 4cbe4c90433cd..69cb01ff349ad 100644 --- a/api_docs/kbn_router_utils.mdx +++ b/api_docs/kbn_router_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-utils title: "@kbn/router-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/router-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-utils'] --- import kbnRouterUtilsObj from './kbn_router_utils.devdocs.json'; diff --git a/api_docs/kbn_rrule.mdx b/api_docs/kbn_rrule.mdx index 0075caef9234e..280782d8e2b46 100644 --- a/api_docs/kbn_rrule.mdx +++ b/api_docs/kbn_rrule.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rrule title: "@kbn/rrule" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rrule plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rrule'] --- import kbnRruleObj from './kbn_rrule.devdocs.json'; diff --git a/api_docs/kbn_rule_data_utils.devdocs.json b/api_docs/kbn_rule_data_utils.devdocs.json index 58d752abc2388..6315b9f454166 100644 --- a/api_docs/kbn_rule_data_utils.devdocs.json +++ b/api_docs/kbn_rule_data_utils.devdocs.json @@ -476,6 +476,21 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/rule-data-utils", + "id": "def-common.ALERT_PREVIOUS_ACTION_GROUP", + "type": "string", + "tags": [], + "label": "ALERT_PREVIOUS_ACTION_GROUP", + "description": [], + "signature": [ + "\"kibana.alert.previous_action_group\"" + ], + "path": "packages/kbn-rule-data-utils/src/default_alerts_as_data.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/rule-data-utils", "id": "def-common.ALERT_REASON", @@ -1001,6 +1016,21 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/rule-data-utils", + "id": "def-common.ALERT_SEVERITY_IMPROVING", + "type": "string", + "tags": [], + "label": "ALERT_SEVERITY_IMPROVING", + "description": [], + "signature": [ + "\"kibana.alert.severity_improving\"" + ], + "path": "packages/kbn-rule-data-utils/src/default_alerts_as_data.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/rule-data-utils", "id": "def-common.ALERT_SEVERITY_WARNING", @@ -1534,7 +1564,7 @@ "label": "DefaultAlertFieldName", "description": [], "signature": [ - "\"@timestamp\" | \"kibana\" | \"kibana.alert.rule.rule_type_id\" | \"kibana.alert.rule.consumer\" | \"kibana.alert.rule.execution.uuid\" | \"kibana.alert.instance.id\" | \"kibana.alert.rule.category\" | \"kibana.alert.rule.name\" | \"kibana.alert.rule.producer\" | \"kibana.alert.rule.revision\" | \"kibana.alert.rule.uuid\" | \"kibana.alert.status\" | \"kibana.alert.uuid\" | \"kibana.space_ids\" | \"kibana.alert.action_group\" | \"kibana.alert.case_ids\" | \"kibana.alert.consecutive_matches\" | \"kibana.alert.duration.us\" | \"kibana.alert.end\" | \"kibana.alert.flapping\" | \"kibana.alert.flapping_history\" | \"kibana.alert.last_detected\" | \"kibana.alert.maintenance_window_ids\" | \"kibana.alert.reason\" | \"kibana.alert.rule.execution.timestamp\" | \"kibana.alert.rule.parameters\" | \"kibana.alert.rule.tags\" | \"kibana.alert.start\" | \"kibana.alert.time_range\" | \"kibana.alert.url\" | \"kibana.alert.workflow_assignee_ids\" | \"kibana.alert.workflow_status\" | \"kibana.alert.workflow_tags\" | \"kibana.version\" | \"kibana.alert\" | \"kibana.alert.rule\"" + "\"@timestamp\" | \"kibana\" | \"kibana.alert.rule.rule_type_id\" | \"kibana.alert.rule.consumer\" | \"kibana.alert.rule.execution.uuid\" | \"kibana.alert.instance.id\" | \"kibana.alert.rule.category\" | \"kibana.alert.rule.name\" | \"kibana.alert.rule.producer\" | \"kibana.alert.rule.revision\" | \"kibana.alert.rule.uuid\" | \"kibana.alert.status\" | \"kibana.alert.uuid\" | \"kibana.space_ids\" | \"kibana.alert.action_group\" | \"kibana.alert.case_ids\" | \"kibana.alert.consecutive_matches\" | \"kibana.alert.duration.us\" | \"kibana.alert.end\" | \"kibana.alert.flapping\" | \"kibana.alert.flapping_history\" | \"kibana.alert.last_detected\" | \"kibana.alert.maintenance_window_ids\" | \"kibana.alert.previous_action_group\" | \"kibana.alert.reason\" | \"kibana.alert.rule.execution.timestamp\" | \"kibana.alert.rule.parameters\" | \"kibana.alert.rule.tags\" | \"kibana.alert.severity_improving\" | \"kibana.alert.start\" | \"kibana.alert.time_range\" | \"kibana.alert.url\" | \"kibana.alert.workflow_assignee_ids\" | \"kibana.alert.workflow_status\" | \"kibana.alert.workflow_tags\" | \"kibana.version\" | \"kibana.alert\" | \"kibana.alert.rule\"" ], "path": "packages/kbn-rule-data-utils/src/default_alerts_as_data.ts", "deprecated": false, diff --git a/api_docs/kbn_rule_data_utils.mdx b/api_docs/kbn_rule_data_utils.mdx index 0ec80831682d7..e32b079499c86 100644 --- a/api_docs/kbn_rule_data_utils.mdx +++ b/api_docs/kbn_rule_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rule-data-utils title: "@kbn/rule-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rule-data-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rule-data-utils'] --- import kbnRuleDataUtilsObj from './kbn_rule_data_utils.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-detections-response](https://github.com/orgs/elastic/ | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 125 | 0 | 122 | 0 | +| 127 | 0 | 124 | 0 | ## Common diff --git a/api_docs/kbn_saved_objects_settings.mdx b/api_docs/kbn_saved_objects_settings.mdx index a177106e30c0e..3137d45411f73 100644 --- a/api_docs/kbn_saved_objects_settings.mdx +++ b/api_docs/kbn_saved_objects_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-saved-objects-settings title: "@kbn/saved-objects-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/saved-objects-settings plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/saved-objects-settings'] --- import kbnSavedObjectsSettingsObj from './kbn_saved_objects_settings.devdocs.json'; diff --git a/api_docs/kbn_search_api_panels.mdx b/api_docs/kbn_search_api_panels.mdx index 764b20421f858..5900cbe5f18a2 100644 --- a/api_docs/kbn_search_api_panels.mdx +++ b/api_docs/kbn_search_api_panels.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-panels title: "@kbn/search-api-panels" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-panels plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-panels'] --- import kbnSearchApiPanelsObj from './kbn_search_api_panels.devdocs.json'; diff --git a/api_docs/kbn_search_connectors.mdx b/api_docs/kbn_search_connectors.mdx index 974b29acfb7f7..926e6b1a30a4c 100644 --- a/api_docs/kbn_search_connectors.mdx +++ b/api_docs/kbn_search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-connectors title: "@kbn/search-connectors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-connectors plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-connectors'] --- import kbnSearchConnectorsObj from './kbn_search_connectors.devdocs.json'; diff --git a/api_docs/kbn_search_errors.mdx b/api_docs/kbn_search_errors.mdx index b7c35870beb15..7434852e35b05 100644 --- a/api_docs/kbn_search_errors.mdx +++ b/api_docs/kbn_search_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-errors title: "@kbn/search-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-errors plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-errors'] --- import kbnSearchErrorsObj from './kbn_search_errors.devdocs.json'; diff --git a/api_docs/kbn_search_index_documents.mdx b/api_docs/kbn_search_index_documents.mdx index a67cd719067a2..e8265baeb9e28 100644 --- a/api_docs/kbn_search_index_documents.mdx +++ b/api_docs/kbn_search_index_documents.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-index-documents title: "@kbn/search-index-documents" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-index-documents plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-index-documents'] --- import kbnSearchIndexDocumentsObj from './kbn_search_index_documents.devdocs.json'; diff --git a/api_docs/kbn_search_response_warnings.mdx b/api_docs/kbn_search_response_warnings.mdx index 87266143202ca..08b099d334d30 100644 --- a/api_docs/kbn_search_response_warnings.mdx +++ b/api_docs/kbn_search_response_warnings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-response-warnings title: "@kbn/search-response-warnings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-response-warnings plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-response-warnings'] --- import kbnSearchResponseWarningsObj from './kbn_search_response_warnings.devdocs.json'; diff --git a/api_docs/kbn_search_types.mdx b/api_docs/kbn_search_types.mdx index d824c6917ce1c..b2055ef4b770c 100644 --- a/api_docs/kbn_search_types.mdx +++ b/api_docs/kbn_search_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-types title: "@kbn/search-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-types'] --- import kbnSearchTypesObj from './kbn_search_types.devdocs.json'; diff --git a/api_docs/kbn_security_api_key_management.devdocs.json b/api_docs/kbn_security_api_key_management.devdocs.json new file mode 100644 index 0000000000000..5fd86dcf3f8c8 --- /dev/null +++ b/api_docs/kbn_security_api_key_management.devdocs.json @@ -0,0 +1,1226 @@ +{ + "id": "@kbn/security-api-key-management", + "client": { + "classes": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient", + "type": "Class", + "tags": [], + "label": "APIKeysAPIClient", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.Unnamed", + "type": "Function", + "tags": [], + "label": "Constructor", + "description": [], + "signature": [ + "any" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.Unnamed.$1", + "type": "Object", + "tags": [], + "label": "http", + "description": [], + "signature": [ + { + "pluginId": "@kbn/core-http-browser", + "scope": "common", + "docId": "kibKbnCoreHttpBrowserPluginApi", + "section": "def-common.HttpSetup", + "text": "HttpSetup" + } + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [] + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.queryApiKeys", + "type": "Function", + "tags": [], + "label": "queryApiKeys", + "description": [], + "signature": [ + "(params?: ", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.QueryApiKeyParams", + "text": "QueryApiKeyParams" + }, + " | undefined) => Promise<", + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.QueryApiKeyResult", + "text": "QueryApiKeyResult" + }, + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.queryApiKeys.$1", + "type": "Object", + "tags": [], + "label": "params", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.QueryApiKeyParams", + "text": "QueryApiKeyParams" + }, + " | undefined" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [] + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.invalidateApiKeys", + "type": "Function", + "tags": [], + "label": "invalidateApiKeys", + "description": [], + "signature": [ + "(apiKeys: ", + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.ApiKeyToInvalidate", + "text": "ApiKeyToInvalidate" + }, + "[], isAdmin?: boolean) => Promise<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.InvalidateApiKeysResponse", + "text": "InvalidateApiKeysResponse" + }, + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.invalidateApiKeys.$1", + "type": "Array", + "tags": [], + "label": "apiKeys", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.ApiKeyToInvalidate", + "text": "ApiKeyToInvalidate" + }, + "[]" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.invalidateApiKeys.$2", + "type": "boolean", + "tags": [], + "label": "isAdmin", + "description": [], + "signature": [ + "boolean" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [] + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.createApiKey", + "type": "Function", + "tags": [], + "label": "createApiKey", + "description": [], + "signature": [ + "(apiKey: ", + { + "pluginId": "@kbn/security-plugin-types-server", + "scope": "server", + "docId": "kibKbnSecurityPluginTypesServerPluginApi", + "section": "def-server.CreateAPIKeyParams", + "text": "CreateAPIKeyParams" + }, + ") => Promise<", + "SecurityCreateApiKeyResponse", + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.createApiKey.$1", + "type": "CompoundType", + "tags": [], + "label": "apiKey", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-server", + "scope": "server", + "docId": "kibKbnSecurityPluginTypesServerPluginApi", + "section": "def-server.CreateAPIKeyParams", + "text": "CreateAPIKeyParams" + } + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [] + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.updateApiKey", + "type": "Function", + "tags": [], + "label": "updateApiKey", + "description": [], + "signature": [ + "(apiKey: ", + { + "pluginId": "@kbn/security-plugin-types-server", + "scope": "server", + "docId": "kibKbnSecurityPluginTypesServerPluginApi", + "section": "def-server.UpdateAPIKeyParams", + "text": "UpdateAPIKeyParams" + }, + ") => Promise<", + "SecurityUpdateApiKeyResponse", + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.APIKeysAPIClient.updateApiKey.$1", + "type": "CompoundType", + "tags": [], + "label": "apiKey", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-server", + "scope": "server", + "docId": "kibKbnSecurityPluginTypesServerPluginApi", + "section": "def-server.UpdateAPIKeyParams", + "text": "UpdateAPIKeyParams" + } + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [] + } + ], + "initialIsOpen": false + } + ], + "functions": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyBadge", + "type": "Function", + "tags": [], + "label": "ApiKeyBadge", + "description": [], + "signature": [ + "({ type }: React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyBadgeProps", + "text": "ApiKeyBadgeProps" + }, + ">) => JSX.Element" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyBadge.$1", + "type": "CompoundType", + "tags": [], + "label": "{ type }", + "description": [], + "signature": [ + "React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyBadgeProps", + "text": "ApiKeyBadgeProps" + }, + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyCreatedCallout", + "type": "Function", + "tags": [], + "label": "ApiKeyCreatedCallout", + "description": [], + "signature": [ + "({ createdApiKey, }: React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyCreatedCalloutProps", + "text": "ApiKeyCreatedCalloutProps" + }, + ">) => JSX.Element" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyCreatedCallout.$1", + "type": "CompoundType", + "tags": [], + "label": "{\n createdApiKey,\n}", + "description": [], + "signature": [ + "React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyCreatedCalloutProps", + "text": "ApiKeyCreatedCalloutProps" + }, + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFlyout", + "type": "Function", + "tags": [], + "label": "ApiKeyFlyout", + "description": [], + "signature": [ + "({ onSuccess, onCancel, defaultExpiration, defaultMetadata, defaultRoleDescriptors, apiKey, canManageCrossClusterApiKeys, readOnly, currentUser, isLoadingCurrentUser, }: React.PropsWithChildren<(", + "DisambiguateSet", + " & UpdateApiKeyFlyoutProps) | (", + "DisambiguateSet", + " & CreateApiKeyFlyoutProps)>) => JSX.Element" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFlyout.$1", + "type": "CompoundType", + "tags": [], + "label": "{\n onSuccess,\n onCancel,\n defaultExpiration,\n defaultMetadata,\n defaultRoleDescriptors,\n apiKey,\n canManageCrossClusterApiKeys = false,\n readOnly = false,\n currentUser,\n isLoadingCurrentUser,\n}", + "description": [], + "signature": [ + "React.PropsWithChildren<(", + "DisambiguateSet", + " & UpdateApiKeyFlyoutProps) | (", + "DisambiguateSet", + " & CreateApiKeyFlyoutProps)>" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeySelectableTokenField", + "type": "Function", + "tags": [], + "label": "ApiKeySelectableTokenField", + "description": [], + "signature": [ + "({ createdApiKey, }: React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyCreatedCalloutProps", + "text": "ApiKeyCreatedCalloutProps" + }, + ">) => JSX.Element" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeySelectableTokenField.$1", + "type": "CompoundType", + "tags": [], + "label": "{\n createdApiKey,\n}", + "description": [], + "signature": [ + "React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyCreatedCalloutProps", + "text": "ApiKeyCreatedCalloutProps" + }, + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyStatus", + "type": "Function", + "tags": [], + "label": "ApiKeyStatus", + "description": [], + "signature": [ + "({ expiration }: React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyStatusProps", + "text": "ApiKeyStatusProps" + }, + ">) => JSX.Element" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_status.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyStatus.$1", + "type": "CompoundType", + "tags": [], + "label": "{ expiration }", + "description": [], + "signature": [ + "React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyStatusProps", + "text": "ApiKeyStatusProps" + }, + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_status.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.mapCreateApiKeyValues", + "type": "Function", + "tags": [], + "label": "mapCreateApiKeyValues", + "description": [], + "signature": [ + "(values: ", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyFormValues", + "text": "ApiKeyFormValues" + }, + ") => ", + { + "pluginId": "@kbn/security-plugin-types-server", + "scope": "server", + "docId": "kibKbnSecurityPluginTypesServerPluginApi", + "section": "def-server.CreateAPIKeyParams", + "text": "CreateAPIKeyParams" + } + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.mapCreateApiKeyValues.$1", + "type": "Object", + "tags": [], + "label": "values", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyFormValues", + "text": "ApiKeyFormValues" + } + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.mapUpdateApiKeyValues", + "type": "Function", + "tags": [], + "label": "mapUpdateApiKeyValues", + "description": [], + "signature": [ + "(type: \"managed\" | \"rest\" | \"cross_cluster\", id: string, values: ", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyFormValues", + "text": "ApiKeyFormValues" + }, + ") => ", + { + "pluginId": "@kbn/security-plugin-types-server", + "scope": "server", + "docId": "kibKbnSecurityPluginTypesServerPluginApi", + "section": "def-server.UpdateAPIKeyParams", + "text": "UpdateAPIKeyParams" + } + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.mapUpdateApiKeyValues.$1", + "type": "CompoundType", + "tags": [], + "label": "type", + "description": [], + "signature": [ + "\"managed\" | \"rest\" | \"cross_cluster\"" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.mapUpdateApiKeyValues.$2", + "type": "string", + "tags": [], + "label": "id", + "description": [], + "signature": [ + "string" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.mapUpdateApiKeyValues.$3", + "type": "Object", + "tags": [], + "label": "values", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.ApiKeyFormValues", + "text": "ApiKeyFormValues" + } + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.TimeToolTip", + "type": "Function", + "tags": [], + "label": "TimeToolTip", + "description": [], + "signature": [ + "({ timestamp, children }: React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.TimeToolTipProps", + "text": "TimeToolTipProps" + }, + ">) => JSX.Element" + ], + "path": "x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.TimeToolTip.$1", + "type": "CompoundType", + "tags": [], + "label": "{ timestamp, children }", + "description": [], + "signature": [ + "React.PropsWithChildren<", + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.TimeToolTipProps", + "text": "TimeToolTipProps" + }, + ">" + ], + "path": "x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + } + ], + "interfaces": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyBadgeProps", + "type": "Interface", + "tags": [], + "label": "ApiKeyBadgeProps", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyBadgeProps.type", + "type": "CompoundType", + "tags": [], + "label": "type", + "description": [], + "signature": [ + "\"managed\" | \"rest\" | \"cross_cluster\"" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyCreatedCalloutProps", + "type": "Interface", + "tags": [], + "label": "ApiKeyCreatedCalloutProps", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyCreatedCalloutProps.createdApiKey", + "type": "Object", + "tags": [], + "label": "createdApiKey", + "description": [], + "signature": [ + "SecurityCreateApiKeyResponse" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues", + "type": "Interface", + "tags": [], + "label": "ApiKeyFormValues", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.name", + "type": "string", + "tags": [], + "label": "name", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.type", + "type": "string", + "tags": [], + "label": "type", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.expiration", + "type": "string", + "tags": [], + "label": "expiration", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.customExpiration", + "type": "boolean", + "tags": [], + "label": "customExpiration", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.customPrivileges", + "type": "boolean", + "tags": [], + "label": "customPrivileges", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.includeMetadata", + "type": "boolean", + "tags": [], + "label": "includeMetadata", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.access", + "type": "string", + "tags": [], + "label": "access", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.role_descriptors", + "type": "string", + "tags": [], + "label": "role_descriptors", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFormValues.metadata", + "type": "string", + "tags": [], + "label": "metadata", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.InvalidateApiKeysResponse", + "type": "Interface", + "tags": [], + "label": "InvalidateApiKeysResponse", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.InvalidateApiKeysResponse.itemsInvalidated", + "type": "Array", + "tags": [], + "label": "itemsInvalidated", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.ApiKeyToInvalidate", + "text": "ApiKeyToInvalidate" + }, + "[]" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.InvalidateApiKeysResponse.errors", + "type": "Array", + "tags": [], + "label": "errors", + "description": [], + "signature": [ + "any[]" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryApiKeyParams", + "type": "Interface", + "tags": [], + "label": "QueryApiKeyParams", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryApiKeyParams.query", + "type": "Object", + "tags": [], + "label": "query", + "description": [], + "signature": [ + "QueryContainer" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryApiKeyParams.from", + "type": "number", + "tags": [], + "label": "from", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryApiKeyParams.size", + "type": "number", + "tags": [], + "label": "size", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryApiKeyParams.sort", + "type": "Object", + "tags": [], + "label": "sort", + "description": [], + "signature": [ + "{ field: \"id\" | \"type\" | \"name\" | \"username\" | \"profile_uid\" | \"metadata\" | \"expired\" | \"creation\" | \"expiration\" | \"role_descriptors\" | \"realm\" | \"invalidated\" | \"realm_type\" | \"limited_by\" | \"_sort\"; direction: \"asc\" | \"desc\"; }" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryApiKeyParams.filters", + "type": "Object", + "tags": [], + "label": "filters", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-api-key-management", + "scope": "public", + "docId": "kibKbnSecurityApiKeyManagementPluginApi", + "section": "def-public.QueryFilters", + "text": "QueryFilters" + } + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryFilters", + "type": "Interface", + "tags": [], + "label": "QueryFilters", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryFilters.usernames", + "type": "Array", + "tags": [], + "label": "usernames", + "description": [], + "signature": [ + "string[] | undefined" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryFilters.type", + "type": "CompoundType", + "tags": [], + "label": "type", + "description": [], + "signature": [ + "\"managed\" | \"rest\" | \"cross_cluster\" | undefined" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryFilters.expired", + "type": "CompoundType", + "tags": [], + "label": "expired", + "description": [], + "signature": [ + "boolean | undefined" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.TimeToolTipProps", + "type": "Interface", + "tags": [], + "label": "TimeToolTipProps", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.TimeToolTipProps.timestamp", + "type": "number", + "tags": [], + "label": "timestamp", + "description": [], + "path": "x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + } + ], + "enums": [], + "misc": [ + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyFlyoutProps", + "type": "Type", + "tags": [], + "label": "ApiKeyFlyoutProps", + "description": [], + "signature": [ + "(", + "DisambiguateSet", + " & UpdateApiKeyFlyoutProps) | (", + "DisambiguateSet", + " & CreateApiKeyFlyoutProps)" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.ApiKeyStatusProps", + "type": "Type", + "tags": [], + "label": "ApiKeyStatusProps", + "description": [], + "signature": [ + "{ expiration?: number | undefined; }" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_key_status.tsx", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.CreateAPIKeyParams", + "type": "Type", + "tags": [], + "label": "CreateAPIKeyParams", + "description": [], + "signature": [ + "Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { name: string; role_descriptors: Record>; }> | Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { name: string; kibana_role_descriptors: Record | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>; }> | Readonly<{ metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { type: \"cross_cluster\"; name: string; access: Readonly<{ search?: Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined; replication?: Readonly<{} & { names: string[]; }>[] | undefined; } & {}>; }>" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.CreateAPIKeyResult", + "type": "Type", + "tags": [], + "label": "CreateAPIKeyResult", + "description": [ + "\nResponse of Kibana Create API key endpoint." + ], + "signature": [ + "SecurityCreateApiKeyResponse" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.QueryApiKeySortOptions", + "type": "Type", + "tags": [], + "label": "QueryApiKeySortOptions", + "description": [], + "signature": [ + "{ field: \"id\" | \"type\" | \"name\" | \"username\" | \"profile_uid\" | \"metadata\" | \"expired\" | \"creation\" | \"expiration\" | \"role_descriptors\" | \"realm\" | \"invalidated\" | \"realm_type\" | \"limited_by\" | \"_sort\"; direction: \"asc\" | \"desc\"; }" + ], + "path": "x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.UpdateAPIKeyParams", + "type": "Type", + "tags": [], + "label": "UpdateAPIKeyParams", + "description": [ + "\nRequest body of Kibana Update API key endpoint." + ], + "signature": [ + "Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; role_descriptors: Record>; }> | Readonly<{ metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; type: \"cross_cluster\"; access: Readonly<{ search?: Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined; replication?: Readonly<{} & { names: string[]; }>[] | undefined; } & {}>; }> | Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; kibana_role_descriptors: Record | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>; }>" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-api-key-management", + "id": "def-public.UpdateAPIKeyResult", + "type": "Type", + "tags": [], + "label": "UpdateAPIKeyResult", + "description": [ + "\nResponse of Kibana Update API key endpoint." + ], + "signature": [ + "SecurityUpdateApiKeyResponse" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ], + "objects": [] + }, + "server": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "common": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + } +} \ No newline at end of file diff --git a/api_docs/kbn_security_api_key_management.mdx b/api_docs/kbn_security_api_key_management.mdx new file mode 100644 index 0000000000000..e3a8f5e4603f3 --- /dev/null +++ b/api_docs/kbn_security_api_key_management.mdx @@ -0,0 +1,39 @@ +--- +#### +#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. +#### Reach out in #docs-engineering for more info. +#### +id: kibKbnSecurityApiKeyManagementPluginApi +slug: /kibana-dev-docs/api/kbn-security-api-key-management +title: "@kbn/security-api-key-management" +image: https://source.unsplash.com/400x175/?github +description: API docs for the @kbn/security-api-key-management plugin +date: 2024-06-27 +tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-api-key-management'] +--- +import kbnSecurityApiKeyManagementObj from './kbn_security_api_key_management.devdocs.json'; + + + +Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) for questions regarding this plugin. + +**Code health stats** + +| Public API count | Any count | Items lacking comments | Missing exports | +|-------------------|-----------|------------------------|-----------------| +| 66 | 0 | 63 | 0 | + +## Client + +### Functions + + +### Classes + + +### Interfaces + + +### Consts, variables and types + + diff --git a/api_docs/kbn_security_form_components.devdocs.json b/api_docs/kbn_security_form_components.devdocs.json new file mode 100644 index 0000000000000..e6456ca9c7abd --- /dev/null +++ b/api_docs/kbn_security_form_components.devdocs.json @@ -0,0 +1,727 @@ +{ + "id": "@kbn/security-form-components", + "client": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "server": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "common": { + "classes": [], + "functions": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.createFieldValidator", + "type": "Function", + "tags": [], + "label": "createFieldValidator", + "description": [], + "signature": [ + "(options: ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.ValidateOptions", + "text": "ValidateOptions" + }, + ") => ", + "FieldValidator" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.createFieldValidator.$1", + "type": "Object", + "tags": [], + "label": "options", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.ValidateOptions", + "text": "ValidateOptions" + } + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormChangesProvider", + "type": "Function", + "tags": [], + "label": "FormChangesProvider", + "description": [], + "signature": [ + "React.ProviderExoticComponent>" + ], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormChangesProvider.$1", + "type": "Uncategorized", + "tags": [], + "label": "props", + "description": [], + "signature": [ + "P" + ], + "path": "node_modules/@types/react/index.d.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormField", + "type": "Function", + "tags": [ + "throws" + ], + "label": "FormField", + "description": [ + "\nPolymorphic component that renders a form field with all state required for inline validation.\n" + ], + "signature": [ + "({\n as,\n validate,\n onBlur,\n ...rest\n}: ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormFieldProps", + "text": "FormFieldProps" + }, + " & Omit>, keyof ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormFieldProps", + "text": "FormFieldProps" + }, + ">) => JSX.Element" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormField.$1", + "type": "CompoundType", + "tags": [], + "label": "{\n as,\n validate,\n onBlur,\n ...rest\n}", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormFieldProps", + "text": "FormFieldProps" + }, + " & Omit>, keyof ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormFieldProps", + "text": "FormFieldProps" + }, + ">" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormLabel", + "type": "Function", + "tags": [ + "throws", + "throws" + ], + "label": "FormLabel", + "description": [ + "\nComponent that visually indicates whether a field value has changed.\n" + ], + "signature": [ + "(props: React.PropsWithChildren>) => JSX.Element" + ], + "path": "x-pack/packages/security/form_components/src/form_label.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormLabel.$1", + "type": "CompoundType", + "tags": [], + "label": "props", + "description": [], + "signature": [ + "React.PropsWithChildren>" + ], + "path": "x-pack/packages/security/form_components/src/form_label.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormRow", + "type": "Function", + "tags": [ + "throws", + "throws" + ], + "label": "FormRow", + "description": [ + "\nComponent that renders a form row with all error states for inline validation.\n" + ], + "signature": [ + "(props: React.PropsWithChildren<((", + "DisambiguateSet", + " & { labelType?: \"legend\" | undefined; } & ", + "CommonProps", + " & { display?: \"center\" | \"row\" | \"rowCompressed\" | \"columnCompressed\" | \"centerCompressed\" | \"columnCompressedSwitch\" | undefined; hasEmptyLabelSpace?: boolean | undefined; fullWidth?: boolean | undefined; describedByIds?: string[] | undefined; hasChildLabel?: boolean | undefined; children: React.ReactElement>; label?: React.ReactNode; labelAppend?: any; id?: string | undefined; isInvalid?: boolean | undefined; error?: React.ReactNode | React.ReactNode[]; helpText?: React.ReactNode | React.ReactNode[]; isDisabled?: boolean | undefined; } & Omit, \"disabled\">) | (", + "DisambiguateSet", + " & { labelType?: \"label\" | undefined; } & ", + "CommonProps", + " & { display?: \"center\" | \"row\" | \"rowCompressed\" | \"columnCompressed\" | \"centerCompressed\" | \"columnCompressedSwitch\" | undefined; hasEmptyLabelSpace?: boolean | undefined; fullWidth?: boolean | undefined; describedByIds?: string[] | undefined; hasChildLabel?: boolean | undefined; children: React.ReactElement>; label?: React.ReactNode; labelAppend?: any; id?: string | undefined; isInvalid?: boolean | undefined; error?: React.ReactNode | React.ReactNode[]; helpText?: React.ReactNode | React.ReactNode[]; isDisabled?: boolean | undefined; } & React.HTMLAttributes)) & ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormRowProps", + "text": "FormRowProps" + }, + ">) => JSX.Element" + ], + "path": "x-pack/packages/security/form_components/src/form_row.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormRow.$1", + "type": "CompoundType", + "tags": [], + "label": "props", + "description": [], + "signature": [ + "React.PropsWithChildren<((", + "DisambiguateSet", + " & { labelType?: \"legend\" | undefined; } & ", + "CommonProps", + " & { display?: \"center\" | \"row\" | \"rowCompressed\" | \"columnCompressed\" | \"centerCompressed\" | \"columnCompressedSwitch\" | undefined; hasEmptyLabelSpace?: boolean | undefined; fullWidth?: boolean | undefined; describedByIds?: string[] | undefined; hasChildLabel?: boolean | undefined; children: React.ReactElement>; label?: React.ReactNode; labelAppend?: any; id?: string | undefined; isInvalid?: boolean | undefined; error?: React.ReactNode | React.ReactNode[]; helpText?: React.ReactNode | React.ReactNode[]; isDisabled?: boolean | undefined; } & Omit, \"disabled\">) | (", + "DisambiguateSet", + " & { labelType?: \"label\" | undefined; } & ", + "CommonProps", + " & { display?: \"center\" | \"row\" | \"rowCompressed\" | \"columnCompressed\" | \"centerCompressed\" | \"columnCompressedSwitch\" | undefined; hasEmptyLabelSpace?: boolean | undefined; fullWidth?: boolean | undefined; describedByIds?: string[] | undefined; hasChildLabel?: boolean | undefined; children: React.ReactElement>; label?: React.ReactNode; labelAppend?: any; id?: string | undefined; isInvalid?: boolean | undefined; error?: React.ReactNode | React.ReactNode[]; helpText?: React.ReactNode | React.ReactNode[]; isDisabled?: boolean | undefined; } & React.HTMLAttributes)) & ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormRowProps", + "text": "FormRowProps" + }, + ">" + ], + "path": "x-pack/packages/security/form_components/src/form_row.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.OptionalText", + "type": "Function", + "tags": [], + "label": "OptionalText", + "description": [], + "signature": [ + "() => JSX.Element" + ], + "path": "x-pack/packages/security/form_components/src/form_row.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.useFormChanges", + "type": "Function", + "tags": [], + "label": "useFormChanges", + "description": [ + "\nCustom React hook that allows tracking changes within a form.\n" + ], + "signature": [ + "() => ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormChangesProps", + "text": "FormChangesProps" + } + ], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.useFormChangesContext", + "type": "Function", + "tags": [ + "throws" + ], + "label": "useFormChangesContext", + "description": [ + "\nCustom React hook that returns all @see FormChangesProps state from context.\n" + ], + "signature": [ + "() => ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormChangesProps", + "text": "FormChangesProps" + } + ], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [], + "returnComment": [], + "initialIsOpen": false + } + ], + "interfaces": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormChangesProps", + "type": "Interface", + "tags": [], + "label": "FormChangesProps", + "description": [], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormChangesProps.count", + "type": "number", + "tags": [], + "label": "count", + "description": [ + "\nNumber of fields rendered on the page that have changed." + ], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormChangesProps.report", + "type": "Function", + "tags": [], + "label": "report", + "description": [ + "\nCallback function used by a form field to indicate whether its current value is different to its initial value.\n" + ], + "signature": [ + "(isEqual: boolean) => ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.RevertFunction", + "text": "RevertFunction" + }, + " | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormChangesProps.report.$1", + "type": "boolean", + "tags": [], + "label": "isEqual", + "description": [], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false + } + ] + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormFieldProps", + "type": "Interface", + "tags": [], + "label": "FormFieldProps", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.FormFieldProps", + "text": "FormFieldProps" + }, + "" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormFieldProps.as", + "type": "Uncategorized", + "tags": [], + "label": "as", + "description": [], + "signature": [ + "T | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormFieldProps.name", + "type": "string", + "tags": [], + "label": "name", + "description": [], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormFieldProps.validate", + "type": "CompoundType", + "tags": [], + "label": "validate", + "description": [], + "signature": [ + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.ValidateOptions", + "text": "ValidateOptions" + }, + " | ", + "FieldValidator", + " | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormLabelProps", + "type": "Interface", + "tags": [], + "label": "FormLabelProps", + "description": [], + "path": "x-pack/packages/security/form_components/src/form_label.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormLabelProps.for", + "type": "string", + "tags": [], + "label": "for", + "description": [ + "\nName of target form field." + ], + "path": "x-pack/packages/security/form_components/src/form_label.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormRowProps", + "type": "Interface", + "tags": [], + "label": "FormRowProps", + "description": [], + "path": "x-pack/packages/security/form_components/src/form_row.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.FormRowProps.name", + "type": "string", + "tags": [], + "label": "name", + "description": [ + "\nOptional name of form field.\n\nIf not provided the name will be inferred from its child element." + ], + "signature": [ + "string | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_row.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ValidateOptions", + "type": "Interface", + "tags": [], + "label": "ValidateOptions", + "description": [], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ValidateOptions.required", + "type": "string", + "tags": [], + "label": "required", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ValidateOptions.pattern", + "type": "Object", + "tags": [], + "label": "pattern", + "description": [], + "signature": [ + "{ value: RegExp; message: string; } | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ValidateOptions.minLength", + "type": "Object", + "tags": [], + "label": "minLength", + "description": [], + "signature": [ + "{ value: number; message: string; } | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ValidateOptions.maxLength", + "type": "Object", + "tags": [], + "label": "maxLength", + "description": [], + "signature": [ + "{ value: number; message: string; } | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ValidateOptions.min", + "type": "Object", + "tags": [], + "label": "min", + "description": [], + "signature": [ + "{ value: number; message: string; } | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ValidateOptions.max", + "type": "Object", + "tags": [], + "label": "max", + "description": [], + "signature": [ + "{ value: number; message: string; } | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_field.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + } + ], + "enums": [], + "misc": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ReportFunction", + "type": "Type", + "tags": [], + "label": "ReportFunction", + "description": [], + "signature": [ + "(isEqual: boolean) => ", + { + "pluginId": "@kbn/security-form-components", + "scope": "common", + "docId": "kibKbnSecurityFormComponentsPluginApi", + "section": "def-common.RevertFunction", + "text": "RevertFunction" + }, + " | undefined" + ], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.ReportFunction.$1", + "type": "boolean", + "tags": [], + "label": "isEqual", + "description": [], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-form-components", + "id": "def-common.RevertFunction", + "type": "Type", + "tags": [], + "label": "RevertFunction", + "description": [], + "signature": [ + "() => void" + ], + "path": "x-pack/packages/security/form_components/src/form_changes.tsx", + "deprecated": false, + "trackAdoption": false, + "returnComment": [], + "children": [], + "initialIsOpen": false + } + ], + "objects": [] + } +} \ No newline at end of file diff --git a/api_docs/kbn_security_form_components.mdx b/api_docs/kbn_security_form_components.mdx new file mode 100644 index 0000000000000..bd645b441a367 --- /dev/null +++ b/api_docs/kbn_security_form_components.mdx @@ -0,0 +1,36 @@ +--- +#### +#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. +#### Reach out in #docs-engineering for more info. +#### +id: kibKbnSecurityFormComponentsPluginApi +slug: /kibana-dev-docs/api/kbn-security-form-components +title: "@kbn/security-form-components" +image: https://source.unsplash.com/400x175/?github +description: API docs for the @kbn/security-form-components plugin +date: 2024-06-27 +tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-form-components'] +--- +import kbnSecurityFormComponentsObj from './kbn_security_form_components.devdocs.json'; + + + +Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) for questions regarding this plugin. + +**Code health stats** + +| Public API count | Any count | Items lacking comments | Missing exports | +|-------------------|-----------|------------------------|-----------------| +| 35 | 0 | 25 | 0 | + +## Common + +### Functions + + +### Interfaces + + +### Consts, variables and types + + diff --git a/api_docs/kbn_security_hardening.mdx b/api_docs/kbn_security_hardening.mdx index a71d18dfcad74..7098587e19de4 100644 --- a/api_docs/kbn_security_hardening.mdx +++ b/api_docs/kbn_security_hardening.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-hardening title: "@kbn/security-hardening" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-hardening plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-hardening'] --- import kbnSecurityHardeningObj from './kbn_security_hardening.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_common.devdocs.json b/api_docs/kbn_security_plugin_types_common.devdocs.json index 804df8e1e3d13..4bb4d0397c70f 100644 --- a/api_docs/kbn_security_plugin_types_common.devdocs.json +++ b/api_docs/kbn_security_plugin_types_common.devdocs.json @@ -20,6 +20,119 @@ "classes": [], "functions": [], "interfaces": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyAggregations", + "type": "Interface", + "tags": [], + "label": "ApiKeyAggregations", + "description": [], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyAggregations.usernames", + "type": "Object", + "tags": [], + "label": "usernames", + "description": [], + "signature": [ + "AggregationsStringTermsAggregate", + " | undefined" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyAggregations.types", + "type": "Object", + "tags": [], + "label": "types", + "description": [], + "signature": [ + "AggregationsStringTermsAggregate", + " | undefined" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyAggregations.expired", + "type": "Object", + "tags": [], + "label": "expired", + "description": [], + "signature": [ + "AggregationsFilterAggregateKeys", + " | undefined" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyAggregations.managed", + "type": "Object", + "tags": [], + "label": "managed", + "description": [], + "signature": [ + "{ buckets: { metadataBased: ", + "AggregationsFilterAggregateKeys", + "; namePrefixBased: ", + "AggregationsFilterAggregateKeys", + "; }; } | undefined" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyToInvalidate", + "type": "Interface", + "tags": [], + "label": "ApiKeyToInvalidate", + "description": [], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyToInvalidate.id", + "type": "string", + "tags": [], + "label": "id", + "description": [], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyToInvalidate.name", + "type": "string", + "tags": [], + "label": "name", + "description": [], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/security-plugin-types-common", "id": "def-common.AuthenticatedUser", @@ -203,6 +316,211 @@ ], "initialIsOpen": false }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.BaseApiKey", + "type": "Interface", + "tags": [], + "label": "BaseApiKey", + "description": [ + "\nFixing up `estypes.SecurityApiKey` type since some fields are marked as optional even though they are guaranteed to be returned.\n\nTODO: Remove this type when `@elastic/elasticsearch` has been updated." + ], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.BaseApiKey", + "text": "BaseApiKey" + }, + " extends ", + "SecurityApiKey" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.BaseApiKey.username", + "type": "string", + "tags": [], + "label": "username", + "description": [], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.BaseApiKey.realm", + "type": "string", + "tags": [], + "label": "realm", + "description": [], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.BaseApiKey.creation", + "type": "number", + "tags": [], + "label": "creation", + "description": [], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.BaseApiKey.metadata", + "type": "Object", + "tags": [], + "label": "metadata", + "description": [], + "signature": [ + "{ [x: string]: any; }" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.BaseApiKey.role_descriptors", + "type": "Object", + "tags": [], + "label": "role_descriptors", + "description": [], + "signature": [ + "{ [x: string]: ", + "SecurityRoleDescriptor", + "; }" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.CrossClusterApiKey", + "type": "Interface", + "tags": [], + "label": "CrossClusterApiKey", + "description": [ + "\nInterface representing a cross-cluster API key the way it is returned by Elasticsearch GET endpoint.\n\nTODO: Remove this type when `@elastic/elasticsearch` has been updated." + ], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.CrossClusterApiKey", + "text": "CrossClusterApiKey" + }, + " extends ", + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.BaseApiKey", + "text": "BaseApiKey" + } + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.CrossClusterApiKey.type", + "type": "string", + "tags": [], + "label": "type", + "description": [], + "signature": [ + "\"cross_cluster\"" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.CrossClusterApiKey.access", + "type": "Object", + "tags": [], + "label": "access", + "description": [ + "\nThe access to be granted to this API key. The access is composed of permissions for cross-cluster\nsearch and cross-cluster replication. At least one of them must be specified." + ], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.CrossClusterApiKeyAccess", + "text": "CrossClusterApiKeyAccess" + } + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.CrossClusterApiKeyAccess", + "type": "Interface", + "tags": [], + "label": "CrossClusterApiKeyAccess", + "description": [], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.CrossClusterApiKeyAccess.search", + "type": "Array", + "tags": [], + "label": "search", + "description": [ + "\nA list of indices permission entries for cross-cluster search." + ], + "signature": [ + "CrossClusterApiKeySearch[] | undefined" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.CrossClusterApiKeyAccess.replication", + "type": "Array", + "tags": [], + "label": "replication", + "description": [ + "\nA list of indices permission entries for cross-cluster replication." + ], + "signature": [ + "CrossClusterApiKeyReplication[] | undefined" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/security-plugin-types-common", "id": "def-common.FeaturesPrivileges", @@ -231,6 +549,100 @@ ], "initialIsOpen": false }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ManagedApiKey", + "type": "Interface", + "tags": [], + "label": "ManagedApiKey", + "description": [ + "\nInterface representing a REST API key that is managed by Kibana." + ], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.ManagedApiKey", + "text": "ManagedApiKey" + }, + " extends ", + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.BaseApiKey", + "text": "BaseApiKey" + } + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ManagedApiKey.type", + "type": "string", + "tags": [], + "label": "type", + "description": [], + "signature": [ + "\"managed\"" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.RestApiKey", + "type": "Interface", + "tags": [], + "label": "RestApiKey", + "description": [ + "\nInterface representing a REST API key the way it is returned by Elasticsearch GET endpoint.\n\nTODO: Remove this type when `@elastic/elasticsearch` has been updated." + ], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.RestApiKey", + "text": "RestApiKey" + }, + " extends ", + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.BaseApiKey", + "text": "BaseApiKey" + } + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.RestApiKey.type", + "type": "string", + "tags": [], + "label": "type", + "description": [], + "signature": [ + "\"rest\"" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/security-plugin-types-common", "id": "def-common.Role", @@ -1406,6 +1818,87 @@ ], "enums": [], "misc": [ + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKey", + "type": "Type", + "tags": [], + "label": "ApiKey", + "description": [ + "\nInterface representing an API key the way it is returned by Elasticsearch GET endpoint." + ], + "signature": [ + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.RestApiKey", + "text": "RestApiKey" + }, + " | ", + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.CrossClusterApiKey", + "text": "CrossClusterApiKey" + } + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.ApiKeyRoleDescriptors", + "type": "Type", + "tags": [], + "label": "ApiKeyRoleDescriptors", + "description": [], + "signature": [ + "{ [x: string]: ", + "SecurityRoleDescriptor", + "; }" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.CategorizedApiKey", + "type": "Type", + "tags": [], + "label": "CategorizedApiKey", + "description": [ + "\nInterface representing an API key the way it is presented in the Kibana UI (with Kibana system\nAPI keys given its own dedicated `managed` type)." + ], + "signature": [ + "(", + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.ApiKey", + "text": "ApiKey" + }, + " | ", + { + "pluginId": "@kbn/security-plugin-types-common", + "scope": "common", + "docId": "kibKbnSecurityPluginTypesCommonPluginApi", + "section": "def-common.ManagedApiKey", + "text": "ManagedApiKey" + }, + ") & { expired: boolean; }" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/security-plugin-types-common", "id": "def-common.LoginLayout", @@ -1423,6 +1916,23 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/security-plugin-types-common", + "id": "def-common.QueryApiKeyResult", + "type": "Type", + "tags": [], + "label": "QueryApiKeyResult", + "description": [ + "\nResponse of Kibana Query API keys endpoint." + ], + "signature": [ + "SuccessQueryApiKeyResult | ErrorQueryApiKeyResult" + ], + "path": "x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/security-plugin-types-common", "id": "def-common.UserProfileData", diff --git a/api_docs/kbn_security_plugin_types_common.mdx b/api_docs/kbn_security_plugin_types_common.mdx index 041346f5c115f..eb6156d8c41e2 100644 --- a/api_docs/kbn_security_plugin_types_common.mdx +++ b/api_docs/kbn_security_plugin_types_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-common title: "@kbn/security-plugin-types-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-common plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-common'] --- import kbnSecurityPluginTypesCommonObj from './kbn_security_plugin_types_common.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana- | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 88 | 0 | 40 | 0 | +| 116 | 0 | 58 | 0 | ## Common diff --git a/api_docs/kbn_security_plugin_types_public.devdocs.json b/api_docs/kbn_security_plugin_types_public.devdocs.json index 637e988957f0e..bfe904b1137db 100644 --- a/api_docs/kbn_security_plugin_types_public.devdocs.json +++ b/api_docs/kbn_security_plugin_types_public.devdocs.json @@ -520,14 +520,6 @@ { "plugin": "security", "path": "x-pack/plugins/security/public/plugin.tsx" - }, - { - "plugin": "dataVisualizer", - "path": "x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx" - }, - { - "plugin": "dataVisualizer", - "path": "x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts" } ] }, @@ -643,14 +635,6 @@ "plugin": "security", "path": "x-pack/plugins/security/public/plugin.tsx" }, - { - "plugin": "maps", - "path": "x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx" - }, - { - "plugin": "imageEmbeddable", - "path": "src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx" - }, { "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/public/management/links.ts" diff --git a/api_docs/kbn_security_plugin_types_public.mdx b/api_docs/kbn_security_plugin_types_public.mdx index 615d684160d1f..9d8dfb08a1f3d 100644 --- a/api_docs/kbn_security_plugin_types_public.mdx +++ b/api_docs/kbn_security_plugin_types_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-public title: "@kbn/security-plugin-types-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-public plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-public'] --- import kbnSecurityPluginTypesPublicObj from './kbn_security_plugin_types_public.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_server.devdocs.json b/api_docs/kbn_security_plugin_types_server.devdocs.json index 9e4605fe0085b..855977ffccd49 100644 --- a/api_docs/kbn_security_plugin_types_server.devdocs.json +++ b/api_docs/kbn_security_plugin_types_server.devdocs.json @@ -134,6 +134,95 @@ ], "returnComment": [], "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.getUpdateRestApiKeyWithKibanaPrivilegesSchema", + "type": "Function", + "tags": [], + "label": "getUpdateRestApiKeyWithKibanaPrivilegesSchema", + "description": [], + "signature": [ + "(getBasePrivilegeNames: () => { global: string[]; space: string[]; }) => ExtendedObjectType<{ type: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "<\"rest\" | undefined>; name: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; expiration: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; role_descriptors: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + ">>; metadata: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + " | undefined>; }, { role_descriptors: null; name: null; id: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; kibana_role_descriptors: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + " | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>>; }>" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.getUpdateRestApiKeyWithKibanaPrivilegesSchema.$1", + "type": "Function", + "tags": [], + "label": "getBasePrivilegeNames", + "description": [], + "signature": [ + "() => { global: string[]; space: string[]; }" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false } ], "interfaces": [ @@ -3179,10 +3268,6 @@ "plugin": "alerting", "path": "x-pack/plugins/alerting/server/plugin.ts" }, - { - "plugin": "files", - "path": "src/plugins/files/server/routes/file_kind/create.ts" - }, { "plugin": "cases", "path": "x-pack/plugins/cases/server/client/factory.ts" @@ -3380,24 +3465,28 @@ "path": "x-pack/plugins/observability_solution/apm/server/routes/fleet/is_superuser.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts" + }, + { + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/enable.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/disable.ts" + "plugin": "observabilityOnboarding", + "path": "x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts" }, { "plugin": "synthetics", @@ -4362,6 +4451,85 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.UpdateAPIKeyParams", + "type": "Type", + "tags": [], + "label": "UpdateAPIKeyParams", + "description": [ + "\nRequest body of Kibana Update API key endpoint." + ], + "signature": [ + "Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; role_descriptors: Record>; }> | Readonly<{ metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; type: \"cross_cluster\"; access: Readonly<{ search?: Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined; replication?: Readonly<{} & { names: string[]; }>[] | undefined; } & {}>; }> | Readonly<{ type?: \"rest\" | undefined; metadata?: Readonly<{} & {}> | undefined; expiration?: string | undefined; } & { id: string; kibana_role_descriptors: Record | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>; }>" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.UpdateAPIKeyResult", + "type": "Type", + "tags": [], + "label": "UpdateAPIKeyResult", + "description": [ + "\nResponse of Kibana Update API key endpoint." + ], + "signature": [ + "SecurityUpdateApiKeyResponse" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.UpdateCrossClusterAPIKeyParams", + "type": "Type", + "tags": [], + "label": "UpdateCrossClusterAPIKeyParams", + "description": [], + "signature": [ + "{ readonly metadata?: Readonly<{} & {}> | undefined; readonly expiration?: string | undefined; readonly id: string; readonly type: \"cross_cluster\"; readonly access: Readonly<{ search?: Readonly<{ query?: any; field_security?: any; allow_restricted_indices?: boolean | undefined; } & { names: string[]; }>[] | undefined; replication?: Readonly<{} & { names: string[]; }>[] | undefined; } & {}>; }" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.UpdateRestAPIKeyParams", + "type": "Type", + "tags": [], + "label": "UpdateRestAPIKeyParams", + "description": [], + "signature": [ + "{ readonly type?: \"rest\" | undefined; readonly metadata?: Readonly<{} & {}> | undefined; readonly expiration?: string | undefined; readonly id: string; readonly role_descriptors: Record>; }" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.UpdateRestAPIKeyWithKibanaPrivilegesParams", + "type": "Type", + "tags": [], + "label": "UpdateRestAPIKeyWithKibanaPrivilegesParams", + "description": [], + "signature": [ + "{ readonly type?: \"rest\" | undefined; readonly metadata?: Readonly<{} & {}> | undefined; readonly expiration?: string | undefined; readonly id: string; readonly kibana_role_descriptors: Record | undefined; } & { spaces: string[] | \"*\"[]; }>[]; elasticsearch: Readonly<{ cluster?: string[] | undefined; indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; }>[] | undefined; remote_cluster?: Readonly<{} & { privileges: string[]; clusters: string[]; }>[] | undefined; remote_indices?: Readonly<{ query?: string | undefined; field_security?: Record<\"except\" | \"grant\", string[]> | undefined; allow_restricted_indices?: boolean | undefined; } & { names: string[]; privileges: string[]; clusters: string[]; }>[] | undefined; run_as?: string[] | undefined; } & {}>; }>>; }" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/security-plugin-types-server", "id": "def-server.UserProfileServiceStart", @@ -4606,6 +4774,178 @@ "deprecated": false, "trackAdoption": false, "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.updateCrossClusterApiKeySchema", + "type": "Object", + "tags": [], + "label": "updateCrossClusterApiKeySchema", + "description": [], + "signature": [ + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.ObjectType", + "text": "ObjectType" + }, + "; name: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; expiration: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; role_descriptors: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + ">>; metadata: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + " | undefined>; }, { type: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "<\"cross_cluster\">; role_descriptors: null; access: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.ObjectType", + "text": "ObjectType" + }, + "<{ search: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "[] | undefined>; replication: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "[] | undefined>; }>; }>, { name: null; id: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; }>>" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/security-plugin-types-server", + "id": "def-server.updateRestApiKeySchema", + "type": "Object", + "tags": [], + "label": "updateRestApiKeySchema", + "description": [], + "signature": [ + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.ObjectType", + "text": "ObjectType" + }, + "; name: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; expiration: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; role_descriptors: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + ">>; metadata: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + " | undefined>; }, { name: null; id: ", + { + "pluginId": "@kbn/config-schema", + "scope": "common", + "docId": "kibKbnConfigSchemaPluginApi", + "section": "def-common.Type", + "text": "Type" + }, + "; }>>" + ], + "path": "x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false } ] }, diff --git a/api_docs/kbn_security_plugin_types_server.mdx b/api_docs/kbn_security_plugin_types_server.mdx index f48c1dad65515..fa3f42eaad88a 100644 --- a/api_docs/kbn_security_plugin_types_server.mdx +++ b/api_docs/kbn_security_plugin_types_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-server title: "@kbn/security-plugin-types-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-server plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-server'] --- import kbnSecurityPluginTypesServerObj from './kbn_security_plugin_types_server.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana- | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 207 | 0 | 114 | 0 | +| 216 | 0 | 121 | 0 | ## Server diff --git a/api_docs/kbn_security_solution_features.mdx b/api_docs/kbn_security_solution_features.mdx index d85b0586f3dec..3b5a227f84c94 100644 --- a/api_docs/kbn_security_solution_features.mdx +++ b/api_docs/kbn_security_solution_features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-features title: "@kbn/security-solution-features" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-features plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-features'] --- import kbnSecuritySolutionFeaturesObj from './kbn_security_solution_features.devdocs.json'; diff --git a/api_docs/kbn_security_solution_navigation.mdx b/api_docs/kbn_security_solution_navigation.mdx index 0879f759c3190..b8f6ce60beac1 100644 --- a/api_docs/kbn_security_solution_navigation.mdx +++ b/api_docs/kbn_security_solution_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-navigation title: "@kbn/security-solution-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-navigation plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-navigation'] --- import kbnSecuritySolutionNavigationObj from './kbn_security_solution_navigation.devdocs.json'; diff --git a/api_docs/kbn_security_solution_side_nav.mdx b/api_docs/kbn_security_solution_side_nav.mdx index 9e07bec57385c..57f6349f44639 100644 --- a/api_docs/kbn_security_solution_side_nav.mdx +++ b/api_docs/kbn_security_solution_side_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-side-nav title: "@kbn/security-solution-side-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-side-nav plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-side-nav'] --- import kbnSecuritySolutionSideNavObj from './kbn_security_solution_side_nav.devdocs.json'; diff --git a/api_docs/kbn_security_solution_storybook_config.mdx b/api_docs/kbn_security_solution_storybook_config.mdx index 948c859f2d480..f7077f3b93338 100644 --- a/api_docs/kbn_security_solution_storybook_config.mdx +++ b/api_docs/kbn_security_solution_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-storybook-config title: "@kbn/security-solution-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-storybook-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-storybook-config'] --- import kbnSecuritySolutionStorybookConfigObj from './kbn_security_solution_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_autocomplete.mdx b/api_docs/kbn_securitysolution_autocomplete.mdx index f4a09715db567..ec09a4a6bde27 100644 --- a/api_docs/kbn_securitysolution_autocomplete.mdx +++ b/api_docs/kbn_securitysolution_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-autocomplete title: "@kbn/securitysolution-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-autocomplete plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-autocomplete'] --- import kbnSecuritysolutionAutocompleteObj from './kbn_securitysolution_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_data_table.mdx b/api_docs/kbn_securitysolution_data_table.mdx index 3a27570393ab1..e820dc65cc174 100644 --- a/api_docs/kbn_securitysolution_data_table.mdx +++ b/api_docs/kbn_securitysolution_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-data-table title: "@kbn/securitysolution-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-data-table plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-data-table'] --- import kbnSecuritysolutionDataTableObj from './kbn_securitysolution_data_table.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_ecs.mdx b/api_docs/kbn_securitysolution_ecs.mdx index 33a9f0b135529..7b6aeafb544a6 100644 --- a/api_docs/kbn_securitysolution_ecs.mdx +++ b/api_docs/kbn_securitysolution_ecs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-ecs title: "@kbn/securitysolution-ecs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-ecs plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-ecs'] --- import kbnSecuritysolutionEcsObj from './kbn_securitysolution_ecs.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_es_utils.mdx b/api_docs/kbn_securitysolution_es_utils.mdx index 658dbe4b5aca2..17c0780ff87b2 100644 --- a/api_docs/kbn_securitysolution_es_utils.mdx +++ b/api_docs/kbn_securitysolution_es_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-es-utils title: "@kbn/securitysolution-es-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-es-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-es-utils'] --- import kbnSecuritysolutionEsUtilsObj from './kbn_securitysolution_es_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_exception_list_components.mdx b/api_docs/kbn_securitysolution_exception_list_components.mdx index 017061604cd0c..9fa17eca87f1a 100644 --- a/api_docs/kbn_securitysolution_exception_list_components.mdx +++ b/api_docs/kbn_securitysolution_exception_list_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-exception-list-components title: "@kbn/securitysolution-exception-list-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-exception-list-components plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-exception-list-components'] --- import kbnSecuritysolutionExceptionListComponentsObj from './kbn_securitysolution_exception_list_components.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_hook_utils.mdx b/api_docs/kbn_securitysolution_hook_utils.mdx index 454ac2437efa9..16df67d07d048 100644 --- a/api_docs/kbn_securitysolution_hook_utils.mdx +++ b/api_docs/kbn_securitysolution_hook_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-hook-utils title: "@kbn/securitysolution-hook-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-hook-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-hook-utils'] --- import kbnSecuritysolutionHookUtilsObj from './kbn_securitysolution_hook_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx index 7c9ad6cc9eb47..e9defdb9b1253 100644 --- a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-alerting-types title: "@kbn/securitysolution-io-ts-alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-alerting-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-alerting-types'] --- import kbnSecuritysolutionIoTsAlertingTypesObj from './kbn_securitysolution_io_ts_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_list_types.mdx b/api_docs/kbn_securitysolution_io_ts_list_types.mdx index 3345bae11e39c..b194f1207d4fa 100644 --- a/api_docs/kbn_securitysolution_io_ts_list_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_list_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-list-types title: "@kbn/securitysolution-io-ts-list-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-list-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-list-types'] --- import kbnSecuritysolutionIoTsListTypesObj from './kbn_securitysolution_io_ts_list_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_types.mdx b/api_docs/kbn_securitysolution_io_ts_types.mdx index f61526330f4db..f278268425cc4 100644 --- a/api_docs/kbn_securitysolution_io_ts_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-types title: "@kbn/securitysolution-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-types'] --- import kbnSecuritysolutionIoTsTypesObj from './kbn_securitysolution_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_utils.mdx b/api_docs/kbn_securitysolution_io_ts_utils.mdx index 5dbbc0a930a50..fee0593562eb0 100644 --- a/api_docs/kbn_securitysolution_io_ts_utils.mdx +++ b/api_docs/kbn_securitysolution_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-utils title: "@kbn/securitysolution-io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-utils'] --- import kbnSecuritysolutionIoTsUtilsObj from './kbn_securitysolution_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_api.mdx b/api_docs/kbn_securitysolution_list_api.mdx index 747e5d9504194..4aedda6795373 100644 --- a/api_docs/kbn_securitysolution_list_api.mdx +++ b/api_docs/kbn_securitysolution_list_api.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-api title: "@kbn/securitysolution-list-api" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-api plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-api'] --- import kbnSecuritysolutionListApiObj from './kbn_securitysolution_list_api.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_constants.mdx b/api_docs/kbn_securitysolution_list_constants.mdx index d97a67f6b7c41..b205068430261 100644 --- a/api_docs/kbn_securitysolution_list_constants.mdx +++ b/api_docs/kbn_securitysolution_list_constants.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-constants title: "@kbn/securitysolution-list-constants" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-constants plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-constants'] --- import kbnSecuritysolutionListConstantsObj from './kbn_securitysolution_list_constants.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_hooks.mdx b/api_docs/kbn_securitysolution_list_hooks.mdx index fa3019947afae..22f8a387168ee 100644 --- a/api_docs/kbn_securitysolution_list_hooks.mdx +++ b/api_docs/kbn_securitysolution_list_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-hooks title: "@kbn/securitysolution-list-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-hooks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-hooks'] --- import kbnSecuritysolutionListHooksObj from './kbn_securitysolution_list_hooks.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_utils.mdx b/api_docs/kbn_securitysolution_list_utils.mdx index 8042c2f8cc98c..dbf097fa1c5df 100644 --- a/api_docs/kbn_securitysolution_list_utils.mdx +++ b/api_docs/kbn_securitysolution_list_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-utils title: "@kbn/securitysolution-list-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-utils'] --- import kbnSecuritysolutionListUtilsObj from './kbn_securitysolution_list_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_rules.mdx b/api_docs/kbn_securitysolution_rules.mdx index f8ee827e114e6..9fb0dfe483829 100644 --- a/api_docs/kbn_securitysolution_rules.mdx +++ b/api_docs/kbn_securitysolution_rules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-rules title: "@kbn/securitysolution-rules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-rules plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-rules'] --- import kbnSecuritysolutionRulesObj from './kbn_securitysolution_rules.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_t_grid.mdx b/api_docs/kbn_securitysolution_t_grid.mdx index 88f0a21faecf5..c36d504c5aa17 100644 --- a/api_docs/kbn_securitysolution_t_grid.mdx +++ b/api_docs/kbn_securitysolution_t_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-t-grid title: "@kbn/securitysolution-t-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-t-grid plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-t-grid'] --- import kbnSecuritysolutionTGridObj from './kbn_securitysolution_t_grid.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_utils.mdx b/api_docs/kbn_securitysolution_utils.mdx index e6d13456280b2..d52be2bfb9254 100644 --- a/api_docs/kbn_securitysolution_utils.mdx +++ b/api_docs/kbn_securitysolution_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-utils title: "@kbn/securitysolution-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-utils'] --- import kbnSecuritysolutionUtilsObj from './kbn_securitysolution_utils.devdocs.json'; diff --git a/api_docs/kbn_server_http_tools.mdx b/api_docs/kbn_server_http_tools.mdx index 90294e88e397b..f21988f728dd4 100644 --- a/api_docs/kbn_server_http_tools.mdx +++ b/api_docs/kbn_server_http_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-http-tools title: "@kbn/server-http-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-http-tools plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-http-tools'] --- import kbnServerHttpToolsObj from './kbn_server_http_tools.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository.mdx b/api_docs/kbn_server_route_repository.mdx index 1259051db0661..b986fb411bca0 100644 --- a/api_docs/kbn_server_route_repository.mdx +++ b/api_docs/kbn_server_route_repository.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository title: "@kbn/server-route-repository" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository'] --- import kbnServerRouteRepositoryObj from './kbn_server_route_repository.devdocs.json'; diff --git a/api_docs/kbn_serverless_common_settings.mdx b/api_docs/kbn_serverless_common_settings.mdx index 10f6240c4e6e6..aba0d11f842c5 100644 --- a/api_docs/kbn_serverless_common_settings.mdx +++ b/api_docs/kbn_serverless_common_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-common-settings title: "@kbn/serverless-common-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-common-settings plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-common-settings'] --- import kbnServerlessCommonSettingsObj from './kbn_serverless_common_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_observability_settings.mdx b/api_docs/kbn_serverless_observability_settings.mdx index 115c5bfe430db..221eb198ead64 100644 --- a/api_docs/kbn_serverless_observability_settings.mdx +++ b/api_docs/kbn_serverless_observability_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-observability-settings title: "@kbn/serverless-observability-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-observability-settings plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-observability-settings'] --- import kbnServerlessObservabilitySettingsObj from './kbn_serverless_observability_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_project_switcher.mdx b/api_docs/kbn_serverless_project_switcher.mdx index dd454ad741c1d..10e51fdae1028 100644 --- a/api_docs/kbn_serverless_project_switcher.mdx +++ b/api_docs/kbn_serverless_project_switcher.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-project-switcher title: "@kbn/serverless-project-switcher" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-project-switcher plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-project-switcher'] --- import kbnServerlessProjectSwitcherObj from './kbn_serverless_project_switcher.devdocs.json'; diff --git a/api_docs/kbn_serverless_search_settings.mdx b/api_docs/kbn_serverless_search_settings.mdx index 97880e6874440..b1d43931ebb0a 100644 --- a/api_docs/kbn_serverless_search_settings.mdx +++ b/api_docs/kbn_serverless_search_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-search-settings title: "@kbn/serverless-search-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-search-settings plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-search-settings'] --- import kbnServerlessSearchSettingsObj from './kbn_serverless_search_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_security_settings.mdx b/api_docs/kbn_serverless_security_settings.mdx index a9728538133bb..9db90980199b7 100644 --- a/api_docs/kbn_serverless_security_settings.mdx +++ b/api_docs/kbn_serverless_security_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-security-settings title: "@kbn/serverless-security-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-security-settings plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-security-settings'] --- import kbnServerlessSecuritySettingsObj from './kbn_serverless_security_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_storybook_config.mdx b/api_docs/kbn_serverless_storybook_config.mdx index 9b0776b4c515c..4552018ee4971 100644 --- a/api_docs/kbn_serverless_storybook_config.mdx +++ b/api_docs/kbn_serverless_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-storybook-config title: "@kbn/serverless-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-storybook-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-storybook-config'] --- import kbnServerlessStorybookConfigObj from './kbn_serverless_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_svg.mdx b/api_docs/kbn_shared_svg.mdx index 4c54192bbf087..7d54d4833501c 100644 --- a/api_docs/kbn_shared_svg.mdx +++ b/api_docs/kbn_shared_svg.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-svg title: "@kbn/shared-svg" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-svg plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-svg'] --- import kbnSharedSvgObj from './kbn_shared_svg.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_avatar_solution.mdx b/api_docs/kbn_shared_ux_avatar_solution.mdx index 1bf73fbc670fd..d2329fde3ccc4 100644 --- a/api_docs/kbn_shared_ux_avatar_solution.mdx +++ b/api_docs/kbn_shared_ux_avatar_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-avatar-solution title: "@kbn/shared-ux-avatar-solution" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-avatar-solution plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-avatar-solution'] --- import kbnSharedUxAvatarSolutionObj from './kbn_shared_ux_avatar_solution.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx index d253a94c3c7f1..930b4e30f6f1e 100644 --- a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx +++ b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-exit-full-screen title: "@kbn/shared-ux-button-exit-full-screen" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-exit-full-screen plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-exit-full-screen'] --- import kbnSharedUxButtonExitFullScreenObj from './kbn_shared_ux_button_exit_full_screen.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_toolbar.mdx b/api_docs/kbn_shared_ux_button_toolbar.mdx index a70d24af1969a..ffe8feae8b297 100644 --- a/api_docs/kbn_shared_ux_button_toolbar.mdx +++ b/api_docs/kbn_shared_ux_button_toolbar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-toolbar title: "@kbn/shared-ux-button-toolbar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-toolbar plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-toolbar'] --- import kbnSharedUxButtonToolbarObj from './kbn_shared_ux_button_toolbar.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data.mdx b/api_docs/kbn_shared_ux_card_no_data.mdx index d66f65c881f0b..3d7e10dcb652b 100644 --- a/api_docs/kbn_shared_ux_card_no_data.mdx +++ b/api_docs/kbn_shared_ux_card_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data title: "@kbn/shared-ux-card-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data'] --- import kbnSharedUxCardNoDataObj from './kbn_shared_ux_card_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx index 9585caf3c8331..fb25cc237bf0b 100644 --- a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data-mocks title: "@kbn/shared-ux-card-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data-mocks'] --- import kbnSharedUxCardNoDataMocksObj from './kbn_shared_ux_card_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_chrome_navigation.mdx b/api_docs/kbn_shared_ux_chrome_navigation.mdx index cb66dbcb3151b..644f6ac844bb6 100644 --- a/api_docs/kbn_shared_ux_chrome_navigation.mdx +++ b/api_docs/kbn_shared_ux_chrome_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-chrome-navigation title: "@kbn/shared-ux-chrome-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-chrome-navigation plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-chrome-navigation'] --- import kbnSharedUxChromeNavigationObj from './kbn_shared_ux_chrome_navigation.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_error_boundary.mdx b/api_docs/kbn_shared_ux_error_boundary.mdx index 6b18a017d6fde..3be634116cf25 100644 --- a/api_docs/kbn_shared_ux_error_boundary.mdx +++ b/api_docs/kbn_shared_ux_error_boundary.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-error-boundary title: "@kbn/shared-ux-error-boundary" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-error-boundary plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-error-boundary'] --- import kbnSharedUxErrorBoundaryObj from './kbn_shared_ux_error_boundary.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_context.mdx b/api_docs/kbn_shared_ux_file_context.mdx index 5bffb4d50f227..5360d9bf11239 100644 --- a/api_docs/kbn_shared_ux_file_context.mdx +++ b/api_docs/kbn_shared_ux_file_context.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-context title: "@kbn/shared-ux-file-context" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-context plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-context'] --- import kbnSharedUxFileContextObj from './kbn_shared_ux_file_context.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image.mdx b/api_docs/kbn_shared_ux_file_image.mdx index 0192f838232ac..cf62cf901f442 100644 --- a/api_docs/kbn_shared_ux_file_image.mdx +++ b/api_docs/kbn_shared_ux_file_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image title: "@kbn/shared-ux-file-image" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image'] --- import kbnSharedUxFileImageObj from './kbn_shared_ux_file_image.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image_mocks.mdx b/api_docs/kbn_shared_ux_file_image_mocks.mdx index 855322a07b228..8725c2601f7a8 100644 --- a/api_docs/kbn_shared_ux_file_image_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_image_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image-mocks title: "@kbn/shared-ux-file-image-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image-mocks'] --- import kbnSharedUxFileImageMocksObj from './kbn_shared_ux_file_image_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_mocks.mdx b/api_docs/kbn_shared_ux_file_mocks.mdx index 01e0df3ea6e14..d4b32dba8cf42 100644 --- a/api_docs/kbn_shared_ux_file_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-mocks title: "@kbn/shared-ux-file-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-mocks'] --- import kbnSharedUxFileMocksObj from './kbn_shared_ux_file_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_picker.mdx b/api_docs/kbn_shared_ux_file_picker.mdx index 8ba062703762d..aa04493d4adcf 100644 --- a/api_docs/kbn_shared_ux_file_picker.mdx +++ b/api_docs/kbn_shared_ux_file_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-picker title: "@kbn/shared-ux-file-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-picker plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-picker'] --- import kbnSharedUxFilePickerObj from './kbn_shared_ux_file_picker.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_types.mdx b/api_docs/kbn_shared_ux_file_types.mdx index b850f36ae4a08..337a2a154deab 100644 --- a/api_docs/kbn_shared_ux_file_types.mdx +++ b/api_docs/kbn_shared_ux_file_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-types title: "@kbn/shared-ux-file-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-types'] --- import kbnSharedUxFileTypesObj from './kbn_shared_ux_file_types.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_upload.mdx b/api_docs/kbn_shared_ux_file_upload.mdx index ab44a93c0f1f4..209bdc2c45086 100644 --- a/api_docs/kbn_shared_ux_file_upload.mdx +++ b/api_docs/kbn_shared_ux_file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-upload title: "@kbn/shared-ux-file-upload" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-upload plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-upload'] --- import kbnSharedUxFileUploadObj from './kbn_shared_ux_file_upload.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_util.mdx b/api_docs/kbn_shared_ux_file_util.mdx index 2519a2ded543f..4ca5558508333 100644 --- a/api_docs/kbn_shared_ux_file_util.mdx +++ b/api_docs/kbn_shared_ux_file_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-util title: "@kbn/shared-ux-file-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-util plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-util'] --- import kbnSharedUxFileUtilObj from './kbn_shared_ux_file_util.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app.mdx b/api_docs/kbn_shared_ux_link_redirect_app.mdx index 202210abc0c40..3f6a81eadd7b6 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app title: "@kbn/shared-ux-link-redirect-app" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app'] --- import kbnSharedUxLinkRedirectAppObj from './kbn_shared_ux_link_redirect_app.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx index 3d94d8b700585..c9a66445013f5 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app-mocks title: "@kbn/shared-ux-link-redirect-app-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app-mocks'] --- import kbnSharedUxLinkRedirectAppMocksObj from './kbn_shared_ux_link_redirect_app_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown.mdx b/api_docs/kbn_shared_ux_markdown.mdx index d08dbf3414eeb..cb7d651766f70 100644 --- a/api_docs/kbn_shared_ux_markdown.mdx +++ b/api_docs/kbn_shared_ux_markdown.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown title: "@kbn/shared-ux-markdown" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown'] --- import kbnSharedUxMarkdownObj from './kbn_shared_ux_markdown.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown_mocks.mdx b/api_docs/kbn_shared_ux_markdown_mocks.mdx index 60153c5051454..96dbb0600aff2 100644 --- a/api_docs/kbn_shared_ux_markdown_mocks.mdx +++ b/api_docs/kbn_shared_ux_markdown_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown-mocks title: "@kbn/shared-ux-markdown-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown-mocks'] --- import kbnSharedUxMarkdownMocksObj from './kbn_shared_ux_markdown_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx index a837cef67ebfc..d172b67a0ea35 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data title: "@kbn/shared-ux-page-analytics-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data'] --- import kbnSharedUxPageAnalyticsNoDataObj from './kbn_shared_ux_page_analytics_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx index dab5ebfcb93e5..23077b97e1289 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data-mocks title: "@kbn/shared-ux-page-analytics-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data-mocks'] --- import kbnSharedUxPageAnalyticsNoDataMocksObj from './kbn_shared_ux_page_analytics_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx index d60b70f72e315..6e7c393416f8a 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data title: "@kbn/shared-ux-page-kibana-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data'] --- import kbnSharedUxPageKibanaNoDataObj from './kbn_shared_ux_page_kibana_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx index b1c800e0b6088..7c609f3243282 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data-mocks title: "@kbn/shared-ux-page-kibana-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data-mocks'] --- import kbnSharedUxPageKibanaNoDataMocksObj from './kbn_shared_ux_page_kibana_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template.mdx b/api_docs/kbn_shared_ux_page_kibana_template.mdx index ba520535c6858..fa7d2d0a30a47 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template title: "@kbn/shared-ux-page-kibana-template" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template'] --- import kbnSharedUxPageKibanaTemplateObj from './kbn_shared_ux_page_kibana_template.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx index e216927c6e0db..396aba46e8221 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template-mocks title: "@kbn/shared-ux-page-kibana-template-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template-mocks'] --- import kbnSharedUxPageKibanaTemplateMocksObj from './kbn_shared_ux_page_kibana_template_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data.mdx b/api_docs/kbn_shared_ux_page_no_data.mdx index 874fd77bd5959..672a1df70a8d3 100644 --- a/api_docs/kbn_shared_ux_page_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data title: "@kbn/shared-ux-page-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data'] --- import kbnSharedUxPageNoDataObj from './kbn_shared_ux_page_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config.mdx b/api_docs/kbn_shared_ux_page_no_data_config.mdx index 0a8691e0f39f0..1b95207f1c22b 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config title: "@kbn/shared-ux-page-no-data-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config'] --- import kbnSharedUxPageNoDataConfigObj from './kbn_shared_ux_page_no_data_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx index b751cd53c71f9..b9256883124d4 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config-mocks title: "@kbn/shared-ux-page-no-data-config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config-mocks'] --- import kbnSharedUxPageNoDataConfigMocksObj from './kbn_shared_ux_page_no_data_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx index 183ae4444778f..9269a500a86ff 100644 --- a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-mocks title: "@kbn/shared-ux-page-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-mocks'] --- import kbnSharedUxPageNoDataMocksObj from './kbn_shared_ux_page_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_solution_nav.mdx b/api_docs/kbn_shared_ux_page_solution_nav.mdx index 9aa31d02381b9..4a7e2a051a0e2 100644 --- a/api_docs/kbn_shared_ux_page_solution_nav.mdx +++ b/api_docs/kbn_shared_ux_page_solution_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-solution-nav title: "@kbn/shared-ux-page-solution-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-solution-nav plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-solution-nav'] --- import kbnSharedUxPageSolutionNavObj from './kbn_shared_ux_page_solution_nav.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx index 5ef2b27c2d971..421d2530f2249 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views title: "@kbn/shared-ux-prompt-no-data-views" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views'] --- import kbnSharedUxPromptNoDataViewsObj from './kbn_shared_ux_prompt_no_data_views.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx index ef8a3f474e6fa..0ccf52b2ed0de 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views-mocks title: "@kbn/shared-ux-prompt-no-data-views-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views-mocks'] --- import kbnSharedUxPromptNoDataViewsMocksObj from './kbn_shared_ux_prompt_no_data_views_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_not_found.mdx b/api_docs/kbn_shared_ux_prompt_not_found.mdx index d0c7c989e80a3..d476213214168 100644 --- a/api_docs/kbn_shared_ux_prompt_not_found.mdx +++ b/api_docs/kbn_shared_ux_prompt_not_found.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-not-found title: "@kbn/shared-ux-prompt-not-found" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-not-found plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-not-found'] --- import kbnSharedUxPromptNotFoundObj from './kbn_shared_ux_prompt_not_found.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router.mdx b/api_docs/kbn_shared_ux_router.mdx index 158293fd2fb19..c94a5ae2b89ff 100644 --- a/api_docs/kbn_shared_ux_router.mdx +++ b/api_docs/kbn_shared_ux_router.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router title: "@kbn/shared-ux-router" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router'] --- import kbnSharedUxRouterObj from './kbn_shared_ux_router.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router_mocks.mdx b/api_docs/kbn_shared_ux_router_mocks.mdx index 872daff3020ba..1a3492907f42b 100644 --- a/api_docs/kbn_shared_ux_router_mocks.mdx +++ b/api_docs/kbn_shared_ux_router_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router-mocks title: "@kbn/shared-ux-router-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router-mocks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router-mocks'] --- import kbnSharedUxRouterMocksObj from './kbn_shared_ux_router_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_config.mdx b/api_docs/kbn_shared_ux_storybook_config.mdx index e383e013dc1a1..4cb717c4d2693 100644 --- a/api_docs/kbn_shared_ux_storybook_config.mdx +++ b/api_docs/kbn_shared_ux_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-config title: "@kbn/shared-ux-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-config'] --- import kbnSharedUxStorybookConfigObj from './kbn_shared_ux_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_mock.mdx b/api_docs/kbn_shared_ux_storybook_mock.mdx index c59db4c45678c..1f41647c44194 100644 --- a/api_docs/kbn_shared_ux_storybook_mock.mdx +++ b/api_docs/kbn_shared_ux_storybook_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-mock title: "@kbn/shared-ux-storybook-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-mock plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-mock'] --- import kbnSharedUxStorybookMockObj from './kbn_shared_ux_storybook_mock.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_tabbed_modal.mdx b/api_docs/kbn_shared_ux_tabbed_modal.mdx index b9f7e832c927c..e91971f726114 100644 --- a/api_docs/kbn_shared_ux_tabbed_modal.mdx +++ b/api_docs/kbn_shared_ux_tabbed_modal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-tabbed-modal title: "@kbn/shared-ux-tabbed-modal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-tabbed-modal plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-tabbed-modal'] --- import kbnSharedUxTabbedModalObj from './kbn_shared_ux_tabbed_modal.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_utility.mdx b/api_docs/kbn_shared_ux_utility.mdx index 960d6cc5abc9d..a2c14b9298ba6 100644 --- a/api_docs/kbn_shared_ux_utility.mdx +++ b/api_docs/kbn_shared_ux_utility.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-utility title: "@kbn/shared-ux-utility" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-utility plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-utility'] --- import kbnSharedUxUtilityObj from './kbn_shared_ux_utility.devdocs.json'; diff --git a/api_docs/kbn_slo_schema.mdx b/api_docs/kbn_slo_schema.mdx index 82fffe8312d90..3f7b39c031fa4 100644 --- a/api_docs/kbn_slo_schema.mdx +++ b/api_docs/kbn_slo_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-slo-schema title: "@kbn/slo-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/slo-schema plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/slo-schema'] --- import kbnSloSchemaObj from './kbn_slo_schema.devdocs.json'; diff --git a/api_docs/kbn_some_dev_log.mdx b/api_docs/kbn_some_dev_log.mdx index cc2a960478fde..b1d63077e9f50 100644 --- a/api_docs/kbn_some_dev_log.mdx +++ b/api_docs/kbn_some_dev_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-some-dev-log title: "@kbn/some-dev-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/some-dev-log plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/some-dev-log'] --- import kbnSomeDevLogObj from './kbn_some_dev_log.devdocs.json'; diff --git a/api_docs/kbn_sort_predicates.mdx b/api_docs/kbn_sort_predicates.mdx index 862e1f3f892f3..513e4b7680c43 100644 --- a/api_docs/kbn_sort_predicates.mdx +++ b/api_docs/kbn_sort_predicates.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sort-predicates title: "@kbn/sort-predicates" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sort-predicates plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sort-predicates'] --- import kbnSortPredicatesObj from './kbn_sort_predicates.devdocs.json'; diff --git a/api_docs/kbn_std.mdx b/api_docs/kbn_std.mdx index 82c97742b1df6..8d535d6a34953 100644 --- a/api_docs/kbn_std.mdx +++ b/api_docs/kbn_std.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-std title: "@kbn/std" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/std plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/std'] --- import kbnStdObj from './kbn_std.devdocs.json'; diff --git a/api_docs/kbn_stdio_dev_helpers.mdx b/api_docs/kbn_stdio_dev_helpers.mdx index cdac47936a392..5d7f06aa1c106 100644 --- a/api_docs/kbn_stdio_dev_helpers.mdx +++ b/api_docs/kbn_stdio_dev_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-stdio-dev-helpers title: "@kbn/stdio-dev-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/stdio-dev-helpers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/stdio-dev-helpers'] --- import kbnStdioDevHelpersObj from './kbn_stdio_dev_helpers.devdocs.json'; diff --git a/api_docs/kbn_storybook.mdx b/api_docs/kbn_storybook.mdx index 5eff0404e922c..b08ac30e3b286 100644 --- a/api_docs/kbn_storybook.mdx +++ b/api_docs/kbn_storybook.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-storybook title: "@kbn/storybook" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/storybook plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/storybook'] --- import kbnStorybookObj from './kbn_storybook.devdocs.json'; diff --git a/api_docs/kbn_telemetry_tools.mdx b/api_docs/kbn_telemetry_tools.mdx index fb6536bc0dde2..a4f434d56d614 100644 --- a/api_docs/kbn_telemetry_tools.mdx +++ b/api_docs/kbn_telemetry_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-telemetry-tools title: "@kbn/telemetry-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/telemetry-tools plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/telemetry-tools'] --- import kbnTelemetryToolsObj from './kbn_telemetry_tools.devdocs.json'; diff --git a/api_docs/kbn_test.mdx b/api_docs/kbn_test.mdx index d9a9346e68280..08ef91c2c05b6 100644 --- a/api_docs/kbn_test.mdx +++ b/api_docs/kbn_test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test title: "@kbn/test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test'] --- import kbnTestObj from './kbn_test.devdocs.json'; diff --git a/api_docs/kbn_test_eui_helpers.mdx b/api_docs/kbn_test_eui_helpers.mdx index 2ddbace1f4de3..2324a8fd86bf8 100644 --- a/api_docs/kbn_test_eui_helpers.mdx +++ b/api_docs/kbn_test_eui_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-eui-helpers title: "@kbn/test-eui-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-eui-helpers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-eui-helpers'] --- import kbnTestEuiHelpersObj from './kbn_test_eui_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_jest_helpers.mdx b/api_docs/kbn_test_jest_helpers.mdx index 56c4ff9552405..f45293a2daac8 100644 --- a/api_docs/kbn_test_jest_helpers.mdx +++ b/api_docs/kbn_test_jest_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-jest-helpers title: "@kbn/test-jest-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-jest-helpers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-jest-helpers'] --- import kbnTestJestHelpersObj from './kbn_test_jest_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_subj_selector.mdx b/api_docs/kbn_test_subj_selector.mdx index 42d4927d9cbf7..17efd56bd83ed 100644 --- a/api_docs/kbn_test_subj_selector.mdx +++ b/api_docs/kbn_test_subj_selector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-subj-selector title: "@kbn/test-subj-selector" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-subj-selector plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-subj-selector'] --- import kbnTestSubjSelectorObj from './kbn_test_subj_selector.devdocs.json'; diff --git a/api_docs/kbn_text_based_editor.mdx b/api_docs/kbn_text_based_editor.mdx index a33b47242e9f2..f3c2ba63d1b60 100644 --- a/api_docs/kbn_text_based_editor.mdx +++ b/api_docs/kbn_text_based_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-text-based-editor title: "@kbn/text-based-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/text-based-editor plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/text-based-editor'] --- import kbnTextBasedEditorObj from './kbn_text_based_editor.devdocs.json'; diff --git a/api_docs/kbn_timerange.mdx b/api_docs/kbn_timerange.mdx index 17dc5c2bac06d..52b0d766c6444 100644 --- a/api_docs/kbn_timerange.mdx +++ b/api_docs/kbn_timerange.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-timerange title: "@kbn/timerange" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/timerange plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/timerange'] --- import kbnTimerangeObj from './kbn_timerange.devdocs.json'; diff --git a/api_docs/kbn_tooling_log.mdx b/api_docs/kbn_tooling_log.mdx index 16a43b04158f3..50365f8ff1144 100644 --- a/api_docs/kbn_tooling_log.mdx +++ b/api_docs/kbn_tooling_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-tooling-log title: "@kbn/tooling-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/tooling-log plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/tooling-log'] --- import kbnToolingLogObj from './kbn_tooling_log.devdocs.json'; diff --git a/api_docs/kbn_triggers_actions_ui_types.mdx b/api_docs/kbn_triggers_actions_ui_types.mdx index 44d9b082e2e8f..c63c3d9fedae8 100644 --- a/api_docs/kbn_triggers_actions_ui_types.mdx +++ b/api_docs/kbn_triggers_actions_ui_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-triggers-actions-ui-types title: "@kbn/triggers-actions-ui-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/triggers-actions-ui-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/triggers-actions-ui-types'] --- import kbnTriggersActionsUiTypesObj from './kbn_triggers_actions_ui_types.devdocs.json'; diff --git a/api_docs/kbn_try_in_console.mdx b/api_docs/kbn_try_in_console.mdx index 1400213649a5a..e97a995e94ba0 100644 --- a/api_docs/kbn_try_in_console.mdx +++ b/api_docs/kbn_try_in_console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-try-in-console title: "@kbn/try-in-console" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/try-in-console plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/try-in-console'] --- import kbnTryInConsoleObj from './kbn_try_in_console.devdocs.json'; diff --git a/api_docs/kbn_ts_projects.mdx b/api_docs/kbn_ts_projects.mdx index 67dfd30ad773d..22099c46f8f88 100644 --- a/api_docs/kbn_ts_projects.mdx +++ b/api_docs/kbn_ts_projects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ts-projects title: "@kbn/ts-projects" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ts-projects plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ts-projects'] --- import kbnTsProjectsObj from './kbn_ts_projects.devdocs.json'; diff --git a/api_docs/kbn_typed_react_router_config.mdx b/api_docs/kbn_typed_react_router_config.mdx index 660ebd0eda8dc..01b8a56afebe4 100644 --- a/api_docs/kbn_typed_react_router_config.mdx +++ b/api_docs/kbn_typed_react_router_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-typed-react-router-config title: "@kbn/typed-react-router-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/typed-react-router-config plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/typed-react-router-config'] --- import kbnTypedReactRouterConfigObj from './kbn_typed_react_router_config.devdocs.json'; diff --git a/api_docs/kbn_ui_actions_browser.mdx b/api_docs/kbn_ui_actions_browser.mdx index fa4e5ee0f86dc..e440c05b9cbb2 100644 --- a/api_docs/kbn_ui_actions_browser.mdx +++ b/api_docs/kbn_ui_actions_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-actions-browser title: "@kbn/ui-actions-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-actions-browser plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-actions-browser'] --- import kbnUiActionsBrowserObj from './kbn_ui_actions_browser.devdocs.json'; diff --git a/api_docs/kbn_ui_shared_deps_src.mdx b/api_docs/kbn_ui_shared_deps_src.mdx index b67fc4ca2ec4f..d7b1ddb267586 100644 --- a/api_docs/kbn_ui_shared_deps_src.mdx +++ b/api_docs/kbn_ui_shared_deps_src.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-shared-deps-src title: "@kbn/ui-shared-deps-src" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-shared-deps-src plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-shared-deps-src'] --- import kbnUiSharedDepsSrcObj from './kbn_ui_shared_deps_src.devdocs.json'; diff --git a/api_docs/kbn_ui_theme.mdx b/api_docs/kbn_ui_theme.mdx index e5c9f84256dcd..385d83c0c5d7a 100644 --- a/api_docs/kbn_ui_theme.mdx +++ b/api_docs/kbn_ui_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-theme title: "@kbn/ui-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-theme plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-theme'] --- import kbnUiThemeObj from './kbn_ui_theme.devdocs.json'; diff --git a/api_docs/kbn_unified_data_table.mdx b/api_docs/kbn_unified_data_table.mdx index 8d4a87518a103..27ec8b148cca5 100644 --- a/api_docs/kbn_unified_data_table.mdx +++ b/api_docs/kbn_unified_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-data-table title: "@kbn/unified-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-data-table plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-data-table'] --- import kbnUnifiedDataTableObj from './kbn_unified_data_table.devdocs.json'; diff --git a/api_docs/kbn_unified_doc_viewer.mdx b/api_docs/kbn_unified_doc_viewer.mdx index 6fb3dd9251a90..11667c9ada2fd 100644 --- a/api_docs/kbn_unified_doc_viewer.mdx +++ b/api_docs/kbn_unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-doc-viewer title: "@kbn/unified-doc-viewer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-doc-viewer plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-doc-viewer'] --- import kbnUnifiedDocViewerObj from './kbn_unified_doc_viewer.devdocs.json'; diff --git a/api_docs/kbn_unified_field_list.mdx b/api_docs/kbn_unified_field_list.mdx index 023267038c309..e4c8018c89344 100644 --- a/api_docs/kbn_unified_field_list.mdx +++ b/api_docs/kbn_unified_field_list.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-field-list title: "@kbn/unified-field-list" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-field-list plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-field-list'] --- import kbnUnifiedFieldListObj from './kbn_unified_field_list.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_badge.mdx b/api_docs/kbn_unsaved_changes_badge.mdx index 952755a21f6ff..71a74de92a195 100644 --- a/api_docs/kbn_unsaved_changes_badge.mdx +++ b/api_docs/kbn_unsaved_changes_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-badge title: "@kbn/unsaved-changes-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-badge plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-badge'] --- import kbnUnsavedChangesBadgeObj from './kbn_unsaved_changes_badge.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_prompt.mdx b/api_docs/kbn_unsaved_changes_prompt.mdx index 51b539615e1ea..ac7d523ba9f8f 100644 --- a/api_docs/kbn_unsaved_changes_prompt.mdx +++ b/api_docs/kbn_unsaved_changes_prompt.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-prompt title: "@kbn/unsaved-changes-prompt" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-prompt plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-prompt'] --- import kbnUnsavedChangesPromptObj from './kbn_unsaved_changes_prompt.devdocs.json'; diff --git a/api_docs/kbn_use_tracked_promise.mdx b/api_docs/kbn_use_tracked_promise.mdx index 6dbe16027ea51..d3b0d789698d6 100644 --- a/api_docs/kbn_use_tracked_promise.mdx +++ b/api_docs/kbn_use_tracked_promise.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-use-tracked-promise title: "@kbn/use-tracked-promise" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/use-tracked-promise plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/use-tracked-promise'] --- import kbnUseTrackedPromiseObj from './kbn_use_tracked_promise.devdocs.json'; diff --git a/api_docs/kbn_user_profile_components.mdx b/api_docs/kbn_user_profile_components.mdx index 43bea435c4972..c42f3159d005c 100644 --- a/api_docs/kbn_user_profile_components.mdx +++ b/api_docs/kbn_user_profile_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-user-profile-components title: "@kbn/user-profile-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/user-profile-components plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/user-profile-components'] --- import kbnUserProfileComponentsObj from './kbn_user_profile_components.devdocs.json'; diff --git a/api_docs/kbn_utility_types.mdx b/api_docs/kbn_utility_types.mdx index 522e0761606b2..f8699acc70c2c 100644 --- a/api_docs/kbn_utility_types.mdx +++ b/api_docs/kbn_utility_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types title: "@kbn/utility-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types'] --- import kbnUtilityTypesObj from './kbn_utility_types.devdocs.json'; diff --git a/api_docs/kbn_utility_types_jest.mdx b/api_docs/kbn_utility_types_jest.mdx index fe84b92521fc8..87f5d89604ce6 100644 --- a/api_docs/kbn_utility_types_jest.mdx +++ b/api_docs/kbn_utility_types_jest.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types-jest title: "@kbn/utility-types-jest" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types-jest plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types-jest'] --- import kbnUtilityTypesJestObj from './kbn_utility_types_jest.devdocs.json'; diff --git a/api_docs/kbn_utils.mdx b/api_docs/kbn_utils.mdx index 4be835b3cd95d..e1a5320cd948d 100644 --- a/api_docs/kbn_utils.mdx +++ b/api_docs/kbn_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utils title: "@kbn/utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utils'] --- import kbnUtilsObj from './kbn_utils.devdocs.json'; diff --git a/api_docs/kbn_visualization_ui_components.mdx b/api_docs/kbn_visualization_ui_components.mdx index 38a9ccacddf9a..3bde27e96b761 100644 --- a/api_docs/kbn_visualization_ui_components.mdx +++ b/api_docs/kbn_visualization_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-ui-components title: "@kbn/visualization-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-ui-components plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-ui-components'] --- import kbnVisualizationUiComponentsObj from './kbn_visualization_ui_components.devdocs.json'; diff --git a/api_docs/kbn_visualization_utils.mdx b/api_docs/kbn_visualization_utils.mdx index fb5cc3df798d7..d1d908929a6a2 100644 --- a/api_docs/kbn_visualization_utils.mdx +++ b/api_docs/kbn_visualization_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-utils title: "@kbn/visualization-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-utils'] --- import kbnVisualizationUtilsObj from './kbn_visualization_utils.devdocs.json'; diff --git a/api_docs/kbn_xstate_utils.mdx b/api_docs/kbn_xstate_utils.mdx index 8192b1b0734a1..17157f4c724e5 100644 --- a/api_docs/kbn_xstate_utils.mdx +++ b/api_docs/kbn_xstate_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-xstate-utils title: "@kbn/xstate-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/xstate-utils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/xstate-utils'] --- import kbnXstateUtilsObj from './kbn_xstate_utils.devdocs.json'; diff --git a/api_docs/kbn_yarn_lock_validator.mdx b/api_docs/kbn_yarn_lock_validator.mdx index 7fe922b353c78..c9a74ec05ab42 100644 --- a/api_docs/kbn_yarn_lock_validator.mdx +++ b/api_docs/kbn_yarn_lock_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-yarn-lock-validator title: "@kbn/yarn-lock-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/yarn-lock-validator plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/yarn-lock-validator'] --- import kbnYarnLockValidatorObj from './kbn_yarn_lock_validator.devdocs.json'; diff --git a/api_docs/kbn_zod_helpers.mdx b/api_docs/kbn_zod_helpers.mdx index 8ed76d08e067f..96d6fff9a06fe 100644 --- a/api_docs/kbn_zod_helpers.mdx +++ b/api_docs/kbn_zod_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod-helpers title: "@kbn/zod-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod-helpers plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod-helpers'] --- import kbnZodHelpersObj from './kbn_zod_helpers.devdocs.json'; diff --git a/api_docs/kibana_overview.mdx b/api_docs/kibana_overview.mdx index ccf540f2a8da4..3b8040a0f929f 100644 --- a/api_docs/kibana_overview.mdx +++ b/api_docs/kibana_overview.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaOverview title: "kibanaOverview" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaOverview plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaOverview'] --- import kibanaOverviewObj from './kibana_overview.devdocs.json'; diff --git a/api_docs/kibana_react.mdx b/api_docs/kibana_react.mdx index 9d66e2d4cb55b..e4bcb7a28fe6e 100644 --- a/api_docs/kibana_react.mdx +++ b/api_docs/kibana_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaReact title: "kibanaReact" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaReact plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaReact'] --- import kibanaReactObj from './kibana_react.devdocs.json'; diff --git a/api_docs/kibana_utils.mdx b/api_docs/kibana_utils.mdx index d1546370529aa..57dcab83b70ef 100644 --- a/api_docs/kibana_utils.mdx +++ b/api_docs/kibana_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaUtils title: "kibanaUtils" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaUtils plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaUtils'] --- import kibanaUtilsObj from './kibana_utils.devdocs.json'; diff --git a/api_docs/kubernetes_security.mdx b/api_docs/kubernetes_security.mdx index 287b72fc913cb..e47bef7170c48 100644 --- a/api_docs/kubernetes_security.mdx +++ b/api_docs/kubernetes_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kubernetesSecurity title: "kubernetesSecurity" image: https://source.unsplash.com/400x175/?github description: API docs for the kubernetesSecurity plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kubernetesSecurity'] --- import kubernetesSecurityObj from './kubernetes_security.devdocs.json'; diff --git a/api_docs/lens.mdx b/api_docs/lens.mdx index 0efbec267a964..402fcdb2b06ab 100644 --- a/api_docs/lens.mdx +++ b/api_docs/lens.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lens title: "lens" image: https://source.unsplash.com/400x175/?github description: API docs for the lens plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lens'] --- import lensObj from './lens.devdocs.json'; diff --git a/api_docs/license_api_guard.mdx b/api_docs/license_api_guard.mdx index e7306297614c5..75305ce5b27b7 100644 --- a/api_docs/license_api_guard.mdx +++ b/api_docs/license_api_guard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseApiGuard title: "licenseApiGuard" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseApiGuard plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseApiGuard'] --- import licenseApiGuardObj from './license_api_guard.devdocs.json'; diff --git a/api_docs/license_management.mdx b/api_docs/license_management.mdx index ed5aa582da283..a987330bb8bc3 100644 --- a/api_docs/license_management.mdx +++ b/api_docs/license_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseManagement title: "licenseManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseManagement plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseManagement'] --- import licenseManagementObj from './license_management.devdocs.json'; diff --git a/api_docs/licensing.mdx b/api_docs/licensing.mdx index d324dc1b9d125..745e2fd6551e3 100644 --- a/api_docs/licensing.mdx +++ b/api_docs/licensing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licensing title: "licensing" image: https://source.unsplash.com/400x175/?github description: API docs for the licensing plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licensing'] --- import licensingObj from './licensing.devdocs.json'; diff --git a/api_docs/links.devdocs.json b/api_docs/links.devdocs.json index 55d1053815fad..e242c392dcd42 100644 --- a/api_docs/links.devdocs.json +++ b/api_docs/links.devdocs.json @@ -110,6 +110,27 @@ "deprecated": false, "trackAdoption": false }, + { + "parentPluginId": "links", + "id": "def-public.LinksEmbeddable.grouping", + "type": "Array", + "tags": [], + "label": "grouping", + "description": [], + "signature": [ + { + "pluginId": "@kbn/ui-actions-browser", + "scope": "common", + "docId": "kibKbnUiActionsBrowserPluginApi", + "section": "def-common.PresentableGroup", + "text": "PresentableGroup" + }, + "[]" + ], + "path": "src/plugins/links/public/embeddable/links_embeddable.tsx", + "deprecated": false, + "trackAdoption": false + }, { "parentPluginId": "links", "id": "def-public.LinksEmbeddable.Unnamed", @@ -565,10 +586,10 @@ "pluginId": "@kbn/ui-actions-browser", "scope": "common", "docId": "kibKbnUiActionsBrowserPluginApi", - "section": "def-common.PresentableGrouping", - "text": "PresentableGrouping" + "section": "def-common.PresentableGroup", + "text": "PresentableGroup" }, - " | undefined" + "[]" ], "path": "src/plugins/links/public/embeddable/links_embeddable_factory.ts", "deprecated": false, diff --git a/api_docs/links.mdx b/api_docs/links.mdx index 1ed696f89fa37..d6e6a553f30b9 100644 --- a/api_docs/links.mdx +++ b/api_docs/links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/links title: "links" image: https://source.unsplash.com/400x175/?github description: API docs for the links plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'links'] --- import linksObj from './links.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kib | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 57 | 0 | 57 | 6 | +| 58 | 0 | 58 | 6 | ## Client diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx index 2ae0810f9e230..bbd7308aab971 100644 --- a/api_docs/lists.mdx +++ b/api_docs/lists.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lists title: "lists" image: https://source.unsplash.com/400x175/?github description: API docs for the lists plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lists'] --- import listsObj from './lists.devdocs.json'; diff --git a/api_docs/logs_data_access.mdx b/api_docs/logs_data_access.mdx index fcabe8f2dcbf6..de8b1a4d800cc 100644 --- a/api_docs/logs_data_access.mdx +++ b/api_docs/logs_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsDataAccess title: "logsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the logsDataAccess plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsDataAccess'] --- import logsDataAccessObj from './logs_data_access.devdocs.json'; diff --git a/api_docs/logs_explorer.mdx b/api_docs/logs_explorer.mdx index 2366bde5df142..16a836eaa1ae8 100644 --- a/api_docs/logs_explorer.mdx +++ b/api_docs/logs_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsExplorer title: "logsExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the logsExplorer plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsExplorer'] --- import logsExplorerObj from './logs_explorer.devdocs.json'; diff --git a/api_docs/logs_shared.mdx b/api_docs/logs_shared.mdx index 751522beb15ae..bf7bd4e4a9bbc 100644 --- a/api_docs/logs_shared.mdx +++ b/api_docs/logs_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsShared title: "logsShared" image: https://source.unsplash.com/400x175/?github description: API docs for the logsShared plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsShared'] --- import logsSharedObj from './logs_shared.devdocs.json'; diff --git a/api_docs/management.mdx b/api_docs/management.mdx index 0cf5376aae3f2..73ff341cc518b 100644 --- a/api_docs/management.mdx +++ b/api_docs/management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/management title: "management" image: https://source.unsplash.com/400x175/?github description: API docs for the management plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'management'] --- import managementObj from './management.devdocs.json'; diff --git a/api_docs/maps.mdx b/api_docs/maps.mdx index c011fb8d2a08c..85dba4b5d2b4c 100644 --- a/api_docs/maps.mdx +++ b/api_docs/maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/maps title: "maps" image: https://source.unsplash.com/400x175/?github description: API docs for the maps plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'maps'] --- import mapsObj from './maps.devdocs.json'; diff --git a/api_docs/maps_ems.mdx b/api_docs/maps_ems.mdx index 2aee36720f496..708cbd31fdb5d 100644 --- a/api_docs/maps_ems.mdx +++ b/api_docs/maps_ems.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mapsEms title: "mapsEms" image: https://source.unsplash.com/400x175/?github description: API docs for the mapsEms plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mapsEms'] --- import mapsEmsObj from './maps_ems.devdocs.json'; diff --git a/api_docs/metrics_data_access.mdx b/api_docs/metrics_data_access.mdx index f8ff51a4d3256..fc2ef4d8dd350 100644 --- a/api_docs/metrics_data_access.mdx +++ b/api_docs/metrics_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/metricsDataAccess title: "metricsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the metricsDataAccess plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'metricsDataAccess'] --- import metricsDataAccessObj from './metrics_data_access.devdocs.json'; diff --git a/api_docs/ml.mdx b/api_docs/ml.mdx index 2e858fb733dd5..d5dba84ca6092 100644 --- a/api_docs/ml.mdx +++ b/api_docs/ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ml title: "ml" image: https://source.unsplash.com/400x175/?github description: API docs for the ml plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ml'] --- import mlObj from './ml.devdocs.json'; diff --git a/api_docs/mock_idp_plugin.mdx b/api_docs/mock_idp_plugin.mdx index a00e0c0d5fbfa..b61b033007198 100644 --- a/api_docs/mock_idp_plugin.mdx +++ b/api_docs/mock_idp_plugin.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mockIdpPlugin title: "mockIdpPlugin" image: https://source.unsplash.com/400x175/?github description: API docs for the mockIdpPlugin plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mockIdpPlugin'] --- import mockIdpPluginObj from './mock_idp_plugin.devdocs.json'; diff --git a/api_docs/monitoring.mdx b/api_docs/monitoring.mdx index e7ce7f43a2f77..bfb344ff68abd 100644 --- a/api_docs/monitoring.mdx +++ b/api_docs/monitoring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoring title: "monitoring" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoring plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoring'] --- import monitoringObj from './monitoring.devdocs.json'; diff --git a/api_docs/monitoring_collection.mdx b/api_docs/monitoring_collection.mdx index 89c3c3c895cda..3a66129650e29 100644 --- a/api_docs/monitoring_collection.mdx +++ b/api_docs/monitoring_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoringCollection title: "monitoringCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoringCollection plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoringCollection'] --- import monitoringCollectionObj from './monitoring_collection.devdocs.json'; diff --git a/api_docs/navigation.mdx b/api_docs/navigation.mdx index f787807ed24f6..7cf7d209cf9e0 100644 --- a/api_docs/navigation.mdx +++ b/api_docs/navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/navigation title: "navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the navigation plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'navigation'] --- import navigationObj from './navigation.devdocs.json'; diff --git a/api_docs/newsfeed.mdx b/api_docs/newsfeed.mdx index 979daf31ac858..cc512c0b1e181 100644 --- a/api_docs/newsfeed.mdx +++ b/api_docs/newsfeed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/newsfeed title: "newsfeed" image: https://source.unsplash.com/400x175/?github description: API docs for the newsfeed plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'newsfeed'] --- import newsfeedObj from './newsfeed.devdocs.json'; diff --git a/api_docs/no_data_page.mdx b/api_docs/no_data_page.mdx index 59a16ad9229f9..3894b6dbe2398 100644 --- a/api_docs/no_data_page.mdx +++ b/api_docs/no_data_page.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/noDataPage title: "noDataPage" image: https://source.unsplash.com/400x175/?github description: API docs for the noDataPage plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'noDataPage'] --- import noDataPageObj from './no_data_page.devdocs.json'; diff --git a/api_docs/notifications.mdx b/api_docs/notifications.mdx index 9f63eb336a2f5..9f9a64a7b9842 100644 --- a/api_docs/notifications.mdx +++ b/api_docs/notifications.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/notifications title: "notifications" image: https://source.unsplash.com/400x175/?github description: API docs for the notifications plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'notifications'] --- import notificationsObj from './notifications.devdocs.json'; diff --git a/api_docs/observability.devdocs.json b/api_docs/observability.devdocs.json index 46d940d14b41b..b3ed45a5dc0af 100644 --- a/api_docs/observability.devdocs.json +++ b/api_docs/observability.devdocs.json @@ -1,177 +1,70 @@ { "id": "observability", "client": { - "classes": [ + "classes": [], + "functions": [ { "parentPluginId": "observability", - "id": "def-public.AutocompleteField", - "type": "Class", + "id": "def-public.AlertSummary", + "type": "Function", "tags": [], - "label": "AutocompleteField", + "label": "AlertSummary", "description": [], "signature": [ - { - "pluginId": "observability", - "scope": "public", - "docId": "kibObservabilityPluginApi", - "section": "def-public.AutocompleteField", - "text": "AutocompleteField" - }, - " extends React.Component" + "(props: ", + "AlertSummaryProps", + ") => JSX.Element" ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx", "deprecated": false, "trackAdoption": false, "children": [ { "parentPluginId": "observability", - "id": "def-public.AutocompleteField.state", + "id": "def-public.AlertSummary.$1", "type": "Object", "tags": [], - "label": "state", - "description": [], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "observability", - "id": "def-public.AutocompleteField.state.areSuggestionsVisible", - "type": "boolean", - "tags": [], - "label": "areSuggestionsVisible", - "description": [], - "signature": [ - "false" - ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", - "deprecated": false, - "trackAdoption": false - }, - { - "parentPluginId": "observability", - "id": "def-public.AutocompleteField.state.isFocused", - "type": "boolean", - "tags": [], - "label": "isFocused", - "description": [], - "signature": [ - "false" - ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", - "deprecated": false, - "trackAdoption": false - }, - { - "parentPluginId": "observability", - "id": "def-public.AutocompleteField.state.selectedIndex", - "type": "Uncategorized", - "tags": [], - "label": "selectedIndex", - "description": [], - "signature": [ - "null" - ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", - "deprecated": false, - "trackAdoption": false - } - ] - }, - { - "parentPluginId": "observability", - "id": "def-public.AutocompleteField.render", - "type": "Function", - "tags": [], - "label": "render", - "description": [], - "signature": [ - "() => JSX.Element" - ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", - "deprecated": false, - "trackAdoption": false, - "children": [], - "returnComment": [] - }, - { - "parentPluginId": "observability", - "id": "def-public.AutocompleteField.componentDidMount", - "type": "Function", - "tags": [], - "label": "componentDidMount", - "description": [], - "signature": [ - "() => void" - ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", - "deprecated": false, - "trackAdoption": false, - "children": [], - "returnComment": [] - }, - { - "parentPluginId": "observability", - "id": "def-public.AutocompleteField.componentDidUpdate", - "type": "Function", - "tags": [], - "label": "componentDidUpdate", + "label": "props", "description": [], "signature": [ - "(prevProps: AutocompleteFieldProps) => void" + "AlertSummaryProps" ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx", "deprecated": false, "trackAdoption": false, - "children": [ - { - "parentPluginId": "observability", - "id": "def-public.AutocompleteField.componentDidUpdate.$1", - "type": "Object", - "tags": [], - "label": "prevProps", - "description": [], - "signature": [ - "AutocompleteFieldProps" - ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] + "isRequired": true } ], + "returnComment": [], "initialIsOpen": false - } - ], - "functions": [ + }, { "parentPluginId": "observability", - "id": "def-public.AlertSummary", + "id": "def-public.AutocompleteField", "type": "Function", "tags": [], - "label": "AlertSummary", + "label": "AutocompleteField", "description": [], "signature": [ - "({ alert, alertSummaryFields }: AlertSummaryProps) => JSX.Element" + "(props: ", + "AutocompleteFieldProps", + ") => JSX.Element" ], - "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx", "deprecated": false, "trackAdoption": false, "children": [ { "parentPluginId": "observability", - "id": "def-public.AlertSummary.$1", + "id": "def-public.AutocompleteField.$1", "type": "Object", "tags": [], - "label": "{ alert, alertSummaryFields }", + "label": "props", "description": [], "signature": [ - "AlertSummaryProps" + "AutocompleteFieldProps" ], - "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx", "deprecated": false, "trackAdoption": false, "isRequired": true @@ -457,9 +350,11 @@ "label": "DatePicker", "description": [], "signature": [ - "({\n rangeFrom,\n rangeTo,\n refreshPaused,\n refreshInterval,\n width = 'restricted',\n onTimeRangeRefresh,\n}: DatePickerProps) => JSX.Element" + "(props: ", + "DatePickerProps", + ") => JSX.Element" ], - "path": "x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx", "deprecated": false, "trackAdoption": false, "children": [ @@ -468,12 +363,12 @@ "id": "def-public.DatePicker.$1", "type": "Object", "tags": [], - "label": "{\n rangeFrom,\n rangeTo,\n refreshPaused,\n refreshInterval,\n width = 'restricted',\n onTimeRangeRefresh,\n}", + "label": "props", "description": [], "signature": [ "DatePickerProps" ], - "path": "x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx", "deprecated": false, "trackAdoption": false, "isRequired": true @@ -791,49 +686,6 @@ "returnComment": [], "initialIsOpen": false }, - { - "parentPluginId": "observability", - "id": "def-public.getElasticsearchQueryOrThrow", - "type": "Function", - "tags": [], - "label": "getElasticsearchQueryOrThrow", - "description": [], - "signature": [ - "(kuery: string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; }) => never[] | ", - "QueryDslQueryContainer", - " | { bool: ", - { - "pluginId": "@kbn/es-query", - "scope": "common", - "docId": "kibKbnEsQueryPluginApi", - "section": "def-common.BoolQuery", - "text": "BoolQuery" - }, - "; }" - ], - "path": "x-pack/plugins/observability_solution/observability/common/utils/parse_kuery.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "observability", - "id": "def-public.getElasticsearchQueryOrThrow.$1", - "type": "CompoundType", - "tags": [], - "label": "kuery", - "description": [], - "signature": [ - "string | { kqlQuery: string; filters: { meta: { alias?: string | null | undefined; disabled?: boolean | undefined; negate?: boolean | undefined; controlledBy?: string | undefined; group?: string | undefined; index?: string | undefined; isMultiIndex?: boolean | undefined; type?: string | undefined; key?: string | undefined; field?: string | undefined; params?: any; value?: string | undefined; }; query: { [x: string]: any; }; }[]; }" - ], - "path": "x-pack/plugins/observability_solution/observability/common/utils/parse_kuery.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [], - "initialIsOpen": false - }, { "parentPluginId": "observability", "id": "def-public.getGroupFilters", @@ -1079,9 +931,11 @@ "label": "RuleConditionChart", "description": [], "signature": [ - "({\n metricExpression,\n searchConfiguration,\n dataView,\n groupBy,\n error,\n annotations,\n timeRange,\n chartOptions: { seriesType, interval } = {},\n additionalFilters = [],\n}: RuleConditionChartProps) => JSX.Element" + "(props: ", + "RuleConditionChartProps", + ") => JSX.Element" ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx", "deprecated": false, "trackAdoption": false, "children": [ @@ -1090,12 +944,12 @@ "id": "def-public.RuleConditionChart.$1", "type": "Object", "tags": [], - "label": "{\n metricExpression,\n searchConfiguration,\n dataView,\n groupBy,\n error,\n annotations,\n timeRange,\n chartOptions: { seriesType, interval } = {},\n additionalFilters = [],\n}", + "label": "props", "description": [], "signature": [ "RuleConditionChartProps" ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx", "deprecated": false, "trackAdoption": false, "isRequired": true @@ -1112,9 +966,11 @@ "label": "RuleFlyoutKueryBar", "description": [], "signature": [ - "({\n derivedIndexPattern,\n onSubmit,\n onChange,\n value,\n placeholder,\n curryLoadSuggestions = defaultCurryLoadSuggestions,\n compressed,\n}: Props) => JSX.Element" + "(props: ", + "RuleFlyoutKueryBarProps", + ") => JSX.Element" ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx", "deprecated": false, "trackAdoption": false, "children": [ @@ -1123,12 +979,12 @@ "id": "def-public.RuleFlyoutKueryBar.$1", "type": "Object", "tags": [], - "label": "{\n derivedIndexPattern,\n onSubmit,\n onChange,\n value,\n placeholder,\n curryLoadSuggestions = defaultCurryLoadSuggestions,\n compressed,\n}", + "label": "props", "description": [], "signature": [ - "Props" + "RuleFlyoutKueryBarProps" ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx", "deprecated": false, "trackAdoption": false, "isRequired": true @@ -1172,29 +1028,6 @@ "returnComment": [], "initialIsOpen": false }, - { - "parentPluginId": "observability", - "id": "def-public.useCreateRule", - "type": "Function", - "tags": [], - "label": "useCreateRule", - "description": [], - "signature": [ - "() => ", - "UseMutationResult", - "<", - "CreateRuleResponse", - ", Error, { rule: ", - "CreateRuleRequestBody", - "; }, unknown>" - ], - "path": "x-pack/plugins/observability_solution/observability/public/hooks/use_create_rule.ts", - "deprecated": false, - "trackAdoption": false, - "children": [], - "returnComment": [], - "initialIsOpen": false - }, { "parentPluginId": "observability", "id": "def-public.useFetchDataViews", @@ -1234,23 +1067,6 @@ "returnComment": [], "initialIsOpen": false }, - { - "parentPluginId": "observability", - "id": "def-public.useGetFilteredRuleTypes", - "type": "Function", - "tags": [], - "label": "useGetFilteredRuleTypes", - "description": [], - "signature": [ - "() => string[]" - ], - "path": "x-pack/plugins/observability_solution/observability/public/hooks/use_get_filtered_rule_types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [], - "returnComment": [], - "initialIsOpen": false - }, { "parentPluginId": "observability", "id": "def-public.useSummaryTimeRange", @@ -1337,42 +1153,31 @@ "label": "WithKueryAutocompletion", "description": [], "signature": [ - "React.FunctionComponent>" + "(props: ", + "WithKueryAutocompletionLifecycleProps", + ") => JSX.Element" ], - "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx", "deprecated": false, "trackAdoption": false, - "returnComment": [], "children": [ { "parentPluginId": "observability", "id": "def-public.WithKueryAutocompletion.$1", - "type": "CompoundType", + "type": "Object", "tags": [], "label": "props", "description": [], "signature": [ - "P & { children?: React.ReactNode; }" + "WithKueryAutocompletionLifecycleProps" ], - "path": "node_modules/@types/react/index.d.ts", + "path": "x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx", "deprecated": false, - "trackAdoption": false - }, - { - "parentPluginId": "observability", - "id": "def-public.WithKueryAutocompletion.$2", - "type": "Any", - "tags": [], - "label": "context", - "description": [], - "signature": [ - "any" - ], - "path": "node_modules/@types/react/index.d.ts", - "deprecated": false, - "trackAdoption": false + "trackAdoption": false, + "isRequired": true } ], + "returnComment": [], "initialIsOpen": false } ], @@ -1560,7 +1365,7 @@ "label": "unsafe", "description": [], "signature": [ - "{ alertDetails: { metrics: { enabled: boolean; }; logs?: { enabled: boolean; } | undefined; uptime: { enabled: boolean; }; observability?: { enabled: boolean; } | undefined; }; thresholdRule?: { enabled: boolean; } | undefined; ruleFormV2?: { enabled: boolean; } | undefined; }" + "{ alertDetails: { logs?: { enabled: boolean; } | undefined; uptime: { enabled: boolean; }; observability?: { enabled: boolean; } | undefined; }; thresholdRule?: { enabled: boolean; } | undefined; ruleFormV2?: { enabled: boolean; } | undefined; }" ], "path": "x-pack/plugins/observability_solution/observability/public/plugin.ts", "deprecated": false, @@ -3913,7 +3718,7 @@ "label": "format", "description": [], "signature": [ - "(options: { fields: OutputOf> & Record; formatters: { asDuration: (value: ", + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record; formatters: { asDuration: (value: ", "Maybe", ", { defaultValue, extended }?: FormatterOptions) => string; asPercent: (numerator: ", "Maybe", @@ -3940,7 +3745,7 @@ "label": "options", "description": [], "signature": [ - "{ fields: OutputOf> & Record; formatters: { asDuration: (value: ", + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record; formatters: { asDuration: (value: ", "Maybe", ", { defaultValue, extended }?: FormatterOptions) => string; asPercent: (numerator: ", "Maybe", @@ -4230,7 +4035,7 @@ "label": "fields", "description": [], "signature": [ - "OutputOf> & OutputOf> & TAdditionalMetaFields" + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf> & TAdditionalMetaFields" ], "path": "x-pack/plugins/observability_solution/observability/public/typings/alerts.ts", "deprecated": false, @@ -4851,7 +4656,7 @@ "label": "ObservabilityRuleTypeFormatter", "description": [], "signature": [ - "(options: { fields: OutputOf> & Record; formatters: { asDuration: (value: ", + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record; formatters: { asDuration: (value: ", "Maybe", ", { defaultValue, extended }?: FormatterOptions) => string; asPercent: (numerator: ", "Maybe", @@ -4878,7 +4683,7 @@ "label": "options", "description": [], "signature": [ - "{ fields: OutputOf> & Record; formatters: { asDuration: (value: ", + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & Record; formatters: { asDuration: (value: ", "Maybe", ", { defaultValue, extended }?: FormatterOptions) => string; asPercent: (numerator: ", "Maybe", diff --git a/api_docs/observability.mdx b/api_docs/observability.mdx index 8d2e571c56677..20063bd495b93 100644 --- a/api_docs/observability.mdx +++ b/api_docs/observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observability title: "observability" image: https://source.unsplash.com/400x175/?github description: API docs for the observability plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observability'] --- import observabilityObj from './observability.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/ | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 705 | 2 | 696 | 16 | +| 693 | 2 | 686 | 22 | ## Client @@ -34,9 +34,6 @@ Contact [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/ ### Functions -### Classes - - ### Interfaces diff --git a/api_docs/observability_a_i_assistant.mdx b/api_docs/observability_a_i_assistant.mdx index b53141f065019..50aa42665cef1 100644 --- a/api_docs/observability_a_i_assistant.mdx +++ b/api_docs/observability_a_i_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistant title: "observabilityAIAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistant plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistant'] --- import observabilityAIAssistantObj from './observability_a_i_assistant.devdocs.json'; diff --git a/api_docs/observability_a_i_assistant_app.mdx b/api_docs/observability_a_i_assistant_app.mdx index 08fc8f08d7733..bdf4fc2d52e8c 100644 --- a/api_docs/observability_a_i_assistant_app.mdx +++ b/api_docs/observability_a_i_assistant_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistantApp title: "observabilityAIAssistantApp" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistantApp plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistantApp'] --- import observabilityAIAssistantAppObj from './observability_a_i_assistant_app.devdocs.json'; diff --git a/api_docs/observability_ai_assistant_management.mdx b/api_docs/observability_ai_assistant_management.mdx index a7b4a34935a02..cd76730e9fd7f 100644 --- a/api_docs/observability_ai_assistant_management.mdx +++ b/api_docs/observability_ai_assistant_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAiAssistantManagement title: "observabilityAiAssistantManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAiAssistantManagement plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAiAssistantManagement'] --- import observabilityAiAssistantManagementObj from './observability_ai_assistant_management.devdocs.json'; diff --git a/api_docs/observability_logs_explorer.mdx b/api_docs/observability_logs_explorer.mdx index e10bf6db75d07..77daf4b910c44 100644 --- a/api_docs/observability_logs_explorer.mdx +++ b/api_docs/observability_logs_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityLogsExplorer title: "observabilityLogsExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityLogsExplorer plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityLogsExplorer'] --- import observabilityLogsExplorerObj from './observability_logs_explorer.devdocs.json'; diff --git a/api_docs/observability_onboarding.mdx b/api_docs/observability_onboarding.mdx index 4b538e24e3205..64e7685552080 100644 --- a/api_docs/observability_onboarding.mdx +++ b/api_docs/observability_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityOnboarding title: "observabilityOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityOnboarding plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityOnboarding'] --- import observabilityOnboardingObj from './observability_onboarding.devdocs.json'; diff --git a/api_docs/observability_shared.mdx b/api_docs/observability_shared.mdx index 5ce54cc7b5ccd..2ab04149131e3 100644 --- a/api_docs/observability_shared.mdx +++ b/api_docs/observability_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityShared title: "observabilityShared" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityShared plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityShared'] --- import observabilitySharedObj from './observability_shared.devdocs.json'; diff --git a/api_docs/osquery.devdocs.json b/api_docs/osquery.devdocs.json index 2d09d029c0772..938299886d68a 100644 --- a/api_docs/osquery.devdocs.json +++ b/api_docs/osquery.devdocs.json @@ -301,7 +301,7 @@ "label": "createActionService", "description": [], "signature": [ - "{ create: (params: { agent_ids?: string[] | undefined; agent_all?: boolean | undefined; agent_platforms?: string[] | undefined; agent_policy_ids?: string[] | undefined; query?: string | undefined; queries?: { id: string; query: string; ecs_mapping: { [x: string]: { field?: string | undefined; value?: string | string[] | undefined; }; } | undefined; version: string | undefined; platform: string | undefined; removed: boolean | undefined; snapshot: boolean | undefined; }[] | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; ecs_mapping?: { [x: string]: { field?: string | undefined; value?: string | string[] | undefined; }; } | undefined; pack_id?: string | undefined; alert_ids?: string[] | undefined; case_ids?: string[] | undefined; event_ids?: string[] | undefined; metadata?: object | undefined; }, alertData?: (OutputOf> & { _index: string; }) | undefined) => Promise<{ response: { action_id: string; '@timestamp': string; expiration: string; type: string; input_type: string; alert_ids: string[] | undefined; event_ids: string[] | undefined; case_ids: string[] | undefined; agent_ids: string[] | undefined; agent_all: boolean | undefined; agent_platforms: string[] | undefined; agent_policy_ids: string[] | undefined; agents: string[]; user_id: string | undefined; metadata: object | undefined; pack_id: string | undefined; pack_name: string | undefined; pack_prebuilt: boolean | undefined; queries: ", + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & { _index: string; }) | undefined) => Promise<{ response: { action_id: string; '@timestamp': string; expiration: string; type: string; input_type: string; alert_ids: string[] | undefined; event_ids: string[] | undefined; case_ids: string[] | undefined; agent_ids: string[] | undefined; agent_all: boolean | undefined; agent_platforms: string[] | undefined; agent_policy_ids: string[] | undefined; agents: string[]; user_id: string | undefined; metadata: object | undefined; pack_id: string | undefined; pack_name: string | undefined; pack_prebuilt: boolean | undefined; queries: ", "Dictionary", "[]; }; fleetActionsCount: number; }>; stop: () => void; }" ], diff --git a/api_docs/osquery.mdx b/api_docs/osquery.mdx index f61602efde6fe..cf960b0ec2f94 100644 --- a/api_docs/osquery.mdx +++ b/api_docs/osquery.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/osquery title: "osquery" image: https://source.unsplash.com/400x175/?github description: API docs for the osquery plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'osquery'] --- import osqueryObj from './osquery.devdocs.json'; diff --git a/api_docs/painless_lab.mdx b/api_docs/painless_lab.mdx index 54bba3e751c60..289175278888f 100644 --- a/api_docs/painless_lab.mdx +++ b/api_docs/painless_lab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/painlessLab title: "painlessLab" image: https://source.unsplash.com/400x175/?github description: API docs for the painlessLab plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'painlessLab'] --- import painlessLabObj from './painless_lab.devdocs.json'; diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx index d4df216ec8e44..32a6f6a6959d8 100644 --- a/api_docs/plugin_directory.mdx +++ b/api_docs/plugin_directory.mdx @@ -7,7 +7,7 @@ id: kibDevDocsPluginDirectory slug: /kibana-dev-docs/api-meta/plugin-api-directory title: Directory description: Directory of public APIs available through plugins or packages. -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -15,13 +15,13 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | Count | Plugins or Packages with a
public API | Number of teams | |--------------|----------|------------------------| -| 808 | 692 | 42 | +| 810 | 694 | 42 | ### Public API health stats | API Count | Any Count | Missing comments | Missing exports | |--------------|----------|-----------------|--------| -| 49412 | 238 | 37680 | 1886 | +| 49596 | 238 | 37840 | 1886 | ## Plugin Directory @@ -31,10 +31,9 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/appex-sharedux @elastic/kibana-management](https://github.com/orgs/elastic/teams/appex-sharedux ) | - | 2 | 0 | 2 | 0 | | | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 4 | 0 | 4 | 1 | | | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | AIOps plugin maintained by ML team. | 72 | 0 | 9 | 2 | -| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 868 | 1 | 836 | 54 | +| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 870 | 1 | 838 | 52 | | | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | The user interface for Elastic APM | 29 | 0 | 29 | 123 | | | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 9 | 0 | 9 | 0 | -| | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | Asset manager plugin for entity assets (inventory, topology, etc) | 11 | 0 | 11 | 3 | | | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 2 | 0 | 2 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 9 | 0 | 9 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Considering using bfetch capabilities when fetching large amounts of data. This services supports batching HTTP requests and streaming responses back. | 83 | 1 | 73 | 2 | @@ -71,10 +70,11 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | A stateful layer to register shared features and provide an access point to discover without a direct dependency | 16 | 0 | 15 | 2 | | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | APIs used to assess the quality of data in Elasticsearch indexes | 2 | 0 | 0 | 0 | | | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | Server APIs for the Elastic AI Assistant | 48 | 0 | 34 | 1 | -| | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds embeddables service to Kibana | 557 | 1 | 447 | 9 | +| | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds embeddables service to Kibana | 571 | 1 | 461 | 9 | | | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Extends embeddable plugin with more functionality | 19 | 0 | 19 | 2 | | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides encryption and decryption utilities for saved objects containing sensitive information. | 53 | 0 | 46 | 1 | | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | Adds dashboards for discovering and managing Enterprise Search products. | 5 | 0 | 5 | 0 | +| | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | Entity manager plugin for entity assets (inventory, topology, etc) | 8 | 0 | 8 | 1 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 99 | 3 | 97 | 3 | | | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 2 | 0 | 2 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | The Event Annotation service contains expressions for event annotations | 201 | 0 | 201 | 6 | @@ -101,7 +101,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-gis](https://github.com/orgs/elastic/teams/kibana-gis) | The file upload plugin contains components and services for uploading a file, analyzing its data, and then importing the data into an Elasticsearch index. Supported file types include CSV, TSV, newline-delimited JSON and GeoJSON. | 84 | 0 | 84 | 8 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | File upload, download, sharing, and serving over HTTP implementation in Kibana. | 240 | 0 | 24 | 9 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Simple UI for managing files in Kibana | 2 | 0 | 2 | 0 | -| | [@elastic/fleet](https://github.com/orgs/elastic/teams/fleet) | - | 1341 | 5 | 1219 | 72 | +| | [@elastic/fleet](https://github.com/orgs/elastic/teams/fleet) | - | 1348 | 5 | 1226 | 72 | | ftrApis | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 0 | 0 | 0 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 72 | 0 | 14 | 5 | | globalSearchBar | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 0 | 0 | 0 | 0 | @@ -129,7 +129,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 8 | 0 | 8 | 0 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 4 | 0 | 4 | 1 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 117 | 0 | 42 | 10 | -| | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | A dashboard panel for creating links to dashboards or external links. | 57 | 0 | 57 | 6 | +| | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | A dashboard panel for creating links to dashboards or external links. | 58 | 0 | 58 | 6 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 226 | 0 | 97 | 52 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 7 | 0 | 7 | 1 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | This plugin provides a LogsExplorer component using the Discover customization framework, offering several affordances specifically designed for log consumption. | 117 | 4 | 117 | 22 | @@ -147,7 +147,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 17 | 0 | 17 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 3 | 0 | 3 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 1 | -| | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 705 | 2 | 696 | 16 | +| | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 693 | 2 | 686 | 22 | | | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 290 | 1 | 288 | 26 | | | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 4 | 0 | 4 | 0 | | | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 2 | 0 | 2 | 0 | @@ -179,7 +179,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | Plugin to provide access to and rendering of python notebooks for use in the persistent developer console. | 6 | 0 | 6 | 0 | | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 18 | 0 | 10 | 1 | | searchprofiler | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 0 | 0 | 0 | 0 | -| | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides authentication and authorization features, and exposes functionality to understand the capabilities of the currently authenticated user. | 414 | 0 | 205 | 3 | +| | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides authentication and authorization features, and exposes functionality to understand the capabilities of the currently authenticated user. | 411 | 0 | 204 | 1 | | | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | - | 191 | 0 | 121 | 37 | | | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | ESS customizations for Security Solution. | 6 | 0 | 6 | 0 | | | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | Serverless customizations for security. | 7 | 0 | 7 | 0 | @@ -201,11 +201,11 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 6 | 0 | 0 | 0 | | | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 29 | 0 | 10 | 0 | | | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | Elastic threat intelligence helps you see if you are open to or have been subject to current or historical known threats | 30 | 0 | 14 | 4 | -| | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 242 | 1 | 198 | 17 | +| | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 241 | 1 | 197 | 17 | | | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | This plugin provides access to the transforms features provided by Elastic. Transforms enable you to convert existing Elasticsearch indices into summarized indices, which provide opportunities for new insights and analytics. | 4 | 0 | 4 | 1 | | translations | [@elastic/kibana-localization](https://github.com/orgs/elastic/teams/kibana-localization) | - | 0 | 0 | 0 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 588 | 1 | 562 | 52 | -| | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds UI Actions service to Kibana | 149 | 0 | 103 | 9 | +| | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Adds UI Actions service to Kibana | 156 | 0 | 110 | 9 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Extends UI Actions plugin with more functionality | 212 | 0 | 145 | 11 | | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | This plugin contains services reliant on the plugin lifecycle for the unified doc viewer component (see @kbn/unified-doc-viewer). | 12 | 0 | 8 | 3 | | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | The `unifiedHistogram` plugin provides UI components to create a layout including a resizable histogram and a main display. | 71 | 0 | 36 | 6 | @@ -229,7 +229,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Registers the vega visualization. Is the elastic version of vega and vega-lite libraries. | 2 | 0 | 2 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains the vislib visualizations. These are the classical area/line/bar, gauge/goal and heatmap charts. We want to replace them with elastic-charts. | 1 | 0 | 1 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains the new xy-axis chart using the elastic-charts library, which will eventually replace the vislib xy-axis charts including bar, area, and line. | 52 | 0 | 50 | 5 | -| | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains the shared architecture among all the legacy visualizations, e.g. the visualization type registry or the visualization embeddable. | 865 | 12 | 834 | 19 | +| | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Contains the shared architecture among all the legacy visualizations, e.g. the visualization type registry or the visualization embeddable. | 869 | 12 | 838 | 19 | | watcher | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 0 | 0 | 0 | 0 | ## Package Directory @@ -244,7 +244,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 27 | 3 | 27 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 5 | 0 | 5 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 23 | 0 | 22 | 0 | -| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 190 | 0 | 187 | 0 | +| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 193 | 0 | 190 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 33 | 0 | 33 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 237 | 0 | 223 | 2 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 73 | 0 | 73 | 2 | @@ -252,7 +252,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 18 | 0 | 18 | 0 | | | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 4 | 0 | 4 | 0 | | | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 49 | 0 | 49 | 8 | -| | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 191 | 0 | 191 | 30 | +| | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 192 | 0 | 192 | 30 | | | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 11 | 0 | 11 | 0 | | | [@elastic/kibana-qa](https://github.com/orgs/elastic/teams/kibana-qa) | - | 12 | 0 | 12 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 4 | 0 | 1 | 0 | @@ -488,7 +488,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 13 | 0 | 5 | 0 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 35 | 0 | 34 | 0 | | | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 165 | 0 | 138 | 9 | -| | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 305 | 0 | 286 | 0 | +| | [@elastic/security-generative-ai](https://github.com/orgs/elastic/teams/security-generative-ai) | - | 329 | 0 | 307 | 0 | | | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 20 | 0 | 20 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 52 | 0 | 37 | 7 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 32 | 0 | 19 | 1 | @@ -629,7 +629,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 5 | 0 | 5 | 1 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 2 | 0 | 1 | 1 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 16 | 0 | 16 | 1 | -| | [@elastic/security-detections-response](https://github.com/orgs/elastic/teams/security-detections-response) | - | 125 | 0 | 122 | 0 | +| | [@elastic/security-detections-response](https://github.com/orgs/elastic/teams/security-detections-response) | - | 127 | 0 | 124 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 0 | | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 76 | 0 | 76 | 0 | | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 3717 | 0 | 3717 | 0 | @@ -637,10 +637,12 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 25 | 0 | 25 | 0 | | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 20 | 0 | 18 | 1 | | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 50 | 0 | 25 | 0 | +| | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 66 | 0 | 63 | 0 | +| | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 35 | 0 | 25 | 0 | | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 7 | 0 | 7 | 0 | -| | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 88 | 0 | 40 | 0 | +| | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 116 | 0 | 58 | 0 | | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 51 | 0 | 25 | 0 | -| | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 207 | 0 | 114 | 0 | +| | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 216 | 0 | 121 | 0 | | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 14 | 0 | 14 | 6 | | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 54 | 0 | 49 | 0 | | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 30 | 0 | 24 | 0 | diff --git a/api_docs/presentation_panel.mdx b/api_docs/presentation_panel.mdx index ad1878e46b6b7..5ef0a49798ca9 100644 --- a/api_docs/presentation_panel.mdx +++ b/api_docs/presentation_panel.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationPanel title: "presentationPanel" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationPanel plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationPanel'] --- import presentationPanelObj from './presentation_panel.devdocs.json'; diff --git a/api_docs/presentation_util.mdx b/api_docs/presentation_util.mdx index a38e6be10126f..155acab0c3274 100644 --- a/api_docs/presentation_util.mdx +++ b/api_docs/presentation_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationUtil title: "presentationUtil" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationUtil plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationUtil'] --- import presentationUtilObj from './presentation_util.devdocs.json'; diff --git a/api_docs/profiling.mdx b/api_docs/profiling.mdx index 07e1c6e95cde5..37b092da1f820 100644 --- a/api_docs/profiling.mdx +++ b/api_docs/profiling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profiling title: "profiling" image: https://source.unsplash.com/400x175/?github description: API docs for the profiling plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profiling'] --- import profilingObj from './profiling.devdocs.json'; diff --git a/api_docs/profiling_data_access.mdx b/api_docs/profiling_data_access.mdx index 3d453c62ce9e3..8f602ad0ec795 100644 --- a/api_docs/profiling_data_access.mdx +++ b/api_docs/profiling_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profilingDataAccess title: "profilingDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the profilingDataAccess plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profilingDataAccess'] --- import profilingDataAccessObj from './profiling_data_access.devdocs.json'; diff --git a/api_docs/remote_clusters.mdx b/api_docs/remote_clusters.mdx index 117a0dfdf404b..14d1c852e3971 100644 --- a/api_docs/remote_clusters.mdx +++ b/api_docs/remote_clusters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/remoteClusters title: "remoteClusters" image: https://source.unsplash.com/400x175/?github description: API docs for the remoteClusters plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'remoteClusters'] --- import remoteClustersObj from './remote_clusters.devdocs.json'; diff --git a/api_docs/reporting.mdx b/api_docs/reporting.mdx index f4fa89b71a581..fae5e602d1c5a 100644 --- a/api_docs/reporting.mdx +++ b/api_docs/reporting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/reporting title: "reporting" image: https://source.unsplash.com/400x175/?github description: API docs for the reporting plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'reporting'] --- import reportingObj from './reporting.devdocs.json'; diff --git a/api_docs/rollup.mdx b/api_docs/rollup.mdx index 27e078267b78a..ceea6f349150d 100644 --- a/api_docs/rollup.mdx +++ b/api_docs/rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/rollup title: "rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the rollup plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'rollup'] --- import rollupObj from './rollup.devdocs.json'; diff --git a/api_docs/rule_registry.devdocs.json b/api_docs/rule_registry.devdocs.json index d4f84f64fe559..fd79ee3f09e9a 100644 --- a/api_docs/rule_registry.devdocs.json +++ b/api_docs/rule_registry.devdocs.json @@ -107,7 +107,7 @@ "label": "get", "description": [], "signature": [ - "({ id, index }: GetAlertParams) => Promise<{ _index: string; \"@timestamp\"?: string | undefined; \"kibana.alert.rule.rule_type_id\"?: string | undefined; \"kibana.alert.rule.consumer\"?: string | undefined; \"kibana.alert.instance.id\"?: string | undefined; \"kibana.alert.rule.category\"?: string | undefined; \"kibana.alert.rule.name\"?: string | undefined; \"kibana.alert.rule.producer\"?: string | undefined; \"kibana.alert.rule.revision\"?: number | undefined; \"kibana.alert.rule.uuid\"?: string | undefined; \"kibana.alert.status\"?: string | undefined; \"kibana.alert.uuid\"?: string | undefined; \"kibana.space_ids\"?: string[] | undefined; \"event.action\"?: string | undefined; tags?: string[] | undefined; \"kibana.alert.rule.execution.uuid\"?: string | undefined; \"event.kind\"?: string | undefined; \"kibana.alert.action_group\"?: string | undefined; \"kibana.alert.case_ids\"?: string[] | undefined; \"kibana.alert.consecutive_matches\"?: number | undefined; \"kibana.alert.duration.us\"?: number | undefined; \"kibana.alert.end\"?: string | undefined; \"kibana.alert.flapping\"?: boolean | undefined; \"kibana.alert.flapping_history\"?: boolean[] | undefined; \"kibana.alert.last_detected\"?: string | undefined; \"kibana.alert.maintenance_window_ids\"?: string[] | undefined; \"kibana.alert.reason\"?: string | undefined; \"kibana.alert.rule.execution.timestamp\"?: string | undefined; \"kibana.alert.rule.parameters\"?: { [key: string]: unknown; } | undefined; \"kibana.alert.rule.tags\"?: string[] | undefined; \"kibana.alert.start\"?: string | undefined; \"kibana.alert.time_range\"?: unknown; \"kibana.alert.url\"?: string | undefined; \"kibana.alert.workflow_assignee_ids\"?: string[] | undefined; \"kibana.alert.workflow_status\"?: string | undefined; \"kibana.alert.workflow_tags\"?: string[] | undefined; \"kibana.version\"?: string | undefined; \"ecs.version\"?: string | undefined; \"kibana.alert.risk_score\"?: number | undefined; \"kibana.alert.rule.author\"?: string | undefined; \"kibana.alert.rule.created_at\"?: string | undefined; \"kibana.alert.rule.created_by\"?: string | undefined; \"kibana.alert.rule.description\"?: string | undefined; \"kibana.alert.rule.enabled\"?: string | undefined; \"kibana.alert.rule.from\"?: string | undefined; \"kibana.alert.rule.interval\"?: string | undefined; \"kibana.alert.rule.license\"?: string | undefined; \"kibana.alert.rule.note\"?: string | undefined; \"kibana.alert.rule.references\"?: string[] | undefined; \"kibana.alert.rule.rule_id\"?: string | undefined; \"kibana.alert.rule.rule_name_override\"?: string | undefined; \"kibana.alert.rule.to\"?: string | undefined; \"kibana.alert.rule.type\"?: string | undefined; \"kibana.alert.rule.updated_at\"?: string | undefined; \"kibana.alert.rule.updated_by\"?: string | undefined; \"kibana.alert.rule.version\"?: string | undefined; \"kibana.alert.severity\"?: string | undefined; \"kibana.alert.suppression.docs_count\"?: number | undefined; \"kibana.alert.suppression.end\"?: string | undefined; \"kibana.alert.suppression.start\"?: string | undefined; \"kibana.alert.suppression.terms.field\"?: string[] | undefined; \"kibana.alert.suppression.terms.value\"?: string[] | undefined; \"kibana.alert.system_status\"?: string | undefined; \"kibana.alert.workflow_reason\"?: string | undefined; \"kibana.alert.workflow_status_updated_at\"?: string | undefined; \"kibana.alert.workflow_user\"?: string | undefined; }>" + "({ id, index }: GetAlertParams) => Promise<{ _index: string; \"@timestamp\"?: string | undefined; \"kibana.alert.rule.rule_type_id\"?: string | undefined; \"kibana.alert.rule.consumer\"?: string | undefined; \"kibana.alert.instance.id\"?: string | undefined; \"kibana.alert.rule.category\"?: string | undefined; \"kibana.alert.rule.name\"?: string | undefined; \"kibana.alert.rule.producer\"?: string | undefined; \"kibana.alert.rule.revision\"?: number | undefined; \"kibana.alert.rule.uuid\"?: string | undefined; \"kibana.alert.status\"?: string | undefined; \"kibana.alert.uuid\"?: string | undefined; \"kibana.space_ids\"?: string[] | undefined; \"event.action\"?: string | undefined; tags?: string[] | undefined; \"kibana.alert.rule.execution.uuid\"?: string | undefined; \"event.kind\"?: string | undefined; \"kibana.alert.action_group\"?: string | undefined; \"kibana.alert.case_ids\"?: string[] | undefined; \"kibana.alert.consecutive_matches\"?: number | undefined; \"kibana.alert.duration.us\"?: number | undefined; \"kibana.alert.end\"?: string | undefined; \"kibana.alert.flapping\"?: boolean | undefined; \"kibana.alert.flapping_history\"?: boolean[] | undefined; \"kibana.alert.last_detected\"?: string | undefined; \"kibana.alert.maintenance_window_ids\"?: string[] | undefined; \"kibana.alert.previous_action_group\"?: string | undefined; \"kibana.alert.reason\"?: string | undefined; \"kibana.alert.rule.execution.timestamp\"?: string | undefined; \"kibana.alert.rule.parameters\"?: { [key: string]: unknown; } | undefined; \"kibana.alert.rule.tags\"?: string[] | undefined; \"kibana.alert.severity_improving\"?: boolean | undefined; \"kibana.alert.start\"?: string | undefined; \"kibana.alert.time_range\"?: unknown; \"kibana.alert.url\"?: string | undefined; \"kibana.alert.workflow_assignee_ids\"?: string[] | undefined; \"kibana.alert.workflow_status\"?: string | undefined; \"kibana.alert.workflow_tags\"?: string[] | undefined; \"kibana.version\"?: string | undefined; \"ecs.version\"?: string | undefined; \"kibana.alert.risk_score\"?: number | undefined; \"kibana.alert.rule.author\"?: string | undefined; \"kibana.alert.rule.created_at\"?: string | undefined; \"kibana.alert.rule.created_by\"?: string | undefined; \"kibana.alert.rule.description\"?: string | undefined; \"kibana.alert.rule.enabled\"?: string | undefined; \"kibana.alert.rule.from\"?: string | undefined; \"kibana.alert.rule.interval\"?: string | undefined; \"kibana.alert.rule.license\"?: string | undefined; \"kibana.alert.rule.note\"?: string | undefined; \"kibana.alert.rule.references\"?: string[] | undefined; \"kibana.alert.rule.rule_id\"?: string | undefined; \"kibana.alert.rule.rule_name_override\"?: string | undefined; \"kibana.alert.rule.to\"?: string | undefined; \"kibana.alert.rule.type\"?: string | undefined; \"kibana.alert.rule.updated_at\"?: string | undefined; \"kibana.alert.rule.updated_by\"?: string | undefined; \"kibana.alert.rule.version\"?: string | undefined; \"kibana.alert.severity\"?: string | undefined; \"kibana.alert.suppression.docs_count\"?: number | undefined; \"kibana.alert.suppression.end\"?: string | undefined; \"kibana.alert.suppression.start\"?: string | undefined; \"kibana.alert.suppression.terms.field\"?: string[] | undefined; \"kibana.alert.suppression.terms.value\"?: string[] | undefined; \"kibana.alert.system_status\"?: string | undefined; \"kibana.alert.workflow_reason\"?: string | undefined; \"kibana.alert.workflow_status_updated_at\"?: string | undefined; \"kibana.alert.workflow_user\"?: string | undefined; }>" ], "path": "x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts", "deprecated": false, @@ -191,9 +191,9 @@ "UpdateOptions", ") => Promise<{ _version: string | undefined; get?: ", "InlineGet", - " | undefined; _id: string; _index: string; _primary_term: number; result: ", + " | undefined; _id: string; _index: string; _primary_term?: number | undefined; result: ", "Result", - "; _seq_no: number; _shards: ", + "; _seq_no?: number | undefined; _shards: ", "ShardStatistics", "; forced_refresh?: boolean | undefined; }>" ], @@ -403,7 +403,7 @@ "SortOptions", "[] | undefined; track_total_hits?: number | boolean | undefined; _source?: string[] | undefined; }) => Promise<", "SearchResponse", - ">, Record>, Record>>" ], @@ -2731,7 +2731,7 @@ "signature": [ "> & OutputOf>>>(request: TSearchRequest) => Promise<", + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf>>>(request: TSearchRequest) => Promise<", { "pluginId": "@kbn/es-types", "scope": "common", @@ -3376,7 +3376,7 @@ "label": "getAlertByAlertUuid", "description": [], "signature": [ - "(alertUuid: string) => Promise Promise> & OutputOf>> | null> | null" + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>> & OutputOf>> | null> | null" ], "path": "x-pack/plugins/rule_registry/server/utils/create_lifecycle_executor.ts", "deprecated": false, @@ -4928,7 +4928,7 @@ "label": "parseTechnicalFields", "description": [], "signature": [ - "(input: unknown, partial?: boolean) => OutputOf OutputOf>" + "[]; }; readonly \"kibana.alert.rule.execution.timestamp\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.rule.parameters\": { readonly array: false; readonly type: \"flattened\"; readonly ignore_above: 4096; readonly required: false; }; readonly \"kibana.alert.rule.tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.severity_improving\": { readonly type: \"boolean\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.start\": { readonly type: \"date\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.time_range\": { readonly type: \"date_range\"; readonly format: \"epoch_millis||strict_date_optional_time\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.url\": { readonly type: \"keyword\"; readonly array: false; readonly index: false; readonly required: false; readonly ignore_above: 2048; }; readonly \"kibana.alert.workflow_assignee_ids\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.alert.workflow_status\": { readonly type: \"keyword\"; readonly array: false; readonly required: false; }; readonly \"kibana.alert.workflow_tags\": { readonly type: \"keyword\"; readonly array: true; readonly required: false; }; readonly \"kibana.version\": { readonly type: \"version\"; readonly array: false; readonly required: false; }; }>>" ], "path": "x-pack/plugins/rule_registry/common/parse_technical_fields.ts", "deprecated": false, @@ -5312,7 +5312,7 @@ "label": "ParsedTechnicalFields", "description": [], "signature": [ - "{ readonly \"@timestamp\": string; readonly \"kibana.alert.rule.rule_type_id\": string; readonly \"kibana.alert.rule.consumer\": string; readonly \"kibana.alert.instance.id\": string; readonly \"kibana.alert.rule.category\": string; readonly \"kibana.alert.rule.name\": string; readonly \"kibana.alert.rule.producer\": string; readonly \"kibana.alert.rule.revision\": number; readonly \"kibana.alert.rule.uuid\": string; readonly \"kibana.alert.status\": string; readonly \"kibana.alert.uuid\": string; readonly \"kibana.space_ids\": string[]; readonly \"event.action\"?: string | undefined; readonly tags?: string[] | undefined; readonly \"kibana.alert.rule.execution.uuid\"?: string | undefined; readonly \"event.kind\"?: string | undefined; readonly \"kibana.alert.action_group\"?: string | undefined; readonly \"kibana.alert.case_ids\"?: string[] | undefined; readonly \"kibana.alert.consecutive_matches\"?: number | undefined; readonly \"kibana.alert.duration.us\"?: number | undefined; readonly \"kibana.alert.end\"?: string | undefined; readonly \"kibana.alert.flapping\"?: boolean | undefined; readonly \"kibana.alert.flapping_history\"?: boolean[] | undefined; readonly \"kibana.alert.last_detected\"?: string | undefined; readonly \"kibana.alert.maintenance_window_ids\"?: string[] | undefined; readonly \"kibana.alert.reason\"?: string | undefined; readonly \"kibana.alert.rule.execution.timestamp\"?: string | undefined; readonly \"kibana.alert.rule.parameters\"?: { [key: string]: unknown; } | undefined; readonly \"kibana.alert.rule.tags\"?: string[] | undefined; readonly \"kibana.alert.start\"?: string | undefined; readonly \"kibana.alert.time_range\"?: unknown; readonly \"kibana.alert.url\"?: string | undefined; readonly \"kibana.alert.workflow_assignee_ids\"?: string[] | undefined; readonly \"kibana.alert.workflow_status\"?: string | undefined; readonly \"kibana.alert.workflow_tags\"?: string[] | undefined; readonly \"kibana.version\"?: string | undefined; readonly \"ecs.version\"?: string | undefined; readonly \"kibana.alert.risk_score\"?: number | undefined; readonly \"kibana.alert.rule.author\"?: string | undefined; readonly \"kibana.alert.rule.created_at\"?: string | undefined; readonly \"kibana.alert.rule.created_by\"?: string | undefined; readonly \"kibana.alert.rule.description\"?: string | undefined; readonly \"kibana.alert.rule.enabled\"?: string | undefined; readonly \"kibana.alert.rule.from\"?: string | undefined; readonly \"kibana.alert.rule.interval\"?: string | undefined; readonly \"kibana.alert.rule.license\"?: string | undefined; readonly \"kibana.alert.rule.note\"?: string | undefined; readonly \"kibana.alert.rule.references\"?: string[] | undefined; readonly \"kibana.alert.rule.rule_id\"?: string | undefined; readonly \"kibana.alert.rule.rule_name_override\"?: string | undefined; readonly \"kibana.alert.rule.to\"?: string | undefined; readonly \"kibana.alert.rule.type\"?: string | undefined; readonly \"kibana.alert.rule.updated_at\"?: string | undefined; readonly \"kibana.alert.rule.updated_by\"?: string | undefined; readonly \"kibana.alert.rule.version\"?: string | undefined; readonly \"kibana.alert.severity\"?: string | undefined; readonly \"kibana.alert.suppression.docs_count\"?: number | undefined; readonly \"kibana.alert.suppression.end\"?: string | undefined; readonly \"kibana.alert.suppression.start\"?: string | undefined; readonly \"kibana.alert.suppression.terms.field\"?: string[] | undefined; readonly \"kibana.alert.suppression.terms.value\"?: string[] | undefined; readonly \"kibana.alert.system_status\"?: string | undefined; readonly \"kibana.alert.workflow_reason\"?: string | undefined; readonly \"kibana.alert.workflow_status_updated_at\"?: string | undefined; readonly \"kibana.alert.workflow_user\"?: string | undefined; }" + "{ readonly \"@timestamp\": string; readonly \"kibana.alert.rule.rule_type_id\": string; readonly \"kibana.alert.rule.consumer\": string; readonly \"kibana.alert.instance.id\": string; readonly \"kibana.alert.rule.category\": string; readonly \"kibana.alert.rule.name\": string; readonly \"kibana.alert.rule.producer\": string; readonly \"kibana.alert.rule.revision\": number; readonly \"kibana.alert.rule.uuid\": string; readonly \"kibana.alert.status\": string; readonly \"kibana.alert.uuid\": string; readonly \"kibana.space_ids\": string[]; readonly \"event.action\"?: string | undefined; readonly tags?: string[] | undefined; readonly \"kibana.alert.rule.execution.uuid\"?: string | undefined; readonly \"event.kind\"?: string | undefined; readonly \"kibana.alert.action_group\"?: string | undefined; readonly \"kibana.alert.case_ids\"?: string[] | undefined; readonly \"kibana.alert.consecutive_matches\"?: number | undefined; readonly \"kibana.alert.duration.us\"?: number | undefined; readonly \"kibana.alert.end\"?: string | undefined; readonly \"kibana.alert.flapping\"?: boolean | undefined; readonly \"kibana.alert.flapping_history\"?: boolean[] | undefined; readonly \"kibana.alert.last_detected\"?: string | undefined; readonly \"kibana.alert.maintenance_window_ids\"?: string[] | undefined; readonly \"kibana.alert.previous_action_group\"?: string | undefined; readonly \"kibana.alert.reason\"?: string | undefined; readonly \"kibana.alert.rule.execution.timestamp\"?: string | undefined; readonly \"kibana.alert.rule.parameters\"?: { [key: string]: unknown; } | undefined; readonly \"kibana.alert.rule.tags\"?: string[] | undefined; readonly \"kibana.alert.severity_improving\"?: boolean | undefined; readonly \"kibana.alert.start\"?: string | undefined; readonly \"kibana.alert.time_range\"?: unknown; readonly \"kibana.alert.url\"?: string | undefined; readonly \"kibana.alert.workflow_assignee_ids\"?: string[] | undefined; readonly \"kibana.alert.workflow_status\"?: string | undefined; readonly \"kibana.alert.workflow_tags\"?: string[] | undefined; readonly \"kibana.version\"?: string | undefined; readonly \"ecs.version\"?: string | undefined; readonly \"kibana.alert.risk_score\"?: number | undefined; readonly \"kibana.alert.rule.author\"?: string | undefined; readonly \"kibana.alert.rule.created_at\"?: string | undefined; readonly \"kibana.alert.rule.created_by\"?: string | undefined; readonly \"kibana.alert.rule.description\"?: string | undefined; readonly \"kibana.alert.rule.enabled\"?: string | undefined; readonly \"kibana.alert.rule.from\"?: string | undefined; readonly \"kibana.alert.rule.interval\"?: string | undefined; readonly \"kibana.alert.rule.license\"?: string | undefined; readonly \"kibana.alert.rule.note\"?: string | undefined; readonly \"kibana.alert.rule.references\"?: string[] | undefined; readonly \"kibana.alert.rule.rule_id\"?: string | undefined; readonly \"kibana.alert.rule.rule_name_override\"?: string | undefined; readonly \"kibana.alert.rule.to\"?: string | undefined; readonly \"kibana.alert.rule.type\"?: string | undefined; readonly \"kibana.alert.rule.updated_at\"?: string | undefined; readonly \"kibana.alert.rule.updated_by\"?: string | undefined; readonly \"kibana.alert.rule.version\"?: string | undefined; readonly \"kibana.alert.severity\"?: string | undefined; readonly \"kibana.alert.suppression.docs_count\"?: number | undefined; readonly \"kibana.alert.suppression.end\"?: string | undefined; readonly \"kibana.alert.suppression.start\"?: string | undefined; readonly \"kibana.alert.suppression.terms.field\"?: string[] | undefined; readonly \"kibana.alert.suppression.terms.value\"?: string[] | undefined; readonly \"kibana.alert.system_status\"?: string | undefined; readonly \"kibana.alert.workflow_reason\"?: string | undefined; readonly \"kibana.alert.workflow_status_updated_at\"?: string | undefined; readonly \"kibana.alert.workflow_user\"?: string | undefined; }" ], "path": "x-pack/plugins/rule_registry/common/parse_technical_fields.ts", "deprecated": false, diff --git a/api_docs/rule_registry.mdx b/api_docs/rule_registry.mdx index 0ada58f4d4d2c..3199c63e6f740 100644 --- a/api_docs/rule_registry.mdx +++ b/api_docs/rule_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ruleRegistry title: "ruleRegistry" image: https://source.unsplash.com/400x175/?github description: API docs for the ruleRegistry plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ruleRegistry'] --- import ruleRegistryObj from './rule_registry.devdocs.json'; diff --git a/api_docs/runtime_fields.mdx b/api_docs/runtime_fields.mdx index cdcce490aaf14..8ac4d632e0566 100644 --- a/api_docs/runtime_fields.mdx +++ b/api_docs/runtime_fields.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/runtimeFields title: "runtimeFields" image: https://source.unsplash.com/400x175/?github description: API docs for the runtimeFields plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'runtimeFields'] --- import runtimeFieldsObj from './runtime_fields.devdocs.json'; diff --git a/api_docs/saved_objects.mdx b/api_docs/saved_objects.mdx index cf5fed95996f3..46abd8a5e3478 100644 --- a/api_docs/saved_objects.mdx +++ b/api_docs/saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjects title: "savedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjects plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjects'] --- import savedObjectsObj from './saved_objects.devdocs.json'; diff --git a/api_docs/saved_objects_finder.mdx b/api_docs/saved_objects_finder.mdx index 310dfe51598b3..1a7cb2ff545a8 100644 --- a/api_docs/saved_objects_finder.mdx +++ b/api_docs/saved_objects_finder.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsFinder title: "savedObjectsFinder" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsFinder plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsFinder'] --- import savedObjectsFinderObj from './saved_objects_finder.devdocs.json'; diff --git a/api_docs/saved_objects_management.mdx b/api_docs/saved_objects_management.mdx index dbc5fa33974f9..1c502437abf5a 100644 --- a/api_docs/saved_objects_management.mdx +++ b/api_docs/saved_objects_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsManagement title: "savedObjectsManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsManagement plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsManagement'] --- import savedObjectsManagementObj from './saved_objects_management.devdocs.json'; diff --git a/api_docs/saved_objects_tagging.mdx b/api_docs/saved_objects_tagging.mdx index 34cfd5cbffd10..21553a9620154 100644 --- a/api_docs/saved_objects_tagging.mdx +++ b/api_docs/saved_objects_tagging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTagging title: "savedObjectsTagging" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTagging plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTagging'] --- import savedObjectsTaggingObj from './saved_objects_tagging.devdocs.json'; diff --git a/api_docs/saved_objects_tagging_oss.mdx b/api_docs/saved_objects_tagging_oss.mdx index 54fccb2a06156..e551f248495cc 100644 --- a/api_docs/saved_objects_tagging_oss.mdx +++ b/api_docs/saved_objects_tagging_oss.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTaggingOss title: "savedObjectsTaggingOss" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTaggingOss plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTaggingOss'] --- import savedObjectsTaggingOssObj from './saved_objects_tagging_oss.devdocs.json'; diff --git a/api_docs/saved_search.mdx b/api_docs/saved_search.mdx index 767fd752f603e..e615c0d8afc8f 100644 --- a/api_docs/saved_search.mdx +++ b/api_docs/saved_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedSearch title: "savedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the savedSearch plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedSearch'] --- import savedSearchObj from './saved_search.devdocs.json'; diff --git a/api_docs/screenshot_mode.mdx b/api_docs/screenshot_mode.mdx index eb7945823103a..382c4a0edb8de 100644 --- a/api_docs/screenshot_mode.mdx +++ b/api_docs/screenshot_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotMode title: "screenshotMode" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotMode plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotMode'] --- import screenshotModeObj from './screenshot_mode.devdocs.json'; diff --git a/api_docs/screenshotting.mdx b/api_docs/screenshotting.mdx index b0500c9577c8c..fc232e10b6a7a 100644 --- a/api_docs/screenshotting.mdx +++ b/api_docs/screenshotting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotting title: "screenshotting" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotting plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotting'] --- import screenshottingObj from './screenshotting.devdocs.json'; diff --git a/api_docs/search_connectors.mdx b/api_docs/search_connectors.mdx index 306534473b79a..11877c011e0fb 100644 --- a/api_docs/search_connectors.mdx +++ b/api_docs/search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchConnectors title: "searchConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the searchConnectors plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchConnectors'] --- import searchConnectorsObj from './search_connectors.devdocs.json'; diff --git a/api_docs/search_homepage.mdx b/api_docs/search_homepage.mdx index f5f7a4176fd5a..8e45bfc176348 100644 --- a/api_docs/search_homepage.mdx +++ b/api_docs/search_homepage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchHomepage title: "searchHomepage" image: https://source.unsplash.com/400x175/?github description: API docs for the searchHomepage plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchHomepage'] --- import searchHomepageObj from './search_homepage.devdocs.json'; diff --git a/api_docs/search_inference_endpoints.mdx b/api_docs/search_inference_endpoints.mdx index 176ad1b37dc91..75ce9ac687363 100644 --- a/api_docs/search_inference_endpoints.mdx +++ b/api_docs/search_inference_endpoints.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchInferenceEndpoints title: "searchInferenceEndpoints" image: https://source.unsplash.com/400x175/?github description: API docs for the searchInferenceEndpoints plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchInferenceEndpoints'] --- import searchInferenceEndpointsObj from './search_inference_endpoints.devdocs.json'; diff --git a/api_docs/search_notebooks.mdx b/api_docs/search_notebooks.mdx index ddf550443b5ec..747a262ec13ce 100644 --- a/api_docs/search_notebooks.mdx +++ b/api_docs/search_notebooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchNotebooks title: "searchNotebooks" image: https://source.unsplash.com/400x175/?github description: API docs for the searchNotebooks plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchNotebooks'] --- import searchNotebooksObj from './search_notebooks.devdocs.json'; diff --git a/api_docs/search_playground.mdx b/api_docs/search_playground.mdx index 233b8d7fd83df..d4bf427e9f94a 100644 --- a/api_docs/search_playground.mdx +++ b/api_docs/search_playground.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchPlayground title: "searchPlayground" image: https://source.unsplash.com/400x175/?github description: API docs for the searchPlayground plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchPlayground'] --- import searchPlaygroundObj from './search_playground.devdocs.json'; diff --git a/api_docs/security.devdocs.json b/api_docs/security.devdocs.json index edcb390da545f..4f259e19d65dc 100644 --- a/api_docs/security.devdocs.json +++ b/api_docs/security.devdocs.json @@ -1255,16 +1255,7 @@ "path": "x-pack/packages/security/plugin_types_public/src/plugin.ts", "deprecated": true, "trackAdoption": false, - "references": [ - { - "plugin": "dataVisualizer", - "path": "x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx" - }, - { - "plugin": "dataVisualizer", - "path": "x-pack/plugins/data_visualizer/public/application/index_data_visualizer/hooks/use_data_visualizer_grid_data.ts" - } - ] + "references": [] }, { "parentPluginId": "security", @@ -5483,10 +5474,6 @@ "plugin": "alerting", "path": "x-pack/plugins/alerting/server/plugin.ts" }, - { - "plugin": "files", - "path": "src/plugins/files/server/routes/file_kind/create.ts" - }, { "plugin": "cases", "path": "x-pack/plugins/cases/server/client/factory.ts" @@ -5684,24 +5671,28 @@ "path": "x-pack/plugins/observability_solution/apm/server/routes/fleet/is_superuser.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/enable.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts" }, { - "plugin": "assetManager", - "path": "x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/disable.ts" + "plugin": "entityManager", + "path": "x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts" + }, + { + "plugin": "observabilityOnboarding", + "path": "x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts" }, { "plugin": "synthetics", @@ -6619,47 +6610,6 @@ ], "initialIsOpen": false }, - { - "parentPluginId": "security", - "id": "def-common.RestApiKey", - "type": "Interface", - "tags": [], - "label": "RestApiKey", - "description": [ - "\nInterface representing a REST API key the way it is returned by Elasticsearch GET endpoint.\n\nTODO: Remove this type when `@elastic/elasticsearch` has been updated." - ], - "signature": [ - { - "pluginId": "security", - "scope": "common", - "docId": "kibSecurityPluginApi", - "section": "def-common.RestApiKey", - "text": "RestApiKey" - }, - " extends ", - "BaseApiKey" - ], - "path": "x-pack/plugins/security/common/model/api_key.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "security", - "id": "def-common.RestApiKey.type", - "type": "string", - "tags": [], - "label": "type", - "description": [], - "signature": [ - "\"rest\"" - ], - "path": "x-pack/plugins/security/common/model/api_key.ts", - "deprecated": false, - "trackAdoption": false - } - ], - "initialIsOpen": false - }, { "parentPluginId": "security", "id": "def-common.Role", @@ -7976,31 +7926,6 @@ ], "enums": [], "misc": [ - { - "parentPluginId": "security", - "id": "def-common.ApiKey", - "type": "Type", - "tags": [], - "label": "ApiKey", - "description": [ - "\nInterface representing an API key the way it is returned by Elasticsearch GET endpoint." - ], - "signature": [ - { - "pluginId": "security", - "scope": "common", - "docId": "kibSecurityPluginApi", - "section": "def-common.RestApiKey", - "text": "RestApiKey" - }, - " | ", - "CrossClusterApiKey" - ], - "path": "x-pack/plugins/security/common/model/api_key.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - }, { "parentPluginId": "security", "id": "def-common.LoginLayout", diff --git a/api_docs/security.mdx b/api_docs/security.mdx index fa1fafb8eb492..85fba086d7189 100644 --- a/api_docs/security.mdx +++ b/api_docs/security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/security title: "security" image: https://source.unsplash.com/400x175/?github description: API docs for the security plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'security'] --- import securityObj from './security.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana- | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 414 | 0 | 205 | 3 | +| 411 | 0 | 204 | 1 | ## Client diff --git a/api_docs/security_solution.devdocs.json b/api_docs/security_solution.devdocs.json index 659f8ee587527..9ae122651ead9 100644 --- a/api_docs/security_solution.devdocs.json +++ b/api_docs/security_solution.devdocs.json @@ -390,7 +390,7 @@ "label": "data", "description": [], "signature": [ - "({ id: string; type: \"eql\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"eql\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; data_view_id?: string | undefined; filters?: unknown[] | undefined; event_category_override?: string | undefined; tiebreaker_field?: string | undefined; timestamp_field?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; } | { id: string; type: \"query\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; saved_id?: string | undefined; response_actions?: ({ params: { query?: string | undefined; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional; value: Zod.ZodOptional]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; queries?: { id: string; query: string; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional; value: Zod.ZodOptional]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; version?: string | undefined; platform?: string | undefined; removed?: boolean | undefined; snapshot?: boolean | undefined; }[] | undefined; pack_id?: string | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; }; action_type_id: \".osquery\"; } | { params: { command: \"isolate\"; comment?: string | undefined; } | { config: { field: string; overwrite: boolean; }; command: \"kill-process\" | \"suspend-process\"; comment?: string | undefined; }; action_type_id: \".endpoint\"; })[] | undefined; } | { id: string; type: \"saved_query\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; saved_id: string; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; query?: string | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; response_actions?: ({ params: { query?: string | undefined; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional; value: Zod.ZodOptional]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; queries?: { id: string; query: string; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional; value: Zod.ZodOptional]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; version?: string | undefined; platform?: string | undefined; removed?: boolean | undefined; snapshot?: boolean | undefined; }[] | undefined; pack_id?: string | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; }; action_type_id: \".osquery\"; } | { params: { command: \"isolate\"; comment?: string | undefined; } | { config: { field: string; overwrite: boolean; }; command: \"kill-process\" | \"suspend-process\"; comment?: string | undefined; }; action_type_id: \".endpoint\"; })[] | undefined; } | { id: string; type: \"threshold\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; threshold: { value: number; field: (string | string[]) & (string | string[] | undefined); cardinality?: { value: number; field: string; }[] | undefined; }; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { duration: { value: number; unit: \"m\" | \"h\" | \"s\"; }; } | undefined; saved_id?: string | undefined; } | { id: string; type: \"threat_match\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; threat_query: string; threat_mapping: { entries: { value: string; type: \"mapping\"; field: string; }[]; }[]; threat_index: string[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; saved_id?: string | undefined; threat_filters?: unknown[] | undefined; threat_indicator_path?: string | undefined; threat_language?: \"lucene\" | \"kuery\" | undefined; concurrent_searches?: number | undefined; items_per_search?: number | undefined; } | { id: string; type: \"machine_learning\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; anomaly_threshold: number; machine_learning_job_id: (string | string[]) & (string | string[] | undefined); meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; } | { id: string; type: \"new_terms\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; new_terms_fields: string[]; history_window_start: string; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; } | { id: string; type: \"esql\"; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; description: string; version: number; risk_score: number; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; from: string; to: string; language: \"esql\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; field: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; })[]" + "({ id: string; type: \"eql\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"eql\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; data_view_id?: string | undefined; filters?: unknown[] | undefined; event_category_override?: string | undefined; tiebreaker_field?: string | undefined; timestamp_field?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; } | { id: string; type: \"query\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; saved_id?: string | undefined; response_actions?: ({ params: { query?: string | undefined; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional; value: Zod.ZodOptional]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; queries?: { id: string; query: string; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional; value: Zod.ZodOptional]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; version?: string | undefined; platform?: string | undefined; removed?: boolean | undefined; snapshot?: boolean | undefined; }[] | undefined; pack_id?: string | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; }; action_type_id: \".osquery\"; } | { params: { command: \"isolate\"; comment?: string | undefined; } | { config: { field: string; overwrite: boolean; }; command: \"kill-process\" | \"suspend-process\"; comment?: string | undefined; }; action_type_id: \".endpoint\"; })[] | undefined; } | { id: string; type: \"saved_query\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; saved_id: string; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; query?: string | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; response_actions?: ({ params: { query?: string | undefined; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional; value: Zod.ZodOptional]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; queries?: { id: string; query: string; ecs_mapping?: Zod.objectOutputType<{}, Zod.ZodObject<{ field: Zod.ZodOptional; value: Zod.ZodOptional]>>; }, \"strip\", Zod.ZodTypeAny, { field?: string | undefined; value?: string | string[] | undefined; }, { field?: string | undefined; value?: string | string[] | undefined; }>, \"strip\"> | undefined; version?: string | undefined; platform?: string | undefined; removed?: boolean | undefined; snapshot?: boolean | undefined; }[] | undefined; pack_id?: string | undefined; saved_query_id?: string | undefined; timeout?: number | undefined; }; action_type_id: \".osquery\"; } | { params: { command: \"isolate\"; comment?: string | undefined; } | { config: { field: string; overwrite: boolean; }; command: \"kill-process\" | \"suspend-process\"; comment?: string | undefined; }; action_type_id: \".endpoint\"; })[] | undefined; } | { id: string; type: \"threshold\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; threshold: { value: number; field: (string | string[]) & (string | string[] | undefined); cardinality?: { value: number; field: string; }[] | undefined; }; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { duration: { value: number; unit: \"m\" | \"h\" | \"s\"; }; } | undefined; saved_id?: string | undefined; } | { id: string; type: \"threat_match\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; threat_query: string; threat_mapping: { entries: { value: string; type: \"mapping\"; field: string; }[]; }[]; threat_index: string[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; saved_id?: string | undefined; threat_filters?: unknown[] | undefined; threat_indicator_path?: string | undefined; threat_language?: \"lucene\" | \"kuery\" | undefined; concurrent_searches?: number | undefined; items_per_search?: number | undefined; } | { id: string; type: \"machine_learning\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; anomaly_threshold: number; machine_learning_job_id: (string | string[]) & (string | string[] | undefined); meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; } | { id: string; type: \"new_terms\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"kuery\" | \"lucene\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; new_terms_fields: string[]; history_window_start: string; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; index?: string[] | undefined; filters?: unknown[] | undefined; data_view_id?: string | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; } | { id: string; type: \"esql\"; version: number; name: string; actions: { params: {} & { [k: string]: unknown; }; id: string; group: string; action_type_id: string; uuid?: string | undefined; alerts_filter?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; frequency?: { throttle: string | null; notifyWhen: \"onActionGroupChange\" | \"onActiveAlert\" | \"onThrottleInterval\"; summary: boolean; } | undefined; }[]; tags: string[]; setup: string; enabled: boolean; revision: number; query: string; interval: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; description: string; risk_score: number; from: string; to: string; language: \"esql\"; created_at: string; created_by: string; updated_at: string; updated_by: string; references: string[]; author: string[]; immutable: boolean; rule_id: string; threat: { framework: string; tactic: { id: string; name: string; reference: string; }; technique?: { id: string; name: string; reference: string; subtechnique?: { id: string; name: string; reference: string; }[] | undefined; }[] | undefined; }[]; risk_score_mapping: { value: string; field: string; operator: \"equals\"; risk_score?: number | undefined; }[]; severity_mapping: { value: string; severity: \"medium\" | \"high\" | \"low\" | \"critical\"; field: string; operator: \"equals\"; }[]; exceptions_list: { id: string; type: \"endpoint\" | \"detection\" | \"rule_default\" | \"endpoint_trusted_apps\" | \"endpoint_events\" | \"endpoint_host_isolation_exceptions\" | \"endpoint_blocklists\"; list_id: string; namespace_type: \"single\" | \"agnostic\"; }[]; false_positives: string[]; max_signals: number; related_integrations: { version: string; package: string; integration?: string | undefined; }[]; required_fields: { type: string; name: string; ecs: boolean; }[]; meta?: Zod.objectOutputType<{}, Zod.ZodUnknown, \"strip\"> | undefined; namespace?: string | undefined; license?: string | undefined; throttle?: string | undefined; outcome?: \"exactMatch\" | \"aliasMatch\" | \"conflict\" | undefined; alias_target_id?: string | undefined; alias_purpose?: \"savedObjectConversion\" | \"savedObjectImport\" | undefined; note?: string | undefined; rule_name_override?: string | undefined; timestamp_override?: string | undefined; timestamp_override_fallback_disabled?: boolean | undefined; timeline_id?: string | undefined; timeline_title?: string | undefined; building_block_type?: string | undefined; output_index?: string | undefined; investigation_fields?: { field_names: string[]; } | undefined; rule_source?: { type: \"external\"; is_customized: boolean; } | { type: \"internal\"; } | undefined; execution_summary?: { last_execution: { message: string; date: string; status: \"running\" | \"succeeded\" | \"failed\" | \"going to run\" | \"partial failure\"; metrics: { total_search_duration_ms?: number | undefined; total_indexing_duration_ms?: number | undefined; total_enrichment_duration_ms?: number | undefined; execution_gap_duration_s?: number | undefined; }; status_order: number; }; } | undefined; alert_suppression?: { group_by: string[]; duration?: { value: number; unit: \"m\" | \"h\" | \"s\"; } | undefined; missing_fields_strategy?: \"doNotSuppress\" | \"suppress\" | undefined; } | undefined; })[]" ], "path": "x-pack/plugins/security_solution/public/detection_engine/rule_management/logic/types.ts", "deprecated": false, @@ -485,7 +485,7 @@ "\nExperimental flag needed to enable the link" ], "signature": [ - "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionsEnabled\" | \"endpointResponseActionsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"agentStatusClientEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"responseActionScanEnabled\" | \"alertsPageChartsEnabled\" | \"alertTypeEnabled\" | \"expandableFlyoutDisabled\" | \"notesEnabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"alertSuppressionForEsqlRuleEnabled\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"jsonPrebuiltRulesDiffingEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineEnabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"perFieldPrebuiltRulesDiffingEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"aiAssistantFlyoutMode\" | \"valueListItemsModalEnabled\" | \"bulkCustomHighlightedFieldsEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | undefined" + "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionsEnabled\" | \"endpointResponseActionsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"responseActionScanEnabled\" | \"alertsPageChartsEnabled\" | \"alertTypeEnabled\" | \"expandableFlyoutDisabled\" | \"securitySolutionNotesEnabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"alertSuppressionForEsqlRuleEnabled\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"jsonPrebuiltRulesDiffingEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineEnabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"perFieldPrebuiltRulesDiffingEnabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"aiAssistantFlyoutMode\" | \"valueListItemsModalEnabled\" | \"bulkCustomHighlightedFieldsEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | undefined" ], "path": "x-pack/plugins/security_solution/public/common/links/types.ts", "deprecated": false, @@ -565,7 +565,7 @@ "\nExperimental flag needed to disable the link. Opposite of experimentalKey" ], "signature": [ - "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionsEnabled\" | \"endpointResponseActionsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"agentStatusClientEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"responseActionScanEnabled\" | \"alertsPageChartsEnabled\" | \"alertTypeEnabled\" | \"expandableFlyoutDisabled\" | \"notesEnabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"alertSuppressionForEsqlRuleEnabled\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"jsonPrebuiltRulesDiffingEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineEnabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"perFieldPrebuiltRulesDiffingEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"aiAssistantFlyoutMode\" | \"valueListItemsModalEnabled\" | \"bulkCustomHighlightedFieldsEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | undefined" + "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionsEnabled\" | \"endpointResponseActionsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"responseActionScanEnabled\" | \"alertsPageChartsEnabled\" | \"alertTypeEnabled\" | \"expandableFlyoutDisabled\" | \"securitySolutionNotesEnabled\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"alertSuppressionForEsqlRuleEnabled\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"jsonPrebuiltRulesDiffingEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineEnabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"perFieldPrebuiltRulesDiffingEnabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"aiAssistantFlyoutMode\" | \"valueListItemsModalEnabled\" | \"bulkCustomHighlightedFieldsEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | undefined" ], "path": "x-pack/plugins/security_solution/public/common/links/types.ts", "deprecated": false, @@ -1964,7 +1964,7 @@ "label": "experimentalFeatures", "description": [], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly agentStatusClientEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly notesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/public/types.ts", "deprecated": false, @@ -3071,7 +3071,7 @@ "\nThe security solution generic experimental features" ], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly agentStatusClientEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly notesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/server/plugin_contract.ts", "deprecated": false, @@ -3247,7 +3247,7 @@ "label": "ExperimentalFeatures", "description": [], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly agentStatusClientEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly notesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionsEnabled: boolean; readonly endpointResponseActionsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly responseActionScanEnabled: boolean; readonly alertsPageChartsEnabled: boolean; readonly alertTypeEnabled: boolean; readonly expandableFlyoutDisabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly alertSuppressionForEsqlRuleEnabled: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly jsonPrebuiltRulesDiffingEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineEnabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly perFieldPrebuiltRulesDiffingEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly aiAssistantFlyoutMode: boolean; readonly valueListItemsModalEnabled: boolean; readonly bulkCustomHighlightedFieldsEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/common/experimental_features.ts", "deprecated": false, @@ -3313,7 +3313,7 @@ "\nA list of allowed values that can be used in `xpack.securitySolution.enableExperimental`.\nThis object is then used to validate and parse the value entered." ], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionsEnabled: true; readonly endpointResponseActionsEnabled: true; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: false; readonly agentStatusClientEnabled: false; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: false; readonly responseActionScanEnabled: false; readonly alertsPageChartsEnabled: true; readonly alertTypeEnabled: false; readonly expandableFlyoutDisabled: false; readonly notesEnabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly alertSuppressionForEsqlRuleEnabled: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: false; readonly jamfDataInAnalyzerEnabled: false; readonly jsonPrebuiltRulesDiffingEnabled: true; readonly timelineEsqlTabDisabled: false; readonly unifiedComponentsInTimelineEnabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly perFieldPrebuiltRulesDiffingEnabled: true; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: false; readonly aiAssistantFlyoutMode: true; readonly valueListItemsModalEnabled: true; readonly bulkCustomHighlightedFieldsEnabled: false; readonly manualRuleRunEnabled: false; readonly filterProcessDescendantsForEventFiltersEnabled: false; }" + "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionsEnabled: true; readonly endpointResponseActionsEnabled: true; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: false; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: false; readonly responseActionScanEnabled: false; readonly alertsPageChartsEnabled: true; readonly alertTypeEnabled: false; readonly expandableFlyoutDisabled: false; readonly securitySolutionNotesEnabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly alertSuppressionForEsqlRuleEnabled: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: false; readonly jamfDataInAnalyzerEnabled: false; readonly jsonPrebuiltRulesDiffingEnabled: true; readonly timelineEsqlTabDisabled: false; readonly unifiedComponentsInTimelineEnabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly perFieldPrebuiltRulesDiffingEnabled: true; readonly prebuiltRulesCustomizationEnabled: false; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: false; readonly aiAssistantFlyoutMode: true; readonly valueListItemsModalEnabled: true; readonly bulkCustomHighlightedFieldsEnabled: false; readonly manualRuleRunEnabled: false; readonly filterProcessDescendantsForEventFiltersEnabled: false; }" ], "path": "x-pack/plugins/security_solution/common/experimental_features.ts", "deprecated": false, diff --git a/api_docs/security_solution.mdx b/api_docs/security_solution.mdx index 286ff67655a6c..21e7679183a85 100644 --- a/api_docs/security_solution.mdx +++ b/api_docs/security_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolution title: "securitySolution" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolution plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolution'] --- import securitySolutionObj from './security_solution.devdocs.json'; diff --git a/api_docs/security_solution_ess.mdx b/api_docs/security_solution_ess.mdx index f8e935d8a6070..95e445d1a304f 100644 --- a/api_docs/security_solution_ess.mdx +++ b/api_docs/security_solution_ess.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionEss title: "securitySolutionEss" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionEss plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionEss'] --- import securitySolutionEssObj from './security_solution_ess.devdocs.json'; diff --git a/api_docs/security_solution_serverless.mdx b/api_docs/security_solution_serverless.mdx index 3c71c1c2067a0..3adb6a9b90c1b 100644 --- a/api_docs/security_solution_serverless.mdx +++ b/api_docs/security_solution_serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionServerless title: "securitySolutionServerless" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionServerless plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionServerless'] --- import securitySolutionServerlessObj from './security_solution_serverless.devdocs.json'; diff --git a/api_docs/serverless.mdx b/api_docs/serverless.mdx index ac725ccc5c9fd..d18f6bf9d4c9d 100644 --- a/api_docs/serverless.mdx +++ b/api_docs/serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverless title: "serverless" image: https://source.unsplash.com/400x175/?github description: API docs for the serverless plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverless'] --- import serverlessObj from './serverless.devdocs.json'; diff --git a/api_docs/serverless_observability.mdx b/api_docs/serverless_observability.mdx index ea22dd39abd1a..5ff812b235783 100644 --- a/api_docs/serverless_observability.mdx +++ b/api_docs/serverless_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessObservability title: "serverlessObservability" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessObservability plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessObservability'] --- import serverlessObservabilityObj from './serverless_observability.devdocs.json'; diff --git a/api_docs/serverless_search.mdx b/api_docs/serverless_search.mdx index 1b030cebe6571..f2e838596862e 100644 --- a/api_docs/serverless_search.mdx +++ b/api_docs/serverless_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessSearch title: "serverlessSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessSearch plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessSearch'] --- import serverlessSearchObj from './serverless_search.devdocs.json'; diff --git a/api_docs/session_view.mdx b/api_docs/session_view.mdx index d7176f140a498..9c494eb302832 100644 --- a/api_docs/session_view.mdx +++ b/api_docs/session_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/sessionView title: "sessionView" image: https://source.unsplash.com/400x175/?github description: API docs for the sessionView plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'sessionView'] --- import sessionViewObj from './session_view.devdocs.json'; diff --git a/api_docs/share.mdx b/api_docs/share.mdx index 7aac1d732d8df..6d215ebe46f15 100644 --- a/api_docs/share.mdx +++ b/api_docs/share.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/share title: "share" image: https://source.unsplash.com/400x175/?github description: API docs for the share plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'share'] --- import shareObj from './share.devdocs.json'; diff --git a/api_docs/slo.mdx b/api_docs/slo.mdx index 63d72c3c5e489..bfc50519b368c 100644 --- a/api_docs/slo.mdx +++ b/api_docs/slo.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/slo title: "slo" image: https://source.unsplash.com/400x175/?github description: API docs for the slo plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'slo'] --- import sloObj from './slo.devdocs.json'; diff --git a/api_docs/snapshot_restore.mdx b/api_docs/snapshot_restore.mdx index 92c4b504a5b6c..7335a2cb0b6c7 100644 --- a/api_docs/snapshot_restore.mdx +++ b/api_docs/snapshot_restore.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/snapshotRestore title: "snapshotRestore" image: https://source.unsplash.com/400x175/?github description: API docs for the snapshotRestore plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'snapshotRestore'] --- import snapshotRestoreObj from './snapshot_restore.devdocs.json'; diff --git a/api_docs/spaces.mdx b/api_docs/spaces.mdx index e9e8872163778..ae90ac22b4c75 100644 --- a/api_docs/spaces.mdx +++ b/api_docs/spaces.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/spaces title: "spaces" image: https://source.unsplash.com/400x175/?github description: API docs for the spaces plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'spaces'] --- import spacesObj from './spaces.devdocs.json'; diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx index a81cc8a2c72b6..76a79e6ea6ab4 100644 --- a/api_docs/stack_alerts.mdx +++ b/api_docs/stack_alerts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackAlerts title: "stackAlerts" image: https://source.unsplash.com/400x175/?github description: API docs for the stackAlerts plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackAlerts'] --- import stackAlertsObj from './stack_alerts.devdocs.json'; diff --git a/api_docs/stack_connectors.mdx b/api_docs/stack_connectors.mdx index 58e57095a53ff..9b6b3520dc1fb 100644 --- a/api_docs/stack_connectors.mdx +++ b/api_docs/stack_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackConnectors title: "stackConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the stackConnectors plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackConnectors'] --- import stackConnectorsObj from './stack_connectors.devdocs.json'; diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx index baf6f48338d18..bddcfde51e170 100644 --- a/api_docs/task_manager.mdx +++ b/api_docs/task_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/taskManager title: "taskManager" image: https://source.unsplash.com/400x175/?github description: API docs for the taskManager plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'taskManager'] --- import taskManagerObj from './task_manager.devdocs.json'; diff --git a/api_docs/telemetry.mdx b/api_docs/telemetry.mdx index c5963ed78d3bc..929517ed120af 100644 --- a/api_docs/telemetry.mdx +++ b/api_docs/telemetry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetry title: "telemetry" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetry plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetry'] --- import telemetryObj from './telemetry.devdocs.json'; diff --git a/api_docs/telemetry_collection_manager.mdx b/api_docs/telemetry_collection_manager.mdx index 6c7a0908bb618..c5227e71b281f 100644 --- a/api_docs/telemetry_collection_manager.mdx +++ b/api_docs/telemetry_collection_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionManager title: "telemetryCollectionManager" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionManager plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionManager'] --- import telemetryCollectionManagerObj from './telemetry_collection_manager.devdocs.json'; diff --git a/api_docs/telemetry_collection_xpack.mdx b/api_docs/telemetry_collection_xpack.mdx index 55550385a0d56..aac85f4f25d36 100644 --- a/api_docs/telemetry_collection_xpack.mdx +++ b/api_docs/telemetry_collection_xpack.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionXpack title: "telemetryCollectionXpack" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionXpack plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionXpack'] --- import telemetryCollectionXpackObj from './telemetry_collection_xpack.devdocs.json'; diff --git a/api_docs/telemetry_management_section.mdx b/api_docs/telemetry_management_section.mdx index 71a1de64d97a7..dd8e187b532b2 100644 --- a/api_docs/telemetry_management_section.mdx +++ b/api_docs/telemetry_management_section.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryManagementSection title: "telemetryManagementSection" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryManagementSection plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryManagementSection'] --- import telemetryManagementSectionObj from './telemetry_management_section.devdocs.json'; diff --git a/api_docs/text_based_languages.mdx b/api_docs/text_based_languages.mdx index 00e250042ef55..bc5a748508256 100644 --- a/api_docs/text_based_languages.mdx +++ b/api_docs/text_based_languages.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/textBasedLanguages title: "textBasedLanguages" image: https://source.unsplash.com/400x175/?github description: API docs for the textBasedLanguages plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'textBasedLanguages'] --- import textBasedLanguagesObj from './text_based_languages.devdocs.json'; diff --git a/api_docs/threat_intelligence.mdx b/api_docs/threat_intelligence.mdx index 3380e92e2aca6..aaad1d8cf4d10 100644 --- a/api_docs/threat_intelligence.mdx +++ b/api_docs/threat_intelligence.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/threatIntelligence title: "threatIntelligence" image: https://source.unsplash.com/400x175/?github description: API docs for the threatIntelligence plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'threatIntelligence'] --- import threatIntelligenceObj from './threat_intelligence.devdocs.json'; diff --git a/api_docs/timelines.devdocs.json b/api_docs/timelines.devdocs.json index 781b3110679a8..eb63ebd78a254 100644 --- a/api_docs/timelines.devdocs.json +++ b/api_docs/timelines.devdocs.json @@ -1510,11 +1510,7 @@ }, { "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx" - }, - { - "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx" + "path": "x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx" }, { "plugin": "securitySolution", @@ -1689,17 +1685,6 @@ "deprecated": false, "trackAdoption": false }, - { - "parentPluginId": "timelines", - "id": "def-common.BrowserField.category", - "type": "string", - "tags": [], - "label": "category", - "description": [], - "path": "x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts", - "deprecated": false, - "trackAdoption": false - }, { "parentPluginId": "timelines", "id": "def-common.BrowserField.description", @@ -4058,14 +4043,6 @@ "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts" }, - { - "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx" - }, - { - "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx" - }, { "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/public/common/components/event_details/cti_details/enrichment_summary.tsx" @@ -4300,11 +4277,11 @@ }, { "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx" + "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx" }, { "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx" + "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx" }, { "plugin": "securitySolution", @@ -4312,11 +4289,11 @@ }, { "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx" + "path": "x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx" }, { "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.tsx" + "path": "x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx" }, { "plugin": "securitySolution", @@ -4444,19 +4421,11 @@ }, { "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx" - }, - { - "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx" - }, - { - "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx" + "path": "x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx" }, { "plugin": "securitySolution", - "path": "x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx" + "path": "x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx" }, { "plugin": "securitySolution", diff --git a/api_docs/timelines.mdx b/api_docs/timelines.mdx index ed33cac6d8668..3f9b1f64d1b07 100644 --- a/api_docs/timelines.mdx +++ b/api_docs/timelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/timelines title: "timelines" image: https://source.unsplash.com/400x175/?github description: API docs for the timelines plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'timelines'] --- import timelinesObj from './timelines.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-threat-hunting-investigations](https://github.com/org | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 242 | 1 | 198 | 17 | +| 241 | 1 | 197 | 17 | ## Client diff --git a/api_docs/transform.mdx b/api_docs/transform.mdx index 58f5498e10a8a..ce431d559a921 100644 --- a/api_docs/transform.mdx +++ b/api_docs/transform.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/transform title: "transform" image: https://source.unsplash.com/400x175/?github description: API docs for the transform plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'transform'] --- import transformObj from './transform.devdocs.json'; diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx index 40f8b0fdb3d25..9a1a3dae42a2f 100644 --- a/api_docs/triggers_actions_ui.mdx +++ b/api_docs/triggers_actions_ui.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/triggersActionsUi title: "triggersActionsUi" image: https://source.unsplash.com/400x175/?github description: API docs for the triggersActionsUi plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'triggersActionsUi'] --- import triggersActionsUiObj from './triggers_actions_ui.devdocs.json'; diff --git a/api_docs/ui_actions.devdocs.json b/api_docs/ui_actions.devdocs.json index bde897ec629f1..97adea8b4a331 100644 --- a/api_docs/ui_actions.devdocs.json +++ b/api_docs/ui_actions.devdocs.json @@ -2188,6 +2188,49 @@ ], "initialIsOpen": false }, + { + "parentPluginId": "uiActions", + "id": "def-public.PresentableGroup", + "type": "Interface", + "tags": [], + "label": "PresentableGroup", + "description": [], + "signature": [ + { + "pluginId": "@kbn/ui-actions-browser", + "scope": "common", + "docId": "kibKbnUiActionsBrowserPluginApi", + "section": "def-common.PresentableGroup", + "text": "PresentableGroup" + }, + " extends Partial, \"order\" | \"getDisplayName\" | \"getIconType\" | \"getDisplayNameTooltip\">>" + ], + "path": "packages/kbn-ui-actions-browser/src/types/presentable.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "uiActions", + "id": "def-public.PresentableGroup.id", + "type": "string", + "tags": [], + "label": "id", + "description": [], + "path": "packages/kbn-ui-actions-browser/src/types/presentable.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, { "parentPluginId": "uiActions", "id": "def-public.Trigger", @@ -2547,6 +2590,21 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "uiActions", + "id": "def-public.ADD_PANEL_TRIGGER", + "type": "string", + "tags": [], + "label": "ADD_PANEL_TRIGGER", + "description": [], + "signature": [ + "\"ADD_PANEL_TRIGGER\"" + ], + "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "uiActions", "id": "def-public.FrequentCompatibilityChangeAction", @@ -2677,6 +2735,53 @@ } ], "objects": [ + { + "parentPluginId": "uiActions", + "id": "def-public.addPanelMenuTrigger", + "type": "Object", + "tags": [], + "label": "addPanelMenuTrigger", + "description": [], + "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "uiActions", + "id": "def-public.addPanelMenuTrigger.id", + "type": "string", + "tags": [], + "label": "id", + "description": [], + "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "uiActions", + "id": "def-public.addPanelMenuTrigger.title", + "type": "string", + "tags": [], + "label": "title", + "description": [], + "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "uiActions", + "id": "def-public.addPanelMenuTrigger.description", + "type": "string", + "tags": [], + "label": "description", + "description": [], + "path": "packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, { "parentPluginId": "uiActions", "id": "def-public.rowClickTrigger", diff --git a/api_docs/ui_actions.mdx b/api_docs/ui_actions.mdx index 50b921dcb70dc..c09eb950235fb 100644 --- a/api_docs/ui_actions.mdx +++ b/api_docs/ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActions title: "uiActions" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActions plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActions'] --- import uiActionsObj from './ui_actions.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sh | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 149 | 0 | 103 | 9 | +| 156 | 0 | 110 | 9 | ## Client diff --git a/api_docs/ui_actions_enhanced.mdx b/api_docs/ui_actions_enhanced.mdx index 96740f2dd5071..768df3adbdc41 100644 --- a/api_docs/ui_actions_enhanced.mdx +++ b/api_docs/ui_actions_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActionsEnhanced title: "uiActionsEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActionsEnhanced plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActionsEnhanced'] --- import uiActionsEnhancedObj from './ui_actions_enhanced.devdocs.json'; diff --git a/api_docs/unified_doc_viewer.mdx b/api_docs/unified_doc_viewer.mdx index 64e0ea2fbc985..5eeeb76e2cfdf 100644 --- a/api_docs/unified_doc_viewer.mdx +++ b/api_docs/unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedDocViewer title: "unifiedDocViewer" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedDocViewer plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedDocViewer'] --- import unifiedDocViewerObj from './unified_doc_viewer.devdocs.json'; diff --git a/api_docs/unified_histogram.mdx b/api_docs/unified_histogram.mdx index fdda4b1f4bd26..ddc623867bfed 100644 --- a/api_docs/unified_histogram.mdx +++ b/api_docs/unified_histogram.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedHistogram title: "unifiedHistogram" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedHistogram plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedHistogram'] --- import unifiedHistogramObj from './unified_histogram.devdocs.json'; diff --git a/api_docs/unified_search.mdx b/api_docs/unified_search.mdx index 48cf6714411c7..0111ada9035de 100644 --- a/api_docs/unified_search.mdx +++ b/api_docs/unified_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch title: "unifiedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch'] --- import unifiedSearchObj from './unified_search.devdocs.json'; diff --git a/api_docs/unified_search_autocomplete.mdx b/api_docs/unified_search_autocomplete.mdx index a88cc7e821ae9..efc5a8b638270 100644 --- a/api_docs/unified_search_autocomplete.mdx +++ b/api_docs/unified_search_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch-autocomplete title: "unifiedSearch.autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch.autocomplete plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch.autocomplete'] --- import unifiedSearchAutocompleteObj from './unified_search_autocomplete.devdocs.json'; diff --git a/api_docs/uptime.mdx b/api_docs/uptime.mdx index a4035ffd00259..5e277f4b4aed6 100644 --- a/api_docs/uptime.mdx +++ b/api_docs/uptime.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uptime title: "uptime" image: https://source.unsplash.com/400x175/?github description: API docs for the uptime plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uptime'] --- import uptimeObj from './uptime.devdocs.json'; diff --git a/api_docs/url_forwarding.mdx b/api_docs/url_forwarding.mdx index 8be724d7f6b87..2008139a1cfd3 100644 --- a/api_docs/url_forwarding.mdx +++ b/api_docs/url_forwarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/urlForwarding title: "urlForwarding" image: https://source.unsplash.com/400x175/?github description: API docs for the urlForwarding plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'urlForwarding'] --- import urlForwardingObj from './url_forwarding.devdocs.json'; diff --git a/api_docs/usage_collection.mdx b/api_docs/usage_collection.mdx index 181c6fa0c17fd..3e55fcc6c5750 100644 --- a/api_docs/usage_collection.mdx +++ b/api_docs/usage_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/usageCollection title: "usageCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the usageCollection plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'usageCollection'] --- import usageCollectionObj from './usage_collection.devdocs.json'; diff --git a/api_docs/ux.mdx b/api_docs/ux.mdx index 54fb474a11b88..479b85cdbb13c 100644 --- a/api_docs/ux.mdx +++ b/api_docs/ux.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ux title: "ux" image: https://source.unsplash.com/400x175/?github description: API docs for the ux plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ux'] --- import uxObj from './ux.devdocs.json'; diff --git a/api_docs/vis_default_editor.mdx b/api_docs/vis_default_editor.mdx index b5aaf90d780d3..eca8a308ff7cd 100644 --- a/api_docs/vis_default_editor.mdx +++ b/api_docs/vis_default_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visDefaultEditor title: "visDefaultEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the visDefaultEditor plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visDefaultEditor'] --- import visDefaultEditorObj from './vis_default_editor.devdocs.json'; diff --git a/api_docs/vis_type_gauge.mdx b/api_docs/vis_type_gauge.mdx index 0f55627e941a2..fb2b00b108136 100644 --- a/api_docs/vis_type_gauge.mdx +++ b/api_docs/vis_type_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeGauge title: "visTypeGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeGauge plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeGauge'] --- import visTypeGaugeObj from './vis_type_gauge.devdocs.json'; diff --git a/api_docs/vis_type_heatmap.mdx b/api_docs/vis_type_heatmap.mdx index f3e2ff4bb1525..babe3e984b669 100644 --- a/api_docs/vis_type_heatmap.mdx +++ b/api_docs/vis_type_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeHeatmap title: "visTypeHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeHeatmap plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeHeatmap'] --- import visTypeHeatmapObj from './vis_type_heatmap.devdocs.json'; diff --git a/api_docs/vis_type_pie.mdx b/api_docs/vis_type_pie.mdx index 0ba63b4dbb45f..31e9467e274e6 100644 --- a/api_docs/vis_type_pie.mdx +++ b/api_docs/vis_type_pie.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypePie title: "visTypePie" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypePie plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypePie'] --- import visTypePieObj from './vis_type_pie.devdocs.json'; diff --git a/api_docs/vis_type_table.mdx b/api_docs/vis_type_table.mdx index 1e0f1831d1c21..e7dcabec47a11 100644 --- a/api_docs/vis_type_table.mdx +++ b/api_docs/vis_type_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTable title: "visTypeTable" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTable plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTable'] --- import visTypeTableObj from './vis_type_table.devdocs.json'; diff --git a/api_docs/vis_type_timelion.mdx b/api_docs/vis_type_timelion.mdx index 7567c1bd99f73..b22a6d23cdcc2 100644 --- a/api_docs/vis_type_timelion.mdx +++ b/api_docs/vis_type_timelion.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimelion title: "visTypeTimelion" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimelion plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimelion'] --- import visTypeTimelionObj from './vis_type_timelion.devdocs.json'; diff --git a/api_docs/vis_type_timeseries.mdx b/api_docs/vis_type_timeseries.mdx index 97fc784545235..7bc96cd401558 100644 --- a/api_docs/vis_type_timeseries.mdx +++ b/api_docs/vis_type_timeseries.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimeseries title: "visTypeTimeseries" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimeseries plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimeseries'] --- import visTypeTimeseriesObj from './vis_type_timeseries.devdocs.json'; diff --git a/api_docs/vis_type_vega.mdx b/api_docs/vis_type_vega.mdx index 6796f9e2e31e0..2dab598c3e1e2 100644 --- a/api_docs/vis_type_vega.mdx +++ b/api_docs/vis_type_vega.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVega title: "visTypeVega" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVega plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVega'] --- import visTypeVegaObj from './vis_type_vega.devdocs.json'; diff --git a/api_docs/vis_type_vislib.mdx b/api_docs/vis_type_vislib.mdx index 4f315f33117f1..87e5790e9230b 100644 --- a/api_docs/vis_type_vislib.mdx +++ b/api_docs/vis_type_vislib.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVislib title: "visTypeVislib" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVislib plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVislib'] --- import visTypeVislibObj from './vis_type_vislib.devdocs.json'; diff --git a/api_docs/vis_type_xy.mdx b/api_docs/vis_type_xy.mdx index 7908fc0a6a739..f59ca10a95120 100644 --- a/api_docs/vis_type_xy.mdx +++ b/api_docs/vis_type_xy.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeXy title: "visTypeXy" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeXy plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeXy'] --- import visTypeXyObj from './vis_type_xy.devdocs.json'; diff --git a/api_docs/visualizations.devdocs.json b/api_docs/visualizations.devdocs.json index 5134efed80664..bfea478cf29ce 100644 --- a/api_docs/visualizations.devdocs.json +++ b/api_docs/visualizations.devdocs.json @@ -45,6 +45,17 @@ "deprecated": false, "trackAdoption": false }, + { + "parentPluginId": "visualizations", + "id": "def-public.BaseVisType.order", + "type": "number", + "tags": [], + "label": "order", + "description": [], + "path": "src/plugins/visualizations/public/vis_types/base_vis_type.ts", + "deprecated": false, + "trackAdoption": false + }, { "parentPluginId": "visualizations", "id": "def-public.BaseVisType.description", @@ -4656,6 +4667,20 @@ "path": "src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "visualizations", + "id": "def-public.VisTypeAlias.order", + "type": "number", + "tags": [], + "label": "order", + "description": [], + "signature": [ + "number | undefined" + ], + "path": "src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false @@ -5596,6 +5621,20 @@ "path": "src/plugins/visualizations/public/vis_types/types.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "visualizations", + "id": "def-public.VisTypeDefinition.order", + "type": "number", + "tags": [], + "label": "order", + "description": [], + "signature": [ + "number | undefined" + ], + "path": "src/plugins/visualizations/public/vis_types/types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false @@ -6376,6 +6415,21 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "visualizations", + "id": "def-public.COMMON_VISUALIZATION_GROUPING", + "type": "Array", + "tags": [], + "label": "COMMON_VISUALIZATION_GROUPING", + "description": [], + "signature": [ + "{ id: string; getDisplayName: () => string; getIconType: () => string; order: number; }[]" + ], + "path": "src/plugins/visualizations/public/embeddable/constants.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "visualizations", "id": "def-public.DASHBOARD_VISUALIZATION_PANEL_TRIGGER", diff --git a/api_docs/visualizations.mdx b/api_docs/visualizations.mdx index 3ce8b55666643..94cd5d9f846ad 100644 --- a/api_docs/visualizations.mdx +++ b/api_docs/visualizations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visualizations title: "visualizations" image: https://source.unsplash.com/400x175/?github description: API docs for the visualizations plugin -date: 2024-06-24 +date: 2024-06-27 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visualizations'] --- import visualizationsObj from './visualizations.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/k | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 865 | 12 | 834 | 19 | +| 869 | 12 | 838 | 19 | ## Client diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc index 3e18a1445ff4c..6d42b25d4bce4 100644 --- a/docs/CHANGELOG.asciidoc +++ b/docs/CHANGELOG.asciidoc @@ -10,6 +10,7 @@ Review important information about the {kib} 8.x releases. +* <> * <> * <> * <> @@ -67,6 +68,25 @@ Review important information about the {kib} 8.x releases. * <> -- + +[[release-notes-8.14.2]] +== {kib} 8.14.2 + +The 8.14.2 release includes the following bug fixes. + +[float] +[[fixes-v8.14.2]] +=== Bug Fixes + +Alerting:: +* Rule runs recovered actions without ever running active actions ({kibana-pull}183646[#183646]). +Fleet:: +* Updates health_check endpoint to accept hosts ids ({kibana-pull}185014[#185014]). +Machine Learning:: +* AIOps Log Rate Analysis: Fixes text field selection ({kibana-pull}186176[#186176]). +Presentation:: +* Fixes PresentationPanelError component throwing when error.message is empty string ({kibana-pull}186098[#186098]). + [[release-notes-8.14.1]] == {kib} 8.14.1 @@ -6247,7 +6267,7 @@ Before you upgrade to 8.1.0, review the breaking changes, then mitigate the impa The `/api/reporting/generate/csv` endpoint has been removed. For more information, refer to {kibana-pull}121435[#121435]. *Impact* + -If you are using 7.13.0 and earlier, {kibana-ref-all}/8.1/automating-report-generation.html[regenerate the POST URLs] that you use to automatatically generate CSV reports. +If you are using 7.13.0 and earlier, {kibana-ref-all}/8.1/automating-report-generation.html[regenerate the POST URLs] that you use to automatically generate CSV reports. ==== [discrete] diff --git a/docs/developer/plugin-list.asciidoc b/docs/developer/plugin-list.asciidoc index fc15206bd284d..e4f161ac8f4e5 100644 --- a/docs/developer/plugin-list.asciidoc +++ b/docs/developer/plugin-list.asciidoc @@ -470,10 +470,6 @@ The plugin exposes the static DefaultEditorController class to consume. |WARNING: Missing README. -|{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/asset_manager/README.md[assetManager] -|This plugin provides access to observed asset data, such as information about hosts, pods, containers, services, and more. - - |{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/assets_data_access[assetsDataAccess] |WARNING: Missing README. @@ -573,6 +569,10 @@ security and spaces filtering. |This plugin provides Kibana user interfaces for managing the Enterprise Search solution and its products, App Search and Workplace Search. +|{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/entity_manager/README.md[entityManager] +|This plugin provides access to observed asset data, such as information about hosts, pods, containers, services, and more. + + |{kib-repo}blob/{branch}/x-pack/plugins/event_log/README.md[eventLog] |The event log plugin provides a persistent history of alerting and action activities. diff --git a/docs/management/connectors/action-types/gemini.asciidoc b/docs/management/connectors/action-types/gemini.asciidoc index d1693f0b5ec28..6ba03f247461a 100644 --- a/docs/management/connectors/action-types/gemini.asciidoc +++ b/docs/management/connectors/action-types/gemini.asciidoc @@ -31,7 +31,7 @@ Name:: The name of the connector. API URL:: The {gemini} request URL. PROJECT ID:: The project which has Vertex AI endpoint enabled. Region:: The GCP region where the Vertex AI endpoint enabled. -Default model:: The GAI model for {gemini} to use. Current support is for the Google Gemini models, defaulting to gemini-1.5-pro-preview-0409. The model can be set on a per request basis by including a "model" parameter alongside the request body. +Default model:: The GAI model for {gemini} to use. Current support is for the Google Gemini models, defaulting to gemini-1.5-pro-001. The model can be set on a per request basis by including a "model" parameter alongside the request body. Credentials JSON:: The GCP service account JSON file for authentication. [float] diff --git a/docs/management/connectors/pre-configured-connectors.asciidoc b/docs/management/connectors/pre-configured-connectors.asciidoc index 893e2c03e93bf..919661276aa64 100644 --- a/docs/management/connectors/pre-configured-connectors.asciidoc +++ b/docs/management/connectors/pre-configured-connectors.asciidoc @@ -148,7 +148,7 @@ xpack.actions.preconfigured: actionTypeId: .bedrock config: apiUrl: https://bedrock-runtime.us-east-1.amazonaws.com <1> - defaultModel: anthropic.claude-3-sonnet-20240229-v1:0 <2> + defaultModel: anthropic.claude-3-5-sonnet-20240620-v1:0 <2> secrets: accessKey: key-value <3> secret: secret-value <4> diff --git a/docs/settings/alert-action-settings.asciidoc b/docs/settings/alert-action-settings.asciidoc index 6528e1a60b7bc..66dd681f534b1 100644 --- a/docs/settings/alert-action-settings.asciidoc +++ b/docs/settings/alert-action-settings.asciidoc @@ -341,8 +341,8 @@ For a <>, specifies a string f The default model to use for requests, which varies by connector: + -- -* For an <>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-3-sonnet-20240229-v1:0`. -* For a <>, current support is for the Gemini models. Defaults to `gemini-1.5-pro-preview-0409`. +* For an <>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-3-5-sonnet-20240620-v1:0`. +* For a <>, current support is for the Gemini models. Defaults to `gemini-1.5-pro-001`. * For a <>, it is optional and applicable only when `xpack.actions.preconfigured..config.apiProvider` is `OpenAI`. -- diff --git a/docs/settings/reporting-settings.asciidoc b/docs/settings/reporting-settings.asciidoc index f871f72db22c0..87ee0b9bac099 100644 --- a/docs/settings/reporting-settings.asciidoc +++ b/docs/settings/reporting-settings.asciidoc @@ -245,6 +245,7 @@ Choose the API method used to page through data during CSV export. Valid options [NOTE] ============ Each method has its own unique limitations which are important to understand. + * Scroll API: Search is limited to 500 shards at the very most. In cases where data shards are unavailable or time out, the export may return partial data. * PIT API: Permissions to read data aliases alone will not work: the permissions are needed on the underlying indices or datastreams. In cases where data shards are unavailable or time out, the export will be empty rather than returning partial data. ============ diff --git a/docs/user/reporting/index.asciidoc b/docs/user/reporting/index.asciidoc index 338b2bc53a55a..5075caad71813 100644 --- a/docs/user/reporting/index.asciidoc +++ b/docs/user/reporting/index.asciidoc @@ -171,3 +171,5 @@ NOTE: *Public URL* is available only when anonymous access is configured and you include::automating-report-generation.asciidoc[] include::reporting-troubleshooting.asciidoc[] +include::reporting-csv-troubleshooting.asciidoc[leveloffset=+1] +include::reporting-pdf-troubleshooting.asciidoc[leveloffset=+1] \ No newline at end of file diff --git a/docs/user/reporting/reporting-csv-troubleshooting.asciidoc b/docs/user/reporting/reporting-csv-troubleshooting.asciidoc new file mode 100644 index 0000000000000..a0eb782ce3d3b --- /dev/null +++ b/docs/user/reporting/reporting-csv-troubleshooting.asciidoc @@ -0,0 +1,90 @@ +[[reporting-troubleshooting-csv]] +== Troubleshooting CSV reports +++++ +CSV +++++ + +The CSV export feature in Kibana makes queries to Elasticsearch and formats the results into CSV. +This feature offers a solution that attempts to provide the most benefit to the most use cases. +However, things could go wrong during export. +Elasticsearch can stop responding, repeated querying can take so long that authentication tokens can time +out, and the format of exported data can be too complex for spreadsheet applications to handle. +Such situations are outside of the control of Kibana. +If the use case becomes complex enough, it's recommended that you create scripts that query Elasticsearch directly, using a scripting language like Python and the public {es} APIs. + +For more advice about common problems, refer to <>. + +[NOTE] +============ +It is recommended that you use CSV reports to export moderate amounts of data only. +The feature enables analysis of data in external tools, but it's not intended for bulk export or to backup {es} data. +If you need to export more than 250 MB of CSV, rather than increasing <>, use +filters to create multiple smaller reports or extract the data you need directly from {es}. + +The following deployment configurations may lead to failed report jobs or incomplete reports: + +* Any shard needed for search is unavailable. +* Data is stored on slow storage tiers. +* Network latency between nodes is high. +* {ccs-cap} is used. + +To export large amounts of data, use {es} APIs directly. +Check out the {ref}/point-in-time-api.html[Point in time API] or {ref}/sql-rest-format.html#_csv[SQL with CSV response data format]. +============ + +[float] +[[reporting-troubleshooting-csv-configure-scan-api]] +=== Configuring CSV export to use the scroll API + +The Kibana CSV export feature collects all of the data from Elasticsearch by using multiple requests to page +over all of the documents. +Internally, the feature uses the {ref}/point-in-time-api.html[Point in time API and +`search_after` parameters in the queries] to do so. +There are some limitations related to the point in time API: + +1. Permissions to read data aliases alone will not work: the permissions are needed on the underlying indices or data streams. +2. In cases where data shards are unavailable or time out, the export will be empty rather than returning partial data. + +Some users may benefit from using the {ref}/paginate-search-results.html#scroll-search-results[scroll API], an +alternative to paging through the data. +The behavior of this API does not have the limitations of point in time API, however it has its own limitations: + +1. Search is limited to 500 shards at the very most. +2. In cases where the data shards are unavailable or time out, the export may return partial data. + +If you prefer the internal implementation of CSV export to use the scroll API, you can configure this in +`kibana.yml`: + +[source,yml] +------------------------------------------- +xpack.reporting.csv.scroll.strategy: scroll +------------------------------------------- + +For more details about CSV export settings, go to <>. + +[float] +[[reporting-troubleshooting-csv-socket-hangup]] +=== Socket hangups + +A "socket hangup" is a generic type of error meaning that a remote service (in this case Elasticsearch or a proxy in Cloud) closed the connection. +Kibana can't foresee when this might happen and can't force the remote service to keep the connection open. +To work around this situation, consider lowering the size of results that come back in each request or increase the amount of time the remote services will +allow to keep the request open. +For example: + +[source,yml] +--------------------------------------- +xpack.reporting.csv.scroll.size: 50 +xpack.reporting.csv.scroll.duration: 2m +--------------------------------------- + +Such changes aren't guaranteed to solve the issue, but give the functionality a better +chance of working in this use case. +Unfortunately, lowering the scroll size will require more requests to Elasticsearch during export, which adds more time overhead, which could unintentionally create more instances of auth token expiration errors. + +[float] +[[reporting-troubleshooting-csv-token-expired]] +=== Token expiration + +To avoid token expirations, use a type of authentication that doesn't expire (such as Basic auth) or run the export using scripts that query Elasticsearch directly. +In a custom script, you have the ability to refresh the auth token as needed, such as once before each query. diff --git a/docs/user/reporting/reporting-pdf-troubleshooting.asciidoc b/docs/user/reporting/reporting-pdf-troubleshooting.asciidoc new file mode 100644 index 0000000000000..9ea3ff6aa3721 --- /dev/null +++ b/docs/user/reporting/reporting-pdf-troubleshooting.asciidoc @@ -0,0 +1,136 @@ +[[reporting-troubleshooting-pdf]] +== Troubleshooting PDF and PNG reports +++++ +PDF/PNG +++++ + +For the most reliable configuration of PDF/PNG {report-features}, consider installing {kib} using <> or using <>. + +For more advice about common problems, refer to <>. + +[float] +[[reporting-diagnostics]] +=== Reporting diagnostics +Reporting comes with a built-in utility to try to automatically find common issues. +When {kib} is running, navigate to the *Report Listing* page, and click *Run reporting diagnostics*. +This will open up a diagnostic tool that checks various parts of the {kib} deployment and comes up with any relevant recommendations. + +If the diagnostic information doesn't reveal the problem, you can troubleshoot further by starting the Kibana server with an environment variable for revealing additional debugging logs. +Refer to <>. + +[float] +[[reporting-troubleshooting-nss-dependency]] +=== Network security service libraries + +You must install Network Security Service (NSS) libraries for {report-features} to work. +Reporting using the Chromium browser relies on these libraries. +Install the appropriate nss package for your distribution. +Refer to <>. + +[float] +[[reporting-troubleshooting-sandbox-dependency]] +=== Chromium sandbox requirements + +Chromium uses sandboxing techniques that are built on top of operating system primitives. +The Linux sandbox depends on user namespaces, which were introduced with the 3.8 Linux kernel. +However, many distributions don't have user namespaces enabled by default or they require the CAP_SYS_ADMIN capability. +If the sandbox is not explicitly disabled in Kibana, either based on operating system detection or with the `xpack.screenshotting.browser.chromium.disableSandbox` setting, Chrome will try to enable the sandbox. +If it fails due to operating system or permissions restrictions, Chrome will crash during initialization. + +Elastic recommends that you research the feasibility of enabling unprivileged user namespaces before disabling the sandbox. +An exception is if you are running Kibana in Docker because the container runs in a user namespace with the built-in seccomp/bpf filters. + +[float] +[[reporting-troubleshooting-text-incorrect]] +=== Text rendered incorrectly in generated reports + +If a report label is rendered as an empty rectangle, no system fonts are available. +Install at least one font package on the system. + +If the report is missing certain Chinese, Japanese or Korean characters, ensure that a system font with those characters is installed. + +[float] +[[reporting-troubleshooting-missing-data]] +=== Missing data in PDF report of data table visualization + +There is currently a known limitation with the data table visualization that only the first page of data rows, which are the only data +visible on the screen, are shown in PDF reports. + +[float] +[[reporting-troubleshooting-pdf-connection-refused]] +=== Connection refused errors + +If PDF or PNG reports are not working due to a "connection refused" or "unable to connect" type of error, ensure that the `kibana.yml` +file uses the setting of `server.host: 0.0.0.0`. +Also verify that no firewall rules or other routing rules prevent local services from accessing this address. +Find out more at <>. + +[float] +[[reporting-troubleshooting-file-permissions]] +=== File permissions + +Ensure that the `headless_shell` binary located in your Kibana data directory is owned by the user who is running Kibana, that the +user has the execute permission, and if applicable, that the filesystem is mounted with the `exec` option. + +[NOTE] +-- +The Chromium binary is located in the Kibana installation directory as `data/headless_shell-OS_TYPE/headless_shell`. +The full path is logged the first time Kibana starts when verbose logging is enabled. +-- + +[float] +[[reporting-troubleshooting-puppeteer-debug-logs]] +=== Puppeteer debug logs + +The Chromium browser that {kib} launches on the server is driven by a NodeJS library for Chromium called Puppeteer. +The Puppeteer library has its own command-line method to generate its own debug logs, which can sometimes be helpful, particularly to figure out if a problem is caused by Kibana or Chromium. +Learn more https://github.com/GoogleChrome/puppeteer/blob/v1.19.0/README.md#debugging-tips[debugging tips]. + +Using Puppeteer's debug method when launching Kibana would look like: +``` +env DEBUG="puppeteer:*" ./bin/kibana +``` +The internal DevTools protocol traffic will be logged via the `debug` module under the `puppeteer` namespace. + +The Puppeteer logs are very verbose and could possibly contain sensitive information. +Handle the generated output with care. + +[float] +[[reporting-troubleshooting-system-requirements]] +=== System requirements + +In Elastic Cloud, the {kib} instances that most configurations provide by default is for 1GB of RAM for the instance. +That is enough for {kib} {report-features} when the visualization or dashboard is relatively simple, such as a single pie chart or a dashboard with a few visualizations. +However, certain visualization types incur more load than others. +For example, a TSVB panel has a lot of network requests to render. + +If the {kib} instance doesn't have enough memory to run the report, the report fails with an error such as `Error: Page crashed!`. +In this case, try increasing the memory for the {kib} instance to 2GB. + +[float] +[[reporting-troubleshooting-maps-ems]] +=== Unable to connect to Elastic Maps Service + +https://www.elastic.co/elastic-maps-service[{ems} ({ems-init})] is a service that hosts tile layers and vector shapes of administrative boundaries. +If a report contains a map with a missing basemap layer or administrative boundary, the {kib} server does not have access to {ems-init}. +Refer to <> for information about how to connect your {kib} server to {ems-init}. + +[float] +[[reporting-manual-chromium-install]] +=== Manually install the Chromium browser for Darwin + +Chromium is not embedded into {kib} for the Darwin (Mac OS) architecture. +When running {kib} on Darwin, {report-features} will download Chromium into the proper area of the {kib} installation path the first time the server starts. +If the server does not have access to the internet, you must download the Chromium browser and install it into the {kib} installation path. + +1. Download the Chromium zip file: + +** For https://commondatastorage.googleapis.com/chromium-browser-snapshots/Mac/901912/chrome-mac.zip[x64] systems +** For https://commondatastorage.googleapis.com/chromium-browser-snapshots/Mac_Arm/901913/chrome-mac.zip[ARM] systems + +2. Copy the zip file into the holding area. Relative to the root directory of {kib}, the path is: + +** `.chromium/x64` for x64 systems +** `.chromium/arm64` for ARM systems + +When {kib} starts, it will automatically extract the browser from the zip file and is then ready for PNG and PDF reports. diff --git a/docs/user/reporting/reporting-troubleshooting.asciidoc b/docs/user/reporting/reporting-troubleshooting.asciidoc index 72b94c02a6ebc..814c2e48f15d9 100644 --- a/docs/user/reporting/reporting-troubleshooting.asciidoc +++ b/docs/user/reporting/reporting-troubleshooting.asciidoc @@ -1,73 +1,31 @@ -[role="xpack"] [[reporting-troubleshooting]] -== Reporting troubleshooting +== Troubleshooting {report-features} ++++ Troubleshooting ++++ -Having trouble? Here are solutions to common problems you might encounter while using Reporting. +Kibana excels as a data visualization tool. The {report-features} exist to export data as simple reports, however Kibana is not a data export tool. +To export data at a large scale, there are better ways and better architectures for exporting data at scale from Elasticsearch. -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> -* <> - -[float] -[[reporting-diagnostics]] -=== Reporting diagnostics -Reporting comes with a built-in utility to try to automatically find common issues. When {kib} is running, -navigate to the Report Listing page, and click *Run reporting diagnostics*. This will open up a diagnostic tool -that checks various parts of the {kib} deployment and come up with any relevant recommendations. - -If the diagnostic information doesn't reveal the problem, you can troubleshoot further by starting the Kibana -server with an environment variable for revealing additional debugging logs. Refer to -<>. - -[float] -[[reporting-troubleshooting-text-incorrect]] -=== Text rendered incorrectly in generated reports - -If a report label is rendered as an empty rectangle, no system fonts are available. Install at least one font package on the system. - -If the report is missing certain Chinese, Japanese or Korean characters, ensure that a system font with those characters is installed. - -[float] -[[reporting-troubleshooting-missing-data]] -=== Missing data in PDF report of data table visualization -There is currently a known limitation with the Data Table visualization that only the first page of data rows, which are the only data -visible on the screen, are shown in PDF reports. - -[float] -[[reporting-troubleshooting-file-permissions]] -=== File permissions -Ensure that the `headless_shell` binary located in your Kibana data directory is owned by the user who is running Kibana, that the -user has the execute permission, and if applicable, that the filesystem is mounted with the `exec` option. - -[NOTE] --- -The Chromium binary is located in the Kibana installation directory as `data/headless_shell-OS_TYPE/headless_shell`. The full path is logged -the first time Kibana starts when verbose logging is enabled. --- +If you have trouble creating simple reports, there are some general solutions to common problems you might encounter while using {report-features}. +For tips related to specific types of reports, refer to <> and <>. [float] [[reporting-troubleshooting-error-messages]] === Error messages -Whenever possible, a Reporting error message tries to be as self-explanatory as possible. Here are some error messages you might encounter, -along with the solution. + +There are some common solutions for error messages that you might encounter in {report-features}. [float] -==== `StatusCodeError: [version_conflict_engine_exception]` -If you are running multiple instances of {kib} in a cluster, the instances share the work of executing report jobs to evenly distribute -the work load. Each instance searches the reporting index for "pending" jobs that the user has requested. It is possible for -multiple instances to find the same job in these searches. Only the instance that successfully updated the job status to -"processing" will actually execute the report job. The other instances that unsuccessfully tried to make the same update will log -something similar to this: +[[reporting-troubleshooting-version-conflict-exception]] +==== Version conflict engine exceptions + +If you are running multiple instances of {kib} in a cluster, the instances share the work of running report jobs to evenly distribute the workload. +Each instance searches the reporting index for "pending" jobs that the user has requested. +It is possible for multiple instances to find the same job in these searches. +Only the instance that successfully updated the job status to "processing" will actually run the report job. +The other instances that unsuccessfully tried to make the same update will log something similar to this: [source,text] -------------------------------------------------------------------------------- @@ -85,103 +43,34 @@ StatusCodeError: [version_conflict_engine_exception] [...]: version conflict, re } -------------------------------------------------------------------------------- -These messages alone don't indicate a problem. They show normal events that happen in a healthy system. +These messages alone don't indicate a problem. +They show normal events that happen in a healthy system. [float] ==== Max attempts reached -There are two primary causes of this error: - -* You're creating a PDF of a visualization or dashboard that spans a large amount of data and Kibana is hitting the `xpack.reporting.queue.timeout` - -* Kibana is hosted behind a reverse-proxy, and the <> are not configured correctly -Create a Markdown visualization and then create a PDF report. If this succeeds, increase the `xpack.reporting.queue.timeout` setting. If the -PDF report fails with "Max attempts reached," check your <>. +There are two primary causes for a "Max attempts reached" error: -[float] -[[reporting-troubleshooting-nss-dependency]] -==== You must install nss for Reporting to work -Reporting using the Chromium browser relies on the Network Security Service libraries (NSS). Install the appropriate nss package for your -distribution. +* You're creating a PDF of a visualization or dashboard that spans a large amount of data and Kibana is hitting the `xpack.reporting.queue.timeout` -[float] -[[reporting-troubleshooting-sandbox-dependency]] -==== Unable to use Chromium sandbox -Chromium uses sandboxing techniques that are built on top of operating system primitives. The Linux sandbox depends on user namespaces, -which were introduced with the 3.8 Linux kernel. However, many distributions don't have user namespaces enabled by default, or they require -the CAP_SYS_ADMIN capability. If the sandbox is not explicitly disabled in Kibana, either based on OS detection or with the -`xpack.screenshotting.browser.chromium.disableSandbox` setting, Chrome will try to enable the sandbox. If it fails due to OS or permissions -restrictions, Chrome will crash during initialization. +* Kibana is hosted behind a reverse-proxy, and the <> are not configured correctly -Elastic recommends that you research the feasibility of enabling unprivileged user namespaces before disabling the sandbox. An exception -is if you are running Kibana in Docker because the container runs in a user namespace with the built-in seccomp/bpf filters. +Create a Markdown visualization and then create a PDF report. +If this succeeds, increase the `xpack.reporting.queue.timeout` setting. +If the +PDF report fails with "Max attempts reached," check your <>. [float] [[reporting-troubleshooting-verbose-logs]] -=== Verbose logs -{kib} server logs have a lot of useful information for troubleshooting and understanding how things work. If you're having any issues at -all, the full logs from Reporting will be the first place to look. In `kibana.yml`: +=== Verbose logging + +{kib} server logs have a lot of useful information for troubleshooting and understanding how things work. +The full logs from {report-features} are a good place to look when you encounter problems. +In `kibana.yml`: [source,yaml] -------------------------------------------------------------------------------- logging.root.level: all -------------------------------------------------------------------------------- -For more information about logging, see <>. - -[float] -[[reporting-troubleshooting-puppeteer-debug-logs]] -=== Puppeteer debug logs -The Chromium browser that {kib} launches on the server is driven by a NodeJS library for Chromium called Puppeteer. The Puppeteer library -has its own command-line method to generate its own debug logs, which can sometimes be helpful, particularly to figure out if a problem is -caused by Kibana or Chromium. See more at https://github.com/GoogleChrome/puppeteer/blob/v1.19.0/README.md#debugging-tips[debugging tips]. - -Using Puppeteer's debug method when launching Kibana would look like: -``` -env DEBUG="puppeteer:*" ./bin/kibana -``` -The internal DevTools protocol traffic will be logged via the `debug` module under the `puppeteer` namespace. - - -The Puppeteer logs are very verbose and could possibly contain sensitive information. Handle the generated output with care. - -[float] -[[reporting-troubleshooting-system-requirements]] -=== System requirements -In Elastic Cloud, the {kib} instances that most configurations provide by default is for 1GB of RAM for the instance. That is enough for -{kib} Reporting when the visualization or dashboard is relatively simple, such as a single pie chart or a dashboard with -a few visualizations. However, certain visualization types incur more load than others. For example, a TSVB panel has a lot of network -requests to render. - -If the {kib} instance doesn't have enough memory to run the report, the report fails with an error such as `Error: Page crashed!` -In this case, try increasing the memory for the {kib} instance to 2GB. - -[float] -[[reporting-troubleshooting-maps-ems]] -=== Unable to connect to Elastic Maps Service - -https://www.elastic.co/elastic-maps-service[{ems} ({ems-init})] is a service that hosts -tile layers and vector shapes of administrative boundaries. -If a report contains a map with a missing basemap layer or administrative boundary, the {kib} server does not have access to {ems-init}. -See <> for information on how to connect your {kib} server to {ems-init}. - -[float] -[[reporting-manual-chromium-install]] -=== Manually install the Chromium browser for Darwin -Chromium is not embedded into {kib} for the Darwin (Mac OS) architecture. When -running {kib} on Darwin, Reporting will download Chromium into the proper area of -the {kib} installation path the first time the server starts. If the server -does not have access to the Internet, you must download the -Chromium browser and install it into the {kib} installation path. - -1. Download the Chromium zip file: - -** For https://commondatastorage.googleapis.com/chromium-browser-snapshots/Mac/901912/chrome-mac.zip[x64] systems -** For https://commondatastorage.googleapis.com/chromium-browser-snapshots/Mac_Arm/901913/chrome-mac.zip[ARM] systems - -2. Copy the zip file into the holding area. Relative to the root directory of {kib}, the path is: - -** `.chromium/x64` for x64 systems -** `.chromium/arm64` for ARM systems - -When {kib} starts, it will automatically extract the browser from the zip file, and is then ready for PNG and PDF reports. +For more information about logging, check out <>. diff --git a/examples/embeddable_examples/public/react_embeddables/data_table/create_data_table_action.ts b/examples/embeddable_examples/public/react_embeddables/data_table/create_data_table_action.ts index 9971535e148dd..6364073ade676 100644 --- a/examples/embeddable_examples/public/react_embeddables/data_table/create_data_table_action.ts +++ b/examples/embeddable_examples/public/react_embeddables/data_table/create_data_table_action.ts @@ -9,7 +9,11 @@ import { i18n } from '@kbn/i18n'; import { apiIsPresentationContainer } from '@kbn/presentation-containers'; import { EmbeddableApiContext } from '@kbn/presentation-publishing'; -import { IncompatibleActionError, UiActionsStart } from '@kbn/ui-actions-plugin/public'; +import { + IncompatibleActionError, + UiActionsStart, + ADD_PANEL_TRIGGER, +} from '@kbn/ui-actions-plugin/public'; import { embeddableExamplesGrouping } from '../embeddable_examples_grouping'; import { ADD_DATA_TABLE_ACTION_ID, DATA_TABLE_ID } from './constants'; @@ -39,5 +43,5 @@ export const registerCreateDataTableAction = (uiActions: UiActionsStart) => { defaultMessage: 'Data table', }), }); - uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_DATA_TABLE_ACTION_ID); + uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_DATA_TABLE_ACTION_ID); }; diff --git a/examples/embeddable_examples/public/react_embeddables/embeddable_examples_grouping.ts b/examples/embeddable_examples/public/react_embeddables/embeddable_examples_grouping.ts index fa2ecd03b5d25..4c7f52d261fcb 100644 --- a/examples/embeddable_examples/public/react_embeddables/embeddable_examples_grouping.ts +++ b/examples/embeddable_examples/public/react_embeddables/embeddable_examples_grouping.ts @@ -10,4 +10,5 @@ export const embeddableExamplesGrouping = { id: 'embeddableExamples', getIconType: () => 'documentation', getDisplayName: () => 'Embeddable examples', + order: -10, }; diff --git a/examples/embeddable_examples/public/react_embeddables/eui_markdown/create_eui_markdown_action.tsx b/examples/embeddable_examples/public/react_embeddables/eui_markdown/create_eui_markdown_action.tsx index 81c23a4d960b8..c5eb2d72cc479 100644 --- a/examples/embeddable_examples/public/react_embeddables/eui_markdown/create_eui_markdown_action.tsx +++ b/examples/embeddable_examples/public/react_embeddables/eui_markdown/create_eui_markdown_action.tsx @@ -9,7 +9,11 @@ import { i18n } from '@kbn/i18n'; import { apiCanAddNewPanel } from '@kbn/presentation-containers'; import { EmbeddableApiContext } from '@kbn/presentation-publishing'; -import { IncompatibleActionError, UiActionsStart } from '@kbn/ui-actions-plugin/public'; +import { + IncompatibleActionError, + UiActionsStart, + ADD_PANEL_TRIGGER, +} from '@kbn/ui-actions-plugin/public'; import { embeddableExamplesGrouping } from '../embeddable_examples_grouping'; import { ADD_EUI_MARKDOWN_ACTION_ID, EUI_MARKDOWN_ID } from './constants'; import { MarkdownEditorSerializedState } from './types'; @@ -41,7 +45,7 @@ export const registerCreateEuiMarkdownAction = (uiActions: UiActionsStart) => { defaultMessage: 'EUI Markdown', }), }); - uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_EUI_MARKDOWN_ACTION_ID); + uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_EUI_MARKDOWN_ACTION_ID); if (uiActions.hasTrigger('ADD_CANVAS_ELEMENT_TRIGGER')) { // Because Canvas is not enabled in Serverless, this trigger might not be registered - only attach // the create action if the Canvas-specific trigger does indeed exist. diff --git a/examples/embeddable_examples/public/react_embeddables/field_list/create_field_list_action.tsx b/examples/embeddable_examples/public/react_embeddables/field_list/create_field_list_action.tsx index e05868e7737d1..175c3119955a2 100644 --- a/examples/embeddable_examples/public/react_embeddables/field_list/create_field_list_action.tsx +++ b/examples/embeddable_examples/public/react_embeddables/field_list/create_field_list_action.tsx @@ -9,7 +9,7 @@ import { i18n } from '@kbn/i18n'; import { apiCanAddNewPanel } from '@kbn/presentation-containers'; import { EmbeddableApiContext } from '@kbn/presentation-publishing'; -import { IncompatibleActionError } from '@kbn/ui-actions-plugin/public'; +import { IncompatibleActionError, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; import { UiActionsPublicStart } from '@kbn/ui-actions-plugin/public/plugin'; import { embeddableExamplesGrouping } from '../embeddable_examples_grouping'; import { ADD_FIELD_LIST_ACTION_ID, FIELD_LIST_ID } from './constants'; @@ -34,5 +34,5 @@ export const registerCreateFieldListAction = (uiActions: UiActionsPublicStart) = defaultMessage: 'Field list', }), }); - uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_FIELD_LIST_ACTION_ID); + uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_FIELD_LIST_ACTION_ID); }; diff --git a/examples/embeddable_examples/public/react_embeddables/saved_book/create_saved_book_action.tsx b/examples/embeddable_examples/public/react_embeddables/saved_book/create_saved_book_action.tsx index 6916bd38cc28d..eaaa607f76001 100644 --- a/examples/embeddable_examples/public/react_embeddables/saved_book/create_saved_book_action.tsx +++ b/examples/embeddable_examples/public/react_embeddables/saved_book/create_saved_book_action.tsx @@ -10,7 +10,7 @@ import { CoreStart } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; import { apiIsPresentationContainer } from '@kbn/presentation-containers'; import { EmbeddableApiContext } from '@kbn/presentation-publishing'; -import { IncompatibleActionError } from '@kbn/ui-actions-plugin/public'; +import { IncompatibleActionError, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; import { UiActionsPublicStart } from '@kbn/ui-actions-plugin/public/plugin'; import { embeddableExamplesGrouping } from '../embeddable_examples_grouping'; import { @@ -67,5 +67,5 @@ export const registerCreateSavedBookAction = (uiActions: UiActionsPublicStart, c defaultMessage: 'Book', }), }); - uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_SAVED_BOOK_ACTION_ID); + uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_SAVED_BOOK_ACTION_ID); }; diff --git a/examples/embeddable_examples/public/react_embeddables/search/register_add_search_panel_action.tsx b/examples/embeddable_examples/public/react_embeddables/search/register_add_search_panel_action.tsx index 945e969187631..1bffd091164b0 100644 --- a/examples/embeddable_examples/public/react_embeddables/search/register_add_search_panel_action.tsx +++ b/examples/embeddable_examples/public/react_embeddables/search/register_add_search_panel_action.tsx @@ -8,7 +8,11 @@ import { apiCanAddNewPanel } from '@kbn/presentation-containers'; import { EmbeddableApiContext } from '@kbn/presentation-publishing'; -import { IncompatibleActionError, UiActionsStart } from '@kbn/ui-actions-plugin/public'; +import { + IncompatibleActionError, + type UiActionsStart, + ADD_PANEL_TRIGGER, +} from '@kbn/ui-actions-plugin/public'; import { embeddableExamplesGrouping } from '../embeddable_examples_grouping'; import { ADD_SEARCH_ACTION_ID, SEARCH_EMBEDDABLE_ID } from './constants'; import { SearchSerializedState } from './types'; @@ -33,7 +37,7 @@ export const registerAddSearchPanelAction = (uiActions: UiActionsStart) => { ); }, }); - uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_SEARCH_ACTION_ID); + uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_SEARCH_ACTION_ID); if (uiActions.hasTrigger('ADD_CANVAS_ELEMENT_TRIGGER')) { // Because Canvas is not enabled in Serverless, this trigger might not be registered - only attach // the create action if the Canvas-specific trigger does indeed exist. diff --git a/package.json b/package.json index 55eb4bfd3daec..ee4a5ca4a65df 100644 --- a/package.json +++ b/package.json @@ -104,10 +104,10 @@ "@elastic/apm-rum": "^5.16.0", "@elastic/apm-rum-core": "^5.21.0", "@elastic/apm-rum-react": "^2.0.2", - "@elastic/charts": "66.0.3", + "@elastic/charts": "66.0.4", "@elastic/datemath": "5.0.3", "@elastic/ecs": "^8.11.1", - "@elastic/elasticsearch": "^8.13.1", + "@elastic/elasticsearch": "^8.14.0", "@elastic/ems-client": "8.5.1", "@elastic/eui": "95.1.0-backport.0", "@elastic/filesaver": "1.1.2", @@ -176,7 +176,6 @@ "@kbn/apm-utils": "link:packages/kbn-apm-utils", "@kbn/app-link-test-plugin": "link:test/plugin_functional/plugins/app_link_test", "@kbn/application-usage-test-plugin": "link:x-pack/test/usage_collection/plugins/application_usage_test", - "@kbn/assetManager-plugin": "link:x-pack/plugins/observability_solution/asset_manager", "@kbn/assets-data-access-plugin": "link:x-pack/plugins/observability_solution/assets_data_access", "@kbn/audit-log-plugin": "link:x-pack/test/security_api_integration/plugins/audit_log", "@kbn/banners-plugin": "link:x-pack/plugins/banners", @@ -446,6 +445,7 @@ "@kbn/encrypted-saved-objects-plugin": "link:x-pack/plugins/encrypted_saved_objects", "@kbn/enterprise-search-plugin": "link:x-pack/plugins/enterprise_search", "@kbn/entities-schema": "link:x-pack/packages/kbn-entities-schema", + "@kbn/entityManager-plugin": "link:x-pack/plugins/observability_solution/entity_manager", "@kbn/error-boundary-example-plugin": "link:examples/error_boundary", "@kbn/es-errors": "link:packages/kbn-es-errors", "@kbn/es-query": "link:packages/kbn-es-query", @@ -737,6 +737,8 @@ "@kbn/search-response-warnings": "link:packages/kbn-search-response-warnings", "@kbn/search-types": "link:packages/kbn-search-types", "@kbn/searchprofiler-plugin": "link:x-pack/plugins/searchprofiler", + "@kbn/security-api-key-management": "link:x-pack/packages/security/api_key_management", + "@kbn/security-form-components": "link:x-pack/packages/security/form_components", "@kbn/security-hardening": "link:packages/kbn-security-hardening", "@kbn/security-plugin": "link:x-pack/plugins/security", "@kbn/security-plugin-types-common": "link:x-pack/packages/security/plugin_types_common", @@ -935,7 +937,7 @@ "@langchain/langgraph": "^0.0.23", "@langchain/openai": "^0.0.34", "@langtrase/trace-attributes": "^3.0.8", - "@launchdarkly/node-server-sdk": "^9.4.5", + "@launchdarkly/node-server-sdk": "^9.4.6", "@loaders.gl/core": "^3.4.7", "@loaders.gl/json": "^3.4.7", "@loaders.gl/shapefile": "^3.4.7", @@ -1398,7 +1400,7 @@ "@mapbox/vector-tile": "1.3.1", "@octokit/rest": "^17.11.2", "@parcel/watcher": "^2.1.0", - "@redocly/cli": "^1.12.0", + "@redocly/cli": "^1.16.0", "@statoscope/webpack-plugin": "^5.28.2", "@storybook/addon-a11y": "^6.5.16", "@storybook/addon-actions": "^6.5.16", diff --git a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.isolated.test.ts b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.isolated.test.ts index b2a30d24a7bee..a339025003062 100644 --- a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.isolated.test.ts +++ b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.isolated.test.ts @@ -22,7 +22,7 @@ const hitToSavedObject = (hit: estypes.SearchHit): SavedObject => { const type = hit._source.type; return { type, - id: hit._id, + id: hit._id!, references: [], attributes: hit._source[type], }; diff --git a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.test.ts b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.test.ts index 755d535b3bd2b..daf636aebb850 100644 --- a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.test.ts +++ b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/apis/find.test.ts @@ -262,7 +262,7 @@ describe('find', () => { noNamespaceSearchResults.hits.hits.forEach((doc, i) => { expect(response.saved_objects[i]).toEqual({ - id: doc._id.replace(/(index-pattern|config|globalType)\:/, ''), + id: doc._id!.replace(/(index-pattern|config|globalType)\:/, ''), type: doc._source!.type, originId: doc._source!.originId, ...mockTimestampFields, @@ -293,7 +293,7 @@ describe('find', () => { namespacedSearchResults.hits.hits.forEach((doc, i) => { expect(response.saved_objects[i]).toEqual({ - id: doc._id.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''), + id: doc._id!.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''), type: doc._source!.type, originId: doc._source!.originId, ...mockTimestampFields, @@ -337,7 +337,7 @@ describe('find', () => { ); expectMigrationArgs({ type, - id: noNamespaceSearchResults.hits.hits[0]._id.replace( + id: noNamespaceSearchResults.hits.hits[0]._id!.replace( /(index-pattern|config|globalType)\:/, '' ), diff --git a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.security_extension.test.ts b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.security_extension.test.ts index 74d0e85785e12..ef6d9bc2d6bc5 100644 --- a/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.security_extension.test.ts +++ b/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/repository.security_extension.test.ts @@ -769,7 +769,7 @@ describe('SavedObjectsRepository Security Extension', () => { expect(result.saved_objects).toHaveLength(4); generatedResults.hits.hits.forEach((doc, i) => { expect(result.saved_objects[i]).toEqual({ - id: doc._id.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''), + id: doc._id!.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''), type: doc._source!.type, originId: doc._source!.originId, ...mockTimestampFields, @@ -825,7 +825,7 @@ describe('SavedObjectsRepository Security Extension', () => { generatedResults.hits.hits.forEach((doc, i) => { expect(result.saved_objects[i]).toEqual({ - id: doc._id.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''), + id: doc._id!.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''), type: doc._source!.type, originId: doc._source!.originId, ...mockTimestampFields, @@ -882,7 +882,7 @@ describe('SavedObjectsRepository Security Extension', () => { generatedResults.hits.hits.forEach((doc, i) => { expect(result.saved_objects[i]).toEqual({ - id: doc._id.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''), + id: doc._id!.replace(/(foo-namespace\:)?(index-pattern|config|globalType)\:/, ''), type: doc._source!.type, originId: doc._source!.originId, ...mockTimestampFields, @@ -927,7 +927,7 @@ describe('SavedObjectsRepository Security Extension', () => { objects: generatedResults.hits.hits.map((obj) => { return { type: obj._source?.type, - id: obj._id.slice(obj._id.lastIndexOf(':') + 1), // find removes the space/type from the ID in the original raw doc + id: obj._id!.slice(obj._id!.lastIndexOf(':') + 1), // find removes the space/type from the ID in the original raw doc existingNamespaces: obj._source?.namespaces ?? obj._source?.namespace ? [obj._source?.namespace] : [], }; diff --git a/packages/kbn-alerting-types/action_group_types.ts b/packages/kbn-alerting-types/action_group_types.ts index dbb0d6ac0a78f..52e79af7dfa2f 100644 --- a/packages/kbn-alerting-types/action_group_types.ts +++ b/packages/kbn-alerting-types/action_group_types.ts @@ -6,7 +6,12 @@ * Side Public License, v 1. */ +export interface ActionGroupSeverity { + level: number; +} + export interface ActionGroup { id: ActionGroupIds; name: string; + severity?: ActionGroupSeverity; } diff --git a/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts b/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts index 54a09c67d59ad..73a3535857041 100644 --- a/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts +++ b/packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts @@ -17,6 +17,7 @@ import { ALERT_CONSECUTIVE_MATCHES, ALERT_INSTANCE_ID, ALERT_LAST_DETECTED, + ALERT_PREVIOUS_ACTION_GROUP, ALERT_REASON, ALERT_RULE_CATEGORY, ALERT_RULE_CONSUMER, @@ -29,6 +30,7 @@ import { ALERT_RULE_TAGS, ALERT_RULE_TYPE_ID, ALERT_RULE_UUID, + ALERT_SEVERITY_IMPROVING, ALERT_START, ALERT_STATUS, ALERT_TIME_RANGE, @@ -97,6 +99,11 @@ export const alertFieldMap = { required: false, array: false, }, + [ALERT_PREVIOUS_ACTION_GROUP]: { + type: 'keyword', + array: false, + required: false, + }, [ALERT_REASON]: { type: 'keyword', array: false, @@ -165,6 +172,11 @@ export const alertFieldMap = { array: false, required: true, }, + [ALERT_SEVERITY_IMPROVING]: { + type: 'boolean', + array: false, + required: false, + }, [ALERT_START]: { type: 'date', array: false, diff --git a/packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts b/packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts index 8a5d2a56bc329..935a09971c613 100644 --- a/packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts +++ b/packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts @@ -93,11 +93,13 @@ const AlertOptional = rt.partial({ 'kibana.alert.flapping_history': schemaBooleanArray, 'kibana.alert.last_detected': schemaDate, 'kibana.alert.maintenance_window_ids': schemaStringArray, + 'kibana.alert.previous_action_group': schemaString, 'kibana.alert.reason': schemaString, 'kibana.alert.rule.execution.timestamp': schemaDate, 'kibana.alert.rule.execution.uuid': schemaString, 'kibana.alert.rule.parameters': schemaUnknown, 'kibana.alert.rule.tags': schemaStringArray, + 'kibana.alert.severity_improving': schemaBoolean, 'kibana.alert.start': schemaDate, 'kibana.alert.time_range': schemaDateRange, 'kibana.alert.url': schemaString, diff --git a/packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts b/packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts index fd585473fe596..14fdb859ed3e9 100644 --- a/packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts +++ b/packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts @@ -151,6 +151,7 @@ const SecurityAlertOptional = rt.partial({ 'kibana.alert.original_event.start': schemaDate, 'kibana.alert.original_event.timezone': schemaString, 'kibana.alert.original_event.url': schemaString, + 'kibana.alert.previous_action_group': schemaString, 'kibana.alert.reason': schemaString, 'kibana.alert.risk_score': schemaNumber, 'kibana.alert.rule.author': schemaString, @@ -180,6 +181,7 @@ const SecurityAlertOptional = rt.partial({ 'kibana.alert.rule.updated_by': schemaString, 'kibana.alert.rule.version': schemaString, 'kibana.alert.severity': schemaString, + 'kibana.alert.severity_improving': schemaBoolean, 'kibana.alert.start': schemaDate, 'kibana.alert.suppression.docs_count': schemaStringOrNumber, 'kibana.alert.suppression.end': schemaDate, diff --git a/packages/kbn-apm-synthtrace-client/src/lib/apm/apm_error.ts b/packages/kbn-apm-synthtrace-client/src/lib/apm/apm_error.ts index 250375623dfc3..30773ce7148c1 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/apm/apm_error.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/apm/apm_error.ts @@ -25,9 +25,11 @@ export class ApmError extends Serializable { this.fields['error.grouping_name'] || this.fields['error.exception']?.[0]?.message; const [data] = super.serialize(); - data['error.grouping_key'] = errorMessage - ? generateLongIdWithSeed(errorMessage) - : generateLongId(); + + data['error.grouping_key'] = + this.fields['error.grouping_key'] ?? + (errorMessage ? generateLongIdWithSeed(errorMessage) : generateLongId()); + return [data]; } diff --git a/packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts b/packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts index 4b3cfde40825c..88a595b573112 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/apm/instance.ts @@ -72,9 +72,20 @@ export class Instance extends Entity { 'error.grouping_name': getErrorGroupingKey(message), }); } - error({ message, type, culprit }: { message: string; type?: string; culprit?: string }) { + error({ + message, + type, + culprit, + groupingKey, + }: { + message: string; + type?: string; + culprit?: string; + groupingKey?: string; + }) { return new ApmError({ ...this.fields, + ...(groupingKey ? { 'error.grouping_key': groupingKey } : {}), 'error.exception': [{ message, ...(type ? { type } : {}) }], 'error.culprit': culprit, }); diff --git a/packages/kbn-apm-synthtrace-client/src/types/agent_names.ts b/packages/kbn-apm-synthtrace-client/src/types/agent_names.ts index c57b15e3dace0..3d3b0156cfd9d 100644 --- a/packages/kbn-apm-synthtrace-client/src/types/agent_names.ts +++ b/packages/kbn-apm-synthtrace-client/src/types/agent_names.ts @@ -26,6 +26,8 @@ type OpenTelemetryAgentName = | 'opentelemetry/erlang' | 'opentelemetry/go' | 'opentelemetry/java' + | 'opentelemetry/java/opentelemetry-java-instrumentation' + | 'opentelemetry/java/elastic' | 'opentelemetry/nodejs' | 'opentelemetry/php' | 'opentelemetry/python' diff --git a/packages/kbn-check-mappings-update-cli/current_fields.json b/packages/kbn-check-mappings-update-cli/current_fields.json index 8bce3d4d5e536..e0f2ae0f4f4ba 100644 --- a/packages/kbn-check-mappings-update-cli/current_fields.json +++ b/packages/kbn-check-mappings-update-cli/current_fields.json @@ -290,7 +290,24 @@ "schemaVersion" ], "enterprise_search_telemetry": [], + "entity-definition": [ + "description", + "filter", + "id", + "identityFields", + "indexPatterns", + "managed", + "metadata", + "metrics", + "name", + "staticFields", + "type" + ], + "entity-discovery-api-key": [ + "apiKey" + ], "epm-packages": [ + "additional_spaces_installed_kibana", "es_index_patterns", "experimental_data_stream_features", "experimental_data_stream_features.data_stream", diff --git a/packages/kbn-check-mappings-update-cli/current_mappings.json b/packages/kbn-check-mappings-update-cli/current_mappings.json index a498714b970f2..778ed3c37992c 100644 --- a/packages/kbn-check-mappings-update-cli/current_mappings.json +++ b/packages/kbn-check-mappings-update-cli/current_mappings.json @@ -993,8 +993,58 @@ "dynamic": false, "properties": {} }, + "entity-definition": { + "dynamic": false, + "properties": { + "description": { + "type": "text" + }, + "filter": { + "type": "keyword" + }, + "id": { + "type": "keyword" + }, + "identityFields": { + "type": "object" + }, + "indexPatterns": { + "type": "keyword" + }, + "managed": { + "type": "boolean" + }, + "metadata": { + "type": "object" + }, + "metrics": { + "type": "object" + }, + "name": { + "type": "text" + }, + "staticFields": { + "type": "object" + }, + "type": { + "type": "keyword" + } + } + }, + "entity-discovery-api-key": { + "dynamic": false, + "properties": { + "apiKey": { + "type": "binary" + } + } + }, "epm-packages": { "properties": { + "additional_spaces_installed_kibana": { + "index": false, + "type": "flattened" + }, "es_index_patterns": { "dynamic": false, "properties": {} diff --git a/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts b/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts index cc587dcaebfad..29c2dc855326e 100644 --- a/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts +++ b/packages/kbn-data-stream-adapter/src/create_or_update_data_stream.test.ts @@ -21,6 +21,7 @@ esClient.indices.putMapping.mockResolvedValue({ acknowledged: true }); esClient.indices.putSettings.mockResolvedValue({ acknowledged: true }); const simulateIndexTemplateResponse = { template: { mappings: { is_managed: true } } }; +// @ts-expect-error test data type mismatch esClient.indices.simulateIndexTemplate.mockResolvedValue(simulateIndexTemplateResponse); const name = 'test_data_stream'; diff --git a/packages/kbn-doc-links/src/get_doc_links.ts b/packages/kbn-doc-links/src/get_doc_links.ts index 751f1ac5ea866..6d8b18bb5d714 100644 --- a/packages/kbn-doc-links/src/get_doc_links.ts +++ b/packages/kbn-doc-links/src/get_doc_links.ts @@ -686,7 +686,7 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D cloudMinimumRequirements: `${KIBANA_DOCS}reporting-getting-started.html#reporting-on-cloud-resource-requirements`, grantUserAccess: `${KIBANA_DOCS}secure-reporting.html#grant-user-access`, browserSystemDependencies: `${KIBANA_DOCS}secure-reporting.html#install-reporting-packages`, - browserSandboxDependencies: `${KIBANA_DOCS}reporting-troubleshooting.html#reporting-troubleshooting-sandbox-dependency`, + browserSandboxDependencies: `${KIBANA_DOCS}reporting-troubleshooting-pdf.html#reporting-troubleshooting-sandbox-dependency`, }, security: { apiKeyServiceSettings: `${ELASTICSEARCH_DOCS}security-settings.html#api-key-service-settings`, diff --git a/packages/kbn-es/src/utils/docker.test.ts b/packages/kbn-es/src/utils/docker.test.ts index b3e7bd30ad83e..ec5bbdefdbeac 100644 --- a/packages/kbn-es/src/utils/docker.test.ts +++ b/packages/kbn-es/src/utils/docker.test.ts @@ -15,6 +15,7 @@ import { detectRunningNodes, maybeCreateDockerNetwork, maybePullDockerImage, + printESImageInfo, resolveDockerCmd, resolveDockerImage, resolveEsArgs, @@ -660,8 +661,14 @@ describe('runServerlessCluster()', () => { await runServerlessCluster(log, { projectType, basePath: baseEsPath }); - // setupDocker execa calls then run three nodes and attach logger - expect(execa.mock.calls).toHaveLength(8); + // docker version (1) + // docker ps (1) + // docker network create (1) + // docker pull (1) + // docker inspect (1) + // docker run (3) + // docker logs (1) + expect(execa.mock.calls).toHaveLength(9); }); test(`should wait for serverless nodes to return 'green' status`, async () => { @@ -795,7 +802,63 @@ describe('runDockerContainer()', () => { test('should resolve', async () => { execa.mockImplementation(() => Promise.resolve({ stdout: '' })); await expect(runDockerContainer(log, {})).resolves.toBeUndefined(); - // setupDocker execa calls then run container - expect(execa.mock.calls).toHaveLength(5); + // docker version (1) + // docker ps (1) + // docker network create (1) + // docker pull (1) + // docker inspect (1) + // docker run (1) + expect(execa.mock.calls).toHaveLength(6); + }); +}); + +describe('printESImageInfo', () => { + beforeEach(() => { + logWriter.messages.length = 0; + }); + + test('should print ES Serverless image info', async () => { + execa.mockImplementation(() => + Promise.resolve({ + stdout: JSON.stringify({ + 'org.opencontainers.image.revision': 'deadbeef12345678', + 'org.opencontainers.image.source': 'https://github.com/elastic/elasticsearch-serverless', + }), + }) + ); + + await printESImageInfo( + log, + 'docker.elastic.co/elasticsearch-ci/elasticsearch-serverless:latest' + ); + + expect(execa.mock.calls).toHaveLength(1); + expect(logWriter.messages[0]).toContain( + `docker.elastic.co/elasticsearch-ci/elasticsearch-serverless:git-deadbeef1234` + ); + expect(logWriter.messages[0]).toContain( + `https://github.com/elastic/elasticsearch-serverless/commit/deadbeef12345678` + ); + }); + + test('should print ES image info', async () => { + execa.mockImplementation(() => + Promise.resolve({ + stdout: JSON.stringify({ + 'org.opencontainers.image.revision': 'deadbeef12345678', + 'org.opencontainers.image.source': 'https://github.com/elastic/elasticsearch', + }), + }) + ); + + await printESImageInfo(log, 'docker.elastic.co/elasticsearch/elasticsearch:8.15-SNAPSHOT'); + + expect(execa.mock.calls).toHaveLength(1); + expect(logWriter.messages[0]).toContain( + `docker.elastic.co/elasticsearch/elasticsearch:8.15-SNAPSHOT` + ); + expect(logWriter.messages[0]).toContain( + `https://github.com/elastic/elasticsearch/commit/deadbeef12345678` + ); }); }); diff --git a/packages/kbn-es/src/utils/docker.ts b/packages/kbn-es/src/utils/docker.ts index 60232c97897d2..0e8182920feba 100644 --- a/packages/kbn-es/src/utils/docker.ts +++ b/packages/kbn-es/src/utils/docker.ts @@ -26,6 +26,7 @@ import { createMockIdpMetadata, } from '@kbn/mock-idp-utils'; +import { getServerlessImageTag, getCommitUrl } from './extract_image_info'; import { waitForSecurityIndex } from './wait_for_security_index'; import { createCliError } from '../errors'; import { EsClusterExecOptions } from '../cluster_exec_options'; @@ -393,15 +394,29 @@ export async function maybePullDockerImage(log: ToolingLog, image: string) { // inherit is required to show Docker pull output stdio: ['ignore', 'inherit', 'pipe'], }).catch(({ message }) => { - throw createCliError( - `Error pulling image. This is likely an issue authenticating with ${DOCKER_REGISTRY}. + const errorMessage = `Error pulling image. This is likely an issue authenticating with ${DOCKER_REGISTRY}. Visit ${chalk.bold.cyan('https://docker-auth.elastic.co/github_auth')} to login. -${message}` - ); +${message}`; + throw createCliError(errorMessage); }); } +/** + * When we're working with :latest or :latest-verified, it is useful to expand what version they refer to + */ +export async function printESImageInfo(log: ToolingLog, image: string) { + let imageFullName = image; + if (image.includes('serverless')) { + const imageTag = (await getServerlessImageTag(image)) ?? image.split(':').pop() ?? ''; + const imageBase = image.replace(/:.*/, ''); + imageFullName = `${imageBase}:${imageTag}`; + } + + const revisionUrl = await getCommitUrl(image); + log.info(`Using ES image: ${imageFullName} (${revisionUrl})`); +} + export async function detectRunningNodes( log: ToolingLog, options: ServerlessOptions | DockerOptions @@ -445,6 +460,7 @@ async function setupDocker({ await detectRunningNodes(log, options); await maybeCreateDockerNetwork(log); await maybePullDockerImage(log, image); + await printESImageInfo(log, image); } /** diff --git a/packages/kbn-es/src/utils/extract_image_info.ts b/packages/kbn-es/src/utils/extract_image_info.ts new file mode 100644 index 0000000000000..7576ab6ddeff3 --- /dev/null +++ b/packages/kbn-es/src/utils/extract_image_info.ts @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import execa from 'execa'; +import memoize from 'lodash/memoize'; + +export const extractImageInfo = memoize(async (image: string) => { + try { + const { stdout: labelsJson } = await execa( + 'docker', + ['inspect', '--format', '{{json .Config.Labels}}', image], + { + encoding: 'utf8', + } + ); + return JSON.parse(labelsJson); + } catch (e) { + return {}; + } +}); + +export async function getImageVersion(image: string): Promise { + const imageLabels = await extractImageInfo(image); + return imageLabels['org.opencontainers.image.revision'] || null; +} + +export async function getCommitUrl(image: string): Promise { + const imageLabels = await extractImageInfo(image); + const repoSource = imageLabels['org.opencontainers.image.source'] || null; + const revision = imageLabels['org.opencontainers.image.revision'] || null; + + if (!repoSource || !revision) { + return null; + } else { + return `${repoSource}/commit/${revision}`; + } +} + +export async function getServerlessImageTag(image: string): Promise { + const sha = await getImageVersion(image); + if (!sha) { + return null; + } else { + return `git-${sha.slice(0, 12)}`; + } +} diff --git a/packages/kbn-es/src/utils/extract_serverless_image_info.test.ts b/packages/kbn-es/src/utils/extract_serverless_image_info.test.ts new file mode 100644 index 0000000000000..afd9d3e56a29b --- /dev/null +++ b/packages/kbn-es/src/utils/extract_serverless_image_info.test.ts @@ -0,0 +1,87 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { + extractImageInfo, + getCommitUrl, + getImageVersion, + getServerlessImageTag, +} from './extract_image_info'; + +jest.mock('execa'); +const execa = jest.requireMock('execa'); + +describe('extractImageInfo', () => { + beforeEach(() => { + jest.clearAllMocks(); + }); + + it('calls docker, once, and only once for one image', async () => { + const image = 'nevermind'; + const image2 = 'nevermind2'; + const labelsJson = '{"org.opencontainers.image.revision": "revision"}'; + execa.mockResolvedValue({ stdout: labelsJson }); + + await extractImageInfo(image); + await extractImageInfo(image); + expect(execa).toHaveBeenCalledTimes(1); + + await extractImageInfo(image2); + expect(execa).toHaveBeenCalledTimes(2); + }); + + it('should return image labels as an object', () => { + const image = 'nevermind123'; + const obj = { 'org.opencontainers.image.revision': 'revision', extra: 123 }; + const labelsJson = JSON.stringify(obj); + execa.mockResolvedValue({ stdout: labelsJson }); + + const imageInfo = extractImageInfo(image); + + expect(imageInfo).resolves.toEqual(obj); + }); +}); + +describe('getImageVersion', () => { + it("should return the image's revision", () => { + const image = 'test-image'; + const labels = { 'org.opencontainers.image.revision': 'deadbeef1234' }; + execa.mockResolvedValue({ stdout: JSON.stringify(labels) }); + + const imageVersion = getImageVersion(image); + + expect(imageVersion).resolves.toBe('deadbeef1234'); + }); +}); + +describe('getCommitUrl', () => { + it('should return the commit url', () => { + const image = 'docker.elastic.co/elasticsearch/elasticsearch:7.15.0'; + const labels = { + 'org.opencontainers.image.source': 'https://github.com/elastic/elasticsearch', + 'org.opencontainers.image.revision': 'deadbeef1234', + }; + execa.mockResolvedValue({ stdout: JSON.stringify(labels) }); + + expect(getCommitUrl(image)).resolves.toBe( + 'https://github.com/elastic/elasticsearch/commit/deadbeef1234' + ); + }); +}); + +describe('getServerlessImageTag', () => { + it('should return the image tag', () => { + const image = 'docker.elastic.co/elasticsearch-ci/elasticsearch-serverless:latest'; + const labels = { 'org.opencontainers.image.revision': 'deadbeef12345678' }; + execa.mockResolvedValue({ stdout: JSON.stringify(labels) }); + + const imageTag = getServerlessImageTag(image); + + expect(imageTag).resolves.toBe('git-deadbeef1234'); + }); +}); diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml index da7f526031534..07edd80d6387f 100644 --- a/packages/kbn-optimizer/limits.yml +++ b/packages/kbn-optimizer/limits.yml @@ -5,7 +5,6 @@ pageLoadAssetSize: aiops: 10000 alerting: 106936 apm: 64385 - assetManager: 25000 banners: 17946 bfetch: 22837 canvas: 29355 @@ -42,6 +41,7 @@ pageLoadAssetSize: embeddable: 87309 embeddableEnhanced: 22107 enterpriseSearch: 66810 + entityManager: 17175 esqlDataGrid: 24582 esUiShared: 326654 eventAnnotation: 30000 @@ -108,7 +108,7 @@ pageLoadAssetSize: navigation: 37269 newsfeed: 42228 noDataPage: 5000 - observability: 167673 + observability: 76678 observabilityAIAssistant: 58230 observabilityAIAssistantApp: 27680 observabilityAiAssistantManagement: 19279 diff --git a/packages/kbn-router-to-openapispec/src/generate_oas.test.util.ts b/packages/kbn-router-to-openapispec/src/generate_oas.test.util.ts index 2fb821018dcee..5b28a7b9296c5 100644 --- a/packages/kbn-router-to-openapispec/src/generate_oas.test.util.ts +++ b/packages/kbn-router-to-openapispec/src/generate_oas.test.util.ts @@ -8,32 +8,7 @@ import { schema } from '@kbn/config-schema'; import type { CoreVersionedRouter, Router } from '@kbn/core-http-router-server-internal'; - -/** Intended to cover a wide set of schema configurations */ -export const testSchema = schema.object({ - string: schema.string({ maxLength: 10, minLength: 1 }), - maybeNumber: schema.maybe(schema.number({ max: 1000, min: 1 })), - booleanDefault: schema.boolean({ - defaultValue: true, - meta: { - description: 'defaults to to true', - }, - }), - ipType: schema.ip({ versions: ['ipv4'] }), - literalType: schema.literal('literallythis'), - neverType: schema.never(), - map: schema.mapOf(schema.string(), schema.string()), - record: schema.recordOf(schema.string(), schema.string()), - union: schema.oneOf([ - schema.string({ maxLength: 1, meta: { description: 'Union string' } }), - schema.number({ min: 0, meta: { description: 'Union number' } }), - ]), - uri: schema.uri({ - scheme: ['prototest'], - defaultValue: () => 'prototest://something', - }), - any: schema.any({ meta: { description: 'any type' } }), -}); +import { createLargeSchema } from './oas_converter/kbn_config_schema/lib.test.util'; type RoutesMeta = ReturnType[number]; type VersionedRoutesMeta = ReturnType[number]; @@ -67,7 +42,7 @@ export const getRouterDefaults = () => ({ query: schema.object({ page: schema.number({ max: 999, min: 1, defaultValue: 1, meta: { description: 'page' } }), }), - body: testSchema, + body: createLargeSchema(), }, response: { 200: { diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.ts index 8c0df00303d73..1e0d79d9786d2 100644 --- a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.ts +++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.ts @@ -7,7 +7,169 @@ */ import { schema } from '@kbn/config-schema'; -import { is, isNullableObjectType, getParamSchema } from './lib'; +import { + is, + convert, + convertPathParameters, + convertQuery, + isNullableObjectType, + getParamSchema, +} from './lib'; + +import { createLargeSchema } from './lib.test.util'; + +describe('convert', () => { + test('base case', () => { + expect(convert(createLargeSchema())).toEqual({ + schema: { + additionalProperties: false, + properties: { + any: {}, + booleanDefault: { + default: true, + description: 'defaults to to true', + type: 'boolean', + }, + ipType: { + format: 'ipv4', + type: 'string', + }, + literalType: { + enum: ['literallythis'], + type: 'string', + }, + map: { + additionalProperties: { + type: 'string', + }, + type: 'object', + }, + maybeNumber: { + maximum: 1000, + minimum: 1, + type: 'number', + }, + record: { + additionalProperties: { + type: 'string', + }, + type: 'object', + }, + string: { + maxLength: 10, + minLength: 1, + type: 'string', + }, + union: { + anyOf: [ + { + description: 'Union string', + maxLength: 1, + type: 'string', + }, + { + description: 'Union number', + minimum: 0, + type: 'number', + }, + ], + }, + uri: { + default: 'prototest://something', + format: 'uri', + type: 'string', + }, + }, + required: ['string', 'ipType', 'literalType', 'map', 'record', 'union', 'any'], + type: 'object', + }, + shared: {}, + }); + }); + + test('shared schemas', () => { + const idSchema = schema.object({ a: schema.string() }, { meta: { id: 'myId' } }); + const otherSchema = schema.object({ id: idSchema }); + expect(convert(otherSchema)).toEqual({ + schema: { + additionalProperties: false, + properties: { + id: { + $ref: '#/components/schemas/myId', + }, + }, + required: ['id'], + type: 'object', + }, + shared: { + myId: { + additionalProperties: false, + properties: { + a: { + type: 'string', + }, + }, + required: ['a'], + type: 'object', + }, + }, + }); + }); +}); + +describe('convertPathParameters', () => { + test('base conversion', () => { + expect( + convertPathParameters(schema.object({ a: schema.string() }), { a: { optional: false } }) + ).toEqual({ + params: [ + { + in: 'path', + name: 'a', + required: true, + schema: { + type: 'string', + }, + }, + ], + shared: {}, + }); + }); + test('conversion with refs is disallowed', () => { + const sharedSchema = schema.object({ a: schema.string() }, { meta: { id: 'myparams' } }); + expect(() => convertPathParameters(sharedSchema, { a: { optional: false } })).toThrow( + /myparams.*not supported/ + ); + }); + test('throws if known parameters not found', () => { + expect(() => + convertPathParameters(schema.object({ b: schema.string() }), { a: { optional: false } }) + ).toThrow(/Unknown parameter: b/); + }); +}); + +describe('convertQuery', () => { + test('base conversion', () => { + expect(convertQuery(schema.object({ a: schema.string() }))).toEqual({ + query: [ + { + in: 'query', + name: 'a', + required: true, + schema: { + type: 'string', + }, + }, + ], + shared: {}, + }); + }); + + test('conversion with refs is disallowed', () => { + const sharedSchema = schema.object({ a: schema.string() }, { meta: { id: 'myparams' } }); + expect(() => convertQuery(sharedSchema)).toThrow(/myparams.*not supported/); + }); +}); describe('is', () => { test.each([ diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.util.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.util.ts new file mode 100644 index 0000000000000..a8f7547a129fe --- /dev/null +++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.test.util.ts @@ -0,0 +1,36 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { schema } from '@kbn/config-schema'; + +export function createLargeSchema() { + return schema.object({ + string: schema.string({ maxLength: 10, minLength: 1 }), + maybeNumber: schema.maybe(schema.number({ max: 1000, min: 1 })), + booleanDefault: schema.boolean({ + defaultValue: true, + meta: { + description: 'defaults to to true', + }, + }), + ipType: schema.ip({ versions: ['ipv4'] }), + literalType: schema.literal('literallythis'), + neverType: schema.never(), + map: schema.mapOf(schema.string(), schema.string()), + record: schema.recordOf(schema.string(), schema.string()), + union: schema.oneOf([ + schema.string({ maxLength: 1, meta: { description: 'Union string' } }), + schema.number({ min: 0, meta: { description: 'Union number' } }), + ]), + uri: schema.uri({ + scheme: ['prototest'], + defaultValue: () => 'prototest://something', + }), + any: schema.any({ meta: { description: 'any type' } }), + }); +} diff --git a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.ts b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.ts index 0e59ed3dde5ec..94a321a2379df 100644 --- a/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.ts +++ b/packages/kbn-router-to-openapispec/src/oas_converter/kbn_config_schema/lib.ts @@ -94,7 +94,11 @@ const convertObjectMembersToParameterObjects = ( const anyOf = (result as OpenAPIV3.SchemaObject).anyOf as OpenAPIV3.SchemaObject[]; properties = anyOf.find((s) => s.type === 'object')!.properties!; } else if (isObjectType(schema)) { - const { result } = parse({ schema, ctx }) as { result: OpenAPIV3.SchemaObject }; + const { result } = parse({ schema, ctx }); + if ('$ref' in result) + throw new Error( + `Found a reference to "${result.$ref}". Runtime types with IDs are not supported in path or query parameters.` + ); properties = (result as OpenAPIV3.SchemaObject).properties!; (result.required ?? []).forEach((key) => required.set(key, true)); } else if (isRecordType(schema)) { diff --git a/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts b/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts index ce334e5d0fc55..4503679686bab 100644 --- a/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts +++ b/packages/kbn-rule-data-utils/src/default_alerts_as_data.ts @@ -24,6 +24,12 @@ const VERSION = `${KIBANA_NAMESPACE}.version` as const; // kibana.alert.action_group - framework action group ID for this alert const ALERT_ACTION_GROUP = `${ALERT_NAMESPACE}.action_group` as const; +// kibana.alert.previous_action_group +const ALERT_PREVIOUS_ACTION_GROUP = `${ALERT_NAMESPACE}.previous_action_group` as const; + +// kibana.alert.severity_improving +const ALERT_SEVERITY_IMPROVING = `${ALERT_NAMESPACE}.severity_improving` as const; + // kibana.alert.case_ids - array of cases associated with the alert const ALERT_CASE_IDS = `${ALERT_NAMESPACE}.case_ids` as const; @@ -129,6 +135,7 @@ const fields = { ALERT_CONSECUTIVE_MATCHES, ALERT_INSTANCE_ID, ALERT_LAST_DETECTED, + ALERT_PREVIOUS_ACTION_GROUP, ALERT_REASON, ALERT_RULE_CATEGORY, ALERT_RULE_CONSUMER, @@ -141,6 +148,7 @@ const fields = { ALERT_RULE_TAGS, ALERT_RULE_TYPE_ID, ALERT_RULE_UUID, + ALERT_SEVERITY_IMPROVING, ALERT_START, ALERT_STATUS, ALERT_TIME_RANGE, @@ -171,6 +179,7 @@ export { ALERT_CONSECUTIVE_MATCHES, ALERT_INSTANCE_ID, ALERT_LAST_DETECTED, + ALERT_PREVIOUS_ACTION_GROUP, ALERT_REASON, ALERT_RULE_CATEGORY, ALERT_RULE_CONSUMER, @@ -183,6 +192,7 @@ export { ALERT_RULE_TAGS, ALERT_RULE_TYPE_ID, ALERT_RULE_UUID, + ALERT_SEVERITY_IMPROVING, ALERT_START, ALERT_STATUS, ALERT_TIME_RANGE, diff --git a/packages/kbn-search-connectors/types/native_connectors.ts b/packages/kbn-search-connectors/types/native_connectors.ts index 5cd8ee5311a1d..b48e069b1c78f 100644 --- a/packages/kbn-search-connectors/types/native_connectors.ts +++ b/packages/kbn-search-connectors/types/native_connectors.ts @@ -1861,14 +1861,20 @@ export const NATIVE_CONNECTOR_DEFINITIONS: Record { }; export const resultMetaData = (result: SearchHit): MetaDataProps => ({ - id: result._id, + id: result._id!, title: resultTitle(result), }); diff --git a/packages/kbn-securitysolution-lists-common/api/find_list/find_list.gen.ts b/packages/kbn-securitysolution-lists-common/api/find_list/find_list.gen.ts index 22bd50fcf0f35..96fcaa5eefca4 100644 --- a/packages/kbn-securitysolution-lists-common/api/find_list/find_list.gen.ts +++ b/packages/kbn-securitysolution-lists-common/api/find_list/find_list.gen.ts @@ -24,7 +24,7 @@ export type FindListsCursor = z.infer; export const FindListsCursor = NonEmptyString; export type FindListsFilter = z.infer; -export const FindListsFilter = NonEmptyString; +export const FindListsFilter = z.string(); export type FindListsRequestQuery = z.infer; export const FindListsRequestQuery = z.object({ diff --git a/packages/kbn-securitysolution-lists-common/api/find_list/find_list.schema.yaml b/packages/kbn-securitysolution-lists-common/api/find_list/find_list.schema.yaml index 7fa5f1ac581ac..236fa747599ac 100644 --- a/packages/kbn-securitysolution-lists-common/api/find_list/find_list.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/api/find_list/find_list.schema.yaml @@ -116,4 +116,4 @@ components: $ref: '../../../kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' FindListsFilter: - $ref: '../../../kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string diff --git a/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.gen.ts b/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.gen.ts index ef23adf7a7dcd..6288ece0cf179 100644 --- a/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.gen.ts +++ b/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.gen.ts @@ -25,7 +25,7 @@ export type FindListItemsCursor = z.infer; export const FindListItemsCursor = NonEmptyString; export type FindListItemsFilter = z.infer; -export const FindListItemsFilter = NonEmptyString; +export const FindListItemsFilter = z.string(); export type FindListItemsRequestQuery = z.infer; export const FindListItemsRequestQuery = z.object({ diff --git a/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.schema.yaml b/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.schema.yaml index 92dbc361b7ad2..67df0f4e8d031 100644 --- a/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/api/find_list_item/find_list_item.schema.yaml @@ -122,4 +122,4 @@ components: $ref: '../../../kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' FindListItemsFilter: - $ref: '../../../kbn-openapi-common/schemas/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string diff --git a/src/plugins/dashboard/public/triggers/index.ts b/packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts similarity index 76% rename from src/plugins/dashboard/public/triggers/index.ts rename to packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts index 96dfa814b949a..74e894d2b5563 100644 --- a/src/plugins/dashboard/public/triggers/index.ts +++ b/packages/kbn-ui-actions-browser/src/triggers/dashboard_app_panel_trigger.ts @@ -5,16 +5,18 @@ * in compliance with, at your election, the Elastic License 2.0 or the Server * Side Public License, v 1. */ + import { i18n } from '@kbn/i18n'; -import type { Trigger } from '@kbn/ui-actions-plugin/public'; +import { Trigger } from '.'; export const ADD_PANEL_TRIGGER = 'ADD_PANEL_TRIGGER'; + export const addPanelMenuTrigger: Trigger = { id: ADD_PANEL_TRIGGER, - title: i18n.translate('dashboard.addPanelMenuTrigger.title', { + title: i18n.translate('uiActions.triggers.dashboard.addPanelMenu.title', { defaultMessage: 'Add panel menu', }), - description: i18n.translate('dashboard.addPanelMenuTrigger.description', { + description: i18n.translate('uiActions.triggers.dashboard.addPanelMenu.description', { defaultMessage: "A new action will appear to the dashboard's add panel menu", }), }; diff --git a/packages/kbn-ui-actions-browser/src/triggers/index.ts b/packages/kbn-ui-actions-browser/src/triggers/index.ts index 091305791d858..d298be1524411 100644 --- a/packages/kbn-ui-actions-browser/src/triggers/index.ts +++ b/packages/kbn-ui-actions-browser/src/triggers/index.ts @@ -11,3 +11,4 @@ export * from './row_click_trigger'; export * from './default_trigger'; export * from './visualize_field_trigger'; export * from './visualize_geo_field_trigger'; +export * from './dashboard_app_panel_trigger'; diff --git a/packages/kbn-unified-data-table/src/components/data_table.scss b/packages/kbn-unified-data-table/src/components/data_table.scss index 28864457af269..4e56e3450ffcb 100644 --- a/packages/kbn-unified-data-table/src/components/data_table.scss +++ b/packages/kbn-unified-data-table/src/components/data_table.scss @@ -138,6 +138,7 @@ padding-inline: 0; background: transparent; font-weight: $euiFontWeightBold; + line-height: inherit; // Required for EuiDataGrid lineCount to work correctly } .unifiedDataTable__descriptionListDescription { @@ -145,6 +146,7 @@ padding-inline: 0; word-break: break-all; white-space: normal; + line-height: inherit; // Required for EuiDataGrid lineCount to work correctly // Special handling for images coming from the image field formatter img { diff --git a/packages/shared-ux/modal/tabbed/src/tabbed_modal.tsx b/packages/shared-ux/modal/tabbed/src/tabbed_modal.tsx index e00bcdaf9c2fa..eb52f6628b2c7 100644 --- a/packages/shared-ux/modal/tabbed/src/tabbed_modal.tsx +++ b/packages/shared-ux/modal/tabbed/src/tabbed_modal.tsx @@ -25,6 +25,7 @@ import { EuiTab, type EuiTabProps, type CommonProps, + useGeneratedHtmlId, } from '@elastic/eui'; import { ModalContextProvider, @@ -69,8 +70,9 @@ const TabbedModalInner: FC = ({ }) => { const { tabs, state, dispatch } = useModalContext>>>(); - const selectedTabId = state.meta.selectedTabId; + const shareModalHeadingId = useGeneratedHtmlId(); + const selectedTabState = useMemo( () => (selectedTabId ? state[selectedTabId] : {}), [selectedTabId, state] @@ -114,9 +116,10 @@ const TabbedModalInner: FC = ({ style={{ ...(modalWidth ? { width: modalWidth } : {}) }} maxWidth={true} data-test-subj="shareContextModal" + aria-labelledby={shareModalHeadingId} > - {modalTitle} + {modalTitle} diff --git a/renovate.json b/renovate.json index f0995502bb1bc..2da4773622aac 100644 --- a/renovate.json +++ b/renovate.json @@ -50,7 +50,6 @@ "reviewers": ["team:kibana-security", "team:kibana-core"], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "Team:Security", "Team:Core", "backport:prev-minor"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -68,7 +67,6 @@ "reviewers": ["team:kibana-core"], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "Team:Core", "backport:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -78,7 +76,6 @@ "reviewers": ["team:kibana-core"], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "Team:Core", "backport:all-open"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -89,7 +86,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -99,7 +95,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -109,7 +104,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -120,7 +114,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -130,7 +123,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "backport:all-open", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -140,7 +132,6 @@ "reviewers": ["team:kibana-visualizations"], "matchBaseBranches": ["main"], "labels": ["Feature:Vega", "Team:Visualizations"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -150,7 +141,6 @@ "reviewers": ["Team:apm", "Team: SecuritySolution"], "matchBaseBranches": ["main"], "labels": ["buildkite-ci", "ci:all-cypress-suites"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -160,7 +150,6 @@ "reviewers": ["Team: SecuritySolution"], "matchBaseBranches": ["main"], "labels": ["Team: SecuritySolution"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -181,7 +170,6 @@ "reviewers": ["team:kibana-security"], "matchBaseBranches": ["main"], "labels": ["Team:Security", "release_note:skip", "backport:all-open"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -198,7 +186,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -208,7 +195,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip", "backport:all-open"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -218,7 +204,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -235,7 +220,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -260,7 +244,6 @@ "reviewers": ["team:kibana-operations"], "matchBaseBranches": ["main"], "labels": ["Team:Operations", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -271,7 +254,6 @@ "matchDepPatterns": ["^@storybook"], "excludeDepNames": ["@storybook/testing-react"], "labels": ["Team:Operations", "release_note:skip", "ci:build-storybooks", "backport:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "allowedVersions": "<7.0", "enabled": true @@ -282,7 +264,6 @@ "matchBaseBranches": ["main"], "matchDepNames": ["@storybook/testing-react"], "labels": ["Team:Operations", "release_note:skip", "ci:build-storybooks", "backport:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "allowedVersions": "<2.0", "enabled": true @@ -300,7 +281,6 @@ ], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "backport:skip", "ci:all-cypress-suites"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -310,7 +290,6 @@ "reviewers": ["team:security-asset-management", "team:uptime"], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "backport:skip", "ci:all-cypress-suites"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -327,7 +306,6 @@ ], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "backport:skip", "ci:all-cypress-suites"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -364,7 +342,6 @@ "reviewers": ["team:response-ops", "team:kibana-core"], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "backport:all-open"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -384,7 +361,6 @@ "reviewers": ["team:monitoring"], "matchBaseBranches": ["main"], "labels": ["Team:Monitoring"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -394,7 +370,6 @@ "reviewers": ["team:kibana-security", "team:kibana-core"], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "backport:skip", "ci:serverless-test-all"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -404,7 +379,6 @@ "reviewers": ["team:response-ops"], "matchBaseBranches": ["main"], "labels": ["release_note:skip", "backport:prev-minor"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -414,7 +388,6 @@ "reviewers": ["team:ml-ui"], "matchBaseBranches": ["main"], "labels": ["Team:ML", "release_note:skip", "backport:all-open"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, @@ -424,7 +397,6 @@ "reviewers": ["team:kibana-esql"], "matchBaseBranches": ["main"], "labels": ["Team:ESQL", "release_note:skip"], - "prCreation": "not-pending", "minimumReleaseAge": "7 days", "enabled": true }, diff --git a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts index 2337bbfaaa89e..a5b264882ca3d 100644 --- a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts +++ b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts @@ -88,7 +88,9 @@ describe('checking migration metadata changes on all registered SO types', () => "endpoint:unified-user-artifact-manifest": "71c7fcb52c658b21ea2800a6b6a76972ae1c776e", "endpoint:user-artifact-manifest": "1c3533161811a58772e30cdc77bac4631da3ef2b", "enterprise_search_telemetry": "9ac912e1417fc8681e0cd383775382117c9e3d3d", - "epm-packages": "f8ee125b57df31fd035dc04ad81aef475fd2f5bd", + "entity-definition": "33fe0194bd896f0bfe479d55f6de20f8ba1d7713", + "entity-discovery-api-key": "c267a65c69171d1804362155c1378365f5acef88", + "epm-packages": "8042d4a1522f6c4e6f5486e791b3ffe3a22f88fd", "epm-packages-assets": "7a3e58efd9a14191d0d1a00b8aaed30a145fd0b1", "event-annotation-group": "715ba867d8c68f3c9438052210ea1c30a9362582", "event_loop_delays_daily": "01b967e8e043801357503de09199dfa3853bab88", diff --git a/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts index f6a9bfd089008..a137b905f07a7 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/group3/type_registrations.test.ts @@ -51,6 +51,8 @@ const previouslyRegisteredTypes = [ 'endpoint:user-artifact-manifest', 'endpoint:unified-user-artifact-manifest', 'enterprise_search_telemetry', + 'entity-definition', + 'entity-discovery-api-key', 'epm-packages', 'epm-packages-assets', 'event_loop_delays_daily', diff --git a/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts b/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts index 8f765010e37a8..c4c56442c23f8 100644 --- a/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts +++ b/src/core/server/integration_tests/saved_objects/migrations/group5/dot_kibana_split.test.ts @@ -208,6 +208,8 @@ describe('split .kibana index into multiple system indices', () => { "endpoint:unified-user-artifact-manifest", "endpoint:user-artifact-manifest", "enterprise_search_telemetry", + "entity-definition", + "entity-discovery-api-key", "epm-packages", "epm-packages-assets", "event-annotation-group", diff --git a/src/plugins/chart_expressions/expression_gauge/public/components/__snapshots__/gauge_component.test.tsx.snap b/src/plugins/chart_expressions/expression_gauge/public/components/__snapshots__/gauge_component.test.tsx.snap index 5614bcff2c305..1211da678af7a 100644 --- a/src/plugins/chart_expressions/expression_gauge/public/components/__snapshots__/gauge_component.test.tsx.snap +++ b/src/plugins/chart_expressions/expression_gauge/public/components/__snapshots__/gauge_component.test.tsx.snap @@ -38,6 +38,7 @@ exports[`GaugeComponent renders the chart 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -427,6 +428,7 @@ exports[`GaugeComponent renders the chart 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, diff --git a/src/plugins/chart_expressions/expression_partition_vis/public/components/__snapshots__/partition_vis_component.test.tsx.snap b/src/plugins/chart_expressions/expression_partition_vis/public/components/__snapshots__/partition_vis_component.test.tsx.snap index 74065bc03081c..db39a86f8ae4c 100644 --- a/src/plugins/chart_expressions/expression_partition_vis/public/components/__snapshots__/partition_vis_component.test.tsx.snap +++ b/src/plugins/chart_expressions/expression_partition_vis/public/components/__snapshots__/partition_vis_component.test.tsx.snap @@ -268,6 +268,7 @@ exports[`PartitionVisComponent should render correct structure for donut 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -657,6 +658,7 @@ exports[`PartitionVisComponent should render correct structure for donut 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -1200,6 +1202,7 @@ exports[`PartitionVisComponent should render correct structure for mosaic 1`] = }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -1589,6 +1592,7 @@ exports[`PartitionVisComponent should render correct structure for mosaic 1`] = }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -2192,6 +2196,7 @@ exports[`PartitionVisComponent should render correct structure for multi-metric }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -2581,6 +2586,7 @@ exports[`PartitionVisComponent should render correct structure for multi-metric }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -3186,6 +3192,7 @@ exports[`PartitionVisComponent should render correct structure for pie 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -3575,6 +3582,7 @@ exports[`PartitionVisComponent should render correct structure for pie 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -4118,6 +4126,7 @@ exports[`PartitionVisComponent should render correct structure for treemap 1`] = }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -4507,6 +4516,7 @@ exports[`PartitionVisComponent should render correct structure for treemap 1`] = }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -5005,6 +5015,7 @@ exports[`PartitionVisComponent should render correct structure for waffle 1`] = }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -5394,6 +5405,7 @@ exports[`PartitionVisComponent should render correct structure for waffle 1`] = }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, diff --git a/src/plugins/chart_expressions/expression_xy/public/components/__snapshots__/xy_chart.test.tsx.snap b/src/plugins/chart_expressions/expression_xy/public/components/__snapshots__/xy_chart.test.tsx.snap index c70967794def7..12e7f4c4a93a5 100644 --- a/src/plugins/chart_expressions/expression_xy/public/components/__snapshots__/xy_chart.test.tsx.snap +++ b/src/plugins/chart_expressions/expression_xy/public/components/__snapshots__/xy_chart.test.tsx.snap @@ -610,6 +610,7 @@ exports[`XYChart component it renders area 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -999,6 +1000,7 @@ exports[`XYChart component it renders area 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -2163,6 +2165,7 @@ exports[`XYChart component it renders bar 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -2552,6 +2555,7 @@ exports[`XYChart component it renders bar 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -3716,6 +3720,7 @@ exports[`XYChart component it renders horizontal bar 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -4105,6 +4110,7 @@ exports[`XYChart component it renders horizontal bar 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -5269,6 +5275,7 @@ exports[`XYChart component it renders line 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -5658,6 +5665,7 @@ exports[`XYChart component it renders line 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -6822,6 +6830,7 @@ exports[`XYChart component it renders stacked area 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -7211,6 +7220,7 @@ exports[`XYChart component it renders stacked area 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -8375,6 +8385,7 @@ exports[`XYChart component it renders stacked bar 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -8764,6 +8775,7 @@ exports[`XYChart component it renders stacked bar 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -9928,6 +9940,7 @@ exports[`XYChart component it renders stacked horizontal bar 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -10317,6 +10330,7 @@ exports[`XYChart component it renders stacked horizontal bar 1`] = ` }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -11511,6 +11525,7 @@ exports[`XYChart component split chart should render split chart if both, splitR }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -11900,6 +11915,7 @@ exports[`XYChart component split chart should render split chart if both, splitR }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -13302,6 +13318,7 @@ exports[`XYChart component split chart should render split chart if splitColumnA }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -13691,6 +13708,7 @@ exports[`XYChart component split chart should render split chart if splitColumnA }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -15086,6 +15104,7 @@ exports[`XYChart component split chart should render split chart if splitRowAcce }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -15475,6 +15494,7 @@ exports[`XYChart component split chart should render split chart if splitRowAcce }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, diff --git a/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.test.ts b/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.test.ts index 600b5f4a98e4a..e31864e4c05c6 100644 --- a/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.test.ts +++ b/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.test.ts @@ -25,6 +25,11 @@ describe('tokens_utils', () => { const result = removeTrailingWhitespaces(url); expect(result).toBe('_search'); }); + it(`doesn't split a query parameter with whitespaces`, () => { + const url = '_search?q="with whitespace"'; + const result = removeTrailingWhitespaces(url); + expect(result).toBe(url); + }); }); describe('parseBody', () => { diff --git a/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.ts b/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.ts index decbe0d4fdd9a..2ff755b12af1d 100644 --- a/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.ts +++ b/src/plugins/console/public/application/containers/editor/monaco/utils/tokens_utils.ts @@ -405,7 +405,24 @@ export const parseBody = (value: string): string[] => { * Ideally the parser would do that, but currently they are included in url. */ export const removeTrailingWhitespaces = (url: string): string => { - return url.trim().split(whitespacesRegex)[0]; + let index = 0; + let whitespaceIndex = -1; + let isQueryParam = false; + let char = url[index]; + while (char) { + if (char === '"') { + isQueryParam = !isQueryParam; + } else if (char === ' ' && !isQueryParam) { + whitespaceIndex = index; + break; + } + index++; + char = url[index]; + } + if (whitespaceIndex > 0) { + return url.slice(0, whitespaceIndex); + } + return url; }; /* diff --git a/src/plugins/console/public/application/models/sense_editor/integration.test.js b/src/plugins/console/public/application/models/sense_editor/integration.test.js index 8327e4d15da78..f74a0a0c10341 100644 --- a/src/plugins/console/public/application/models/sense_editor/integration.test.js +++ b/src/plugins/console/public/application/models/sense_editor/integration.test.js @@ -948,8 +948,6 @@ describe('Integration', () => { autoCompleteSet: [ tt('field1.1.1', { f: 1 }, 'string'), tt('field1.1.2', { f: 1 }, 'string'), - tt('field2.1.1', { f: 1 }, 'string'), - tt('field2.1.2', { f: 1 }, 'string'), ], }, { @@ -958,8 +956,6 @@ describe('Integration', () => { autoCompleteSet: [ { name: 'field1.1.1', meta: 'string' }, { name: 'field1.1.2', meta: 'string' }, - { name: 'field2.1.1', meta: 'string' }, - { name: 'field2.1.2', meta: 'string' }, ], }, ] diff --git a/src/plugins/console/public/lib/autocomplete/components/index_autocomplete_component.js b/src/plugins/console/public/lib/autocomplete/components/index_autocomplete_component.js index 752e69c09614e..7615c511148b0 100644 --- a/src/plugins/console/public/lib/autocomplete/components/index_autocomplete_component.js +++ b/src/plugins/console/public/lib/autocomplete/components/index_autocomplete_component.js @@ -24,4 +24,12 @@ export class IndexAutocompleteComponent extends ListComponent { } return !_.find(tokens, nonValidIndexType); } + + getDefaultTermMeta() { + return 'index'; + } + + getContextKey() { + return 'indices'; + } } diff --git a/src/plugins/console/public/lib/kb/kb.test.js b/src/plugins/console/public/lib/kb/kb.test.js index e14ceb6445c8d..b23bdf8ea0846 100644 --- a/src/plugins/console/public/lib/kb/kb.test.js +++ b/src/plugins/console/public/lib/kb/kb.test.js @@ -133,12 +133,12 @@ describe('Knowledge base', () => { ); indexTest('Index integration 2', ['index1'], [], { - index: ['index1'], + indices: ['index1'], autoCompleteSet: ['_multi_indices', '_single_index'], }); indexTest('Index integration 2', [['index1', 'index2']], [], { - index: ['index1', 'index2'], + indices: ['index1', 'index2'], autoCompleteSet: ['_multi_indices', '_single_index'], }); }); diff --git a/src/plugins/console/public/styles/_app.scss b/src/plugins/console/public/styles/_app.scss index a4a7469a69bfe..f2353821ec93f 100644 --- a/src/plugins/console/public/styles/_app.scss +++ b/src/plugins/console/public/styles/_app.scss @@ -133,3 +133,11 @@ .console__monaco_editor__selectedRequests { background: transparentize($euiColorLightShade, .3); } +/* + * The z-index for the autocomplete suggestions popup + */ + +.kibanaCodeEditor .monaco-editor .suggest-widget { + // the value needs to be above the z-index of the resizer bar + z-index: $euiZLevel1 + 2; +} diff --git a/src/plugins/dashboard/public/dashboard_actions/index.ts b/src/plugins/dashboard/public/dashboard_actions/index.ts index ecffeaa5643ae..ba93db83247d4 100644 --- a/src/plugins/dashboard/public/dashboard_actions/index.ts +++ b/src/plugins/dashboard/public/dashboard_actions/index.ts @@ -8,7 +8,6 @@ import { CoreStart } from '@kbn/core/public'; import { CONTEXT_MENU_TRIGGER, PANEL_NOTIFICATION_TRIGGER } from '@kbn/embeddable-plugin/public'; - import { DashboardStartDependencies } from '../plugin'; import { AddToLibraryAction } from './add_to_library_action'; import { LegacyAddToLibraryAction } from './legacy_add_to_library_action'; diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.test.ts b/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.test.ts index ed2fadd359db7..180b9b7eb2ff9 100644 --- a/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.test.ts +++ b/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.test.ts @@ -7,7 +7,7 @@ */ import { getMockPresentationContainer } from '@kbn/presentation-containers/mocks'; -import { getAddPanelActionMenuItems } from './add_panel_action_menu_items'; +import { getAddPanelActionMenuItemsGroup } from './add_panel_action_menu_items'; describe('getAddPanelActionMenuItems', () => { it('returns the items correctly', async () => { @@ -54,39 +54,53 @@ describe('getAddPanelActionMenuItems', () => { ], }, ]; - const [items, grouped] = getAddPanelActionMenuItems( + const grouped = getAddPanelActionMenuItemsGroup( getMockPresentationContainer(), registeredActions, jest.fn() ); - expect(items).toStrictEqual([ - { - 'data-test-subj': 'create-action-Action name', - icon: 'pencil', - name: 'Action name', - onClick: expect.any(Function), - toolTipContent: 'Action tooltip', - }, - ]); + expect(grouped).toStrictEqual({ groupedAddPanelAction: { id: 'groupedAddPanelAction', title: 'Custom group', - icon: 'logoElasticsearch', + order: 0, + 'data-test-subj': 'dashboardEditorMenu-groupedAddPanelActionGroup', items: [ { 'data-test-subj': 'create-action-Action name 01', icon: 'pencil', + id: 'TEST_ACTION_01', name: 'Action name 01', onClick: expect.any(Function), - toolTipContent: 'Action tooltip', + description: 'Action tooltip', + order: 0, }, { 'data-test-subj': 'create-action-Action name', icon: 'empty', + id: 'TEST_ACTION_02', + name: 'Action name', + onClick: expect.any(Function), + description: 'Action tooltip', + order: 0, + }, + ], + }, + other: { + id: 'other', + title: 'Other', + order: -1, + 'data-test-subj': 'dashboardEditorMenu-otherGroup', + items: [ + { + id: 'ACTION_CREATE_ESQL_CHART', name: 'Action name', + icon: 'pencil', + description: 'Action tooltip', onClick: expect.any(Function), - toolTipContent: 'Action tooltip', + 'data-test-subj': 'create-action-Action name', + order: 0, }, ], }, @@ -94,12 +108,8 @@ describe('getAddPanelActionMenuItems', () => { }); it('returns empty array if no actions have been registered', async () => { - const [items, grouped] = getAddPanelActionMenuItems( - getMockPresentationContainer(), - [], - jest.fn() - ); - expect(items).toStrictEqual([]); + const grouped = getAddPanelActionMenuItemsGroup(getMockPresentationContainer(), [], jest.fn()); + expect(grouped).toStrictEqual({}); }); }); diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.ts b/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.ts index 678129d0f5808..4e90d94caa388 100644 --- a/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.ts +++ b/src/plugins/dashboard/public/dashboard_app/top_nav/add_panel_action_menu_items.ts @@ -5,13 +5,35 @@ * in compliance with, at your election, the Elastic License 2.0 or the Server * Side Public License, v 1. */ -import type { ActionExecutionContext, Action } from '@kbn/ui-actions-plugin/public'; + +import { + type ActionExecutionContext, + type Action, + addPanelMenuTrigger, +} from '@kbn/ui-actions-plugin/public'; import { PresentationContainer } from '@kbn/presentation-containers'; -import type { - EuiContextMenuPanelDescriptor, - EuiContextMenuPanelItemDescriptor, -} from '@elastic/eui'; -import { addPanelMenuTrigger } from '../../triggers'; +import { COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public'; +import type { IconType, CommonProps } from '@elastic/eui'; +import React, { type MouseEventHandler } from 'react'; + +export interface PanelSelectionMenuItem extends Pick { + id: string; + name: string; + icon: IconType; + onClick: MouseEventHandler; + description?: string; + isDisabled?: boolean; + isDeprecated?: boolean; + order: number; +} + +export type GroupedAddPanelActions = Pick< + PanelSelectionMenuItem, + 'id' | 'isDisabled' | 'data-test-subj' | 'order' +> & { + title: string; + items: PanelSelectionMenuItem[]; +}; const onAddPanelActionClick = (action: Action, context: ActionExecutionContext, closePopover: () => void) => @@ -30,16 +52,11 @@ const onAddPanelActionClick = } else action.execute(context); }; -export type GroupedAddPanelActions = EuiContextMenuPanelDescriptor & { - icon?: string; -}; - -export const getAddPanelActionMenuItems = ( +export const getAddPanelActionMenuItemsGroup = ( api: PresentationContainer, actions: Array> | undefined, closePopover: () => void -): [EuiContextMenuPanelItemDescriptor[], Record] => { - const ungrouped: EuiContextMenuPanelItemDescriptor[] = []; +) => { const grouped: Record = {}; const context = { @@ -47,29 +64,31 @@ export const getAddPanelActionMenuItems = ( trigger: addPanelMenuTrigger, }; - const getMenuItem = (item: Action) => { + const getMenuItem = (item: Action): PanelSelectionMenuItem => { const actionName = item.getDisplayName(context); return { + id: item.id, name: actionName, icon: (typeof item.getIconType === 'function' ? item.getIconType(context) : undefined) ?? 'empty', onClick: onAddPanelActionClick(item, context, closePopover), 'data-test-subj': `create-action-${actionName}`, - toolTipContent: item?.getDisplayNameTooltip?.(context), + description: item?.getDisplayNameTooltip?.(context), + order: item.order ?? 0, }; }; actions?.forEach((item) => { if (Array.isArray(item.grouping)) { item.grouping.forEach((group) => { - if (!grouped[group.id]) { - grouped[group.id] = { - id: group.id, - icon: - (typeof group.getIconType === 'function' ? group.getIconType(context) : undefined) ?? - 'empty', - title: group.getDisplayName ? group.getDisplayName(context) : undefined, + const groupId = group.id; + if (!grouped[groupId]) { + grouped[groupId] = { + id: groupId, + title: group.getDisplayName ? group.getDisplayName(context) : '', + 'data-test-subj': `dashboardEditorMenu-${groupId}Group`, + order: group.order ?? 0, items: [], }; } @@ -77,9 +96,22 @@ export const getAddPanelActionMenuItems = ( grouped[group.id]!.items!.push(getMenuItem(item)); }); } else { - ungrouped.push(getMenuItem(item)); + // use other group as the default for definitions that don't have a group + const fallbackGroup = COMMON_EMBEDDABLE_GROUPING.other; + + if (!grouped[fallbackGroup.id]) { + grouped[fallbackGroup.id] = { + id: fallbackGroup.id, + title: fallbackGroup.getDisplayName?.({ embeddable: api }) || '', + 'data-test-subj': `dashboardEditorMenu-${fallbackGroup.id}Group`, + order: fallbackGroup.order || 0, + items: [], + }; + } + + grouped[fallbackGroup.id].items.push(getMenuItem(item)); } }); - return [ungrouped, grouped]; + return grouped; }; diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss index 859a0ee11067e..0f463926908f3 100644 --- a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss +++ b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss @@ -3,4 +3,4 @@ @include euiOverflowShadow; max-height: 60vh; overflow-y: scroll; -} \ No newline at end of file +} diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.test.tsx b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.test.tsx index 6b2ff3f1900a3..c2b51a5e0eda5 100644 --- a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.test.tsx +++ b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.test.tsx @@ -34,9 +34,10 @@ describe('mergeGroupedItemsProvider', () => { const factoryGroupMap = { group1: { - panelId: 'panel1', + id: 'panel1', appName: 'App 1', icon: 'icon1', + order: 10, factories: [mockFactory], }, } as unknown as Record; @@ -46,29 +47,23 @@ describe('mergeGroupedItemsProvider', () => { id: 'panel2', title: 'Panel 2', icon: 'icon2', + order: 10, items: [ { id: 'addPanelActionId', + order: 0, }, ], }, } as unknown as Record; it('should merge factoryGroupMap and groupedAddPanelAction correctly', () => { - const [initialPanelGroups, additionalPanels] = mergeGroupedItemsProvider( - getEmbeddableFactoryMenuItem - )(factoryGroupMap, groupedAddPanelAction); + const groupedPanels = mergeGroupedItemsProvider(getEmbeddableFactoryMenuItem)( + factoryGroupMap, + groupedAddPanelAction + ); - expect(initialPanelGroups).toEqual([ - { - 'data-test-subj': 'dashboardEditorMenu-group1Group', - name: 'App 1', - icon: 'icon1', - panel: 'panel1', - }, - ]); - - expect(additionalPanels).toEqual([ + expect(groupedPanels).toEqual([ { id: 'panel1', title: 'App 1', @@ -76,72 +71,68 @@ describe('mergeGroupedItemsProvider', () => { { icon: 'icon1', name: 'Factory 1', - toolTipContent: 'Factory 1 description', + id: 'mockFactory', + description: 'Factory 1 description', 'data-test-subj': 'createNew-mockFactory', onClick: expect.any(Function), + order: 0, }, { id: 'addPanelActionId', + order: 0, }, ], + 'data-test-subj': 'dashboardEditorMenu-group1Group', + order: 10, }, ]); }); it('should handle missing factoryGroup correctly', () => { - const [initialPanelGroups, additionalPanels] = mergeGroupedItemsProvider( - getEmbeddableFactoryMenuItem - )({}, groupedAddPanelAction); + const groupedPanels = mergeGroupedItemsProvider(getEmbeddableFactoryMenuItem)( + {}, + groupedAddPanelAction + ); - expect(initialPanelGroups).toEqual([ - { - 'data-test-subj': 'dashboardEditorMenu-group1Group', - name: 'Panel 2', - icon: 'icon2', - panel: 'panel2', - }, - ]); - - expect(additionalPanels).toEqual([ + expect(groupedPanels).toEqual([ { id: 'panel2', + icon: 'icon2', title: 'Panel 2', items: [ { id: 'addPanelActionId', + order: 0, }, ], + order: 10, }, ]); }); it('should handle missing groupedAddPanelAction correctly', () => { - const [initialPanelGroups, additionalPanels] = mergeGroupedItemsProvider( - getEmbeddableFactoryMenuItem - )(factoryGroupMap, {}); + const groupedPanels = mergeGroupedItemsProvider(getEmbeddableFactoryMenuItem)( + factoryGroupMap, + {} + ); - expect(initialPanelGroups).toEqual([ - { - 'data-test-subj': 'dashboardEditorMenu-group1Group', - name: 'App 1', - icon: 'icon1', - panel: 'panel1', - }, - ]); - - expect(additionalPanels).toEqual([ + expect(groupedPanels).toEqual([ { id: 'panel1', title: 'App 1', items: [ { icon: 'icon1', + id: 'mockFactory', name: 'Factory 1', - toolTipContent: 'Factory 1 description', + description: 'Factory 1 description', 'data-test-subj': 'createNew-mockFactory', onClick: expect.any(Function), + order: 0, }, ], + order: 10, + 'data-test-subj': 'dashboardEditorMenu-group1Group', }, ]); }); diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx index d92b913c28b5d..ba7811dfec360 100644 --- a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx +++ b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.tsx @@ -8,37 +8,30 @@ import './editor_menu.scss'; -import React, { useCallback, useEffect, useMemo, useState, useRef } from 'react'; -import { - EuiBadge, - EuiContextMenu, - EuiContextMenuItemIcon, - type EuiContextMenuPanelDescriptor, - type EuiContextMenuPanelItemDescriptor, - EuiFlexGroup, - EuiFlexItem, - useEuiTheme, -} from '@elastic/eui'; +import React, { useEffect, useMemo, useState, useRef } from 'react'; +import { type IconType } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import type { Action } from '@kbn/ui-actions-plugin/public'; -import { ToolbarPopover } from '@kbn/shared-ux-button-toolbar'; +import { type Action, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; +import { ToolbarButton } from '@kbn/shared-ux-button-toolbar'; import { PresentationContainer } from '@kbn/presentation-containers'; import { type BaseVisType, VisGroups, type VisTypeAlias } from '@kbn/visualizations-plugin/public'; -import type { EmbeddableFactory } from '@kbn/embeddable-plugin/public'; +import { EmbeddableFactory, COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public'; import { pluginServices } from '../../services/plugin_services'; -import { DASHBOARD_APP_ID } from '../../dashboard_constants'; -import { ADD_PANEL_TRIGGER } from '../../triggers'; import { - getAddPanelActionMenuItems, + getAddPanelActionMenuItemsGroup, + type PanelSelectionMenuItem, type GroupedAddPanelActions, } from './add_panel_action_menu_items'; +import { openDashboardPanelSelectionFlyout } from './open_dashboard_panel_selection_flyout'; +import type { DashboardServices } from '../../services/types'; +import { useDashboardAPI } from '../dashboard_app'; export interface FactoryGroup { id: string; appName: string; - icon: EuiContextMenuItemIcon; - panelId: number; + icon?: IconType; factories: EmbeddableFactory[]; + order: number; } interface UnwrappedEmbeddableFactory { @@ -49,31 +42,38 @@ interface UnwrappedEmbeddableFactory { export type GetEmbeddableFactoryMenuItem = ReturnType; export const getEmbeddableFactoryMenuItemProvider = - (api: PresentationContainer, closePopover: () => void) => (factory: EmbeddableFactory) => { + (api: PresentationContainer, closePopover: () => void) => + (factory: EmbeddableFactory): PanelSelectionMenuItem => { const icon = factory?.getIconType ? factory.getIconType() : 'empty'; - const toolTipContent = factory?.getDescription ? factory.getDescription() : undefined; - return { + id: factory.type, name: factory.getDisplayName(), icon, - toolTipContent, + description: factory.getDescription?.(), onClick: async () => { closePopover(); api.addNewPanel({ panelType: factory.type }, true); }, 'data-test-subj': `createNew-${factory.type}`, + order: factory.order ?? 0, }; }; +const sortGroupPanelsByOrder = (panelGroups: T[]): T[] => { + return panelGroups.sort( + // larger number sorted to the top + (panelGroupA, panelGroupB) => panelGroupB.order - panelGroupA.order + ); +}; + export const mergeGroupedItemsProvider = (getEmbeddableFactoryMenuItem: GetEmbeddableFactoryMenuItem) => ( factoryGroupMap: Record, groupedAddPanelAction: Record - ): [EuiContextMenuPanelItemDescriptor[], EuiContextMenuPanelDescriptor[]] => { - const initialPanelGroups: EuiContextMenuPanelItemDescriptor[] = []; - const additionalPanels: EuiContextMenuPanelDescriptor[] = []; + ) => { + const panelGroups: GroupedAddPanelActions[] = []; new Set(Object.keys(factoryGroupMap).concat(Object.keys(groupedAddPanelAction))).forEach( (groupId) => { @@ -83,87 +83,60 @@ export const mergeGroupedItemsProvider = const addPanelGroup = groupedAddPanelAction[groupId]; if (factoryGroup && addPanelGroup) { - const panelId = factoryGroup.panelId; - - initialPanelGroups.push({ - 'data-test-subj': dataTestSubj, - name: factoryGroup.appName, - icon: factoryGroup.icon, - panel: panelId, - }); - - additionalPanels.push({ - id: panelId, + panelGroups.push({ + id: factoryGroup.id, title: factoryGroup.appName, + 'data-test-subj': dataTestSubj, + order: factoryGroup.order, items: [ ...factoryGroup.factories.map(getEmbeddableFactoryMenuItem), ...(addPanelGroup?.items ?? []), ], }); } else if (factoryGroup) { - const panelId = factoryGroup.panelId; - - initialPanelGroups.push({ - 'data-test-subj': dataTestSubj, - name: factoryGroup.appName, - icon: factoryGroup.icon, - panel: panelId, - }); - - additionalPanels.push({ - id: panelId, + panelGroups.push({ + id: factoryGroup.id, title: factoryGroup.appName, + 'data-test-subj': dataTestSubj, + order: factoryGroup.order, items: factoryGroup.factories.map(getEmbeddableFactoryMenuItem), }); } else if (addPanelGroup) { - const panelId = addPanelGroup.id; - - initialPanelGroups.push({ - 'data-test-subj': dataTestSubj, - name: addPanelGroup.title, - icon: addPanelGroup.icon, - panel: panelId, - }); - - additionalPanels.push({ - id: panelId, - title: addPanelGroup.title, - items: addPanelGroup.items, - }); + panelGroups.push(addPanelGroup); } } ); - return [initialPanelGroups, additionalPanels]; + return panelGroups; }; -export const EditorMenu = ({ - createNewVisType, - isDisabled, - api, -}: { +interface EditorMenuProps { api: PresentationContainer; isDisabled?: boolean; /** Handler for creating new visualization of a specified type */ createNewVisType: (visType: BaseVisType | VisTypeAlias) => () => void; -}) => { +} + +export const EditorMenu = ({ createNewVisType, isDisabled, api }: EditorMenuProps) => { const isMounted = useRef(false); + const flyoutRef = useRef>(); + const dashboard = useDashboardAPI(); + + useEffect(() => { + isMounted.current = true; + + return () => { + isMounted.current = false; + flyoutRef.current?.close(); + }; + }, []); + const { embeddable, - visualizations: { - getAliases: getVisTypeAliases, - getByGroup: getVisTypesByGroup, - showNewVisModal, - }, + visualizations: { getAliases: getVisTypeAliases, getByGroup: getVisTypesByGroup }, uiActions, } = pluginServices.getServices(); - const { euiTheme } = useEuiTheme(); - - const embeddableFactories = useMemo( - () => Array.from(embeddable.getEmbeddableFactories()), - [embeddable] - ); const [unwrappedEmbeddableFactories, setUnwrappedEmbeddableFactories] = useState< UnwrappedEmbeddableFactory[] >([]); @@ -172,6 +145,11 @@ export const EditorMenu = ({ undefined ); + const embeddableFactories = useMemo( + () => Array.from(embeddable.getEmbeddableFactories()), + [embeddable] + ); + useEffect(() => { Promise.all( embeddableFactories.map>(async (factory) => ({ @@ -183,17 +161,6 @@ export const EditorMenu = ({ }); }, [embeddableFactories]); - const createNewAggsBasedVis = useCallback( - (visType?: BaseVisType) => () => - showNewVisModal({ - originatingApp: DASHBOARD_APP_ID, - outsideVisualizeApp: true, - showAggsSelection: true, - selectedVisType: visType, - }), - [showNewVisModal] - ); - const getSortedVisTypesByGroup = (group: VisGroups) => getVisTypesByGroup(group) .sort((a: BaseVisType | VisTypeAlias, b: BaseVisType | VisTypeAlias) => { @@ -210,8 +177,9 @@ export const EditorMenu = ({ .filter(({ disableCreate }: BaseVisType) => !disableCreate); const promotedVisTypes = getSortedVisTypesByGroup(VisGroups.PROMOTED); - const aggsBasedVisTypes = getSortedVisTypesByGroup(VisGroups.AGGBASED); const toolVisTypes = getSortedVisTypesByGroup(VisGroups.TOOLS); + const legacyVisTypes = getSortedVisTypesByGroup(VisGroups.LEGACY); + const visTypeAliases = getVisTypeAliases() .sort(({ promotion: a = false }: VisTypeAlias, { promotion: b = false }: VisTypeAlias) => a === b ? 0 : a ? -1 : 1 @@ -224,18 +192,6 @@ export const EditorMenu = ({ ); const factoryGroupMap: Record = {}; - const ungroupedFactories: EmbeddableFactory[] = []; - const aggBasedPanelID = 1; - - let panelCount = 1 + aggBasedPanelID; - - useEffect(() => { - isMounted.current = true; - - return () => { - isMounted.current = false; - }; - }, []); // Retrieve ADD_PANEL_TRIGGER actions useEffect(() => { @@ -243,6 +199,7 @@ export const EditorMenu = ({ const registeredActions = await uiActions?.getTriggerCompatibleActions?.(ADD_PANEL_TRIGGER, { embeddable: api, }); + if (isMounted.current) { setAddPanelActions(registeredActions); } @@ -260,142 +217,160 @@ export const EditorMenu = ({ } else { factoryGroupMap[group.id] = { id: group.id, - appName: group.getDisplayName ? group.getDisplayName({ embeddable }) : group.id, - icon: (group.getIconType - ? group.getIconType({ embeddable }) - : 'empty') as EuiContextMenuItemIcon, + appName: group.getDisplayName + ? group.getDisplayName({ embeddable: dashboard }) + : group.id, + icon: group.getIconType?.({ embeddable: dashboard }), factories: [factory], - panelId: panelCount, + order: group.order ?? 0, }; - - panelCount++; } }); } else { - ungroupedFactories.push(factory); + const fallbackGroup = COMMON_EMBEDDABLE_GROUPING.other; + + if (!factoryGroupMap[fallbackGroup.id]) { + factoryGroupMap[fallbackGroup.id] = { + id: fallbackGroup.id, + appName: fallbackGroup.getDisplayName + ? fallbackGroup.getDisplayName({ embeddable: dashboard }) + : fallbackGroup.id, + icon: fallbackGroup.getIconType?.({ embeddable: dashboard }) || 'empty', + factories: [], + order: fallbackGroup.order ?? 0, + }; + } + + factoryGroupMap[fallbackGroup.id].factories.push(factory); } }); - const getVisTypeMenuItem = (visType: BaseVisType): EuiContextMenuPanelItemDescriptor => { + const augmentedCreateNewVisType = ( + visType: Parameters[0], + cb: () => void + ) => { + const visClickHandler = createNewVisType(visType); + return () => { + visClickHandler(); + cb(); + }; + }; + + const getVisTypeMenuItem = ( + onClickCb: () => void, + visType: BaseVisType + ): PanelSelectionMenuItem => { const { name, title, titleInWizard, description, icon = 'empty', - group, isDeprecated, + order, } = visType; return { - name: !isDeprecated ? ( - titleInWizard || title - ) : ( - - {titleInWizard || title} - - - {i18n.translate('dashboard.editorMenu.deprecatedTag', { - defaultMessage: 'Deprecated', - })} - - - - ), - icon: icon as string, - onClick: - // not all the agg-based visualizations need to be created via the wizard - group === VisGroups.AGGBASED && visType.options.showIndexSelection - ? createNewAggsBasedVis(visType) - : createNewVisType(visType), + id: name, + name: titleInWizard || title, + isDeprecated, + icon, + onClick: augmentedCreateNewVisType(visType, onClickCb), 'data-test-subj': `visType-${name}`, - toolTipContent: description, + description, + order, }; }; const getVisTypeAliasMenuItem = ( + onClickCb: () => void, visTypeAlias: VisTypeAlias - ): EuiContextMenuPanelItemDescriptor => { - const { name, title, description, icon = 'empty' } = visTypeAlias; + ): PanelSelectionMenuItem => { + const { name, title, description, icon = 'empty', order } = visTypeAlias; return { + id: name, name: title, icon, - onClick: createNewVisType(visTypeAlias), + onClick: augmentedCreateNewVisType(visTypeAlias, onClickCb), 'data-test-subj': `visType-${name}`, - toolTipContent: description, + description, + order: order ?? 0, }; }; - const aggsPanelTitle = i18n.translate('dashboard.editorMenu.aggBasedGroupTitle', { - defaultMessage: 'Aggregation based', - }); - - const getEditorMenuPanels = (closePopover: () => void): EuiContextMenuPanelDescriptor[] => { - const getEmbeddableFactoryMenuItem = getEmbeddableFactoryMenuItemProvider(api, closePopover); + const getEditorMenuPanels = (closeFlyout: () => void): GroupedAddPanelActions[] => { + const getEmbeddableFactoryMenuItem = getEmbeddableFactoryMenuItemProvider(api, closeFlyout); - const [ungroupedAddPanelActions, groupedAddPanelAction] = getAddPanelActionMenuItems( + const groupedAddPanelAction = getAddPanelActionMenuItemsGroup( api, addPanelActions, - closePopover + closeFlyout ); - const [initialPanelGroups, additionalPanels] = mergeGroupedItemsProvider( - getEmbeddableFactoryMenuItem - )(factoryGroupMap, groupedAddPanelAction); - - const initialPanelItems = [ - ...visTypeAliases.map(getVisTypeAliasMenuItem), - ...ungroupedAddPanelActions, - ...toolVisTypes.map(getVisTypeMenuItem), - ...ungroupedFactories.map(getEmbeddableFactoryMenuItem), - ...initialPanelGroups, - ...promotedVisTypes.map(getVisTypeMenuItem), - ]; - if (aggsBasedVisTypes.length > 0) { - initialPanelItems.push({ - name: aggsPanelTitle, - icon: 'visualizeApp', - panel: aggBasedPanelID, - 'data-test-subj': `dashboardEditorAggBasedMenuItem`, - }); - } + const initialPanelGroups = mergeGroupedItemsProvider(getEmbeddableFactoryMenuItem)( + factoryGroupMap, + groupedAddPanelAction + ); - return [ - { - id: 0, - items: initialPanelItems, - }, - { - id: aggBasedPanelID, - title: aggsPanelTitle, - items: aggsBasedVisTypes.map(getVisTypeMenuItem), - }, - ...additionalPanels, - ]; + // enhance panel groups + return sortGroupPanelsByOrder(initialPanelGroups).map((panelGroup) => { + switch (panelGroup.id) { + case 'visualizations': { + return { + ...panelGroup, + items: sortGroupPanelsByOrder( + (panelGroup.items ?? []).concat( + // TODO: actually add grouping to vis type alias so we wouldn't randomly display an unintended item + visTypeAliases.map(getVisTypeAliasMenuItem.bind(null, closeFlyout)), + promotedVisTypes.map(getVisTypeMenuItem.bind(null, closeFlyout)) + ) + ), + }; + } + case COMMON_EMBEDDABLE_GROUPING.legacy.id: { + return { + ...panelGroup, + items: sortGroupPanelsByOrder( + (panelGroup.items ?? []).concat( + legacyVisTypes.map(getVisTypeMenuItem.bind(null, closeFlyout)) + ) + ), + }; + } + case COMMON_EMBEDDABLE_GROUPING.annotation.id: { + return { + ...panelGroup, + items: sortGroupPanelsByOrder( + (panelGroup.items ?? []).concat( + toolVisTypes.map(getVisTypeMenuItem.bind(null, closeFlyout)) + ) + ), + }; + } + default: { + return { + ...panelGroup, + items: sortGroupPanelsByOrder(panelGroup.items), + }; + } + } + }); }; return ( - { + flyoutRef.current = openDashboardPanelSelectionFlyout({ + getPanels: getEditorMenuPanels, + }); + }} size="s" - iconType="plusInCircle" - panelPaddingSize="none" - data-test-subj="dashboardEditorMenuButton" - > - {({ closePopover }: { closePopover: () => void }) => ( - - )} - + /> ); }; diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/open_dashboard_panel_selection_flyout.tsx b/src/plugins/dashboard/public/dashboard_app/top_nav/open_dashboard_panel_selection_flyout.tsx new file mode 100644 index 0000000000000..8bd8dffc67c97 --- /dev/null +++ b/src/plugins/dashboard/public/dashboard_app/top_nav/open_dashboard_panel_selection_flyout.tsx @@ -0,0 +1,255 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React, { useEffect, useState, useRef } from 'react'; +import { toMountPoint } from '@kbn/react-kibana-mount'; +import { i18n as i18nFn } from '@kbn/i18n'; +import orderBy from 'lodash/orderBy'; +import { + EuiButtonEmpty, + EuiFlexGroup, + EuiFlexItem, + EuiFlyoutBody, + EuiFlyoutFooter, + EuiFlyoutHeader, + EuiForm, + EuiBadge, + EuiFormRow, + EuiTitle, + EuiFieldSearch, + useEuiTheme, + type EuiFlyoutProps, + EuiListGroup, + EuiListGroupItem, + EuiToolTip, + EuiText, +} from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { pluginServices } from '../../services/plugin_services'; +import type { DashboardServices } from '../../services/types'; +import type { GroupedAddPanelActions, PanelSelectionMenuItem } from './add_panel_action_menu_items'; + +interface OpenDashboardPanelSelectionFlyoutArgs { + getPanels: (closePopover: () => void) => GroupedAddPanelActions[]; + flyoutPanelPaddingSize?: Exclude; +} + +interface Props extends Pick { + /** Handler to close flyout */ + close: () => void; + /** Padding for flyout */ + paddingSize: Exclude; +} + +export function openDashboardPanelSelectionFlyout({ + getPanels, + flyoutPanelPaddingSize = 'l', +}: OpenDashboardPanelSelectionFlyoutArgs) { + const { + overlays, + analytics, + settings: { i18n, theme }, + } = pluginServices.getServices(); + // eslint-disable-next-line prefer-const + let flyoutRef: ReturnType; + + const mount = toMountPoint( + React.createElement(function () { + const closeFlyout = () => flyoutRef.close(); + return ( + + ); + }), + { analytics, theme, i18n } + ); + + flyoutRef = overlays.openFlyout(mount, { + size: 'm', + maxWidth: 500, + paddingSize: flyoutPanelPaddingSize, + 'aria-labelledby': 'addPanelsFlyout', + 'data-test-subj': 'dashboardPanelSelectionFlyout', + }); + + return flyoutRef; +} + +export const DashboardPanelSelectionListFlyout: React.FC = ({ + close, + getPanels, + paddingSize, +}) => { + const { euiTheme } = useEuiTheme(); + const panels = useRef(getPanels(close)); + const [searchTerm, setSearchTerm] = useState(''); + const [panelsSearchResult, setPanelsSearchResult] = useState( + panels.current + ); + + useEffect(() => { + if (!searchTerm) { + return setPanelsSearchResult(panels.current); + } + + const q = searchTerm.toLowerCase(); + + setPanelsSearchResult( + orderBy( + panels.current.map((panel) => { + const groupSearchMatch = panel.title.toLowerCase().includes(q); + + const [groupSearchMatchAgg, items] = panel.items.reduce( + (acc, cur) => { + const searchMatch = cur.name.toLowerCase().includes(q); + + acc[0] = acc[0] || searchMatch; + acc[1].push({ + ...cur, + isDisabled: !(groupSearchMatch || searchMatch), + }); + + return acc; + }, + [groupSearchMatch, [] as PanelSelectionMenuItem[]] + ); + + return { + ...panel, + isDisabled: !groupSearchMatchAgg, + items, + }; + }), + ['isDisabled'] + ) + ); + }, [searchTerm]); + + return ( + <> + + +

+ +

+ + + + + + + + { + setSearchTerm(e.target.value); + }} + aria-label={i18nFn.translate( + 'dashboard.editorMenu.addPanelFlyout.searchLabelText', + { defaultMessage: 'search field for panels' } + )} + className="nsPanelSelectionFlyout__searchInput" + data-test-subj="dashboardPanelSelectionFlyout__searchInput" + /> + + + + + + {panelsSearchResult.some(({ isDisabled }) => !isDisabled) ? ( + panelsSearchResult.map( + ({ id, title, items, isDisabled, ['data-test-subj']: dataTestSubj }) => + !isDisabled ? ( + + + {typeof title === 'string' ?

{title}

: title} + + + {items?.map((item, idx) => { + return ( + + {!item.isDeprecated ? ( + {item.name} + ) : ( + + + {item.name} + + + + + + + + )} + + } + onClick={item?.onClick} + iconType={item.icon} + data-test-subj={item['data-test-subj']} + isDisabled={item.isDisabled} + /> + ); + })} + + + ) : null + ) + ) : ( + + + + )} + + + + + + + + + + + + + + + ); +}; diff --git a/src/plugins/dashboard/public/plugin.tsx b/src/plugins/dashboard/public/plugin.tsx index 0a231492d70b9..c2838187d5eca 100644 --- a/src/plugins/dashboard/public/plugin.tsx +++ b/src/plugins/dashboard/public/plugin.tsx @@ -30,6 +30,7 @@ import type { UsageCollectionStart, } from '@kbn/usage-collection-plugin/public'; import { APP_WRAPPER_CLASS } from '@kbn/core/public'; +import { type UiActionsSetup, type UiActionsStart } from '@kbn/ui-actions-plugin/public'; import type { SpacesPluginStart } from '@kbn/spaces-plugin/public'; import type { HomePublicPluginSetup } from '@kbn/home-plugin/public'; import { replaceUrlHashQuery } from '@kbn/kibana-utils-plugin/common'; @@ -39,7 +40,6 @@ import type { DataViewEditorStart } from '@kbn/data-view-editor-plugin/public'; import type { NavigationPublicPluginStart } from '@kbn/navigation-plugin/public'; import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public'; import type { Start as InspectorStartContract } from '@kbn/inspector-plugin/public'; -import type { UiActionsSetup, UiActionsStart } from '@kbn/ui-actions-plugin/public'; import type { EmbeddableSetup, EmbeddableStart } from '@kbn/embeddable-plugin/public'; import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public'; import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public'; @@ -70,7 +70,6 @@ import { import { DashboardMountContextProps } from './dashboard_app/types'; import type { FindDashboardsService } from './services/dashboard_content_management/types'; import { CONTENT_ID, LATEST_VERSION } from '../common/content_management'; -import { addPanelMenuTrigger } from './triggers'; import { GetPanelPlacementSettings } from './dashboard_container/panel_placement'; export interface DashboardFeatureFlagConfig { @@ -167,10 +166,6 @@ export class DashboardPlugin this.dashboardFeatureFlagConfig = this.initializerContext.config.get(); - // this trigger enables external consumers to register actions for - // adding items to the add panel menu - uiActions.registerTrigger(addPanelMenuTrigger); - core.analytics.registerEventType({ eventType: 'dashboard_loaded_with_data', schema: {}, diff --git a/src/plugins/data_views/common/data_views/data_view_lazy.ts b/src/plugins/data_views/common/data_views/data_view_lazy.ts index 0fbb7f2ae21e0..5bab48ff7b300 100644 --- a/src/plugins/data_views/common/data_views/data_view_lazy.ts +++ b/src/plugins/data_views/common/data_views/data_view_lazy.ts @@ -503,7 +503,6 @@ export class DataViewLazy extends AbstractDataView { } getRuntimeMappings(): estypes.MappingRuntimeFields { - // @ts-expect-error composite type is not yet supported by es client but it can be forced return this.runtimeFieldMap; } diff --git a/src/plugins/discover/public/application/context/context_app.tsx b/src/plugins/discover/public/application/context/context_app.tsx index 5c7372f8d1d24..dc22a77fecede 100644 --- a/src/plugins/discover/public/application/context/context_app.tsx +++ b/src/plugins/discover/public/application/context/context_app.tsx @@ -141,7 +141,7 @@ export const ContextApp = ({ dataView, anchorId, referrer }: ContextAppProps) => await fetchContextRows(); } - if (analytics) { + if (analytics && fetchType) { const fetchDuration = window.performance.now() - startTime; reportPerformanceMetricEvent(analytics, { eventName: 'discoverSurroundingDocsFetch', diff --git a/src/plugins/discover/public/application/context/hooks/use_context_app_fetch.tsx b/src/plugins/discover/public/application/context/hooks/use_context_app_fetch.tsx index f0feaa2d63230..0428ff131238f 100644 --- a/src/plugins/discover/public/application/context/hooks/use_context_app_fetch.tsx +++ b/src/plugins/discover/public/application/context/hooks/use_context_app_fetch.tsx @@ -184,8 +184,10 @@ export function useContextAppFetch({ [fetchSurroundingRows] ); - const fetchAllRows = useCallback(() => { - fetchAnchorRow().then((anchor) => anchor && fetchContextRows(anchor)); + const fetchAllRows = useCallback(async () => { + const anchor = await fetchAnchorRow(); + if (!anchor) return; + return await fetchContextRows(anchor); }, [fetchAnchorRow, fetchContextRows]); const resetFetchedState = useCallback(() => { diff --git a/src/plugins/embeddable/public/index.ts b/src/plugins/embeddable/public/index.ts index b00adeb711a5b..88faa59b51c81 100644 --- a/src/plugins/embeddable/public/index.ts +++ b/src/plugins/embeddable/public/index.ts @@ -108,3 +108,5 @@ export { embeddableInputToSubject, embeddableOutputToSubject, } from './lib/embeddables/compatibility/embeddable_compatibility_utils'; + +export { COMMON_EMBEDDABLE_GROUPING } from './lib/embeddables/common/constants'; diff --git a/src/plugins/embeddable/public/lib/embeddables/common/constants.ts b/src/plugins/embeddable/public/lib/embeddables/common/constants.ts new file mode 100644 index 0000000000000..78228ec370a0e --- /dev/null +++ b/src/plugins/embeddable/public/lib/embeddables/common/constants.ts @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { i18n } from '@kbn/i18n'; +import { UiActionsPresentableGroup } from '@kbn/ui-actions-plugin/public'; + +export const COMMON_EMBEDDABLE_GROUPING: { [key: string]: UiActionsPresentableGroup } = { + legacy: { + id: 'legacy', + getDisplayName: () => + i18n.translate('embeddableApi.common.constants.grouping.legacy', { + defaultMessage: 'Legacy', + }), + order: -2, + }, + annotation: { + id: 'annotation-and-navigation', + getDisplayName: () => + i18n.translate('embeddableApi.common.constants.grouping.annotations', { + defaultMessage: 'Annotations and Navigation', + }), + }, + other: { + id: 'other', + getDisplayName: () => + i18n.translate('embeddableApi.common.constants.grouping.other', { + defaultMessage: 'Other', + }), + getIconType: () => 'empty', + order: -1, + }, +}; diff --git a/src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts b/src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts index cb19b82d75c98..39e32f756ae0c 100644 --- a/src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts +++ b/src/plugins/embeddable/public/lib/embeddables/embeddable_factory.ts @@ -148,4 +148,6 @@ export interface EmbeddableFactory< initialInput: TEmbeddableInput, parent?: IContainer ): Promise; + + order?: number; } diff --git a/src/plugins/files/server/file_client/file_metadata_client/adapters/es_index.ts b/src/plugins/files/server/file_client/file_metadata_client/adapters/es_index.ts index 37f8d3ddd6791..3aed345e7692f 100644 --- a/src/plugins/files/server/file_client/file_metadata_client/adapters/es_index.ts +++ b/src/plugins/files/server/file_client/file_metadata_client/adapters/es_index.ts @@ -253,7 +253,7 @@ export class EsIndexFilesMetadataClient implements FileMetadataClie return { total: (result.hits.total as SearchTotalHits).value, - files: result.hits.hits.map((r) => ({ id: r._id, metadata: r._source?.file! })), + files: result.hits.hits.map((r) => ({ id: r._id!, metadata: r._source?.file! })), }; } diff --git a/src/plugins/files/server/routes/file_kind/create.ts b/src/plugins/files/server/routes/file_kind/create.ts index 9121e27df0ac1..b15cb96a2ce93 100644 --- a/src/plugins/files/server/routes/file_kind/create.ts +++ b/src/plugins/files/server/routes/file_kind/create.ts @@ -31,12 +31,12 @@ export type Endpoint = CreateRouteDefinition< FilesClient['create'] >; -export const handler: CreateHandler = async ({ fileKind, files }, req, res) => { - const { fileService, security } = await files; +export const handler: CreateHandler = async ({ core, fileKind, files }, req, res) => { + const [{ security }, { fileService }] = await Promise.all([core, files]); const { body: { name, alt, meta, mimeType }, } = req; - const user = security?.authc.getCurrentUser(req); + const user = security.authc.getCurrentUser(); const file = await fileService.asCurrentUser().create({ fileKind, name, diff --git a/src/plugins/files/server/routes/types.ts b/src/plugins/files/server/routes/types.ts index 9a1332137c811..5095ae8ab51a2 100644 --- a/src/plugins/files/server/routes/types.ts +++ b/src/plugins/files/server/routes/types.ts @@ -17,14 +17,12 @@ import type { ResponseError, RouteMethod, } from '@kbn/core/server'; -import type { SecurityPluginStart } from '@kbn/security-plugin/server'; import type { FileServiceStart } from '../file_service'; import { Counters } from '../usage'; import { AnyEndpoint } from './api_routes'; export interface FilesRequestHandlerContext extends RequestHandlerContext { files: Promise<{ - security?: SecurityPluginStart; fileService: { asCurrentUser: () => FileServiceStart; asInternalUser: () => FileServiceStart; diff --git a/src/plugins/image_embeddable/public/actions/create_image_action.ts b/src/plugins/image_embeddable/public/actions/create_image_action.ts index 02cd8b26e1182..bbbe0144856e0 100644 --- a/src/plugins/image_embeddable/public/actions/create_image_action.ts +++ b/src/plugins/image_embeddable/public/actions/create_image_action.ts @@ -9,7 +9,8 @@ import { i18n } from '@kbn/i18n'; import { CanAddNewPanel } from '@kbn/presentation-containers'; import { EmbeddableApiContext } from '@kbn/presentation-publishing'; -import { IncompatibleActionError } from '@kbn/ui-actions-plugin/public'; +import { COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public'; +import { IncompatibleActionError, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; import { ADD_IMAGE_EMBEDDABLE_ACTION_ID, IMAGE_EMBEDDABLE_TYPE, @@ -27,6 +28,7 @@ export const registerCreateImageAction = () => { uiActionsService.registerAction({ id: ADD_IMAGE_EMBEDDABLE_ACTION_ID, getIconType: () => 'image', + order: 20, isCompatible: async ({ embeddable: parentApi }) => { return Boolean(await parentApiIsCompatible(parentApi)); }, @@ -45,13 +47,14 @@ export const registerCreateImageAction = () => { // swallow the rejection, since this just means the user closed without saving } }, + grouping: [COMMON_EMBEDDABLE_GROUPING.annotation], getDisplayName: () => i18n.translate('imageEmbeddable.imageEmbeddableFactory.displayName', { defaultMessage: 'Image', }), }); - uiActionsService.attachAction('ADD_PANEL_TRIGGER', ADD_IMAGE_EMBEDDABLE_ACTION_ID); + uiActionsService.attachAction(ADD_PANEL_TRIGGER, ADD_IMAGE_EMBEDDABLE_ACTION_ID); if (uiActionsService.hasTrigger('ADD_CANVAS_ELEMENT_TRIGGER')) { // Because Canvas is not enabled in Serverless, this trigger might not be registered - only attach // the create action if the Canvas-specific trigger does indeed exist. diff --git a/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx b/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx index dd2932164c014..c737640a4f1b9 100644 --- a/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx +++ b/src/plugins/image_embeddable/public/components/image_editor/open_image_editor.tsx @@ -14,7 +14,7 @@ import { FilesContext } from '@kbn/shared-ux-file-context'; import { ImageConfig } from '../../image_embeddable/types'; import { FileImageMetadata, imageEmbeddableFileKind } from '../../imports'; -import { coreServices, filesService, securityService } from '../../services/kibana_services'; +import { coreServices, filesService } from '../../services/kibana_services'; import { createValidateUrl } from '../../utils/validate_url'; import { ImageViewerContext } from '../image_viewer/image_viewer_context'; @@ -27,8 +27,8 @@ export const openImageEditor = async ({ }): Promise => { const { ImageEditorFlyout } = await import('./image_editor_flyout'); - const { overlays, theme, i18n, http } = coreServices; - const user = securityService ? await securityService.authc.getCurrentUser() : undefined; + const { overlays, theme, i18n, http, security } = coreServices; + const user = await security.authc.getCurrentUser(); const filesClient = filesService.filesClientFactory.asUnscoped(); /** diff --git a/src/plugins/image_embeddable/public/services/kibana_services.ts b/src/plugins/image_embeddable/public/services/kibana_services.ts index a04328bb6e041..84711a3c2350c 100644 --- a/src/plugins/image_embeddable/public/services/kibana_services.ts +++ b/src/plugins/image_embeddable/public/services/kibana_services.ts @@ -11,7 +11,6 @@ import { BehaviorSubject } from 'rxjs'; import { CoreStart } from '@kbn/core/public'; import { FilesStart } from '@kbn/files-plugin/public'; import { ScreenshotModePluginStart } from '@kbn/screenshot-mode-plugin/public'; -import { SecurityPluginStart } from '@kbn/security-plugin-types-public'; import { UiActionsStart } from '@kbn/ui-actions-plugin/public'; import { ImageEmbeddableStartDependencies } from '../plugin'; @@ -20,7 +19,6 @@ export let coreServices: CoreStart; export let filesService: FilesStart; export let uiActionsService: UiActionsStart; export let screenshotModeService: ScreenshotModePluginStart | undefined; -export let securityService: SecurityPluginStart | undefined; export let trackUiMetric: ( type: string, @@ -48,7 +46,6 @@ export const setKibanaServices = ( ) => { coreServices = kibanaCore; filesService = deps.files; - securityService = deps.security; uiActionsService = deps.uiActions; screenshotModeService = deps.screenshotMode; diff --git a/src/plugins/image_embeddable/tsconfig.json b/src/plugins/image_embeddable/tsconfig.json index 7e54325cb7762..d9863cf7fd6ac 100644 --- a/src/plugins/image_embeddable/tsconfig.json +++ b/src/plugins/image_embeddable/tsconfig.json @@ -23,7 +23,6 @@ "@kbn/presentation-containers", "@kbn/presentation-publishing", "@kbn/react-kibana-mount", - "@kbn/security-plugin-types-public", "@kbn/embeddable-enhanced-plugin" ], "exclude": ["target/**/*"] diff --git a/src/plugins/links/public/embeddable/links_embeddable.tsx b/src/plugins/links/public/embeddable/links_embeddable.tsx index dcc49a7265a43..523d8706b2b86 100644 --- a/src/plugins/links/public/embeddable/links_embeddable.tsx +++ b/src/plugins/links/public/embeddable/links_embeddable.tsx @@ -17,6 +17,7 @@ import { Embeddable, ReferenceOrValueEmbeddable, SavedObjectEmbeddableInput, + COMMON_EMBEDDABLE_GROUPING, } from '@kbn/embeddable-plugin/public'; import { CONTENT_ID } from '../../common'; @@ -44,6 +45,8 @@ export class LinksEmbeddable public attributes?: LinksAttributes; public attributes$ = new Subject(); + public grouping = [COMMON_EMBEDDABLE_GROUPING.annotation]; + constructor( config: LinksConfig, initialInput: LinksInput, diff --git a/src/plugins/links/public/embeddable/links_embeddable_factory.ts b/src/plugins/links/public/embeddable/links_embeddable_factory.ts index 9ff3877b8a42e..40d377345e4f2 100644 --- a/src/plugins/links/public/embeddable/links_embeddable_factory.ts +++ b/src/plugins/links/public/embeddable/links_embeddable_factory.ts @@ -14,6 +14,7 @@ import { EmbeddableFactory, EmbeddableFactoryDefinition, ErrorEmbeddable, + COMMON_EMBEDDABLE_GROUPING, } from '@kbn/embeddable-plugin/public'; import { GetMigrationFunctionObjectFn, @@ -55,7 +56,8 @@ export class LinksFactoryDefinition | ((state: EmbeddableStateWithType, stats: Record) => Record) | undefined; migrations?: MigrateFunctionsObject | GetMigrationFunctionObjectFn | undefined; - grouping?: UiActionsPresentableGrouping | undefined; + grouping: UiActionsPresentableGrouping = [COMMON_EMBEDDABLE_GROUPING.annotation]; + public readonly type = CONTENT_ID; public readonly isContainerType = false; diff --git a/src/plugins/ui_actions/public/index.ts b/src/plugins/ui_actions/public/index.ts index 059ebad4b2bed..cb9a2ae53ef03 100644 --- a/src/plugins/ui_actions/public/index.ts +++ b/src/plugins/ui_actions/public/index.ts @@ -24,6 +24,7 @@ export { ActionInternal, createAction, IncompatibleActionError } from './actions export { buildContextMenuForActions } from './context_menu'; export type { Presentable as UiActionsPresentable, + PresentableGroup as UiActionsPresentableGroup, PresentableGrouping as UiActionsPresentableGrouping, } from '@kbn/ui-actions-browser/src/types'; export type { Trigger, RowClickContext } from '@kbn/ui-actions-browser/src/triggers'; @@ -34,6 +35,8 @@ export { visualizeGeoFieldTrigger, ROW_CLICK_TRIGGER, rowClickTrigger, + ADD_PANEL_TRIGGER, + addPanelMenuTrigger, } from '@kbn/ui-actions-browser/src/triggers'; export type { VisualizeFieldContext } from './types'; export { diff --git a/src/plugins/ui_actions/public/plugin.ts b/src/plugins/ui_actions/public/plugin.ts index 1dbff5b9729a0..5da343a0f6400 100644 --- a/src/plugins/ui_actions/public/plugin.ts +++ b/src/plugins/ui_actions/public/plugin.ts @@ -12,6 +12,7 @@ import { rowClickTrigger, visualizeFieldTrigger, visualizeGeoFieldTrigger, + addPanelMenuTrigger, } from '@kbn/ui-actions-browser/src/triggers'; import { UiActionsService } from './service'; import { setAnalytics, setI18n, setTheme } from './services'; @@ -48,6 +49,7 @@ export class UiActionsPlugin constructor(_initializerContext: PluginInitializerContext) {} public setup(_core: CoreSetup): UiActionsPublicSetup { + this.service.registerTrigger(addPanelMenuTrigger); this.service.registerTrigger(rowClickTrigger); this.service.registerTrigger(visualizeFieldTrigger); this.service.registerTrigger(visualizeGeoFieldTrigger); diff --git a/src/plugins/vis_type_markdown/public/markdown_vis.ts b/src/plugins/vis_type_markdown/public/markdown_vis.ts index 33acfa21cd0b0..4ebda6058777d 100644 --- a/src/plugins/vis_type_markdown/public/markdown_vis.ts +++ b/src/plugins/vis_type_markdown/public/markdown_vis.ts @@ -27,6 +27,7 @@ export const markdownVisDefinition: VisTypeDefinition = { description: i18n.translate('visTypeMarkdown.markdownDescription', { defaultMessage: 'Add text and images to your dashboard.', }), + order: 30, toExpressionAst, visConfig: { defaults: { diff --git a/src/plugins/vis_types/timeseries/public/metrics_type.ts b/src/plugins/vis_types/timeseries/public/metrics_type.ts index 51b0fcce5a58d..92361c6c53e19 100644 --- a/src/plugins/vis_types/timeseries/public/metrics_type.ts +++ b/src/plugins/vis_types/timeseries/public/metrics_type.ts @@ -104,7 +104,8 @@ export const metricsVisDefinition: VisTypeDefinition< defaultMessage: 'Perform advanced analysis of your time series data.', }), icon: 'visVisualBuilder', - group: VisGroups.PROMOTED, + group: VisGroups.LEGACY, + order: 10, visConfig: { defaults: { id: () => uuidv4(), diff --git a/src/plugins/visualizations/public/actions/add_agg_vis_action.ts b/src/plugins/visualizations/public/actions/add_agg_vis_action.ts new file mode 100644 index 0000000000000..62c8e3654db6e --- /dev/null +++ b/src/plugins/visualizations/public/actions/add_agg_vis_action.ts @@ -0,0 +1,64 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { i18n } from '@kbn/i18n'; +import { + apiHasAppContext, + EmbeddableApiContext, + HasType, + HasAppContext, +} from '@kbn/presentation-publishing'; +import { COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public'; +import { Action, IncompatibleActionError } from '@kbn/ui-actions-plugin/public'; +import { apiHasType } from '@kbn/presentation-publishing'; +import { apiCanAddNewPanel, CanAddNewPanel } from '@kbn/presentation-containers'; +import { showNewVisModal } from '../wizard/show_new_vis'; + +const ADD_AGG_VIS_ACTION_ID = 'ADD_AGG_VIS'; + +type AddAggVisualizationPanelActionApi = HasType & CanAddNewPanel & HasAppContext; + +const isApiCompatible = (api: unknown | null): api is AddAggVisualizationPanelActionApi => { + return apiHasType(api) && apiCanAddNewPanel(api) && apiHasAppContext(api); +}; + +export class AddAggVisualizationPanelAction implements Action { + public readonly type = ADD_AGG_VIS_ACTION_ID; + public readonly id = ADD_AGG_VIS_ACTION_ID; + public readonly grouping = [COMMON_EMBEDDABLE_GROUPING.legacy]; + + public readonly order = 20; + + constructor() {} + + public getIconType() { + return 'visualizeApp'; + } + + public getDisplayName() { + return i18n.translate('visualizations.uiAction.addAggVis.displayName', { + defaultMessage: 'Aggregation based', + }); + } + + public async isCompatible({ embeddable }: EmbeddableApiContext) { + return isApiCompatible(embeddable); + } + + public async execute({ embeddable }: EmbeddableApiContext): Promise { + if (!isApiCompatible(embeddable)) { + throw new IncompatibleActionError(); + } + + showNewVisModal({ + originatingApp: embeddable.getAppContext().currentAppId, + outsideVisualizeApp: true, + showAggsSelection: true, + }); + } +} diff --git a/src/plugins/visualizations/public/embeddable/constants.ts b/src/plugins/visualizations/public/embeddable/constants.ts index cec3bd6cdfc88..920562103e242 100644 --- a/src/plugins/visualizations/public/embeddable/constants.ts +++ b/src/plugins/visualizations/public/embeddable/constants.ts @@ -7,3 +7,14 @@ */ export { VISUALIZE_EMBEDDABLE_TYPE } from '../../common/constants'; + +export const COMMON_VISUALIZATION_GROUPING = [ + { + id: 'visualizations', + getDisplayName: () => 'Visualizations', + getIconType: () => { + return 'visGauge'; + }, + order: 1000, + }, +]; diff --git a/src/plugins/visualizations/public/embeddable/index.ts b/src/plugins/visualizations/public/embeddable/index.ts index ae0748f4475c2..ed3fef1c9ad44 100644 --- a/src/plugins/visualizations/public/embeddable/index.ts +++ b/src/plugins/visualizations/public/embeddable/index.ts @@ -7,7 +7,7 @@ */ export { VisualizeEmbeddableFactory } from './visualize_embeddable_factory'; -export { VISUALIZE_EMBEDDABLE_TYPE } from './constants'; +export { VISUALIZE_EMBEDDABLE_TYPE, COMMON_VISUALIZATION_GROUPING } from './constants'; export { VIS_EVENT_TO_TRIGGER } from './events'; export { createVisEmbeddableFromObject } from './create_vis_embeddable_from_object'; diff --git a/src/plugins/visualizations/public/index.ts b/src/plugins/visualizations/public/index.ts index 2f00bba142009..838ac3dbd7547 100644 --- a/src/plugins/visualizations/public/index.ts +++ b/src/plugins/visualizations/public/index.ts @@ -21,6 +21,7 @@ export { apiHasVisualizeConfig, VISUALIZE_EMBEDDABLE_TYPE, VIS_EVENT_TO_TRIGGER, + COMMON_VISUALIZATION_GROUPING, } from './embeddable'; export { VisualizationContainer } from './components'; export { getVisSchemas } from './vis_schemas'; diff --git a/src/plugins/visualizations/public/plugin.ts b/src/plugins/visualizations/public/plugin.ts index bc208c6bb785a..c97ff8f4eba45 100644 --- a/src/plugins/visualizations/public/plugin.ts +++ b/src/plugins/visualizations/public/plugin.ts @@ -36,7 +36,7 @@ import type { ApplicationStart, SavedObjectsClientContract, } from '@kbn/core/public'; -import type { UiActionsStart, UiActionsSetup } from '@kbn/ui-actions-plugin/public'; +import { UiActionsStart, UiActionsSetup, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; import type { SavedObjectsStart } from '@kbn/saved-objects-plugin/public'; import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public'; import type { @@ -47,7 +47,11 @@ import type { UsageCollectionStart } from '@kbn/usage-collection-plugin/public'; import type { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public'; import type { DataViewsPublicPluginStart } from '@kbn/data-views-plugin/public'; import type { ExpressionsSetup, ExpressionsStart } from '@kbn/expressions-plugin/public'; -import { EmbeddableSetup, EmbeddableStart } from '@kbn/embeddable-plugin/public'; +import { + CONTEXT_MENU_TRIGGER, + EmbeddableSetup, + EmbeddableStart, +} from '@kbn/embeddable-plugin/public'; import type { SavedObjectTaggingOssPluginStart } from '@kbn/saved-objects-tagging-oss-plugin/public'; import type { NavigationPublicPluginStart as NavigationStart } from '@kbn/navigation-plugin/public'; import type { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public'; @@ -122,6 +126,7 @@ import { } from '../common/content_management'; import { SerializedVisData } from '../common'; import { VisualizeByValueInput } from './embeddable/visualize_embeddable'; +import { AddAggVisualizationPanelAction } from './actions/add_agg_vis_action'; /** * Interface for this plugin's returned setup/start contracts. @@ -394,7 +399,9 @@ export class VisualizationsPlugin uiActions.registerTrigger(visualizeEditorTrigger); uiActions.registerTrigger(dashboardVisualizationPanelTrigger); const editInLensAction = new EditInLensAction(data.query.timefilter.timefilter); - uiActions.addTriggerAction('CONTEXT_MENU_TRIGGER', editInLensAction); + uiActions.addTriggerAction(CONTEXT_MENU_TRIGGER, editInLensAction); + const addAggVisAction = new AddAggVisualizationPanelAction(); + uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addAggVisAction); const embeddableFactory = new VisualizeEmbeddableFactory({ start }); embeddable.registerEmbeddableFactory(VISUALIZE_EMBEDDABLE_TYPE, embeddableFactory); diff --git a/src/plugins/visualizations/public/vis_types/base_vis_type.ts b/src/plugins/visualizations/public/vis_types/base_vis_type.ts index 26801421159b3..7a412aa40f02e 100644 --- a/src/plugins/visualizations/public/vis_types/base_vis_type.ts +++ b/src/plugins/visualizations/public/vis_types/base_vis_type.ts @@ -24,6 +24,7 @@ const defaultOptions: VisTypeOptions = { export class BaseVisType { public readonly name; public readonly title; + public readonly order; public readonly description; public readonly note; public readonly getSupportedTriggers; @@ -67,6 +68,7 @@ export class BaseVisType { this.title = opts.title; this.icon = opts.icon; this.image = opts.image; + this.order = opts.order ?? 0; this.suppressWarnings = opts.suppressWarnings; this.visConfig = defaultsDeep({}, opts.visConfig, { defaults: {} }); this.editorConfig = defaultsDeep({}, opts.editorConfig, { collections: {} }); diff --git a/src/plugins/visualizations/public/vis_types/types.ts b/src/plugins/visualizations/public/vis_types/types.ts index 2f689cb81aee0..b1920d5bb3a60 100644 --- a/src/plugins/visualizations/public/vis_types/types.ts +++ b/src/plugins/visualizations/public/vis_types/types.ts @@ -217,4 +217,6 @@ export interface VisTypeDefinition { * have incosistencies in legacy visLib visualizations */ readonly visConfig: Record; + + readonly order?: number; } diff --git a/src/plugins/visualizations/public/vis_types/vis_groups_enum.ts b/src/plugins/visualizations/public/vis_types/vis_groups_enum.ts index c8bd320c2f61b..10a38cb69ba1b 100644 --- a/src/plugins/visualizations/public/vis_types/vis_groups_enum.ts +++ b/src/plugins/visualizations/public/vis_types/vis_groups_enum.ts @@ -10,4 +10,5 @@ export enum VisGroups { PROMOTED = 'promoted', TOOLS = 'tools', AGGBASED = 'aggbased', + LEGACY = 'legacy', } diff --git a/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts b/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts index 617f0386f6181..f736455faf046 100644 --- a/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts +++ b/src/plugins/visualizations/public/vis_types/vis_type_alias_registry.ts @@ -117,6 +117,7 @@ export interface VisTypeAlias { visualizations: VisualizationsAppExtension; [appName: string]: unknown; }; + order?: number; } let registry: VisTypeAlias[] = []; diff --git a/src/plugins/visualizations/public/wizard/agg_based_selection/agg_based_selection.tsx b/src/plugins/visualizations/public/wizard/agg_based_selection/agg_based_selection.tsx index f4cdd05978830..1cf6ced52f412 100644 --- a/src/plugins/visualizations/public/wizard/agg_based_selection/agg_based_selection.tsx +++ b/src/plugins/visualizations/public/wizard/agg_based_selection/agg_based_selection.tsx @@ -35,6 +35,7 @@ interface VisTypeListEntry { } interface AggBasedSelectionProps { + openedAsRoot?: boolean; onVisTypeSelected: (visType: BaseVisType) => void; visTypesRegistry: TypesStart; toggleGroups: (flag: boolean) => void; @@ -58,13 +59,15 @@ class AggBasedSelection extends React.Component - this.props.toggleGroups(true)} /> + {this.props.openedAsRoot ? null : ( + this.props.toggleGroups(true)} /> + )} { return !visDefinition.disableCreate; }), @@ -65,6 +67,7 @@ function GroupSelection(props: GroupSelectionProps) { ), [props.visTypesRegistry] ); + return ( <> diff --git a/src/plugins/visualizations/public/wizard/new_vis_modal.tsx b/src/plugins/visualizations/public/wizard/new_vis_modal.tsx index b1e5de3215260..382474dd11b50 100644 --- a/src/plugins/visualizations/public/wizard/new_vis_modal.tsx +++ b/src/plugins/visualizations/public/wizard/new_vis_modal.tsx @@ -106,6 +106,7 @@ class NewVisModal extends React.Component this.setState({ showGroups: flag })} + openedAsRoot={this.props.showAggsSelection && !this.props.selectedVisType} /> ); diff --git a/src/plugins/visualizations/public/wizard/show_new_vis.tsx b/src/plugins/visualizations/public/wizard/show_new_vis.tsx index 867af06637ce0..e63ddc48f00df 100644 --- a/src/plugins/visualizations/public/wizard/show_new_vis.tsx +++ b/src/plugins/visualizations/public/wizard/show_new_vis.tsx @@ -7,9 +7,8 @@ */ import React, { lazy, Suspense } from 'react'; -import ReactDOM from 'react-dom'; import { EuiPortal, EuiProgress } from '@elastic/eui'; -import { KibanaRenderContextProvider } from '@kbn/react-kibana-context-render'; +import { toMountPoint } from '@kbn/react-kibana-mount'; import { getHttp, getTypes, @@ -50,47 +49,54 @@ export function showNewVisModal({ selectedVisType, }: ShowNewVisModalParams = {}) { const container = document.createElement('div'); + let isClosed = false; + + // initialize variable that will hold reference for unmount + // eslint-disable-next-line prefer-const + let unmount: ReturnType>; + const handleClose = () => { if (isClosed) return; - ReactDOM.unmountComponentAtNode(container); - document.body.removeChild(container); - if (onClose) { - onClose(); - } + + onClose?.(); + unmount?.(); isClosed = true; }; - document.body.appendChild(container); - const element = ( - - - - - } - > - - - + const mount = toMountPoint( + React.createElement(function () { + return ( + + + + } + > + + + ); + }), + { analytics: getAnalytics(), i18n: getI18n(), theme: getTheme() } ); - ReactDOM.render(element, container); + + unmount = mount(container); return () => handleClose(); } diff --git a/src/plugins/visualizations/tsconfig.json b/src/plugins/visualizations/tsconfig.json index 56d8275f80eaa..1592eff839af3 100644 --- a/src/plugins/visualizations/tsconfig.json +++ b/src/plugins/visualizations/tsconfig.json @@ -72,7 +72,8 @@ "@kbn/presentation-publishing", "@kbn/shared-ux-markdown", "@kbn/react-kibana-context-render", - "@kbn/react-kibana-mount" + "@kbn/react-kibana-mount", + "@kbn/presentation-containers" ], "exclude": [ "target/**/*", diff --git a/src/setup_node_env/harden/child_process.js b/src/setup_node_env/harden/child_process.js index c4524da367fcd..0ca891f69f9ce 100644 --- a/src/setup_node_env/harden/child_process.js +++ b/src/setup_node_env/harden/child_process.js @@ -30,31 +30,34 @@ function patchChildProcess(cp) { function patchOptions(hasArgs) { return function apply(target, thisArg, args) { var pos = 1; - if (pos === args.length) { + var newArgs = Object.setPrototypeOf([].concat(args), null); + + if (pos === newArgs.length) { // fn(arg1) - args[pos] = prototypelessSpawnOpts(); - } else if (pos < args.length) { - if (hasArgs && (Array.isArray(args[pos]) || args[pos] == null)) { + newArgs[pos] = prototypelessSpawnOpts(); + } else if (pos < newArgs.length) { + if (hasArgs && (Array.isArray(newArgs[pos]) || newArgs[pos] == null)) { // fn(arg1, args, ...) pos++; } - if (typeof args[pos] === 'object' && args[pos] !== null) { + if (typeof newArgs[pos] === 'object' && newArgs[pos] !== null) { // fn(arg1, {}, ...) // fn(arg1, args, {}, ...) - args[pos] = prototypelessSpawnOpts(args[pos]); - } else if (args[pos] == null) { + newArgs[pos] = prototypelessSpawnOpts(newArgs[pos]); + } else if (newArgs[pos] == null) { // fn(arg1, null/undefined, ...) // fn(arg1, args, null/undefined, ...) - args[pos] = prototypelessSpawnOpts(); - } else if (typeof args[pos] === 'function') { + newArgs[pos] = prototypelessSpawnOpts(); + } else if (typeof newArgs[pos] === 'function') { // fn(arg1, callback) // fn(arg1, args, callback) - args.splice(pos, 0, prototypelessSpawnOpts()); + // `newArgs` doesn't have prototype and hence `splice` method anymore. + Array.prototype.splice.call(newArgs, pos, 0, prototypelessSpawnOpts()); } } - return target.apply(thisArg, args); + return target.apply(thisArg, newArgs); }; } diff --git a/test/api_integration/apis/saved_objects/delete_unknown_types.ts b/test/api_integration/apis/saved_objects/delete_unknown_types.ts index f361199a8fdfa..5a821e6e609a9 100644 --- a/test/api_integration/apis/saved_objects/delete_unknown_types.ts +++ b/test/api_integration/apis/saved_objects/delete_unknown_types.ts @@ -48,7 +48,7 @@ export default function ({ getService }: FtrProviderContext) { id: hit._id, })) .sort((a, b) => { - return a.id > b.id ? 1 : -1; + return a.id! > b.id! ? 1 : -1; }); }; diff --git a/test/api_integration/apis/ui_metric/ui_metric.ts b/test/api_integration/apis/ui_metric/ui_metric.ts index 1c965d3533367..fe15c3d7f37be 100644 --- a/test/api_integration/apis/ui_metric/ui_metric.ts +++ b/test/api_integration/apis/ui_metric/ui_metric.ts @@ -51,7 +51,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); const response = await es.search({ index: '.kibana', q: 'type:ui-metric' }); - const ids = response.hits.hits.map(({ _id }: { _id: string }) => _id); + const ids = response.hits.hits.map(({ _id }: { _id?: string }) => _id!); expect(ids.includes('ui-metric:myApp:myEvent')).to.eql(true); }); @@ -76,7 +76,7 @@ export default function ({ getService }: FtrProviderContext) { .expect(200); const response = await es.search({ index: '.kibana', q: 'type:ui-metric' }); - const ids = response.hits.hits.map(({ _id }: { _id: string }) => _id); + const ids = response.hits.hits.map(({ _id }: { _id?: string }) => _id!); expect(ids.includes('ui-metric:myApp:myEvent')).to.eql(true); expect(ids.includes(`ui-metric:myApp:${uniqueEventName}`)).to.eql(true); expect(ids.includes(`ui-metric:kibana-user_agent:${userAgentMetric.userAgent}`)).to.eql(true); @@ -103,7 +103,7 @@ export default function ({ getService }: FtrProviderContext) { } = await es.search({ index: '.kibana', q: 'type:ui-metric' }); const countTypeEvent = hits.find( - (hit: { _id: string }) => hit._id === `ui-metric:myApp:${uniqueEventName}` + (hit: { _id?: string }) => hit._id! === `ui-metric:myApp:${uniqueEventName}` ); expect(countTypeEvent?._source['ui-metric'].count).to.eql(3); }); diff --git a/test/functional/apps/console/monaco/_autocomplete.ts b/test/functional/apps/console/monaco/_autocomplete.ts index e6ed83ad26338..bb81216111ddd 100644 --- a/test/functional/apps/console/monaco/_autocomplete.ts +++ b/test/functional/apps/console/monaco/_autocomplete.ts @@ -44,7 +44,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { expect(PageObjects.console.monaco.isAutocompleteVisible()).to.be.eql(true); }); - describe('Autocomplete behavior', () => { + // FLAKY: https://github.com/elastic/kibana/issues/186501 + describe.skip('Autocomplete behavior', () => { beforeEach(async () => { await PageObjects.console.monaco.clearEditorText(); }); @@ -370,5 +371,31 @@ GET _search }); }); }); + + describe('index fields autocomplete', () => { + const indexName = `index_field_test-${Date.now()}-${Math.random()}`; + + before(async () => { + await PageObjects.console.monaco.clearEditorText(); + // create an index with only 1 field + await PageObjects.console.monaco.enterText(`PUT ${indexName}/_doc/1\n{\n"test":1\n}`); + await PageObjects.console.clickPlay(); + }); + + after(async () => { + await PageObjects.console.monaco.clearEditorText(); + // delete the test index + await PageObjects.console.monaco.enterText(`DELETE ${indexName}`); + await PageObjects.console.clickPlay(); + }); + + it('fields autocomplete only shows fields of the index', async () => { + await PageObjects.console.monaco.clearEditorText(); + await PageObjects.console.monaco.enterText('GET _search\n{\n"fields": ["'); + + expect(await PageObjects.console.monaco.getAutocompleteSuggestion(0)).to.be.eql('test'); + expect(await PageObjects.console.monaco.getAutocompleteSuggestion(1)).to.be.eql(undefined); + }); + }); }); } diff --git a/test/functional/apps/console/monaco/_console.ts b/test/functional/apps/console/monaco/_console.ts index 36bb893d5b90f..b48ba75529579 100644 --- a/test/functional/apps/console/monaco/_console.ts +++ b/test/functional/apps/console/monaco/_console.ts @@ -36,8 +36,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { }); }); - // issue with the url params with whitespaces https://github.com/elastic/kibana/issues/184927 - it.skip('default request response should include `"timed_out" : false`', async () => { + it('default request response should include `"timed_out" : false`', async () => { const expectedResponseContains = `"timed_out": false`; await PageObjects.console.monaco.selectAllRequests(); await PageObjects.console.clickPlay(); diff --git a/test/functional/apps/dashboard/group5/empty_dashboard.ts b/test/functional/apps/dashboard/group5/empty_dashboard.ts index 6939833a80086..a26382daa91a7 100644 --- a/test/functional/apps/dashboard/group5/empty_dashboard.ts +++ b/test/functional/apps/dashboard/group5/empty_dashboard.ts @@ -60,7 +60,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { it('should open editor menu when editor button is clicked', async () => { await dashboardAddPanel.clickEditorMenuButton(); - await testSubjects.existOrFail('dashboardEditorContextMenu'); + await testSubjects.existOrFail('dashboardPanelSelectionFlyout'); }); }); } diff --git a/test/functional/page_objects/console_page.ts b/test/functional/page_objects/console_page.ts index 84267de85a595..aae93bacc965c 100644 --- a/test/functional/page_objects/console_page.ts +++ b/test/functional/page_objects/console_page.ts @@ -77,7 +77,11 @@ export class ConsolePageObject extends FtrService { getAutocompleteSuggestion: async (index: number) => { const suggestionsWidget = await this.find.byClassName('suggest-widget'); const suggestions = await suggestionsWidget.findAllByClassName('monaco-list-row'); - const label = await suggestions[index].findByClassName('label-name'); + const suggestion = suggestions[index]; + if (!suggestion) { + return undefined; + } + const label = await suggestion.findByClassName('label-name'); return label.getVisibleText(); }, pressUp: async (shift: boolean = false) => { diff --git a/test/functional/services/dashboard/add_panel.ts b/test/functional/services/dashboard/add_panel.ts index 1f4fa6b14aeb9..ffc62bdfdb68a 100644 --- a/test/functional/services/dashboard/add_panel.ts +++ b/test/functional/services/dashboard/add_panel.ts @@ -52,16 +52,16 @@ export class DashboardAddPanelService extends FtrService { async clickEditorMenuButton() { this.log.debug('DashboardAddPanel.clickEditorMenuButton'); await this.testSubjects.click('dashboardEditorMenuButton'); - await this.testSubjects.existOrFail('dashboardEditorContextMenu'); + await this.testSubjects.existOrFail('dashboardPanelSelectionFlyout'); } async expectEditorMenuClosed() { - await this.testSubjects.missingOrFail('dashboardEditorContextMenu'); + await this.testSubjects.missingOrFail('dashboardPanelSelectionFlyout'); } async clickAggBasedVisualizations() { this.log.debug('DashboardAddPanel.clickEditorMenuAggBasedMenuItem'); - await this.testSubjects.click('dashboardEditorAggBasedMenuItem'); + await this.clickAddNewPanelFromUIActionLink('Aggregation based'); } async clickVisType(visType: string) { @@ -69,9 +69,9 @@ export class DashboardAddPanelService extends FtrService { await this.testSubjects.click(`visType-${visType}`); } - async clickEmbeddableFactoryGroupButton(groupId: string) { - this.log.debug('DashboardAddPanel.clickEmbeddableFactoryGroupButton'); - await this.testSubjects.click(`dashboardEditorMenu-${groupId}Group`); + async verifyEmbeddableFactoryGroupExists(groupId: string) { + this.log.debug('DashboardAddPanel.verifyEmbeddableFactoryGroupExists'); + await this.testSubjects.existOrFail(`dashboardEditorMenu-${groupId}Group`); } async clickAddNewEmbeddableLink(type: string) { diff --git a/test/harden/_node_script.js b/test/harden/_node_script.js new file mode 100644 index 0000000000000..442221706b30f --- /dev/null +++ b/test/harden/_node_script.js @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +console.log('Hello from _node_script.js!'); diff --git a/test/harden/child_process.js b/test/harden/child_process.js index f15f5aceb39e7..029b1a038fcbf 100644 --- a/test/harden/child_process.js +++ b/test/harden/child_process.js @@ -307,6 +307,50 @@ for (const name of functions) { assertProcess(t, cp.spawn(command, [], { env: { custom: 'custom' } }), { stdout: 'custom' }); }); + test('spawn(command, options) - prevent object prototype pollution', (t) => { + const pathName = path.join(__dirname, '_node_script.js'); + const options = {}; + const pollutedObject = { + env: { + NODE_OPTIONS: `--require ${pathName}`, + }, + shell: process.argv[0], + }; + // eslint-disable-next-line no-proto + options.__proto__['2'] = pollutedObject; + + const argsArray = []; + + /** + * Declares that 3 assertions should be run. + * We don't use the assertProcess function here as we need an extra assertion + * for the polluted prototype + */ + t.plan(3); + + t.deepEqual( + argsArray[2], + pollutedObject, + 'Prototype should be polluted with the object at index 2' + ); + + const stdout = ''; + + const cmd = cp.spawn(command, argsArray); + cmd.stdout.on('data', (data) => { + t.equal(data.toString().trim(), stdout); + }); + + cmd.stderr.on('data', (data) => { + t.fail(`Unexpected data on STDERR: "${data}"`); + }); + + cmd.on('close', (code) => { + t.equal(code, 0); + t.end(); + }); + }); + for (const unset of notSet) { test(`spawn(command, ${unset})`, (t) => { assertProcess(t, cp.spawn(command, unset)); diff --git a/test/package/Vagrantfile b/test/package/Vagrantfile index b8c24d02c8eba..30f4dc618a22d 100644 --- a/test/package/Vagrantfile +++ b/test/package/Vagrantfile @@ -39,16 +39,4 @@ Vagrant.configure("2") do |config| end docker.vm.network "private_network", ip: "192.168.56.7" end - - config.vm.define "fips" do |fips| - fips.vm.synced_folder '../../', '/home/vagrant/kibana', SharedFoldersEnableSymlinksCreate: false - fips.vm.provider :virtualbox do |vb| - vb.memory = 4096 - vb.cpus = 2 - end - fips.vm.box = 'ubuntu/jammy64' - fips.vm.provision "ansible" do |ansible| - ansible.playbook = "fips.yml" - end - end end diff --git a/test/package/fips.yml b/test/package/fips.yml deleted file mode 100644 index 6682e32b0f6be..0000000000000 --- a/test/package/fips.yml +++ /dev/null @@ -1,14 +0,0 @@ -- name: test kibana fips docker package - hosts: fips - vars: - kibana_dist_path: "/usr/share/kibana" - kibana_src_path: "/home/vagrant/kibana" - nvm_ver: "0.39.7" - openssl_sha: "sha256:6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e" - openssl_ver: "3.0.8" - openssl_src_path: "{{ kibana_dist_path }}/openssl-{{ openssl_ver }}" - openssl_path: "{{ kibana_dist_path }}/openssl" - roles: - - upgrade_apt_packages - - install_kibana_fips - - assert_fips_enabled diff --git a/test/package/roles/assert_fips_enabled/tasks/main.yml b/test/package/roles/assert_fips_enabled/tasks/main.yml deleted file mode 100644 index 3f115314957b1..0000000000000 --- a/test/package/roles/assert_fips_enabled/tasks/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -- name: register kibana node getFips - shell: - cmd: "source /home/vagrant/.profile && {{ kibana_dist_path }}/node/glibc-217/bin/node --enable-fips --openssl-config={{ kibana_dist_path }}/config/nodejs.cnf -p 'crypto.getFips()'" - executable: /bin/bash - register: kibana_node_fips - -- debug: - msg: "{{ kibana_node_fips }}" - -- name: assert FIPS enabled - assert: - that: - - kibana_node_fips.stdout == "1" diff --git a/test/package/roles/install_kibana_fips/tasks/main.yml b/test/package/roles/install_kibana_fips/tasks/main.yml deleted file mode 100644 index 49376106171bd..0000000000000 --- a/test/package/roles/install_kibana_fips/tasks/main.yml +++ /dev/null @@ -1,170 +0,0 @@ -- name: gather ansible processor facts - setup: - gather_subset: - - "!all" - - "!min" - - "processor_cores" - when: ansible_processor_vcpus is not defined - -- name: setup env variables - blockinfile: - path: "/home/vagrant/.profile" - block: | - export OPENSSL_MODULES=/usr/share/kibana/openssl/lib/ossl-modules - export TEST_BROWSER_HEADLESS=1 - export FTR_DISABLE_ES_TMPDIR=true - owner: vagrant - group: vagrant - mode: '0644' - -- name: add chrome apt signing key - become: yes - apt_key: - url: https://dl.google.com/linux/linux_signing_key.pub - state: present - -- name: add chrome apt repository - become: yes - apt_repository: - repo: deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main - state: present - -- name: install apt packages - become: yes - apt: - pkg: - - build-essential - - google-chrome-stable - - unzip - state: latest - -- name: slurp kibana node version - slurp: - src: "{{ kibana_src_path }}/.node-version" - register: node_ver_file - -- name: set kibana node version - set_fact: - node_version: "{{ node_ver_file['content'] | b64decode | trim }}" - -- name: install nvm - shell: - chdir: "$HOME" - cmd: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v{{ nvm_ver }}/install.sh | PROFILE=/home/vagrant/.profile bash - -- name: install kibana node version - shell: - chdir: "$HOME/.nvm" - cmd: "source nvm.sh && nvm install {{ node_version }}" - args: - executable: /bin/bash - -- name: "ensure {{ openssl_path }} dir exists" - become: yes - file: - path: "{{ openssl_path }}" - state: directory - -- name: find kibana distribution - find: - paths: /packages/ - patterns: kibana-default.tar.gz - register: kibana_tar - -- name: extract kibana distribution - become: yes - unarchive: - src: "{{ kibana_tar.files[0].path }}" - dest: "{{ kibana_dist_path }}" - remote_src: yes - extra_opts: ["--strip-components=1"] - -- name: find kibana plugins distribution - find: - paths: /packages/ - patterns: kibana-default-plugins.tar.gz - register: kibana_plugins_tar - -- name: extract kibana plugins distribution - become: yes - unarchive: - src: "{{ kibana_plugins_tar.files[0].path }}" - dest: "{{ kibana_dist_path }}" - remote_src: yes - -- name: copy kibana yml configuration - become: yes - template: - src: templates/fips/kibana.yml - dest: "{{ kibana_dist_path }}/config/kibana.yml" - register: config - -- name: copy FIPS node.options - become: yes - template: - src: templates/fips/node.options - dest: "{{ kibana_dist_path }}/config/node.options" - -- name: copy FIPS openssl config - become: yes - template: - src: templates/fips/nodejs.cnf - dest: "{{ kibana_dist_path }}/config/nodejs.cnf" - -- name: download FIPS certified OpenSSL - become: yes - retries: 5 - delay: 10 - get_url: - url: "https://www.openssl.org/source/openssl-{{ openssl_ver }}.tar.gz" - dest: "{{ openssl_src_path }}.tar.gz" - checksum: "{{ openssl_sha }}" - -- name: extract OpenSSL - become: yes - unarchive: - src: "{{ openssl_src_path }}.tar.gz" - dest: "{{ kibana_dist_path }}" - remote_src: yes - -- name: configure OpenSSL for FIPS - become: yes - shell: - chdir: "{{ openssl_src_path }}" - cmd: "./Configure --prefix={{ openssl_path }} --openssldir={{ openssl_path }}/ssl --libdir={{ openssl_path }}/lib enable-fips" - -- name: compile OpenSSL with FIPS - become: yes - make: - chdir: "{{ openssl_src_path }}" - jobs: "{{ ansible_facts['processor_vcpus'] }}" - -- name: install OpenSSL with FIPS - become: yes - make: - chdir: "{{ openssl_src_path }}" - target: install - -- name: "change owner of {{ kibana_dist_path }} to vagrant" - become: yes - file: - path: "{{ kibana_dist_path }}" - owner: vagrant - group: vagrant - recurse: yes - -- name: fix /var/log permissions for kibana - become: yes - file: - path: /var/log - state: directory - recurse: true - mode: "0777" - -- name: increase vm.max_map_count for ES - become: yes - sysctl: - name: vm.max_map_count - value: '262144' - state: present - reload: yes \ No newline at end of file diff --git a/test/package/templates/fips/kibana.yml b/test/package/templates/fips/kibana.yml deleted file mode 100644 index d33cb21c383cb..0000000000000 --- a/test/package/templates/fips/kibana.yml +++ /dev/null @@ -1,16 +0,0 @@ -server.host: 0.0.0.0 - -elasticsearch.username: "{{ elasticsearch_username }}" -elasticsearch.password: "{{ elasticsearch_password }}" - -logging: - appenders: - file: - type: file - fileName: /var/log/kibana/kibana.log - layout: - type: json - root: - appenders: - - default - - file diff --git a/test/package/templates/fips/node.options b/test/package/templates/fips/node.options deleted file mode 100644 index b01af3c27a7b3..0000000000000 --- a/test/package/templates/fips/node.options +++ /dev/null @@ -1,4 +0,0 @@ ---max-old-space-size=812 ---unhandled-rejections=warn ---enable-fips ---openssl-config=/usr/share/kibana/config/nodejs.cnf \ No newline at end of file diff --git a/test/package/templates/fips/nodejs.cnf b/test/package/templates/fips/nodejs.cnf deleted file mode 100644 index f4f3a076975eb..0000000000000 --- a/test/package/templates/fips/nodejs.cnf +++ /dev/null @@ -1,28 +0,0 @@ -########################################################################## -## ## -## This OpenSSL config is only loaded when running Kibana in FIPS mode. ## -## ## -## See: ## -## https://github.com/openssl/openssl/blob/openssl-3.0/README-FIPS.md ## -## https://www.openssl.org/docs/man3.0/man7/fips_module.html ## -## ## -########################################################################## - -nodejs_conf = nodejs_init -.include /usr/share/kibana/openssl/ssl/fipsmodule.cnf - -[nodejs_init] -providers = provider_sect -alg_section = algorithm_sect - -[provider_sect] -default = default_sect -# The fips section name should match the section name inside the -# included fipsmodule.cnf. -fips = fips_sect - -[default_sect] -activate = 1 - -[algorithm_sect] -default_properties = fips=yes \ No newline at end of file diff --git a/test/plugin_functional/test_suites/core_plugins/rendering.ts b/test/plugin_functional/test_suites/core_plugins/rendering.ts index 380f3e965947f..b9bb6183b22b0 100644 --- a/test/plugin_functional/test_suites/core_plugins/rendering.ts +++ b/test/plugin_functional/test_suites/core_plugins/rendering.ts @@ -220,7 +220,6 @@ export default function ({ getService }: PluginFunctionalProviderContext) { 'xpack.apm.featureFlags.storageExplorerAvailable (any)', 'xpack.apm.featureFlags.profilingIntegrationAvailable (boolean)', 'xpack.apm.serverless.enabled (any)', // It's a boolean (any because schema.conditional) - 'xpack.assetManager.alphaEnabled (boolean)', 'xpack.observability_onboarding.serverless.enabled (any)', // It's a boolean (any because schema.conditional) 'xpack.cases.files.allowedMimeTypes (array)', 'xpack.cases.files.maxSize (number)', diff --git a/tsconfig.base.json b/tsconfig.base.json index 8baaf9a5c0dd7..689df41bae17a 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -88,8 +88,6 @@ "@kbn/app-link-test-plugin/*": ["test/plugin_functional/plugins/app_link_test/*"], "@kbn/application-usage-test-plugin": ["x-pack/test/usage_collection/plugins/application_usage_test"], "@kbn/application-usage-test-plugin/*": ["x-pack/test/usage_collection/plugins/application_usage_test/*"], - "@kbn/assetManager-plugin": ["x-pack/plugins/observability_solution/asset_manager"], - "@kbn/assetManager-plugin/*": ["x-pack/plugins/observability_solution/asset_manager/*"], "@kbn/assets-data-access-plugin": ["x-pack/plugins/observability_solution/assets_data_access"], "@kbn/assets-data-access-plugin/*": ["x-pack/plugins/observability_solution/assets_data_access/*"], "@kbn/audit-log-plugin": ["x-pack/test/security_api_integration/plugins/audit_log"], @@ -776,6 +774,8 @@ "@kbn/enterprise-search-plugin/*": ["x-pack/plugins/enterprise_search/*"], "@kbn/entities-schema": ["x-pack/packages/kbn-entities-schema"], "@kbn/entities-schema/*": ["x-pack/packages/kbn-entities-schema/*"], + "@kbn/entityManager-plugin": ["x-pack/plugins/observability_solution/entity_manager"], + "@kbn/entityManager-plugin/*": ["x-pack/plugins/observability_solution/entity_manager/*"], "@kbn/error-boundary-example-plugin": ["examples/error_boundary"], "@kbn/error-boundary-example-plugin/*": ["examples/error_boundary/*"], "@kbn/es": ["packages/kbn-es"], @@ -1448,6 +1448,10 @@ "@kbn/searchprofiler-plugin/*": ["x-pack/plugins/searchprofiler/*"], "@kbn/security-api-integration-helpers": ["x-pack/test/security_api_integration/packages/helpers"], "@kbn/security-api-integration-helpers/*": ["x-pack/test/security_api_integration/packages/helpers/*"], + "@kbn/security-api-key-management": ["x-pack/packages/security/api_key_management"], + "@kbn/security-api-key-management/*": ["x-pack/packages/security/api_key_management/*"], + "@kbn/security-form-components": ["x-pack/packages/security/form_components"], + "@kbn/security-form-components/*": ["x-pack/packages/security/form_components/*"], "@kbn/security-hardening": ["packages/kbn-security-hardening"], "@kbn/security-hardening/*": ["packages/kbn-security-hardening/*"], "@kbn/security-plugin": ["x-pack/plugins/security"], @@ -1872,7 +1876,9 @@ "@kbn/zod-helpers/*": ["packages/kbn-zod-helpers/*"], // END AUTOMATED PACKAGE LISTING // Allows for importing from `kibana` package for the exported types. - "@emotion/core": ["typings/@emotion"] + "@emotion/core": [ + "typings/@emotion" + ] }, // Support .tsx files and transform JSX into calls to React.createElement "jsx": "react", diff --git a/x-pack/.i18nrc.json b/x-pack/.i18nrc.json index a7f38d2aabbda..dd3409451e704 100644 --- a/x-pack/.i18nrc.json +++ b/x-pack/.i18nrc.json @@ -98,7 +98,7 @@ "xpack.searchPlayground": "plugins/search_playground", "xpack.searchInferenceEndpoints": "plugins/search_inference_endpoints", "xpack.searchProfiler": "plugins/searchprofiler", - "xpack.security": "plugins/security", + "xpack.security": ["plugins/security", "packages/security"], "xpack.server": "legacy/server", "xpack.serverless": "plugins/serverless", "xpack.serverlessSearch": "plugins/serverless_search", diff --git a/x-pack/README.md b/x-pack/README.md index 421f16e8ca92a..c3c6d9666397b 100644 --- a/x-pack/README.md +++ b/x-pack/README.md @@ -8,12 +8,6 @@ from files dual-licensed under the Server Side Public License and the Elastic Li If you have: -```yaml -xpack.observability.unsafe.alertDetails.metrics.enabled: true -``` - -**[For Infrastructure rule types]** In Kibana configuration, will allow the user to navigate to the new Alert Details page, instead of the Alert Flyout when clicking on `View alert details` in the Alert table - ```yaml xpack.observability.unsafe.alertDetails.uptime.enabled: true ``` diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts new file mode 100644 index 0000000000000..bc59404e0abff --- /dev/null +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.gen.ts @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Cancel Attack Discovery API endpoint + * version: 1 + */ + +import { z } from 'zod'; + +import { NonEmptyString } from '../common_attributes.gen'; +import { AttackDiscoveryResponse } from './common_attributes.gen'; + +export type AttackDiscoveryCancelRequestParams = z.infer; +export const AttackDiscoveryCancelRequestParams = z.object({ + /** + * The connector id for which to cancel a pending attack discovery + */ + connectorId: NonEmptyString, +}); +export type AttackDiscoveryCancelRequestParamsInput = z.input< + typeof AttackDiscoveryCancelRequestParams +>; + +export type AttackDiscoveryCancelResponse = z.infer; +export const AttackDiscoveryCancelResponse = AttackDiscoveryResponse; diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.schema.yaml new file mode 100644 index 0000000000000..553d741089cd0 --- /dev/null +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/cancel_attack_discovery_route.schema.yaml @@ -0,0 +1,41 @@ +openapi: 3.0.0 +info: + title: Cancel Attack Discovery API endpoint + version: '1' +paths: + /internal/elastic_assistant/attack_discovery/cancel/{connectorId}: + put: + operationId: AttackDiscoveryCancel + x-codegen-enabled: true + description: Cancel relevant data for performing an attack discovery like pending requests + summary: Cancel relevant data for performing an attack discovery + tags: + - attack_discovery + parameters: + - name: 'connectorId' + in: path + required: true + description: The connector id for which to cancel a pending attack discovery + schema: + $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString' + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: './common_attributes.schema.yaml#/components/schemas/AttackDiscoveryResponse' + + '400': + description: Generic Error + content: + application/json: + schema: + type: object + properties: + statusCode: + type: number + error: + type: string + message: + type: string diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts new file mode 100644 index 0000000000000..533acefe02156 --- /dev/null +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.gen.ts @@ -0,0 +1,199 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Common Attack Discovery Attributes + * version: not applicable + */ + +import { z } from 'zod'; + +import { NonEmptyString, User } from '../common_attributes.gen'; +import { Replacements, ApiConfig } from '../conversations/common_attributes.gen'; + +/** + * An attack discovery generated from one or more alerts + */ +export type AttackDiscovery = z.infer; +export const AttackDiscovery = z.object({ + /** + * The alert IDs that the attack discovery is based on + */ + alertIds: z.array(z.string()), + /** + * UUID of attack discovery + */ + id: z.string().optional(), + /** + * Details of the attack with bulleted markdown that always uses special syntax for field names and values from the source data. + */ + detailsMarkdown: z.string(), + /** + * A short (no more than a sentence) summary of the attack discovery featuring only the host.name and user.name fields (when they are applicable), using the same syntax + */ + entitySummaryMarkdown: z.string(), + /** + * An array of MITRE ATT&CK tactic for the attack discovery + */ + mitreAttackTactics: z.array(z.string()).optional(), + /** + * A markdown summary of attack discovery, using the same syntax + */ + summaryMarkdown: z.string(), + /** + * A title for the attack discovery, in plain text + */ + title: z.string(), + /** + * The time the attack discovery was generated + */ + timestamp: NonEmptyString, +}); + +/** + * Array of attack discoveries + */ +export type AttackDiscoveries = z.infer; +export const AttackDiscoveries = z.array(AttackDiscovery); + +/** + * The status of the attack discovery. + */ +export type AttackDiscoveryStatus = z.infer; +export const AttackDiscoveryStatus = z.enum(['running', 'succeeded', 'failed', 'canceled']); +export type AttackDiscoveryStatusEnum = typeof AttackDiscoveryStatus.enum; +export const AttackDiscoveryStatusEnum = AttackDiscoveryStatus.enum; + +/** + * Run durations for the attack discovery + */ +export type GenerationInterval = z.infer; +export const GenerationInterval = z.object({ + /** + * The time the attack discovery was generated + */ + date: z.string(), + /** + * The duration of the attack discovery generation + */ + durationMs: z.number().int(), +}); + +export type AttackDiscoveryResponse = z.infer; +export const AttackDiscoveryResponse = z.object({ + id: NonEmptyString, + timestamp: NonEmptyString.optional(), + /** + * The last time attack discovery was updated. + */ + updatedAt: z.string().optional(), + /** + * The number of alerts in the context. + */ + alertsContextCount: z.number().int().optional(), + /** + * The time attack discovery was created. + */ + createdAt: z.string(), + replacements: Replacements.optional(), + users: z.array(User), + /** + * The status of the attack discovery. + */ + status: AttackDiscoveryStatus, + /** + * The attack discoveries. + */ + attackDiscoveries: AttackDiscoveries, + /** + * LLM API configuration. + */ + apiConfig: ApiConfig, + /** + * Kibana space + */ + namespace: z.string(), + /** + * The backing index required for update requests. + */ + backingIndex: z.string(), + /** + * The most 5 recent generation intervals + */ + generationIntervals: z.array(GenerationInterval), + /** + * The average generation interval in milliseconds + */ + averageIntervalMs: z.number().int(), + /** + * The reason for a status of failed. + */ + failureReason: z.string().optional(), +}); + +export type AttackDiscoveryUpdateProps = z.infer; +export const AttackDiscoveryUpdateProps = z.object({ + id: NonEmptyString, + /** + * LLM API configuration. + */ + apiConfig: ApiConfig.optional(), + /** + * The number of alerts in the context. + */ + alertsContextCount: z.number().int().optional(), + /** + * The attack discoveries. + */ + attackDiscoveries: AttackDiscoveries.optional(), + /** + * The status of the attack discovery. + */ + status: AttackDiscoveryStatus, + replacements: Replacements.optional(), + /** + * The most 5 recent generation intervals + */ + generationIntervals: z.array(GenerationInterval).optional(), + /** + * The backing index required for update requests. + */ + backingIndex: z.string(), + /** + * The reason for a status of failed. + */ + failureReason: z.string().optional(), +}); + +export type AttackDiscoveryCreateProps = z.infer; +export const AttackDiscoveryCreateProps = z.object({ + /** + * The attack discovery id. + */ + id: z.string().optional(), + /** + * The status of the attack discovery. + */ + status: AttackDiscoveryStatus, + /** + * The number of alerts in the context. + */ + alertsContextCount: z.number().int().optional(), + /** + * The attack discoveries. + */ + attackDiscoveries: AttackDiscoveries, + /** + * LLM API configuration. + */ + apiConfig: ApiConfig, + replacements: Replacements.optional(), +}); diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.schema.yaml new file mode 100644 index 0000000000000..634b5f0192a60 --- /dev/null +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/common_attributes.schema.yaml @@ -0,0 +1,197 @@ +openapi: 3.0.0 +info: + title: Common Attack Discovery Attributes + version: 'not applicable' +paths: {} +components: + x-codegen-enabled: true + schemas: + AttackDiscovery: + type: object + description: An attack discovery generated from one or more alerts + required: + - 'alertIds' + - 'detailsMarkdown' + - 'entitySummaryMarkdown' + - 'summaryMarkdown' + - 'timestamp' + - 'title' + properties: + alertIds: + description: The alert IDs that the attack discovery is based on + items: + type: string + type: array + id: + description: UUID of attack discovery + type: string + detailsMarkdown: + description: Details of the attack with bulleted markdown that always uses special syntax for field names and values from the source data. + type: string + entitySummaryMarkdown: + description: A short (no more than a sentence) summary of the attack discovery featuring only the host.name and user.name fields (when they are applicable), using the same syntax + type: string + mitreAttackTactics: + description: An array of MITRE ATT&CK tactic for the attack discovery + items: + type: string + type: array + summaryMarkdown: + description: A markdown summary of attack discovery, using the same syntax + type: string + title: + description: A title for the attack discovery, in plain text + type: string + timestamp: + description: The time the attack discovery was generated + $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString' + AttackDiscoveries: + type: array + description: Array of attack discoveries + items: + $ref: '#/components/schemas/AttackDiscovery' + + AttackDiscoveryStatus: + type: string + description: The status of the attack discovery. + enum: + - running + - succeeded + - failed + - canceled + + GenerationInterval: + type: object + description: Run durations for the attack discovery + required: + - 'date' + - 'durationMs' + properties: + date: + description: The time the attack discovery was generated + type: string + durationMs: + description: The duration of the attack discovery generation + type: integer + + + AttackDiscoveryResponse: + type: object + required: + - apiConfig + - id + - createdAt + - users + - namespace + - attackDiscoveries + - status + - backingIndex + - generationIntervals + - averageIntervalMs + properties: + id: + $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString' + 'timestamp': + $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString' + updatedAt: + description: The last time attack discovery was updated. + type: string + alertsContextCount: + type: integer + description: The number of alerts in the context. + createdAt: + description: The time attack discovery was created. + type: string + replacements: + $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements' + users: + type: array + items: + $ref: '../common_attributes.schema.yaml#/components/schemas/User' + status: + $ref: '#/components/schemas/AttackDiscoveryStatus' + description: The status of the attack discovery. + attackDiscoveries: + $ref: '#/components/schemas/AttackDiscoveries' + description: The attack discoveries. + apiConfig: + $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig' + description: LLM API configuration. + namespace: + type: string + description: Kibana space + backingIndex: + type: string + description: The backing index required for update requests. + generationIntervals: + type: array + description: The most 5 recent generation intervals + items: + $ref: '#/components/schemas/GenerationInterval' + averageIntervalMs: + type: integer + description: The average generation interval in milliseconds + failureReason: + type: string + description: The reason for a status of failed. + + AttackDiscoveryUpdateProps: + type: object + required: + - id + - status + - backingIndex + properties: + id: + $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString' + apiConfig: + $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig' + description: LLM API configuration. + alertsContextCount: + type: integer + description: The number of alerts in the context. + attackDiscoveries: + $ref: '#/components/schemas/AttackDiscoveries' + description: The attack discoveries. + status: + $ref: '#/components/schemas/AttackDiscoveryStatus' + description: The status of the attack discovery. + replacements: + $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements' + generationIntervals: + type: array + description: The most 5 recent generation intervals + items: + $ref: '#/components/schemas/GenerationInterval' + backingIndex: + type: string + description: The backing index required for update requests. + failureReason: + type: string + description: The reason for a status of failed. + + AttackDiscoveryCreateProps: + type: object + required: + - attackDiscoveries + - apiConfig + - status + properties: + id: + type: string + description: The attack discovery id. + status: + $ref: '#/components/schemas/AttackDiscoveryStatus' + description: The status of the attack discovery. + alertsContextCount: + type: integer + description: The number of alerts in the context. + attackDiscoveries: + $ref: '#/components/schemas/AttackDiscoveries' + description: The attack discoveries. + apiConfig: + $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig' + description: LLM API configuration. + replacements: + $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements' + diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts new file mode 100644 index 0000000000000..3e58606df8298 --- /dev/null +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.gen.ts @@ -0,0 +1,38 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Get Attack Discovery API endpoint + * version: 1 + */ + +import { z } from 'zod'; + +import { NonEmptyString } from '../common_attributes.gen'; +import { AttackDiscoveryResponse } from './common_attributes.gen'; + +export type AttackDiscoveryGetRequestParams = z.infer; +export const AttackDiscoveryGetRequestParams = z.object({ + /** + * The connector id for which to get the attack discovery + */ + connectorId: NonEmptyString, +}); +export type AttackDiscoveryGetRequestParamsInput = z.input; + +export type AttackDiscoveryGetResponse = z.infer; +export const AttackDiscoveryGetResponse = z.object({ + data: AttackDiscoveryResponse.optional(), + /** + * Indicates if an attack discovery exists for the given connectorId + */ + entryExists: z.boolean(), +}); diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.schema.yaml new file mode 100644 index 0000000000000..4c1f11462744e --- /dev/null +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/get_attack_discovery_route.schema.yaml @@ -0,0 +1,48 @@ +openapi: 3.0.0 +info: + title: Get Attack Discovery API endpoint + version: '1' +paths: + /internal/elastic_assistant/attack_discovery/{connectorId}: + get: + operationId: AttackDiscoveryGet + x-codegen-enabled: true + description: Get relevant data for performing an attack discovery like pending requests + summary: Get relevant data for performing an attack discovery + tags: + - attack_discovery + parameters: + - name: 'connectorId' + in: path + required: true + description: The connector id for which to get the attack discovery + schema: + $ref: '../common_attributes.schema.yaml#/components/schemas/NonEmptyString' + responses: + '200': + description: Successful response + content: + application/json: + schema: + type: object + properties: + data: + $ref: './common_attributes.schema.yaml#/components/schemas/AttackDiscoveryResponse' + entryExists: + type: boolean + description: Indicates if an attack discovery exists for the given connectorId + required: + - entryExists + '400': + description: Generic Error + content: + application/json: + schema: + type: object + properties: + statusCode: + type: number + error: + type: string + message: + type: string diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts index cfc7d5285ddac..d2912c6e09ba2 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.gen.ts @@ -10,52 +10,24 @@ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. * * info: - * title: Attack discovery API endpoint + * title: Post Attack discovery API endpoint * version: 1 */ import { z } from 'zod'; import { AnonymizationFieldResponse } from '../anonymization_fields/bulk_crud_anonymization_fields_route.gen'; -import { Replacements, TraceData } from '../conversations/common_attributes.gen'; - -/** - * An attack discovery generated from one or more alerts - */ -export type AttackDiscovery = z.infer; -export const AttackDiscovery = z.object({ - /** - * The alert IDs that the attack discovery is based on - */ - alertIds: z.array(z.string()), - /** - * Details of the attack with bulleted markdown that always uses special syntax for field names and values from the source data. - */ - detailsMarkdown: z.string(), - /** - * A short (no more than a sentence) summary of the attack discovery featuring only the host.name and user.name fields (when they are applicable), using the same syntax - */ - entitySummaryMarkdown: z.string(), - /** - * An array of MITRE ATT&CK tactic for the attack discovery - */ - mitreAttackTactics: z.array(z.string()).optional(), - /** - * A markdown summary of attack discovery, using the same syntax - */ - summaryMarkdown: z.string(), - /** - * A title for the attack discovery, in plain text - */ - title: z.string(), -}); +import { ApiConfig, Replacements } from '../conversations/common_attributes.gen'; +import { AttackDiscoveryResponse } from './common_attributes.gen'; export type AttackDiscoveryPostRequestBody = z.infer; export const AttackDiscoveryPostRequestBody = z.object({ alertsIndexPattern: z.string(), anonymizationFields: z.array(AnonymizationFieldResponse), - connectorId: z.string(), - actionTypeId: z.string(), + /** + * LLM API configuration. + */ + apiConfig: ApiConfig, langSmithProject: z.string().optional(), langSmithApiKey: z.string().optional(), model: z.string().optional(), @@ -66,11 +38,4 @@ export const AttackDiscoveryPostRequestBody = z.object({ export type AttackDiscoveryPostRequestBodyInput = z.input; export type AttackDiscoveryPostResponse = z.infer; -export const AttackDiscoveryPostResponse = z.object({ - connector_id: z.string().optional(), - alertsContextCount: z.number().optional(), - attackDiscoveries: z.array(AttackDiscovery).optional(), - replacements: Replacements.optional(), - status: z.string().optional(), - trace_data: TraceData.optional(), -}); +export const AttackDiscoveryPostResponse = AttackDiscoveryResponse; diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml index 44acb268700a5..1c658174abd5c 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/attack_discovery/post_attack_discovery_route.schema.yaml @@ -1,43 +1,9 @@ openapi: 3.0.0 info: - title: Attack discovery API endpoint + title: Post Attack discovery API endpoint version: '1' components: x-codegen-enabled: true - schemas: - AttackDiscovery: - type: object - description: An attack discovery generated from one or more alerts - required: - - 'alertIds' - - 'detailsMarkdown' - - 'entitySummaryMarkdown' - - 'summaryMarkdown' - - 'title' - properties: - alertIds: - description: The alert IDs that the attack discovery is based on - items: - type: string - type: array - detailsMarkdown: - description: Details of the attack with bulleted markdown that always uses special syntax for field names and values from the source data. - type: string - entitySummaryMarkdown: - description: A short (no more than a sentence) summary of the attack discovery featuring only the host.name and user.name fields (when they are applicable), using the same syntax - type: string - mitreAttackTactics: - description: An array of MITRE ATT&CK tactic for the attack discovery - items: - type: string - type: array - summaryMarkdown: - description: A markdown summary of attack discovery, using the same syntax - type: string - title: - description: A title for the attack discovery, in plain text - type: string - paths: /internal/elastic_assistant/attack_discovery: @@ -56,10 +22,9 @@ paths: schema: type: object required: - - actionTypeId + - apiConfig - alertsIndexPattern - anonymizationFields - - connectorId - size - subAction properties: @@ -69,10 +34,9 @@ paths: items: $ref: '../anonymization_fields/bulk_crud_anonymization_fields_route.schema.yaml#/components/schemas/AnonymizationFieldResponse' type: array - connectorId: - type: string - actionTypeId: - type: string + apiConfig: + $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/ApiConfig' + description: LLM API configuration. langSmithProject: type: string langSmithApiKey: @@ -94,22 +58,7 @@ paths: content: application/json: schema: - type: object - properties: - connector_id: - type: string - alertsContextCount: - type: number - attackDiscoveries: - type: array - items: - $ref: '#/components/schemas/AttackDiscovery' - replacements: - $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/Replacements' - status: - type: string - trace_data: - $ref: '../conversations/common_attributes.schema.yaml#/components/schemas/TraceData' + $ref: './common_attributes.schema.yaml#/components/schemas/AttackDiscoveryResponse' '400': description: Bad request content: diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts index bbed67f4814fc..03f63ec0f2d29 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.gen.ts @@ -108,11 +108,11 @@ export const Message = z.object({ export type ApiConfig = z.infer; export const ApiConfig = z.object({ /** - * connector Id + * connector id */ connectorId: z.string(), /** - * action type Id + * action type id */ actionTypeId: z.string(), /** diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml index 49aaaa5663a1c..f6a8189182474 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/conversations/common_attributes.schema.yaml @@ -93,10 +93,10 @@ components: properties: connectorId: type: string - description: connector Id + description: connector id actionTypeId: type: string - description: action type Id + description: action type id defaultSystemPromptId: type: string description: defaultSystemPromptId diff --git a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts index ae66432af3076..8f47731694cf3 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts +++ b/x-pack/packages/kbn-elastic-assistant-common/impl/schemas/index.ts @@ -22,7 +22,10 @@ export const INTERNAL_API_ACCESS = 'internal'; export * from './common_attributes.gen'; // Attack discovery Schemas +export * from './attack_discovery/common_attributes.gen'; +export * from './attack_discovery/get_attack_discovery_route.gen'; export * from './attack_discovery/post_attack_discovery_route.gen'; +export * from './attack_discovery/cancel_attack_discovery_route.gen'; // Evaluation Schemas export * from './evaluation/post_evaluate_route.gen'; diff --git a/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx b/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx index dfb495201f6d1..c68dd56b4b00e 100644 --- a/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx +++ b/x-pack/packages/security-solution/data_table/components/data_table/column_headers/helpers.test.tsx @@ -226,13 +226,9 @@ describe('helpers', () => { { actions, aggregatable: true, - category: 'base', columnHeaderType: 'not-filtered', defaultSortDirection, - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', esTypes: ['date'], - example: '2016-05-23T08:05:34.853Z', format: '', id: '@timestamp', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -247,12 +243,9 @@ describe('helpers', () => { { actions, aggregatable: true, - category: 'source', columnHeaderType: 'not-filtered', defaultSortDirection, - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', esTypes: ['ip'], - example: '', format: '', id: 'source.ip', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -266,13 +259,9 @@ describe('helpers', () => { { actions, aggregatable: true, - category: 'destination', columnHeaderType: 'not-filtered', defaultSortDirection, - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', esTypes: ['ip'], - example: '', format: '', id: 'destination.ip', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -296,13 +285,9 @@ describe('helpers', () => { { actions, aggregatable: true, - category: 'base', columnHeaderType: 'not-filtered', defaultSortDirection, - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', esTypes: ['date'], - example: '2016-05-23T08:05:34.853Z', format: '', id: '@timestamp', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -355,10 +340,6 @@ describe('helpers', () => { const fieldName = 'test_field'; const testField = { aggregatable: true, - category: 'base', - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: 'date', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: fieldName, @@ -389,9 +370,6 @@ describe('helpers', () => { const fieldName = 'testFieldName'; const testField = { aggregatable: true, - category: fieldName, - description: 'test field description', - example: '2016-05-23T08:05:34.853Z', format: 'date', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: fieldName, @@ -422,9 +400,6 @@ describe('helpers', () => { const fieldName = 'test.field.splittable'; const testField = { aggregatable: true, - category: 'test', - description: 'test field description', - example: '2016-05-23T08:05:34.853Z', format: 'date', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: fieldName, @@ -455,10 +430,6 @@ describe('helpers', () => { describe('allowSorting', () => { const aggregatableField = { - category: 'cloud', - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', searchable: true, diff --git a/x-pack/packages/security-solution/data_table/mock/mock_source.ts b/x-pack/packages/security-solution/data_table/mock/mock_source.ts index 82c2a34448153..822922f52754d 100644 --- a/x-pack/packages/security-solution/data_table/mock/mock_source.ts +++ b/x-pack/packages/security-solution/data_table/mock/mock_source.ts @@ -25,10 +25,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'agent.ephemeral_id': { aggregatable: true, - category: 'agent', - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.ephemeral_id', @@ -38,9 +34,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.hostname': { aggregatable: true, - category: 'agent', - description: null, - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.hostname', @@ -50,10 +43,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.id': { aggregatable: true, - category: 'agent', - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.id', @@ -63,10 +52,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.name': { aggregatable: true, - category: 'agent', - description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', - example: 'foo', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.name', @@ -80,9 +65,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'auditd.data.a0': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a0', @@ -92,9 +74,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a1': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a1', @@ -104,9 +83,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a2': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a2', @@ -120,10 +96,6 @@ export const mockBrowserFields: BrowserFields = { fields: { '@timestamp': { aggregatable: true, - category: 'base', - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', @@ -133,9 +105,6 @@ export const mockBrowserFields: BrowserFields = { readFromDocValues: true, }, _id: { - category: 'base', - description: 'Each document has an _id that uniquely identifies it', - example: 'Y-6TfmcB0WOhS6qyMv3s', name: '_id', type: 'string', esTypes: [], @@ -144,10 +113,6 @@ export const mockBrowserFields: BrowserFields = { indexes: ['auditbeat', 'filebeat', 'packetbeat'], }, message: { - category: 'base', - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', name: 'message', type: 'string', esTypes: ['text'], @@ -162,10 +127,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'client.address': { aggregatable: true, - category: 'client', - description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.address', @@ -175,9 +136,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.bytes': { aggregatable: true, - category: 'client', - description: 'Bytes sent from the client to the server.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.bytes', @@ -187,9 +145,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.domain': { aggregatable: true, - category: 'client', - description: 'Client domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.domain', @@ -199,9 +154,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.geo.country_iso_code': { aggregatable: true, - category: 'client', - description: 'Country ISO code.', - example: 'CA', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.geo.country_iso_code', @@ -215,10 +167,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'cloud.account.id': { aggregatable: true, - category: 'cloud', - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', @@ -228,9 +176,6 @@ export const mockBrowserFields: BrowserFields = { }, 'cloud.availability_zone': { aggregatable: true, - category: 'cloud', - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.availability_zone', @@ -244,9 +189,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'container.id': { aggregatable: true, - category: 'container', - description: 'Unique container id.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.id', @@ -256,9 +198,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.name': { aggregatable: true, - category: 'container', - description: 'Name of the image the container was built on.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.name', @@ -268,9 +207,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.tag': { aggregatable: true, - category: 'container', - description: 'Container image tag.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.tag', @@ -284,10 +220,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'destination.address': { aggregatable: true, - category: 'destination', - description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.address', @@ -297,9 +229,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.bytes': { aggregatable: true, - category: 'destination', - description: 'Bytes sent from the destination to the source.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.bytes', @@ -309,9 +238,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.domain': { aggregatable: true, - category: 'destination', - description: 'Destination domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.domain', @@ -321,10 +247,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.ip': { aggregatable: true, - category: 'destination', - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.ip', @@ -334,9 +256,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.port': { aggregatable: true, - category: 'destination', - description: 'Port of the destination.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.port', @@ -349,10 +268,6 @@ export const mockBrowserFields: BrowserFields = { event: { fields: { 'event.end': { - category: 'event', - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: null, format: '', indexes: DEFAULT_INDEX_PATTERN, name: 'event.end', @@ -362,10 +277,6 @@ export const mockBrowserFields: BrowserFields = { aggregatable: true, }, 'event.action': { - category: 'event', - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', name: 'event.action', type: 'string', esTypes: ['keyword'], @@ -375,10 +286,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.category': { - category: 'event', - description: - 'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.', - example: 'authentication', name: 'event.category', type: 'string', esTypes: ['keyword'], @@ -388,10 +295,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.severity': { - category: 'event', - description: - "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.", - example: 7, name: 'event.severity', type: 'number', esTypes: ['long'], @@ -405,9 +308,6 @@ export const mockBrowserFields: BrowserFields = { host: { fields: { 'host.name': { - category: 'host', - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', name: 'host.name', type: 'string', esTypes: ['keyword'], @@ -422,9 +322,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'source.ip': { aggregatable: true, - category: 'source', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.ip', @@ -434,9 +331,6 @@ export const mockBrowserFields: BrowserFields = { }, 'source.port': { aggregatable: true, - category: 'source', - description: 'Port of the source.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.port', @@ -449,9 +343,6 @@ export const mockBrowserFields: BrowserFields = { user: { fields: { 'user.name': { - category: 'user', - description: 'Short name or login of the user.', - example: 'albert', name: 'user.name', type: 'string', esTypes: ['keyword'], @@ -466,9 +357,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'nestedField.firstAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.firstAttributes', @@ -482,9 +370,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.secondAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.secondAttributes', @@ -498,9 +383,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.thirdAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.thirdAttributes', diff --git a/x-pack/packages/security/api_key_management/README.md b/x-pack/packages/security/api_key_management/README.md new file mode 100644 index 0000000000000..42ba0a7124df8 --- /dev/null +++ b/x-pack/packages/security/api_key_management/README.md @@ -0,0 +1,3 @@ +# @kbn/security-form-components + +Contains form components used within the security plugin. diff --git a/x-pack/plugins/observability_solution/asset_manager/server/constants.ts b/x-pack/packages/security/api_key_management/index.ts similarity index 84% rename from x-pack/plugins/observability_solution/asset_manager/server/constants.ts rename to x-pack/packages/security/api_key_management/index.ts index 4630365e47875..c50969cfd6402 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/constants.ts +++ b/x-pack/packages/security/api_key_management/index.ts @@ -5,4 +5,4 @@ * 2.0. */ -export const ASSETS_INDEX_PREFIX = 'assets'; +export * from './src/components'; diff --git a/x-pack/packages/security/api_key_management/jest.config.js b/x-pack/packages/security/api_key_management/jest.config.js new file mode 100644 index 0000000000000..1532c92e1c8e9 --- /dev/null +++ b/x-pack/packages/security/api_key_management/jest.config.js @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + coverageDirectory: + '/target/kibana-coverage/jest/x-pack/packages/security/api_key_management', + coverageReporters: ['text', 'html'], + collectCoverageFrom: ['/x-pack/packages/security/api_key_management/**/*.{ts,tsx}'], + preset: '@kbn/test', + rootDir: '../../../..', + roots: ['/x-pack/packages/security/api_key_management'], +}; diff --git a/x-pack/packages/security/api_key_management/kibana.jsonc b/x-pack/packages/security/api_key_management/kibana.jsonc new file mode 100644 index 0000000000000..16e9244e49275 --- /dev/null +++ b/x-pack/packages/security/api_key_management/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-browser", + "id": "@kbn/security-api-key-management", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/api_key_management/package.json b/x-pack/packages/security/api_key_management/package.json new file mode 100644 index 0000000000000..3f09ae63c9fa9 --- /dev/null +++ b/x-pack/packages/security/api_key_management/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-api-key-management", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx b/x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx new file mode 100644 index 0000000000000..d8fb2822a1e96 --- /dev/null +++ b/x-pack/packages/security/api_key_management/src/components/api_key_badge.tsx @@ -0,0 +1,66 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiToolTip, EuiBadge } from '@elastic/eui'; +import React, { FunctionComponent } from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; + +export interface ApiKeyBadgeProps { + type: 'rest' | 'cross_cluster' | 'managed'; +} + +export const ApiKeyBadge: FunctionComponent = ({ type }) => { + return type === 'cross_cluster' ? ( + + } + > + + + + + ) : type === 'managed' ? ( + + } + > + + + + + ) : ( + + } + > + + + + + ); +}; diff --git a/x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx b/x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx new file mode 100644 index 0000000000000..1f2f0201d5a48 --- /dev/null +++ b/x-pack/packages/security/api_key_management/src/components/api_key_created_callout.tsx @@ -0,0 +1,85 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiCallOut } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import React, { FunctionComponent } from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { CreateAPIKeyResult } from './api_keys_api_client'; +import { SelectableTokenField } from './token_field'; + +export interface ApiKeyCreatedCalloutProps { + createdApiKey: CreateAPIKeyResult; +} + +export const ApiKeyCreatedCallout: FunctionComponent = ({ + createdApiKey, +}) => { + return ( + +

+ +

+ + + ); +}; + +export const ApiKeySelectableTokenField: FunctionComponent = ({ + createdApiKey, +}) => { + const concatenated = `${createdApiKey.id}:${createdApiKey.api_key}`; + return ( + + ); +}; diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx b/x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx similarity index 92% rename from x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx rename to x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx index 0522a977027dc..82c37b72dd41c 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx +++ b/x-pack/packages/security/api_key_management/src/components/api_key_flyout.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import type { ExclusiveUnion } from '@elastic/eui'; +import { ExclusiveUnion, htmlIdGenerator } from '@elastic/eui'; import { EuiButton, EuiButtonEmpty, @@ -31,33 +31,29 @@ import { } from '@elastic/eui'; import { Form, FormikProvider, useFormik } from 'formik'; import moment from 'moment-timezone'; -import type { FunctionComponent } from 'react'; +import { FunctionComponent, useRef } from 'react'; import React, { useEffect, useState } from 'react'; import useAsyncFn from 'react-use/lib/useAsyncFn'; import { CodeEditorField } from '@kbn/code-editor'; +import type { AuthenticatedUser, CoreStart } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; import { FormattedDate, FormattedMessage } from '@kbn/i18n-react'; import { useDarkMode, useKibana } from '@kbn/kibana-react-plugin/public'; import type { KibanaServerError } from '@kbn/kibana-utils-plugin/public'; -import type { CategorizedApiKey } from './api_keys_table'; -import { ApiKeyBadge, ApiKeyStatus, TimeToolTip } from './api_keys_table'; -import type { ApiKeyRoleDescriptors } from '../../../../common/model'; -import { DocLink } from '../../../components/doc_link'; -import { FormField } from '../../../components/form_field'; -import { FormRow } from '../../../components/form_row'; -import { useCurrentUser } from '../../../components/use_current_user'; -import { useHtmlId } from '../../../components/use_html_id'; -import { useInitialFocus } from '../../../components/use_initial_focus'; -import { RolesAPIClient } from '../../roles/roles_api_client'; -import { APIKeysAPIClient } from '../api_keys_api_client'; +import { Role } from '@kbn/security-plugin-types-common'; +import { FormField, FormRow } from '@kbn/security-form-components'; +import type { ApiKeyRoleDescriptors, CategorizedApiKey } from '@kbn/security-plugin-types-common'; +import { ApiKeyBadge, ApiKeyStatus, TimeToolTip } from '.'; +import { APIKeysAPIClient } from './api_keys_api_client'; import type { CreateAPIKeyParams, CreateAPIKeyResult, UpdateAPIKeyParams, UpdateAPIKeyResult, -} from '../api_keys_api_client'; +} from './api_keys_api_client'; +import { DocLink } from './doc_link'; const TypeLabel = () => ( = ({ onSuccess, onCancel, + defaultExpiration, + defaultMetadata, + defaultRoleDescriptors, apiKey, canManageCrossClusterApiKeys = false, readOnly = false, + currentUser, + isLoadingCurrentUser, }) => { const { euiTheme } = useEuiTheme(); - const { services } = useKibana(); const isDarkMode = useDarkMode(); - const { value: currentUser, loading: isLoadingCurrentUser } = useCurrentUser(); - const [{ value: roles, loading: isLoadingRoles }, getRoles] = useAsyncFn( - () => new RolesAPIClient(services.http!).getRoles(), - [services.http] - ); + const { + services: { http }, + } = useKibana(); const [responseError, setResponseError] = useState(undefined); + const [{ value: roles, loading: isLoadingRoles }, getRoles] = useAsyncFn(() => { + if (http) { + return http.get('/api/security/role'); + } + return Promise.resolve([]); + }, [http]); const formik = useFormik({ onSubmit: async (values) => { - try { - if (apiKey) { - const updateApiKeyResponse = await new APIKeysAPIClient(services.http!).updateApiKey( - mapUpdateApiKeyValues(apiKey.type, apiKey.id, values) - ); + if (http) { + try { + if (apiKey) { + const updateApiKeyResponse = await new APIKeysAPIClient(http).updateApiKey( + mapUpdateApiKeyValues(apiKey.type, apiKey.id, values) + ); - onSuccess?.(updateApiKeyResponse); - } else { - const createApiKeyResponse = await new APIKeysAPIClient(services.http!).createApiKey( - mapCreateApiKeyValues(values) - ); + onSuccess?.(updateApiKeyResponse); + } else { + const createApiKeyResponse = await new APIKeysAPIClient(http).createApiKey( + mapCreateApiKeyValues(values) + ); - onSuccess?.(createApiKeyResponse); + onSuccess?.(createApiKeyResponse); + } + setResponseError(undefined); + } catch (error) { + setResponseError(error.body); + throw error; } - setResponseError(undefined); - } catch (error) { - setResponseError(error.body); - throw error; + } else { + setResponseError({ message: httpErrorText, statusCode: 0 }); + throw new Error(httpErrorText); } }, initialValues: apiKey ? mapApiKeyFormValues(apiKey) : defaultInitialValues, @@ -225,15 +244,40 @@ export const ApiKeyFlyout: FunctionComponent = ({ } }, [currentUser, roles]); // eslint-disable-line react-hooks/exhaustive-deps + useEffect(() => { + if (defaultRoleDescriptors && !apiKey) { + formik.setFieldValue('role_descriptors', defaultRoleDescriptors); + } + }, [defaultRoleDescriptors]); // eslint-disable-line react-hooks/exhaustive-deps + + useEffect(() => { + if (defaultMetadata && !apiKey) { + formik.setFieldValue('metadata', defaultMetadata); + } + }, [defaultMetadata]); // eslint-disable-line react-hooks/exhaustive-deps + + useEffect(() => { + if (defaultExpiration && !apiKey) { + formik.setFieldValue('expiration', defaultExpiration); + formik.setFieldValue('customExpiration', true); + } + }, [defaultExpiration]); // eslint-disable-line react-hooks/exhaustive-deps + const isLoading = isLoadingCurrentUser || isLoadingRoles; const isOwner = currentUser && apiKey ? currentUser.username === apiKey.username : false; const hasExpired = apiKey ? apiKey.expiration && moment(apiKey.expiration).isBefore() : false; const canEdit = isOwner && !hasExpired; - const firstFieldRef = useInitialFocus([isLoading]); + // autofocus first field when loaded + const inputRef = useRef(null); + useEffect(() => { + if (inputRef?.current) { + inputRef?.current.focus(); + } + }, [isLoading]); - const titleId = useHtmlId('formFlyout', 'title'); + const titleId = htmlIdGenerator('formFlyout')('title'); const isSubmitButtonHidden = readOnly || (apiKey && !canEdit); const isSubmitDisabled = @@ -284,6 +328,7 @@ export const ApiKeyFlyout: FunctionComponent = ({ {responseError && ( <> = ({ } fullWidth> ; + +export const ApiKeyStatus: FunctionComponent = ({ expiration }) => { + if (!expiration) { + return ( + + + + ); + } + + if (Date.now() > expiration) { + return ( + + + + ); + } + + return ( + + + + + + ); +}; diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.test.ts b/x-pack/packages/security/api_key_management/src/components/api_keys_api_client.test.ts similarity index 100% rename from x-pack/plugins/security/public/management/api_keys/api_keys_api_client.test.ts rename to x-pack/packages/security/api_key_management/src/components/api_keys_api_client.test.ts diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts b/x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts similarity index 72% rename from x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts rename to x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts index e9cf206ed96d9..30cc9f214ebf5 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.ts +++ b/x-pack/packages/security/api_key_management/src/components/api_keys_api_client.ts @@ -8,36 +8,33 @@ import type { QueryContainer } from '@elastic/eui/src/components/search_bar/query/ast_to_es_query_dsl'; import type { HttpStart } from '@kbn/core/public'; -import type { CreateAPIKeyParams, CreateAPIKeyResult } from '@kbn/security-plugin-types-server'; +import type { + CreateAPIKeyParams, + CreateAPIKeyResult, + UpdateAPIKeyParams, + UpdateAPIKeyResult, +} from '@kbn/security-plugin-types-server'; -import type { QueryFilters } from './api_keys_grid/api_keys_table'; -import type { ApiKeyToInvalidate, QueryApiKeyResult } from '../../../common/model'; -import type { UpdateAPIKeyParams, UpdateAPIKeyResult } from '../../../server/routes/api_keys'; +import type { + ApiKeyToInvalidate, + CategorizedApiKey, + QueryApiKeyResult, +} from '@kbn/security-plugin-types-common'; +import type { Criteria } from '@elastic/eui'; export type { CreateAPIKeyParams, CreateAPIKeyResult, UpdateAPIKeyParams, UpdateAPIKeyResult }; +export interface QueryFilters { + usernames?: string[]; + type?: 'rest' | 'managed' | 'cross_cluster'; + expired?: boolean; +} export interface InvalidateApiKeysResponse { itemsInvalidated: ApiKeyToInvalidate[]; errors: any[]; } -export interface QueryApiKeySortOptions { - field: - | 'id' - | 'type' - | 'name' - | 'username' - | 'realm' - | 'creation' - | 'metadata' - | 'role_descriptors' - | 'expiration' - | 'invalidated' - | 'limited_by' - | '_sort' - | 'expired'; - direction: 'asc' | 'desc'; -} +export type QueryApiKeySortOptions = Required>['sort']; export interface QueryApiKeyParams { query: QueryContainer; diff --git a/x-pack/packages/security/api_key_management/src/components/doc_link.tsx b/x-pack/packages/security/api_key_management/src/components/doc_link.tsx new file mode 100644 index 0000000000000..1aa399fb0cc70 --- /dev/null +++ b/x-pack/packages/security/api_key_management/src/components/doc_link.tsx @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiLink } from '@elastic/eui'; +import type { FC, PropsWithChildren } from 'react'; +import React, { useCallback } from 'react'; + +import type { DocLinksStart } from '@kbn/core/public'; +import { useKibana } from '@kbn/kibana-react-plugin/public'; + +export type DocLinks = DocLinksStart['links']; +export type GetDocLinkFunction = (app: string, doc: string) => string; + +/** + * Creates links to the documentation. + * + * @see {@link DocLink} for a component that creates a link to the docs. + * + * @example + * ```typescript + * + * Learn what privileges individual roles grant. + * + * ``` + * + * @example + * ```typescript + * const [docs] = useDocLinks(); + * + * + * Learn how to get started with dashboards. + * + * ``` + */ +export function useDocLinks(): [DocLinks, GetDocLinkFunction] { + const { services } = useKibana(); + const { links, ELASTIC_WEBSITE_URL, DOC_LINK_VERSION } = services.docLinks!; + const getDocLink = useCallback( + (app, doc) => { + return `${ELASTIC_WEBSITE_URL}guide/en/${app}/reference/${DOC_LINK_VERSION}/${doc}`; + }, + [ELASTIC_WEBSITE_URL, DOC_LINK_VERSION] + ); + return [links, getDocLink]; +} + +export interface DocLinkProps { + app: string; + doc: string; +} + +export const DocLink: FC> = ({ app, doc, children }) => { + const [, getDocLink] = useDocLinks(); + return ( + + {children} + + ); +}; diff --git a/x-pack/packages/security/api_key_management/src/components/index.ts b/x-pack/packages/security/api_key_management/src/components/index.ts new file mode 100644 index 0000000000000..7c78ceddcd4f3 --- /dev/null +++ b/x-pack/packages/security/api_key_management/src/components/index.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './api_key_flyout'; +export * from './api_keys_api_client'; +export * from './api_key_badge'; +export * from './api_key_status'; +export * from './time_tool_tip'; +export * from './api_key_created_callout'; diff --git a/x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx b/x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx new file mode 100644 index 0000000000000..43b243a1f35df --- /dev/null +++ b/x-pack/packages/security/api_key_management/src/components/time_tool_tip.tsx @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiToolTip } from '@elastic/eui'; +import moment from 'moment'; +import React from 'react'; +import { FunctionComponent } from 'react'; + +export interface TimeToolTipProps { + timestamp: number; +} + +export const TimeToolTip: FunctionComponent = ({ timestamp, children }) => { + return ( + + {children ?? moment(timestamp).fromNow()} + + ); +}; diff --git a/x-pack/plugins/security/public/components/token_field.tsx b/x-pack/packages/security/api_key_management/src/components/token_field.tsx similarity index 97% rename from x-pack/plugins/security/public/components/token_field.tsx rename to x-pack/packages/security/api_key_management/src/components/token_field.tsx index 6bfcb22e62447..4943603dbecf8 100644 --- a/x-pack/plugins/security/public/components/token_field.tsx +++ b/x-pack/packages/security/api_key_management/src/components/token_field.tsx @@ -52,6 +52,7 @@ export const TokenField: FunctionComponent = (props) => { readOnly > /target/kibana-coverage/jest/x-pack/packages/security/form_components', + coverageReporters: ['text', 'html'], + collectCoverageFrom: ['/x-pack/packages/security/form_components/**/*.{ts,tsx}'], + preset: '@kbn/test', + rootDir: '../../../..', + roots: ['/x-pack/packages/security/form_components'], +}; diff --git a/x-pack/packages/security/form_components/kibana.jsonc b/x-pack/packages/security/form_components/kibana.jsonc new file mode 100644 index 0000000000000..44f54ee5fe4ca --- /dev/null +++ b/x-pack/packages/security/form_components/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/security-form-components", + "owner": "@elastic/kibana-security" +} diff --git a/x-pack/packages/security/form_components/package.json b/x-pack/packages/security/form_components/package.json new file mode 100644 index 0000000000000..20a52b43aee44 --- /dev/null +++ b/x-pack/packages/security/form_components/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/security-form-components", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/plugins/security/public/components/form_changes.test.tsx b/x-pack/packages/security/form_components/src/form_changes.test.tsx similarity index 100% rename from x-pack/plugins/security/public/components/form_changes.test.tsx rename to x-pack/packages/security/form_components/src/form_changes.test.tsx diff --git a/x-pack/plugins/security/public/components/form_changes.tsx b/x-pack/packages/security/form_components/src/form_changes.tsx similarity index 100% rename from x-pack/plugins/security/public/components/form_changes.tsx rename to x-pack/packages/security/form_components/src/form_changes.tsx diff --git a/x-pack/plugins/security/public/components/form_field.test.tsx b/x-pack/packages/security/form_components/src/form_field.test.tsx similarity index 100% rename from x-pack/plugins/security/public/components/form_field.test.tsx rename to x-pack/packages/security/form_components/src/form_field.test.tsx diff --git a/x-pack/plugins/security/public/components/form_field.tsx b/x-pack/packages/security/form_components/src/form_field.tsx similarity index 100% rename from x-pack/plugins/security/public/components/form_field.tsx rename to x-pack/packages/security/form_components/src/form_field.tsx diff --git a/x-pack/plugins/security/public/components/form_label.test.tsx b/x-pack/packages/security/form_components/src/form_label.test.tsx similarity index 100% rename from x-pack/plugins/security/public/components/form_label.test.tsx rename to x-pack/packages/security/form_components/src/form_label.test.tsx diff --git a/x-pack/plugins/security/public/components/form_label.tsx b/x-pack/packages/security/form_components/src/form_label.tsx similarity index 100% rename from x-pack/plugins/security/public/components/form_label.tsx rename to x-pack/packages/security/form_components/src/form_label.tsx diff --git a/x-pack/plugins/security/public/components/form_row.test.tsx b/x-pack/packages/security/form_components/src/form_row.test.tsx similarity index 100% rename from x-pack/plugins/security/public/components/form_row.test.tsx rename to x-pack/packages/security/form_components/src/form_row.test.tsx diff --git a/x-pack/plugins/security/public/components/form_row.tsx b/x-pack/packages/security/form_components/src/form_row.tsx similarity index 100% rename from x-pack/plugins/security/public/components/form_row.tsx rename to x-pack/packages/security/form_components/src/form_row.tsx diff --git a/x-pack/packages/security/form_components/src/index.ts b/x-pack/packages/security/form_components/src/index.ts new file mode 100644 index 0000000000000..ae2560ab60aa4 --- /dev/null +++ b/x-pack/packages/security/form_components/src/index.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './form_changes'; +export * from './form_field'; +export * from './form_label'; +export * from './form_row'; diff --git a/x-pack/packages/security/form_components/tsconfig.json b/x-pack/packages/security/form_components/tsconfig.json new file mode 100644 index 0000000000000..5056613904e7a --- /dev/null +++ b/x-pack/packages/security/form_components/tsconfig.json @@ -0,0 +1,21 @@ +{ + "extends": "../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node", + "react", + ] + }, + "include": [ + "**/*.ts", + "**/*.tsx", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/i18n-react", + ], +} diff --git a/x-pack/packages/security/plugin_types_common/index.ts b/x-pack/packages/security/plugin_types_common/index.ts index 9d4d690e524a0..8dd0ff726103a 100644 --- a/x-pack/packages/security/plugin_types_common/index.ts +++ b/x-pack/packages/security/plugin_types_common/index.ts @@ -28,3 +28,17 @@ export type { UserProfileWithSecurity, UserProfileUserInfoWithSecurity, } from './src/user_profile'; + +export type { + ApiKey, + RestApiKey, + CrossClusterApiKey, + BaseApiKey, + CrossClusterApiKeyAccess, + ManagedApiKey, + ApiKeyRoleDescriptors, + ApiKeyToInvalidate, + QueryApiKeyResult, + CategorizedApiKey, + ApiKeyAggregations, +} from './src/api_keys/api_key'; diff --git a/x-pack/plugins/security/common/model/api_key.ts b/x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts similarity index 90% rename from x-pack/plugins/security/common/model/api_key.ts rename to x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts index 639cf6568c709..d01766c2381ac 100644 --- a/x-pack/plugins/security/common/model/api_key.ts +++ b/x-pack/packages/security/plugin_types_common/src/api_keys/api_key.ts @@ -115,3 +115,18 @@ interface BaseQueryApiKeyResult { aggregationTotal: number; aggregations: Record | undefined; } + +/** + * Interface representing a REST API key that is managed by Kibana. + */ +export interface ManagedApiKey extends BaseApiKey { + type: 'managed'; +} + +/** + * Interface representing an API key the way it is presented in the Kibana UI (with Kibana system + * API keys given its own dedicated `managed` type). + */ +export type CategorizedApiKey = (ApiKey | ManagedApiKey) & { + expired: boolean; +}; diff --git a/x-pack/packages/security/plugin_types_server/index.ts b/x-pack/packages/security/plugin_types_server/index.ts index 2d697dd0187ab..1228b9d36f961 100644 --- a/x-pack/packages/security/plugin_types_server/index.ts +++ b/x-pack/packages/security/plugin_types_server/index.ts @@ -25,6 +25,11 @@ export type { InvalidateAPIKeyResult, APIKeys, AuthenticationServiceStart, + UpdateAPIKeyParams, + UpdateAPIKeyResult, + UpdateCrossClusterAPIKeyParams, + UpdateRestAPIKeyParams, + UpdateRestAPIKeyWithKibanaPrivilegesParams, } from './src/authentication'; export type { PrivilegeDeprecationsService, @@ -69,6 +74,9 @@ export type { export { restApiKeySchema, getRestApiKeyWithKibanaPrivilegesSchema, + getUpdateRestApiKeyWithKibanaPrivilegesSchema, crossClusterApiKeySchema, + updateRestApiKeySchema, + updateCrossClusterApiKeySchema, } from './src/authentication'; export { GLOBAL_RESOURCE, elasticsearchRoleSchema, getKibanaRoleSchema } from './src/authorization'; diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts index 184f21ce2ddac..2ced5478b46eb 100644 --- a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts +++ b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/api_keys.ts @@ -202,3 +202,48 @@ export const crossClusterApiKeySchema = restApiKeySchema.extends({ { unknowns: 'allow' } ), }); + +/** + * Response of Kibana Update API key endpoint. + */ +export type UpdateAPIKeyResult = estypes.SecurityUpdateApiKeyResponse; + +/** + * Request body of Kibana Update API key endpoint. + */ +export type UpdateAPIKeyParams = + | UpdateRestAPIKeyParams + | UpdateCrossClusterAPIKeyParams + | UpdateRestAPIKeyWithKibanaPrivilegesParams; + +export const updateRestApiKeySchema = restApiKeySchema.extends({ + name: null, + id: schema.string(), +}); + +export const updateCrossClusterApiKeySchema = crossClusterApiKeySchema.extends({ + name: null, + id: schema.string(), +}); + +export type UpdateRestAPIKeyParams = TypeOf; +export type UpdateCrossClusterAPIKeyParams = TypeOf; +export type UpdateRestAPIKeyWithKibanaPrivilegesParams = TypeOf< + ReturnType +>; + +export const getUpdateRestApiKeyWithKibanaPrivilegesSchema = ( + getBasePrivilegeNames: Parameters[0] +) => + restApiKeySchema.extends({ + role_descriptors: null, + name: null, + id: schema.string(), + kibana_role_descriptors: schema.recordOf( + schema.string(), + schema.object({ + elasticsearch: elasticsearchRoleSchema.extends({}, { unknowns: 'allow' }), + kibana: getKibanaRoleSchema(getBasePrivilegeNames), + }) + ), + }); diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts index dbad1344d1d24..ec36a99b4da63 100644 --- a/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts +++ b/x-pack/packages/security/plugin_types_server/src/authentication/api_keys/index.ts @@ -16,9 +16,17 @@ export type { CreateCrossClusterAPIKeyParams, GrantAPIKeyResult, APIKeys, + UpdateAPIKeyParams, + UpdateAPIKeyResult, + UpdateCrossClusterAPIKeyParams, + UpdateRestAPIKeyParams, + UpdateRestAPIKeyWithKibanaPrivilegesParams, } from './api_keys'; export { crossClusterApiKeySchema, getRestApiKeyWithKibanaPrivilegesSchema, + getUpdateRestApiKeyWithKibanaPrivilegesSchema, restApiKeySchema, + updateRestApiKeySchema, + updateCrossClusterApiKeySchema, } from './api_keys'; diff --git a/x-pack/packages/security/plugin_types_server/src/authentication/index.ts b/x-pack/packages/security/plugin_types_server/src/authentication/index.ts index 04e4a820fb4d9..6e30f9ebcec24 100644 --- a/x-pack/packages/security/plugin_types_server/src/authentication/index.ts +++ b/x-pack/packages/security/plugin_types_server/src/authentication/index.ts @@ -16,10 +16,18 @@ export type { ValidateAPIKeyParams, APIKeys, GrantAPIKeyResult, + UpdateAPIKeyParams, + UpdateAPIKeyResult, + UpdateCrossClusterAPIKeyParams, + UpdateRestAPIKeyParams, + UpdateRestAPIKeyWithKibanaPrivilegesParams, } from './api_keys'; export type { AuthenticationServiceStart } from './authentication_service'; export { restApiKeySchema, getRestApiKeyWithKibanaPrivilegesSchema, + getUpdateRestApiKeyWithKibanaPrivilegesSchema, crossClusterApiKeySchema, + updateRestApiKeySchema, + updateCrossClusterApiKeySchema, } from './api_keys'; diff --git a/x-pack/plugins/actions/docs/openapi/bundled.json b/x-pack/plugins/actions/docs/openapi/bundled.json index df93f77a5ab20..ee6cb7080627e 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.json +++ b/x-pack/plugins/actions/docs/openapi/bundled.json @@ -2200,7 +2200,7 @@ "defaultModel": { "type": "string", "description": "The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.\n", - "default": "anthropic.claude-3-sonnet-20240229-v1:0" + "default": "anthropic.claude-3-5-sonnet-20240620-v1:0" } } }, @@ -2240,7 +2240,7 @@ "defaultModel": { "type": "string", "description": "The generative artificial intelligence model for Google Gemini to use.", - "default": "gemini-1.5-pro-preview-0409" + "default": "gemini-1.5-pro-001" }, "gcpRegion": { "type": "string", @@ -7150,4 +7150,4 @@ } } } -} \ No newline at end of file +} diff --git a/x-pack/plugins/actions/docs/openapi/bundled.yaml b/x-pack/plugins/actions/docs/openapi/bundled.yaml index 95a0449bec192..fada89d5c6ea4 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled.yaml @@ -1501,7 +1501,7 @@ components: type: string description: | The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models. - default: anthropic.claude-3-sonnet-20240229-v1:0 + default: anthropic.claude-3-5-sonnet-20240620-v1:0 secrets_properties_bedrock: title: Connector secrets properties for an Amazon Bedrock connector description: Defines secrets for connectors when type is `.bedrock`. @@ -1531,7 +1531,7 @@ components: defaultModel: type: string description: The generative artificial intelligence model for Google Gemini to use. - default: gemini-1.5-pro-preview-0409 + default: gemini-1.5-pro-001 gcpRegion: type: string description: The GCP region where the Vertex AI endpoint enabled. @@ -1696,14 +1696,14 @@ components: type: boolean host: description: | - The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. type: string oauthTokenUrl: type: string nullable: true port: description: | - The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. type: integer secure: description: | @@ -3267,7 +3267,7 @@ components: is_preconfigured: type: boolean description: | - Indicates whether it is a preconfigured connector. If true, the `config` and `is_missing_secrets` properties are omitted from the response. + Indicates whether it is a preconfigured connector. If true, the `config` and `is_missing_secrets` properties are omitted from the response. example: false is_system_action: type: boolean @@ -3775,7 +3775,7 @@ components: items: type: string description: | - A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format message: type: string description: The email message text. Markdown format is supported. diff --git a/x-pack/plugins/actions/docs/openapi/bundled_serverless.json b/x-pack/plugins/actions/docs/openapi/bundled_serverless.json index 928dbbfd758d7..550eba1f9ae60 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled_serverless.json +++ b/x-pack/plugins/actions/docs/openapi/bundled_serverless.json @@ -1188,7 +1188,7 @@ "defaultModel": { "type": "string", "description": "The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models.\n", - "default": "anthropic.claude-3-sonnet-20240229-v1:0" + "default": "anthropic.claude-3-5-sonnet-20240620-v1:0" } } }, @@ -1228,7 +1228,7 @@ "defaultModel": { "type": "string", "description": "The generative artificial intelligence model for Google Gemini to use.", - "default": "gemini-1.5-pro-preview-0409" + "default": "gemini-1.5-pro-001" }, "gcpRegion": { "type": "string", @@ -4537,4 +4537,4 @@ } } } -} \ No newline at end of file +} diff --git a/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml b/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml index 4fdc184e3fb90..0fe3a61372ce6 100644 --- a/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml +++ b/x-pack/plugins/actions/docs/openapi/bundled_serverless.yaml @@ -858,7 +858,7 @@ components: type: string description: | The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models. - default: anthropic.claude-3-sonnet-20240229-v1:0 + default: anthropic.claude-3-5-sonnet-20240620-v1:0 secrets_properties_bedrock: title: Connector secrets properties for an Amazon Bedrock connector description: Defines secrets for connectors when type is `.bedrock`. @@ -888,7 +888,7 @@ components: defaultModel: type: string description: The generative artificial intelligence model for Google Gemini to use. - default: gemini-1.5-pro-preview-0409 + default: gemini-1.5-pro-001 gcpRegion: type: string description: The GCP region where the Vertex AI endpoint enabled. @@ -1053,14 +1053,14 @@ components: type: boolean host: description: | - The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. type: string oauthTokenUrl: type: string nullable: true port: description: | - The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. type: integer secure: description: | @@ -2624,7 +2624,7 @@ components: is_preconfigured: type: boolean description: | - Indicates whether it is a preconfigured connector. If true, the `config` and `is_missing_secrets` properties are omitted from the response. + Indicates whether it is a preconfigured connector. If true, the `config` and `is_missing_secrets` properties are omitted from the response. example: false is_system_action: type: boolean diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_bedrock.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_bedrock.yaml index 440d378bab303..211a209d65392 100644 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_bedrock.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_bedrock.yaml @@ -12,4 +12,4 @@ properties: description: > The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models. - default: anthropic.claude-3-sonnet-20240229-v1:0 + default: anthropic.claude-3-5-sonnet-20240620-v1:0 diff --git a/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_gemini.yaml b/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_gemini.yaml index f68c43390143d..ed5996dc1c423 100644 --- a/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_gemini.yaml +++ b/x-pack/plugins/actions/docs/openapi/components/schemas/config_properties_gemini.yaml @@ -12,10 +12,10 @@ properties: defaultModel: type: string description: The generative artificial intelligence model for Google Gemini to use. - default: gemini-1.5-pro-preview-0409 + default: gemini-1.5-pro-001 gcpRegion: type: string description: The GCP region where the Vertex AI endpoint enabled. gcpProjectID: type: string - description: The Google ProjectID that has Vertex AI endpoint enabled. \ No newline at end of file + description: The Google ProjectID that has Vertex AI endpoint enabled. diff --git a/x-pack/plugins/actions/server/integration_tests/__snapshots__/connector_types.test.ts.snap b/x-pack/plugins/actions/server/integration_tests/__snapshots__/connector_types.test.ts.snap index c9c525272a391..68aaa2e2ebf23 100644 --- a/x-pack/plugins/actions/server/integration_tests/__snapshots__/connector_types.test.ts.snap +++ b/x-pack/plugins/actions/server/integration_tests/__snapshots__/connector_types.test.ts.snap @@ -628,7 +628,7 @@ Object { }, "defaultModel": Object { "flags": Object { - "default": "anthropic.claude-3-sonnet-20240229-v1:0", + "default": "anthropic.claude-3-5-sonnet-20240620-v1:0", "error": [Function], "presence": "optional", }, @@ -3822,7 +3822,7 @@ Object { }, "defaultModel": Object { "flags": Object { - "default": "gemini-1.5-pro-preview-0409", + "default": "gemini-1.5-pro-001", "error": [Function], "presence": "optional", }, diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx index 21f5db55fce6f..fc8f635394b50 100644 --- a/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx +++ b/x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx @@ -186,7 +186,11 @@ export const LogRateAnalysisResults: FC = ({ ); const [shouldStart, setShouldStart] = useState(false); const [toggleIdSelected, setToggleIdSelected] = useState(resultsGroupedOffId); - const [skippedColumns, setSkippedColumns] = useState(['p-value']); + const [skippedColumns, setSkippedColumns] = useState([ + 'p-value', + 'Baseline rate', + 'Deviation rate', + ]); const onGroupResultsToggle = (optionId: string) => { setToggleIdSelected(optionId); diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/get_baseline_and_deviation_rates.ts b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/get_baseline_and_deviation_rates.ts new file mode 100644 index 0000000000000..c5eb9e75ad7a5 --- /dev/null +++ b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/get_baseline_and_deviation_rates.ts @@ -0,0 +1,97 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { i18n } from '@kbn/i18n'; +import { LOG_RATE_ANALYSIS_TYPE } from '@kbn/aiops-log-rate-analysis'; + +export function getLogRateChange( + analysisType: typeof LOG_RATE_ANALYSIS_TYPE[keyof typeof LOG_RATE_ANALYSIS_TYPE], + baselineBucketRate: number, + deviationBucketRate: number +) { + let message; + let factor; + + if (analysisType === LOG_RATE_ANALYSIS_TYPE.SPIKE) { + if (baselineBucketRate > 0) { + factor = Math.round(((deviationBucketRate / baselineBucketRate) * 100) / 100); + message = i18n.translate( + 'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateFactorIncreaseLabel', + { + defaultMessage: '{factor}x higher', + values: { + factor, + }, + } + ); + } else { + message = i18n.translate( + 'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateDocIncreaseLabel', + { + defaultMessage: + '{deviationBucketRate} {deviationBucketRate, plural, one {doc} other {docs}} rate up from 0 in baseline', + values: { deviationBucketRate }, + } + ); + } + } else { + if (deviationBucketRate > 0) { + // For dip, "doc count" refers to the amount of documents in the baseline time range so we use baselineBucketRate + factor = Math.round(((baselineBucketRate / deviationBucketRate) * 100) / 100); + message = i18n.translate( + 'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateFactorDecreaseLabel', + { + defaultMessage: '{factor}x lower', + values: { + factor, + }, + } + ); + } else { + message = i18n.translate( + 'xpack.aiops.logRateAnalysis.resultsTableGroups.logRateDocDecreaseLabel', + { + defaultMessage: 'docs rate down to 0 from {baselineBucketRate} in baseline', + values: { baselineBucketRate }, + } + ); + } + } + + return { message, factor }; +} + +export function getBaselineAndDeviationRates( + analysisType: typeof LOG_RATE_ANALYSIS_TYPE[keyof typeof LOG_RATE_ANALYSIS_TYPE], + baselineBuckets: number, + deviationBuckets: number, + docCount: number | undefined, + bgCount: number | undefined +) { + let baselineBucketRate; + let deviationBucketRate; + if (analysisType === LOG_RATE_ANALYSIS_TYPE.SPIKE) { + if (bgCount !== undefined) { + baselineBucketRate = Math.round(bgCount / baselineBuckets); + } + + if (docCount !== undefined) { + deviationBucketRate = Math.round(docCount / deviationBuckets); + } + } else { + // For dip, the "doc count" refers to the amount of documents in the baseline time range so we set baselineBucketRate + if (docCount !== undefined) { + baselineBucketRate = Math.round(docCount / baselineBuckets); + } + + if (bgCount !== undefined) { + deviationBucketRate = Math.round(bgCount / deviationBuckets); + } + } + + return { baselineBucketRate, deviationBucketRate }; +} diff --git a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/log_rate_analysis_results_table_groups.tsx b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/log_rate_analysis_results_table_groups.tsx index 3124e18a29ebe..7f9df2468acf7 100644 --- a/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/log_rate_analysis_results_table_groups.tsx +++ b/x-pack/plugins/aiops/public/components/log_rate_analysis_results_table/log_rate_analysis_results_table_groups.tsx @@ -149,6 +149,7 @@ export const LogRateAnalysisResultsGroupsTable: FC s.logRateAnalysisStream.isRunning); const zeroDocsFallback = useAppSelector((s) => s.logRateAnalysisResults.zeroDocsFallback); + const { + analysisType, + windowParameters, + documentStats: { documentCountStats }, + } = useAppSelector((s) => s.logRateAnalysis); const isGroupsTable = tableType === LOG_RATE_ANALYSIS_RESULTS_TABLE_TYPE.GROUPS; + const interval = documentCountStats?.interval ?? 0; const fieldStatsServices: FieldStatsServices = useMemo(() => { return { @@ -130,11 +180,22 @@ export const useColumns = ( }; }, [uiSettings, data, fieldFormats, charts]); + const buckets = useMemo(() => { + if (windowParameters === undefined) return; + + const { baselineMin, baselineMax, deviationMin, deviationMax } = windowParameters; + const baselineBuckets = (baselineMax - baselineMin) / interval; + const deviationBuckets = (deviationMax - deviationMin) / interval; + + return { baselineBuckets, deviationBuckets }; + }, [windowParameters, interval]); + const columnsMap: Record> = useMemo( () => ({ ['Field name']: { 'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnFieldName', field: 'fieldName', + width: skippedColumns.length < 3 ? '17%' : '25%', name: i18n.translate('xpack.aiops.logRateAnalysis.resultsTable.fieldNameLabel', { defaultMessage: 'Field name', }), @@ -197,6 +258,7 @@ export const useColumns = ( ['Field value']: { 'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnFieldValue', field: 'fieldValue', + width: skippedColumns.length < 3 ? '17%' : '25%', name: i18n.translate('xpack.aiops.logRateAnalysis.resultsTable.fieldValueLabel', { defaultMessage: 'Field value', }), @@ -220,7 +282,7 @@ export const useColumns = ( }, ['Log rate']: { 'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnLogRate', - width: NARROW_COLUMN_WIDTH, + width: '8%', field: 'pValue', name: ( <> @@ -253,7 +315,7 @@ export const useColumns = ( }, ['Impact']: { 'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnImpact', - width: NARROW_COLUMN_WIDTH, + width: '8%', field: 'pValue', name: ( <> @@ -280,9 +342,149 @@ export const useColumns = ( sortable: true, valign: 'middle', }, + ['Baseline rate']: { + 'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnBaselineRateChange', + field: 'bg_count', + name: ( + <> + +   + + + ), + render: (_, { bg_count: bgCount, doc_count: docCount }) => { + if ( + interval === 0 || + windowParameters === undefined || + buckets === undefined || + isGroupsTable + ) + return NOT_AVAILABLE; + + const { baselineBucketRate } = getBaselineAndDeviationRates( + analysisType, + buckets.baselineBuckets, + buckets.deviationBuckets, + docCount, + bgCount + ); + + return <>{baselineBucketRate}; + }, + sortable: true, + valign: 'middle', + }, + ['Deviation rate']: { + 'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnDeviationRateChange', + field: 'doc_count', + name: ( + <> + +   + + + ), + render: (_, { doc_count: docCount, bg_count: bgCount }) => { + if ( + interval === 0 || + windowParameters === undefined || + buckets === undefined || + isGroupsTable + ) + return NOT_AVAILABLE; + + const { deviationBucketRate } = getBaselineAndDeviationRates( + analysisType, + buckets.baselineBuckets, + buckets.deviationBuckets, + docCount, + bgCount + ); + + return <>{deviationBucketRate}; + }, + sortable: true, + valign: 'middle', + }, + ['Log rate change']: { + 'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnLogRateChange', + name: ( + <> + +   + + + ), + render: ({ doc_count: docCount, bg_count: bgCount }: SignificantItem) => { + if ( + interval === 0 || + windowParameters === undefined || + buckets === undefined || + isGroupsTable + ) + return NOT_AVAILABLE; + + const { baselineBucketRate, deviationBucketRate } = getBaselineAndDeviationRates( + analysisType, + buckets.baselineBuckets, + buckets.deviationBuckets, + docCount, + bgCount + ); + + const logRateChange = getLogRateChange( + analysisType, + baselineBucketRate!, + deviationBucketRate! + ); + + return ( + <> + +   + {logRateChange.message} + + ); + }, + valign: 'middle', + }, ['p-value']: { 'data-test-subj': 'aiopsLogRateAnalysisResultsTableColumnPValue', - width: NARROW_COLUMN_WIDTH, field: 'pValue', name: ( <> @@ -315,7 +517,7 @@ export const useColumns = ( 'data-test-subj': isGroupsTable ? 'aiopsLogRateAnalysisResultsGroupsTableColumnDocCount' : 'aiopsLogRateAnalysisResultsTableColumnDocCount', - width: NARROW_COLUMN_WIDTH, + width: '8%', field: isGroupsTable ? 'docCount' : 'doc_count', name: i18n.translate('xpack.aiops.logRateAnalysis.resultsTable.docCountLabel', { defaultMessage: 'Doc count', @@ -333,7 +535,7 @@ export const useColumns = ( ...(viewInLogPatternAnalysisAction ? [viewInLogPatternAnalysisAction] : []), copyToClipBoardAction, ], - width: ACTIONS_COLUMN_WIDTH, + width: '4%', valign: 'middle', }, unique: { diff --git a/x-pack/plugins/aiops/public/ui_actions/create_change_point_chart.tsx b/x-pack/plugins/aiops/public/ui_actions/create_change_point_chart.tsx index f3bd3c359a342..16ad06b103927 100644 --- a/x-pack/plugins/aiops/public/ui_actions/create_change_point_chart.tsx +++ b/x-pack/plugins/aiops/public/ui_actions/create_change_point_chart.tsx @@ -34,11 +34,13 @@ export function createAddChangePointChartAction( id: 'ml', getDisplayName: () => i18n.translate('xpack.aiops.navMenu.mlAppNameText', { - defaultMessage: 'Machine Learning', + defaultMessage: 'Machine Learning and Analytics', }), getIconType: () => 'machineLearningApp', }, ], + order: 10, + getIconType: () => 'machineLearningApp', getDisplayName: () => i18n.translate('xpack.aiops.embeddableChangePointChartDisplayName', { defaultMessage: 'Change point detection', diff --git a/x-pack/plugins/aiops/public/ui_actions/index.ts b/x-pack/plugins/aiops/public/ui_actions/index.ts index daa1b8ffd5ff8..c8e4edb58792b 100644 --- a/x-pack/plugins/aiops/public/ui_actions/index.ts +++ b/x-pack/plugins/aiops/public/ui_actions/index.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { UiActionsSetup } from '@kbn/ui-actions-plugin/public'; +import { type UiActionsSetup, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; import { CONTEXT_MENU_TRIGGER } from '@kbn/embeddable-plugin/public'; import { categorizeFieldTrigger, @@ -26,7 +26,7 @@ export function registerAiopsUiActions( const openChangePointInMlAppAction = createOpenChangePointInMlAppAction(coreStart, pluginStart); const addChangePointChartAction = createAddChangePointChartAction(coreStart, pluginStart); - uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addChangePointChartAction); + uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addChangePointChartAction); uiActions.registerTrigger(categorizeFieldTrigger); diff --git a/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts b/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts index ad28d03235caf..aad7bb2823606 100644 --- a/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts +++ b/x-pack/plugins/alerting/common/alert_schema/field_maps/mapping_from_field_map.test.ts @@ -243,6 +243,9 @@ describe('mappingFromFieldMap', () => { last_detected: { type: 'date', }, + previous_action_group: { + type: 'keyword', + }, reason: { type: 'keyword', fields: { @@ -293,6 +296,9 @@ describe('mappingFromFieldMap', () => { }, }, }, + severity_improving: { + type: 'boolean', + }, start: { type: 'date', }, diff --git a/x-pack/plugins/alerting/common/routes/backfill/response/schemas/v1.ts b/x-pack/plugins/alerting/common/routes/backfill/response/schemas/v1.ts index 8db238b89ee81..268ef7f5e90d1 100644 --- a/x-pack/plugins/alerting/common/routes/backfill/response/schemas/v1.ts +++ b/x-pack/plugins/alerting/common/routes/backfill/response/schemas/v1.ts @@ -53,7 +53,11 @@ export const backfillResponseSchema = schema.object({ export const errorResponseSchema = schema.object({ error: schema.object({ - error: schema.string(), message: schema.string(), + status: schema.maybe(schema.number()), + rule: schema.object({ + id: schema.string(), + name: schema.maybe(schema.string()), + }), }), }); diff --git a/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts b/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts index ef6f93d5894a2..94def475cb387 100644 --- a/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts +++ b/x-pack/plugins/alerting/server/alerts_client/alerts_client.test.ts @@ -4,6 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + import { elasticsearchServiceMock, loggingSystemMock } from '@kbn/core/server/mocks'; import type { UpdateByQueryRequest } from '@elastic/elasticsearch/lib/api/types'; import { UntypedNormalizedRuleType } from '../rule_type_registry'; @@ -22,6 +23,7 @@ import { ALERT_FLAPPING_HISTORY, ALERT_INSTANCE_ID, ALERT_MAINTENANCE_WINDOW_IDS, + ALERT_PREVIOUS_ACTION_GROUP, ALERT_RULE_CATEGORY, ALERT_RULE_CONSUMER, ALERT_RULE_EXECUTION_TIMESTAMP, @@ -33,6 +35,7 @@ import { ALERT_RULE_TAGS, ALERT_RULE_TYPE_ID, ALERT_RULE_UUID, + ALERT_SEVERITY_IMPROVING, ALERT_START, ALERT_STATUS, ALERT_TIME_RANGE, @@ -235,6 +238,7 @@ const getNewIndexedAlertDoc = (overrides = {}) => ({ [ALERT_RULE_TYPE_ID]: 'test.rule-type', [ALERT_RULE_TAGS]: ['rule-', '-tags'], [ALERT_RULE_UUID]: '1', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_START]: date, [ALERT_STATUS]: 'active', [ALERT_TIME_RANGE]: { gte: date }, @@ -253,6 +257,8 @@ const getOngoingIndexedAlertDoc = (overrides = {}) => ({ [ALERT_FLAPPING_HISTORY]: [true, false], [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z' }, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', + [ALERT_SEVERITY_IMPROVING]: undefined, ...overrides, }); @@ -267,6 +273,8 @@ const getRecoveredIndexedAlertDoc = (overrides = {}) => ({ [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z', lte: date }, [ALERT_STATUS]: 'recovered', [ALERT_CONSECUTIVE_MATCHES]: 0, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', + [ALERT_SEVERITY_IMPROVING]: true, ...overrides, }); @@ -682,6 +690,7 @@ describe('Alerts Client', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [true, false], [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_RULE_CATEGORY]: 'My test rule', [ALERT_RULE_CONSUMER]: 'bar', [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', @@ -964,6 +973,7 @@ describe('Alerts Client', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [true, false, false, false], [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_RULE_CATEGORY]: 'My test rule', [ALERT_RULE_CONSUMER]: 'bar', [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', @@ -1013,6 +1023,7 @@ describe('Alerts Client', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [true, true], [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_RULE_CATEGORY]: 'My test rule', [ALERT_RULE_CONSUMER]: 'bar', [ALERT_RULE_EXECUTION_UUID]: '5f6aa57d-3e22-484e-bae8-cbed868f4d28', @@ -1023,6 +1034,7 @@ describe('Alerts Client', () => { [ALERT_RULE_TYPE_ID]: 'test.rule-type', [ALERT_RULE_TAGS]: ['rule-', '-tags'], [ALERT_RULE_UUID]: '1', + [ALERT_SEVERITY_IMPROVING]: true, [ALERT_START]: '2023-03-28T12:27:28.159Z', [ALERT_END]: date, [ALERT_STATUS]: 'recovered', diff --git a/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts b/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts index 6267d0785f381..66cc1a3077481 100644 --- a/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts +++ b/x-pack/plugins/alerting/server/alerts_client/alerts_client.ts @@ -58,6 +58,7 @@ import { getLifecycleAlertsQueries, getMaintenanceWindowAlertsQuery, getContinualAlertsQuery, + isAlertImproving, } from './lib'; import { isValidAlertIndexName } from '../alerts_service'; import { resolveAlertConflicts } from './lib/alert_conflict_resolver'; @@ -431,6 +432,13 @@ export class AlertsClient< this.fetchedAlerts.data.hasOwnProperty(id) && get(this.fetchedAlerts.data[id], ALERT_STATUS) === 'active' ) { + const isImproving = isAlertImproving< + AlertData, + LegacyState, + LegacyContext, + ActionGroupIds, + RecoveryActionGroupId + >(this.fetchedAlerts.data[id], activeAlerts[id], this.ruleType.actionGroups); activeAlertsToIndex.push( buildOngoingAlert< AlertData, @@ -442,6 +450,7 @@ export class AlertsClient< alert: this.fetchedAlerts.data[id], legacyAlert: activeAlerts[id], rule: this.rule, + isImproving, runTimestamp: this.runTimestampString, timestamp: currentTime, payload: this.reportedAlerts[id], diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.test.ts index 280c49df36ed0..8c814c528c384 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.test.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.test.ts @@ -27,6 +27,7 @@ import { ALERT_TIME_RANGE, ALERT_CONSECUTIVE_MATCHES, ALERT_RULE_EXECUTION_TIMESTAMP, + ALERT_SEVERITY_IMPROVING, } from '@kbn/rule-data-utils'; import { alertRule } from './test_fixtures'; @@ -54,6 +55,7 @@ describe('buildNewAlert', () => { [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-28T12:27:28.159Z', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_STATUS]: 'active', [ALERT_UUID]: legacyAlert.getUuid(), [ALERT_WORKFLOW_STATUS]: 'open', @@ -86,6 +88,7 @@ describe('buildNewAlert', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], [ALERT_INSTANCE_ID]: 'alert-A', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_STATUS]: 'active', [ALERT_UUID]: legacyAlert.getUuid(), @@ -123,6 +126,7 @@ describe('buildNewAlert', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [true, false, false, false, true, true], [ALERT_INSTANCE_ID]: 'alert-A', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'], [ALERT_STATUS]: 'active', [ALERT_UUID]: legacyAlert.getUuid(), @@ -165,6 +169,7 @@ describe('buildNewAlert', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], [ALERT_INSTANCE_ID]: 'alert-A', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_STATUS]: 'active', [ALERT_UUID]: legacyAlert.getUuid(), @@ -197,6 +202,7 @@ describe('buildNewAlert', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], [ALERT_INSTANCE_ID]: 'alert-A', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_RULE_EXECUTION_TIMESTAMP]: '2030-12-15T02:44:13.124Z', [ALERT_STATUS]: 'active', @@ -245,6 +251,7 @@ describe('buildNewAlert', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], [ALERT_INSTANCE_ID]: 'alert-A', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_STATUS]: 'active', [ALERT_UUID]: legacyAlert.getUuid(), @@ -297,6 +304,7 @@ describe('buildNewAlert', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], [ALERT_INSTANCE_ID]: 'alert-A', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_STATUS]: 'active', [ALERT_UUID]: legacyAlert.getUuid(), @@ -351,6 +359,7 @@ describe('buildNewAlert', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], [ALERT_INSTANCE_ID]: 'alert-A', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_STATUS]: 'active', [ALERT_UUID]: legacyAlert.getUuid(), diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.ts index cc77099a11623..223c5a7912814 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_new_alert.ts @@ -28,6 +28,7 @@ import { TIMESTAMP, VERSION, ALERT_RULE_EXECUTION_TIMESTAMP, + ALERT_SEVERITY_IMPROVING, } from '@kbn/rule-data-utils'; import { DeepPartial } from '@kbn/utility-types'; import { Alert as LegacyAlert } from '../../alert/alert'; @@ -94,6 +95,7 @@ export const buildNewAlert = < [ALERT_CONSECUTIVE_MATCHES]: legacyAlert.getActiveCount(), [ALERT_STATUS]: 'active', [ALERT_UUID]: legacyAlert.getUuid(), + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_WORKFLOW_STATUS]: get(cleanedPayload, ALERT_WORKFLOW_STATUS, 'open'), ...(legacyAlert.getState().duration ? { [ALERT_DURATION]: nanosToMicros(legacyAlert.getState().duration) } diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.test.ts index 136a2b62962be..9f3909369a41b 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.test.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.test.ts @@ -28,6 +28,8 @@ import { ALERT_TIME_RANGE, ALERT_CONSECUTIVE_MATCHES, ALERT_RULE_EXECUTION_TIMESTAMP, + ALERT_SEVERITY_IMPROVING, + ALERT_PREVIOUS_ACTION_GROUP, } from '@kbn/rule-data-utils'; import { alertRule, existingFlattenedNewAlert, existingExpandedNewAlert } from './test_fixtures'; @@ -49,6 +51,7 @@ for (const flattened of [true, false]) { alert: existingAlert, legacyAlert, rule: alertRule, + isImproving: true, timestamp: '2023-03-29T12:27:28.159Z', kibanaVersion: '8.9.0', }) @@ -61,7 +64,9 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_DURATION]: 36000, [ALERT_STATUS]: 'active', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z' }, @@ -110,6 +115,7 @@ for (const flattened of [true, false]) { alert: existingAlert, legacyAlert, rule: updatedRule, + isImproving: false, timestamp: '2023-03-29T12:27:28.159Z', kibanaVersion: '8.9.0', }) @@ -122,7 +128,9 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_DURATION]: 36000, @@ -188,6 +196,7 @@ for (const flattened of [true, false]) { alert, legacyAlert, rule: alertRule, + isImproving: null, timestamp: '2023-03-29T12:27:28.159Z', kibanaVersion: '8.9.0', }) @@ -201,6 +210,7 @@ for (const flattened of [true, false]) { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [false, false, true, true], [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-xyz'], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_DURATION]: 36000, @@ -230,6 +240,83 @@ for (const flattened of [true, false]) { }); }); + test('should return alert document with updated isImproving', () => { + const legacyAlert = new LegacyAlert<{}, {}, 'error' | 'warning'>('alert-A', { + meta: { uuid: 'abcdefg' }, + }); + legacyAlert + .scheduleActions('error') + .replaceState({ start: '2023-03-28T12:27:28.159Z', duration: '36000000' }); + + const alert = flattened + ? { + ...existingAlert, + [ALERT_SEVERITY_IMPROVING]: true, + } + : { + ...existingAlert, + kibana: { + // @ts-expect-error + ...existingAlert.kibana, + alert: { + // @ts-expect-error + ...existingAlert.kibana.alert, + severity_improving: true, + }, + }, + }; + + expect( + buildOngoingAlert<{}, {}, {}, 'error' | 'warning', 'recovered'>({ + // @ts-expect-error + alert, + legacyAlert, + rule: alertRule, + isImproving: null, + timestamp: '2023-03-29T12:27:28.159Z', + kibanaVersion: '8.9.0', + }) + ).toEqual({ + ...alertRule, + [TIMESTAMP]: '2023-03-29T12:27:28.159Z', + [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', + [EVENT_ACTION]: 'active', + [ALERT_ACTION_GROUP]: 'error', + [ALERT_CONSECUTIVE_MATCHES]: 0, + [ALERT_FLAPPING]: false, + [ALERT_FLAPPING_HISTORY]: [], + [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', + [ALERT_STATUS]: 'active', + [ALERT_WORKFLOW_STATUS]: 'open', + [ALERT_SEVERITY_IMPROVING]: undefined, + [ALERT_DURATION]: 36000, + [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z' }, + [SPACE_IDS]: ['default'], + [VERSION]: '8.9.0', + [TAGS]: ['rule-', '-tags'], + ...(flattened + ? { + [EVENT_KIND]: 'signal', + [ALERT_INSTANCE_ID]: 'alert-A', + [ALERT_START]: '2023-03-28T12:27:28.159Z', + [ALERT_UUID]: 'abcdefg', + } + : { + event: { + kind: 'signal', + }, + kibana: { + alert: { + instance: { id: 'alert-A' }, + start: '2023-03-28T12:27:28.159Z', + uuid: 'abcdefg', + }, + }, + }), + }); + }); + test('should return alert document with updated payload if specified', () => { const legacyAlert = new LegacyAlert<{}, {}, 'error' | 'warning'>('alert-A', { meta: { uuid: 'abcdefg' }, @@ -272,6 +359,7 @@ for (const flattened of [true, false]) { legacyAlert, rule: alertRule, timestamp: '2023-03-29T12:27:28.159Z', + isImproving: true, payload: { count: 2, url: `https://url2`, @@ -291,7 +379,9 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_DURATION]: 36000, @@ -335,6 +425,7 @@ for (const flattened of [true, false]) { alert: existingAlert, legacyAlert, rule: alertRule, + isImproving: false, runTimestamp: '2030-12-15T02:44:13.124Z', timestamp: '2023-03-29T12:27:28.159Z', kibanaVersion: '8.9.0', @@ -348,7 +439,9 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_DURATION]: 36000, [ALERT_STATUS]: 'active', [ALERT_TIME_RANGE]: { gte: '2023-03-28T12:27:28.159Z' }, @@ -425,6 +518,7 @@ for (const flattened of [true, false]) { alert, legacyAlert, rule: alertRule, + isImproving: null, timestamp: '2023-03-29T12:27:28.159Z', payload: { count: 2, @@ -447,6 +541,7 @@ for (const flattened of [true, false]) { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_DURATION]: 36000, @@ -526,6 +621,7 @@ for (const flattened of [true, false]) { alert, legacyAlert, rule: alertRule, + isImproving: true, timestamp: '2023-03-29T12:27:28.159Z', payload: { count: 2, @@ -548,7 +644,9 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_DURATION]: 36000, @@ -615,6 +713,7 @@ for (const flattened of [true, false]) { alert, legacyAlert, rule: alertRule, + isImproving: false, timestamp: '2023-03-29T12:27:28.159Z', kibanaVersion: '8.9.0', } @@ -630,7 +729,9 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_DURATION]: 36000, @@ -711,6 +812,7 @@ for (const flattened of [true, false]) { rule: alertRule, timestamp: '2023-03-29T12:27:28.159Z', kibanaVersion: '8.9.0', + isImproving: null, payload: { count: 2, url: `https://url2`, @@ -731,6 +833,7 @@ for (const flattened of [true, false]) { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], [ALERT_MAINTENANCE_WINDOW_IDS]: [], + [ALERT_PREVIOUS_ACTION_GROUP]: 'error', [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'custom_status', [ALERT_DURATION]: 36000, diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.ts index 6c62005873221..74672cbe0a2cd 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_ongoing_alert.ts @@ -13,7 +13,9 @@ import { ALERT_DURATION, ALERT_FLAPPING, ALERT_FLAPPING_HISTORY, + ALERT_SEVERITY_IMPROVING, ALERT_MAINTENANCE_WINDOW_IDS, + ALERT_PREVIOUS_ACTION_GROUP, ALERT_RULE_EXECUTION_TIMESTAMP, ALERT_RULE_TAGS, ALERT_TIME_RANGE, @@ -24,6 +26,7 @@ import { VERSION, } from '@kbn/rule-data-utils'; import { DeepPartial } from '@kbn/utility-types'; +import { get, omit } from 'lodash'; import { Alert as LegacyAlert } from '../../alert/alert'; import { AlertInstanceContext, AlertInstanceState, RuleAlertData } from '../../types'; import type { AlertRule } from '../types'; @@ -41,6 +44,7 @@ interface BuildOngoingAlertOpts< alert: Alert & AlertData; legacyAlert: LegacyAlert; rule: AlertRule; + isImproving: boolean | null; payload?: DeepPartial; runTimestamp?: string; timestamp: string; @@ -62,6 +66,7 @@ export const buildOngoingAlert = < alert, legacyAlert, payload, + isImproving, rule, runTimestamp, timestamp, @@ -78,6 +83,9 @@ export const buildOngoingAlert = < // Make sure that any alert fields that are updateable are flattened. const refreshableAlertFields = replaceRefreshableAlertFields(alert); + // Omit fields that are overwrite-able with undefined value + const cleanedAlert = omit(alert, ALERT_SEVERITY_IMPROVING); + const alertUpdates = { // Set latest rule configuration ...rule, @@ -110,6 +118,8 @@ export const buildOngoingAlert = < ...(legacyAlert.getState().duration ? { [ALERT_DURATION]: nanosToMicros(legacyAlert.getState().duration) } : {}), + ...(isImproving != null ? { [ALERT_SEVERITY_IMPROVING]: isImproving } : {}), + [ALERT_PREVIOUS_ACTION_GROUP]: get(alert, ALERT_ACTION_GROUP), [SPACE_IDS]: rule[SPACE_IDS], [VERSION]: kibanaVersion, [TAGS]: Array.from( @@ -136,12 +146,12 @@ export const buildOngoingAlert = < // 'kibana.alert.field1': 'value2' // } // the expanded field from the existing alert is removed - const cleanedAlert = removeUnflattenedFieldsFromAlert(alert, { + const expandedAlert = removeUnflattenedFieldsFromAlert(cleanedAlert, { ...cleanedPayload, ...alertUpdates, ...refreshableAlertFields, }); - return deepmerge.all([cleanedAlert, refreshableAlertFields, cleanedPayload, alertUpdates], { + return deepmerge.all([expandedAlert, refreshableAlertFields, cleanedPayload, alertUpdates], { arrayMerge: (_, sourceArray) => sourceArray, }) as Alert & AlertData; }; diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts index ebaa829c0988b..c63543b99232d 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.test.ts @@ -29,6 +29,8 @@ import { ALERT_END, ALERT_CONSECUTIVE_MATCHES, ALERT_RULE_EXECUTION_TIMESTAMP, + ALERT_PREVIOUS_ACTION_GROUP, + ALERT_SEVERITY_IMPROVING, } from '@kbn/rule-data-utils'; import { alertRule, @@ -69,6 +71,8 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'open', @@ -135,6 +139,8 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'], [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'open', @@ -231,6 +237,8 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'], [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'open', @@ -291,6 +299,8 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'open', @@ -395,6 +405,8 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'], [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'open', @@ -497,6 +509,8 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-1', 'maint-321'], [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'open', @@ -598,6 +612,8 @@ for (const flattened of [true, false]) { [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [], + [ALERT_SEVERITY_IMPROVING]: true, + [ALERT_PREVIOUS_ACTION_GROUP]: 'default', [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'custom_status', diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts index 0f874d857736e..bfcea9e29edf6 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_recovered_alert.ts @@ -24,8 +24,11 @@ import { ALERT_START, ALERT_CONSECUTIVE_MATCHES, ALERT_RULE_EXECUTION_TIMESTAMP, + ALERT_PREVIOUS_ACTION_GROUP, + ALERT_SEVERITY_IMPROVING, } from '@kbn/rule-data-utils'; import { DeepPartial } from '@kbn/utility-types'; +import { get } from 'lodash'; import { Alert as LegacyAlert } from '../../alert/alert'; import { AlertInstanceContext, AlertInstanceState, RuleAlertData } from '../../types'; import type { AlertRule } from '../types'; @@ -95,6 +98,9 @@ export const buildRecoveredAlert = < [ALERT_FLAPPING]: legacyAlert.getFlapping(), // Set latest flapping_history [ALERT_FLAPPING_HISTORY]: legacyAlert.getFlappingHistory(), + // Alert is recovering from active state so by default it is improving + [ALERT_SEVERITY_IMPROVING]: true, + [ALERT_PREVIOUS_ACTION_GROUP]: get(alert, ALERT_ACTION_GROUP), // Set latest maintenance window IDs [ALERT_MAINTENANCE_WINDOW_IDS]: legacyAlert.getMaintenanceWindowIds(), // Set latest match count, should be 0 diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts index b953814d4151e..69e196563a0e4 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.test.ts @@ -27,6 +27,7 @@ import { ALERT_END, ALERT_RULE_EXECUTION_TIMESTAMP, ALERT_CONSECUTIVE_MATCHES, + ALERT_PREVIOUS_ACTION_GROUP, } from '@kbn/rule-data-utils'; import { alertRule, @@ -70,6 +71,7 @@ describe('buildUpdatedRecoveredAlert', () => { [ALERT_TIME_RANGE]: { gte: '2023-03-27T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, [ALERT_FLAPPING]: true, [ALERT_FLAPPING_HISTORY]: [false, false, true, true], + [ALERT_PREVIOUS_ACTION_GROUP]: 'recovered', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-x'], [ALERT_STATUS]: 'recovered', @@ -119,6 +121,7 @@ describe('buildUpdatedRecoveredAlert', () => { [ALERT_TIME_RANGE]: { gte: '2023-03-27T12:27:28.159Z', lte: '2023-03-30T12:27:28.159Z' }, [ALERT_FLAPPING]: true, [ALERT_FLAPPING_HISTORY]: [false, false, true, true], + [ALERT_PREVIOUS_ACTION_GROUP]: 'recovered', [ALERT_INSTANCE_ID]: 'alert-A', [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-x'], [ALERT_STATUS]: 'recovered', @@ -186,6 +189,7 @@ describe('buildUpdatedRecoveredAlert', () => { [ALERT_RULE_EXECUTION_TIMESTAMP]: '2023-03-29T12:27:28.159Z', [ALERT_FLAPPING]: true, [ALERT_FLAPPING_HISTORY]: [false, false, true, true], + [ALERT_PREVIOUS_ACTION_GROUP]: 'recovered', [ALERT_STATUS]: 'recovered', [ALERT_WORKFLOW_STATUS]: 'open', [SPACE_IDS]: ['default'], diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts index d393f5f513f6e..06972c81e496d 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/build_updated_recovered_alert.ts @@ -8,14 +8,17 @@ import deepmerge from 'deepmerge'; import type { Alert } from '@kbn/alerts-as-data-utils'; import { + ALERT_ACTION_GROUP, ALERT_FLAPPING, ALERT_FLAPPING_HISTORY, + ALERT_SEVERITY_IMPROVING, + ALERT_PREVIOUS_ACTION_GROUP, ALERT_RULE_EXECUTION_TIMESTAMP, ALERT_RULE_EXECUTION_UUID, TIMESTAMP, } from '@kbn/rule-data-utils'; import { RawAlertInstance } from '@kbn/alerting-state-types'; -import { get } from 'lodash'; +import { get, omit } from 'lodash'; import { RuleAlertData } from '../../types'; import { AlertRule } from '../types'; import { removeUnflattenedFieldsFromAlert, replaceRefreshableAlertFields } from './format_alert'; @@ -43,6 +46,9 @@ export const buildUpdatedRecoveredAlert = ({ // Make sure that any alert fields that are updatable are flattened. const refreshableAlertFields = replaceRefreshableAlertFields(alert); + // Omit fields that are overwrite-able with undefined value + const cleanedAlert = omit(alert, ALERT_SEVERITY_IMPROVING); + const alertUpdates = { // Set latest rule configuration ...rule, @@ -57,6 +63,7 @@ export const buildUpdatedRecoveredAlert = ({ // not get returned for summary alerts. In the future, we may want to restore this and add another field to the // alert doc indicating that this is an ongoing recovered alert that can be used for querying. [ALERT_RULE_EXECUTION_UUID]: get(alert, ALERT_RULE_EXECUTION_UUID), + [ALERT_PREVIOUS_ACTION_GROUP]: get(alert, ALERT_ACTION_GROUP), }; // Clean the existing alert document so any nested fields that will be updated @@ -74,12 +81,12 @@ export const buildUpdatedRecoveredAlert = ({ // 'kibana.alert.field1': 'value2' // } // the expanded field from the existing alert is removed - const cleanedAlert = removeUnflattenedFieldsFromAlert(alert, { + const expandedAlert = removeUnflattenedFieldsFromAlert(cleanedAlert, { ...alertUpdates, ...refreshableAlertFields, }); - return deepmerge.all([cleanedAlert, refreshableAlertFields, alertUpdates], { + return deepmerge.all([expandedAlert, refreshableAlertFields, alertUpdates], { arrayMerge: (_, sourceArray) => sourceArray, }) as Alert & AlertData; }; diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/get_summarized_alerts_query.ts b/x-pack/plugins/alerting/server/alerts_client/lib/get_summarized_alerts_query.ts index 2ae2962718748..e9e706331f360 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/get_summarized_alerts_query.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/get_summarized_alerts_query.ts @@ -417,7 +417,7 @@ const getHitsWithCount = ( const expandedSource = expandFlattenedAlert(formattedSource as object) as Alert & AlertData; return { - _id, + _id: _id!, _index, ...expandedSource, }; diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/index.ts b/x-pack/plugins/alerting/server/alerts_client/lib/index.ts index edd9660bba4c7..ba69d921b6570 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/index.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/index.ts @@ -20,3 +20,4 @@ export { export { expandFlattenedAlert } from './format_alert'; export { sanitizeBulkErrorResponse } from './sanitize_bulk_response'; export { initializeAlertsClient } from './initialize_alerts_client'; +export { isAlertImproving } from './is_alert_improving'; diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.test.ts b/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.test.ts new file mode 100644 index 0000000000000..e2b4136dac163 --- /dev/null +++ b/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.test.ts @@ -0,0 +1,146 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { cloneDeep } from 'lodash'; +import { set } from '@kbn/safer-lodash-set'; +import { ALERT_ACTION_GROUP } from '@kbn/rule-data-utils'; +import { Alert as LegacyAlert } from '../../alert'; +import { isAlertImproving } from './is_alert_improving'; +import { existingExpandedNewAlert, existingFlattenedNewAlert } from './test_fixtures'; +import { ActionGroup } from '../../types'; + +const actionGroupsWithSeverity: Array> = [ + { id: 'info', name: 'Info', severity: { level: 0 } }, + { id: 'warning', name: 'Warning', severity: { level: 1 } }, + { id: 'error', name: 'Error', severity: { level: 2 } }, + { id: 'critical', name: 'Critical Error', severity: { level: 3 } }, +]; + +const actionGroupsWithoutSeverity: Array> = [ + { id: 'info', name: 'Info' }, + { id: 'warning', name: 'Warning' }, + { id: 'error', name: 'Error' }, + { id: 'critical', name: 'Critical Error' }, +]; + +type TestActionGroupIds = 'info' | 'error' | 'warning' | 'critical'; + +for (const flattened of [true, false]) { + // existing alert action group = 'error' + const existingAlert = flattened ? existingFlattenedNewAlert : existingExpandedNewAlert; + + describe(`isAlertImproving for ${flattened ? 'flattened' : 'expanded'} existing alert`, () => { + test('should return null if no scheduled action group', () => { + const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', { + meta: { uuid: 'abcdefg' }, + }); + + expect( + isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>( + // @ts-expect-error + existingAlert, + legacyAlert, + actionGroupsWithSeverity + ) + ).toEqual(null); + }); + + test('should return false if no previous action group', () => { + // existing alert action group = 'error' + const copyAlert = cloneDeep(existingAlert); + const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', { + meta: { uuid: 'abcdefg' }, + }); + legacyAlert.scheduleActions('warning'); + + set(copyAlert, ALERT_ACTION_GROUP, undefined); + expect( + isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>( + // @ts-expect-error + copyAlert, + legacyAlert, + actionGroupsWithSeverity + ) + ).toEqual(null); + }); + + test('should return false if no severity defined for action groups', () => { + const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', { + meta: { uuid: 'abcdefg' }, + }); + legacyAlert.scheduleActions('warning'); + expect( + isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>( + // @ts-expect-error + existingAlert, + legacyAlert, + actionGroupsWithoutSeverity + ) + ).toEqual(null); + }); + + test('should return null if severity stays the same', () => { + const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', { + meta: { uuid: 'abcdefg' }, + }); + legacyAlert.scheduleActions('error'); + expect( + isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>( + // @ts-expect-error + existingAlert, + legacyAlert, + actionGroupsWithSeverity + ) + ).toEqual(null); + }); + + test('should return false if severity degrades', () => { + const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', { + meta: { uuid: 'abcdefg' }, + }); + legacyAlert.scheduleActions('critical'); + expect( + isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>( + // @ts-expect-error + existingAlert, + legacyAlert, + actionGroupsWithSeverity + ) + ).toEqual(false); + }); + + test('should return true if severity improves', () => { + const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', { + meta: { uuid: 'abcdefg' }, + }); + legacyAlert.scheduleActions('warning'); + expect( + isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>( + // @ts-expect-error + existingAlert, + legacyAlert, + actionGroupsWithSeverity + ) + ).toEqual(true); + }); + + test('should return true if severity improves multiple levels', () => { + const legacyAlert = new LegacyAlert<{}, {}, TestActionGroupIds>('alert-A', { + meta: { uuid: 'abcdefg' }, + }); + legacyAlert.scheduleActions('info'); + expect( + isAlertImproving<{}, {}, {}, TestActionGroupIds, 'recovered'>( + // @ts-expect-error + existingAlert, + legacyAlert, + actionGroupsWithSeverity + ) + ).toEqual(true); + }); + }); +} diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.ts b/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.ts new file mode 100644 index 0000000000000..cf8b3205606ee --- /dev/null +++ b/x-pack/plugins/alerting/server/alerts_client/lib/is_alert_improving.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { get } from 'lodash'; +import type { Alert } from '@kbn/alerts-as-data-utils'; +import { ALERT_ACTION_GROUP } from '@kbn/rule-data-utils'; +import { Alert as LegacyAlert } from '../../alert'; +import { ActionGroup, AlertInstanceState, AlertInstanceContext, RuleAlertData } from '../../types'; + +export const isAlertImproving = < + AlertData extends RuleAlertData, + LegacyState extends AlertInstanceState, + LegacyContext extends AlertInstanceContext, + ActionGroupIds extends string, + RecoveryActionGroupId extends string +>( + alert: Alert & AlertData, + legacyAlert: LegacyAlert, + actionGroups: Array> +): boolean | null => { + const currentActionGroup = legacyAlert.getScheduledActionOptions()?.actionGroup; + const previousActionGroup = get(alert, ALERT_ACTION_GROUP); + + if (!currentActionGroup || !previousActionGroup) { + return null; + } + + // Get action group definitions + const currentActionGroupDef = actionGroups.find((ag) => ag.id === currentActionGroup); + const previousActionGroupDef = actionGroups.find((ag) => ag.id === previousActionGroup); + if ( + currentActionGroupDef && + previousActionGroupDef && + currentActionGroupDef.severity && + previousActionGroupDef.severity + ) { + const toRet = + currentActionGroupDef.severity.level === previousActionGroupDef.severity.level + ? null + : currentActionGroupDef.severity.level < previousActionGroupDef.severity.level; + return toRet; + } + + return null; +}; diff --git a/x-pack/plugins/alerting/server/alerts_client/lib/test_fixtures.ts b/x-pack/plugins/alerting/server/alerts_client/lib/test_fixtures.ts index 096d8ab6a39a7..a0ce91d145911 100644 --- a/x-pack/plugins/alerting/server/alerts_client/lib/test_fixtures.ts +++ b/x-pack/plugins/alerting/server/alerts_client/lib/test_fixtures.ts @@ -35,6 +35,7 @@ import { ALERT_START, ALERT_TIME_RANGE, ALERT_END, + ALERT_SEVERITY_IMPROVING, } from '@kbn/rule-data-utils'; import { AlertRule } from '../types'; import { expandFlattenedAlert } from './format_alert'; @@ -115,6 +116,7 @@ export const existingFlattenedRecoveredAlert = { [ALERT_MAINTENANCE_WINDOW_IDS]: ['maint-x'], [ALERT_CONSECUTIVE_MATCHES]: 0, [ALERT_STATUS]: 'recovered', + [ALERT_SEVERITY_IMPROVING]: false, }; export const existingExpandedNewAlert = expandFlattenedAlert(existingFlattenedNewAlert); diff --git a/x-pack/plugins/alerting/server/alerts_service/lib/create_concrete_write_index.test.ts b/x-pack/plugins/alerting/server/alerts_service/lib/create_concrete_write_index.test.ts index 8ffb73508e1d9..f8e2f8c089529 100644 --- a/x-pack/plugins/alerting/server/alerts_service/lib/create_concrete_write_index.test.ts +++ b/x-pack/plugins/alerting/server/alerts_service/lib/create_concrete_write_index.test.ts @@ -645,6 +645,7 @@ describe('createConcreteWriteIndex', () => { it(`should log and return when simulating updated mappings returns null`, async () => { clusterClient.indices.getAlias.mockImplementation(async () => GetAliasResponse); clusterClient.indices.getDataStream.mockImplementation(async () => GetDataStreamResponse); + // @ts-expect-error type mismatch: mappings cannot be null clusterClient.indices.simulateIndexTemplate.mockImplementationOnce(async () => ({ ...SimulateTemplateResponse, template: { ...SimulateTemplateResponse.template, mappings: null }, diff --git a/x-pack/plugins/alerting/server/application/backfill/methods/schedule/schemas/schedule_backfill_result_schema.ts b/x-pack/plugins/alerting/server/application/backfill/methods/schedule/schemas/schedule_backfill_result_schema.ts index 023ab90c0ee75..fde306e44bc42 100644 --- a/x-pack/plugins/alerting/server/application/backfill/methods/schedule/schemas/schedule_backfill_result_schema.ts +++ b/x-pack/plugins/alerting/server/application/backfill/methods/schedule/schemas/schedule_backfill_result_schema.ts @@ -10,8 +10,12 @@ import { backfillSchema } from '../../../result/schemas'; export const scheduleBackfillErrorSchema = schema.object({ error: schema.object({ - error: schema.string(), message: schema.string(), + status: schema.maybe(schema.number()), + rule: schema.object({ + id: schema.string(), + name: schema.maybe(schema.string()), + }), }), }); diff --git a/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.test.ts b/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.test.ts index 35c2568a8074a..995240cbbd023 100644 --- a/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.test.ts +++ b/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.test.ts @@ -136,7 +136,7 @@ describe('transformAdHocRunToBackfillResult', () => { }); }); - test('should return error for malformed responses', () => { + test('should return error for malformed responses when original create request is not provided', () => { expect( transformAdHocRunToBackfillResult( // missing id @@ -155,8 +155,8 @@ describe('transformAdHocRunToBackfillResult', () => { ) ).toEqual({ error: { - error: 'Internal Server Error', message: 'Malformed saved object in bulkCreate response - Missing "id".', + rule: { id: '1', name: 'my rule name' }, }, }); expect( @@ -177,8 +177,8 @@ describe('transformAdHocRunToBackfillResult', () => { ) ).toEqual({ error: { - error: 'Internal Server Error', message: 'Malformed saved object in bulkCreate response - Missing "attributes".', + rule: { id: '1' }, }, }); expect( @@ -199,8 +199,8 @@ describe('transformAdHocRunToBackfillResult', () => { ) ).toEqual({ error: { - error: 'Internal Server Error', message: 'Malformed saved object in bulkCreate response - Missing "references".', + rule: { id: 'unknown', name: 'my rule name' }, }, }); expect( @@ -221,13 +221,125 @@ describe('transformAdHocRunToBackfillResult', () => { ) ).toEqual({ error: { - error: 'Internal Server Error', message: 'Malformed saved object in bulkCreate response - Missing "references".', + rule: { id: 'unknown', name: 'my rule name' }, }, }); }); - test('should pass through error if saved object error', () => { + test('should return error for malformed responses when original create request is provided', () => { + const attributes = getMockAdHocRunAttributes(); + expect( + transformAdHocRunToBackfillResult( + // missing id + // @ts-expect-error + { + type: 'ad_hoc_rule_run_params', + namespaces: ['default'], + attributes, + references: [{ id: '1', name: 'rule', type: 'alert' }], + managed: false, + coreMigrationVersion: '8.8.0', + updated_at: '2024-02-07T16:05:39.296Z', + created_at: '2024-02-07T16:05:39.296Z', + version: 'WzcsMV0=', + }, + { + type: 'ad_hoc_rule_run_params', + attributes, + references: [{ id: '1', name: 'rule', type: 'alert' }], + } + ) + ).toEqual({ + error: { + message: 'Malformed saved object in bulkCreate response - Missing "id".', + rule: { id: '1', name: 'my rule name' }, + }, + }); + expect( + transformAdHocRunToBackfillResult( + // missing attributes + // @ts-expect-error + { + type: 'ad_hoc_rule_run_params', + id: 'abc', + namespaces: ['default'], + references: [{ id: '1', name: 'rule', type: 'alert' }], + managed: false, + coreMigrationVersion: '8.8.0', + updated_at: '2024-02-07T16:05:39.296Z', + created_at: '2024-02-07T16:05:39.296Z', + version: 'WzcsMV0=', + }, + { + type: 'ad_hoc_rule_run_params', + attributes, + references: [{ id: '1', name: 'rule', type: 'alert' }], + } + ) + ).toEqual({ + error: { + message: 'Malformed saved object in bulkCreate response - Missing "attributes".', + rule: { id: '1', name: 'my rule name' }, + }, + }); + expect( + transformAdHocRunToBackfillResult( + // missing references + // @ts-expect-error + { + type: 'ad_hoc_rule_run_params', + id: 'def', + namespaces: ['default'], + attributes, + managed: false, + coreMigrationVersion: '8.8.0', + updated_at: '2024-02-07T16:05:39.296Z', + created_at: '2024-02-07T16:05:39.296Z', + version: 'WzcsMV0=', + }, + { + type: 'ad_hoc_rule_run_params', + attributes, + references: [{ id: '1', name: 'rule', type: 'alert' }], + } + ) + ).toEqual({ + error: { + message: 'Malformed saved object in bulkCreate response - Missing "references".', + rule: { id: '1', name: 'my rule name' }, + }, + }); + expect( + transformAdHocRunToBackfillResult( + // empty references + { + type: 'ad_hoc_rule_run_params', + id: 'ghi', + namespaces: ['default'], + attributes, + references: [], + managed: false, + coreMigrationVersion: '8.8.0', + updated_at: '2024-02-07T16:05:39.296Z', + created_at: '2024-02-07T16:05:39.296Z', + version: 'WzcsMV0=', + }, + { + type: 'ad_hoc_rule_run_params', + attributes, + references: [{ id: '1', name: 'rule', type: 'alert' }], + } + ) + ).toEqual({ + error: { + message: 'Malformed saved object in bulkCreate response - Missing "references".', + rule: { id: '1', name: 'my rule name' }, + }, + }); + }); + + test('should pass through error if saved object error when original create request is not provided', () => { expect( transformAdHocRunToBackfillResult( // @ts-expect-error @@ -243,8 +355,35 @@ describe('transformAdHocRunToBackfillResult', () => { ) ).toEqual({ error: { - error: 'my error', message: 'Unable to create', + rule: { id: 'unknown' }, + }, + }); + }); + + test('should pass through error if saved object error when original create request is provided', () => { + expect( + transformAdHocRunToBackfillResult( + // @ts-expect-error + { + type: 'ad_hoc_rule_run_params', + id: '788a2784-c021-484f-a53e-0c1c63c7567c', + error: { + error: 'my error', + message: 'Unable to create', + statusCode: 404, + }, + }, + { + type: 'ad_hoc_rule_run_params', + attributes: getMockAdHocRunAttributes(), + references: [{ id: '1', name: 'rule', type: 'alert' }], + } + ) + ).toEqual({ + error: { + message: 'Unable to create', + rule: { id: '1', name: 'my rule name' }, }, }); }); diff --git a/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.ts b/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.ts index 219587bd0f1dd..13257742b7005 100644 --- a/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.ts +++ b/x-pack/plugins/alerting/server/application/backfill/transforms/transform_ad_hoc_run_to_backfill_result.ts @@ -5,39 +5,43 @@ * 2.0. */ -import { SavedObject } from '@kbn/core/server'; +import { SavedObject, SavedObjectsBulkCreateObject } from '@kbn/core/server'; import { AdHocRunSO } from '../../../data/ad_hoc_run/types'; import { createBackfillError } from '../../../backfill_client/lib'; import { ScheduleBackfillResult } from '../methods/schedule/types'; -export const transformAdHocRunToBackfillResult = ({ - id, - attributes, - references, - error, -}: SavedObject): ScheduleBackfillResult => { +export const transformAdHocRunToBackfillResult = ( + { id, attributes, references, error }: SavedObject, + originalSO?: SavedObjectsBulkCreateObject +): ScheduleBackfillResult => { + const ruleId = references?.[0]?.id ?? originalSO?.references?.[0]?.id ?? 'unknown'; + const ruleName = attributes?.rule?.name ?? originalSO?.attributes?.rule.name; if (error) { - return createBackfillError(error.error, error.message); + // get rule info from original SO if available since SO create errors don't return this + return createBackfillError(error.message, ruleId, ruleName); } if (!id) { return createBackfillError( - 'Internal Server Error', - 'Malformed saved object in bulkCreate response - Missing "id".' + 'Malformed saved object in bulkCreate response - Missing "id".', + ruleId, + ruleName ); } if (!attributes) { return createBackfillError( - 'Internal Server Error', - 'Malformed saved object in bulkCreate response - Missing "attributes".' + 'Malformed saved object in bulkCreate response - Missing "attributes".', + ruleId, + ruleName ); } if (!references || !references.length) { return createBackfillError( - 'Internal Server Error', - 'Malformed saved object in bulkCreate response - Missing "references".' + 'Malformed saved object in bulkCreate response - Missing "references".', + ruleId, + ruleName ); } diff --git a/x-pack/plugins/alerting/server/backfill_client/backfill_client.test.ts b/x-pack/plugins/alerting/server/backfill_client/backfill_client.test.ts index 02505a5af84bb..771f5a4db34b9 100644 --- a/x-pack/plugins/alerting/server/backfill_client/backfill_client.test.ts +++ b/x-pack/plugins/alerting/server/backfill_client/backfill_client.test.ts @@ -279,7 +279,7 @@ describe('BackfillClient', () => { unsecuredSavedObjectsClient, }); - expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith([ + const bulkCreateParams = [ { type: AD_HOC_RUN_SAVED_OBJECT_TYPE, attributes: mockAttributes1, @@ -290,7 +290,9 @@ describe('BackfillClient', () => { attributes: mockAttributes2, references: [{ id: rule2.id, name: 'rule', type: RULE_SAVED_OBJECT_TYPE }], }, - ]); + ]; + + expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith(bulkCreateParams); expect(auditLogger.log).toHaveBeenCalledTimes(2); expect(auditLogger.log).toHaveBeenNthCalledWith(1, { event: { @@ -328,7 +330,11 @@ describe('BackfillClient', () => { params: { adHocRunParamsId: 'def', spaceId: 'default' }, }, ]); - expect(result).toEqual(bulkCreateResult.saved_objects.map(transformAdHocRunToBackfillResult)); + expect(result).toEqual( + bulkCreateResult.saved_objects.map((so, index) => + transformAdHocRunToBackfillResult(so, bulkCreateParams?.[index]) + ) + ); }); test('should successfully create multiple backfill saved objects for a single rule', async () => { @@ -385,7 +391,7 @@ describe('BackfillClient', () => { unsecuredSavedObjectsClient, }); - expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith([ + const bulkCreateParams = [ { type: AD_HOC_RUN_SAVED_OBJECT_TYPE, attributes: mockAttributes1, @@ -396,7 +402,9 @@ describe('BackfillClient', () => { attributes: mockAttributes2, references: [{ id: rule1.id, name: 'rule', type: RULE_SAVED_OBJECT_TYPE }], }, - ]); + ]; + + expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith(bulkCreateParams); expect(auditLogger.log).toHaveBeenCalledTimes(2); expect(auditLogger.log).toHaveBeenNthCalledWith(1, { event: { @@ -432,7 +440,11 @@ describe('BackfillClient', () => { params: { adHocRunParamsId: 'def', spaceId: 'default' }, }, ]); - expect(result).toEqual(bulkCreateResult.saved_objects.map(transformAdHocRunToBackfillResult)); + expect(result).toEqual( + bulkCreateResult.saved_objects.map((so, index) => + transformAdHocRunToBackfillResult(so, bulkCreateParams?.[index]) + ) + ); }); test('should log warning if no rule found for backfill job', async () => { @@ -472,13 +484,14 @@ describe('BackfillClient', () => { unsecuredSavedObjectsClient, }); - expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith([ + const bulkCreateParams = [ { type: AD_HOC_RUN_SAVED_OBJECT_TYPE, attributes: mockAttributes1, references: [{ id: rule1.id, name: 'rule', type: RULE_SAVED_OBJECT_TYPE }], }, - ]); + ]; + expect(unsecuredSavedObjectsClient.bulkCreate).toHaveBeenCalledWith(bulkCreateParams); expect(auditLogger.log).toHaveBeenCalledTimes(1); expect(auditLogger.log).toHaveBeenNthCalledWith(1, { event: { @@ -502,11 +515,13 @@ describe('BackfillClient', () => { }, ]); expect(result).toEqual([ - ...bulkCreateResult.saved_objects.map(transformAdHocRunToBackfillResult), + ...bulkCreateResult.saved_objects.map((so, index) => + transformAdHocRunToBackfillResult(so, bulkCreateParams?.[0]) + ), { error: { - error: 'Not Found', message: 'Saved object [alert/2] not found', + rule: { id: '2' }, }, }, ]); @@ -546,7 +561,7 @@ describe('BackfillClient', () => { getMockData({ ruleId: '6' }), // this should return error due to disabled rule getMockData({ ruleId: '7' }), // this should return error due to null api key ]; - const rule1 = getMockRule(); + const rule1 = getMockRule({ id: '1' }); const rule3 = getMockRule({ id: '3' }); const rule4 = getMockRule({ id: '4' }); const rule5 = getMockRule({ id: '5' }); @@ -666,8 +681,8 @@ describe('BackfillClient', () => { expect(result).toEqual([ { error: { - error: 'Bad Request', message: 'Rule type "myType" for rule 1 is not supported', + rule: { id: '1', name: 'my rule name' }, }, }, { @@ -676,8 +691,8 @@ describe('BackfillClient', () => { }, { error: { - error: 'Not Found', message: 'Saved object [alert/2] not found', + rule: { id: '2' }, }, }, { @@ -690,8 +705,8 @@ describe('BackfillClient', () => { }, { error: { - error: 'my error', message: 'Unable to create', + rule: { id: '4', name: 'my rule name' }, }, }, { @@ -700,14 +715,14 @@ describe('BackfillClient', () => { }, { error: { - error: 'Bad Request', message: 'Rule 6 is disabled', + rule: { id: '6', name: 'my rule name' }, }, }, { error: { - error: 'Bad Request', message: 'Rule 7 has no API key', + rule: { id: '7', name: 'my rule name' }, }, }, ]); @@ -738,38 +753,38 @@ describe('BackfillClient', () => { expect(result).toEqual([ { error: { - error: 'Not Found', message: 'Saved object [alert/1] not found', + rule: { id: '1' }, }, }, { error: { - error: 'Not Found', message: 'Saved object [alert/2] not found', + rule: { id: '2' }, }, }, { error: { - error: 'Not Found', message: 'Saved object [alert/3] not found', + rule: { id: '3' }, }, }, { error: { - error: 'Not Found', message: 'Saved object [alert/1] not found', + rule: { id: '1' }, }, }, { error: { - error: 'Not Found', message: 'Saved object [alert/4] not found', + rule: { id: '4' }, }, }, { error: { - error: 'Not Found', message: 'Saved object [alert/5] not found', + rule: { id: '5' }, }, }, ]); @@ -839,32 +854,32 @@ describe('BackfillClient', () => { expect(result).toEqual([ { error: { - error: 'Bad Request', message: 'Rule type "myType" for rule 1 is not supported', + rule: { id: '1', name: 'my rule name' }, }, }, { error: { - error: 'Not Found', message: 'Saved object [alert/2] not found', + rule: { id: '2' }, }, }, { error: { - error: 'my error', message: 'Unable to create', + rule: { id: '4', name: 'my rule name' }, }, }, { error: { - error: 'Bad Request', message: 'Rule 6 is disabled', + rule: { id: '6', name: 'my rule name' }, }, }, { error: { - error: 'Bad Request', message: 'Rule 7 has no API key', + rule: { id: '7', name: 'my rule name' }, }, }, ]); diff --git a/x-pack/plugins/alerting/server/backfill_client/backfill_client.ts b/x-pack/plugins/alerting/server/backfill_client/backfill_client.ts index 5e6de1941c324..48b5e49c428c0 100644 --- a/x-pack/plugins/alerting/server/backfill_client/backfill_client.ts +++ b/x-pack/plugins/alerting/server/backfill_client/backfill_client.ts @@ -159,7 +159,7 @@ export class BackfillClient { ); const transformedResponse: ScheduleBackfillResults = bulkCreateResponse.saved_objects.map( - (so: SavedObject) => { + (so: SavedObject, index: number) => { if (so.error) { auditLogger?.log( adHocRunAuditEvent({ @@ -175,7 +175,7 @@ export class BackfillClient { }) ); } - return transformAdHocRunToBackfillResult(so); + return transformAdHocRunToBackfillResult(so, adHocSOsToCreate?.[index]); } ); @@ -315,16 +315,13 @@ function getRuleOrError( ruleId ); return { - error: createBackfillError( - notFoundError.output.payload.error, - notFoundError.output.payload.message - ), + error: createBackfillError(notFoundError.output.payload.message, ruleId), }; } // if rule exists, check that it is enabled if (!rule.enabled) { - return { error: createBackfillError('Bad Request', `Rule ${ruleId} is disabled`) }; + return { error: createBackfillError(`Rule ${ruleId} is disabled`, ruleId, rule.name) }; } // check that the rule type is supported @@ -332,8 +329,9 @@ function getRuleOrError( if (isLifecycleRule) { return { error: createBackfillError( - 'Bad Request', - `Rule type "${rule.alertTypeId}" for rule ${ruleId} is not supported` + `Rule type "${rule.alertTypeId}" for rule ${ruleId} is not supported`, + ruleId, + rule.name ), }; } @@ -341,7 +339,7 @@ function getRuleOrError( // check that the API key is not null if (!rule.apiKey) { return { - error: createBackfillError('Bad Request', `Rule ${ruleId} has no API key`), + error: createBackfillError(`Rule ${ruleId} has no API key`, ruleId, rule.name), }; } diff --git a/x-pack/plugins/alerting/server/backfill_client/lib/create_backfill_error.ts b/x-pack/plugins/alerting/server/backfill_client/lib/create_backfill_error.ts index 050c19f29b1f4..917e9edd0e208 100644 --- a/x-pack/plugins/alerting/server/backfill_client/lib/create_backfill_error.ts +++ b/x-pack/plugins/alerting/server/backfill_client/lib/create_backfill_error.ts @@ -7,6 +7,10 @@ import { ScheduleBackfillError } from '../../application/backfill/methods/schedule/types'; -export function createBackfillError(error: string, message: string): ScheduleBackfillError { - return { error: { error, message } }; +export function createBackfillError( + message: string, + ruleId: string, + ruleName?: string +): ScheduleBackfillError { + return { error: { message, rule: { id: ruleId, ...(ruleName ? { name: ruleName } : {}) } } }; } diff --git a/x-pack/plugins/alerting/server/integration_tests/__snapshots__/alert_as_data_fields.test.ts.snap b/x-pack/plugins/alerting/server/integration_tests/__snapshots__/alert_as_data_fields.test.ts.snap index 6e741c8627070..74c9ce9d49d25 100644 --- a/x-pack/plugins/alerting/server/integration_tests/__snapshots__/alert_as_data_fields.test.ts.snap +++ b/x-pack/plugins/alerting/server/integration_tests/__snapshots__/alert_as_data_fields.test.ts.snap @@ -979,6 +979,11 @@ Object { "required": true, "type": "date", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "required": false, @@ -1225,6 +1230,11 @@ Object { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, @@ -2036,6 +2046,11 @@ Object { "required": true, "type": "date", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "required": false, @@ -2282,6 +2297,11 @@ Object { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, @@ -3093,6 +3113,11 @@ Object { "required": true, "type": "date", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "required": false, @@ -3339,6 +3364,11 @@ Object { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, @@ -4150,6 +4180,11 @@ Object { "required": true, "type": "date", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "required": false, @@ -4396,6 +4431,11 @@ Object { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, @@ -5207,6 +5247,11 @@ Object { "required": true, "type": "date", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "required": false, @@ -5453,6 +5498,11 @@ Object { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, @@ -6270,6 +6320,11 @@ Object { "required": true, "type": "date", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "required": false, @@ -6516,6 +6571,11 @@ Object { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, @@ -7327,6 +7387,11 @@ Object { "required": true, "type": "date", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "required": false, @@ -7573,6 +7638,11 @@ Object { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, @@ -8384,6 +8454,11 @@ Object { "required": true, "type": "date", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "required": false, @@ -8630,6 +8705,11 @@ Object { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, diff --git a/x-pack/plugins/alerting/server/rule_type_registry.test.ts b/x-pack/plugins/alerting/server/rule_type_registry.test.ts index 709533bb898f2..3ee3551a301d5 100644 --- a/x-pack/plugins/alerting/server/rule_type_registry.test.ts +++ b/x-pack/plugins/alerting/server/rule_type_registry.test.ts @@ -312,6 +312,59 @@ describe('Create Lifecycle', () => { ); }); + test('throws if RuleType action groups contain duplicate severity levels', () => { + const ruleType: RuleType< + never, + never, + never, + never, + never, + 'high' | 'medium' | 'low' | 'nodata', + 'recovered', + {} + > = { + id: 'test', + name: 'Test', + actionGroups: [ + { + id: 'high', + name: 'Default', + severity: { level: 3 }, + }, + { + id: 'medium', + name: 'Default', + severity: { level: 0 }, + }, + { + id: 'low', + name: 'Default', + severity: { level: 0 }, + }, + { + id: 'nodata', + name: 'Default', + }, + ], + defaultActionGroupId: 'medium', + minimumLicenseRequired: 'basic', + isExportable: true, + executor: jest.fn(), + category: 'test', + producer: 'alerts', + validate: { + params: { validate: (params) => params }, + }, + }; + const registry = new RuleTypeRegistry(ruleTypeRegistryParams); + + expect(() => registry.register(ruleType)).toThrowError( + new Error( + `Rule type [id="${ruleType.id}"] cannot be registered. Action group definitions cannot contain duplicate severity levels.` + ) + ); + }); + test('allows an RuleType to specify a custom recovery group', () => { const ruleType: RuleType = { @@ -380,6 +433,59 @@ describe('Create Lifecycle', () => { expect(registry.get('test').ruleTaskTimeout).toBe('13m'); }); + test('allows RuleType action groups to specify severity levels', () => { + const actionGroups: Array> = [ + { + id: 'high', + name: 'Default', + severity: { level: 2 }, + }, + { + id: 'medium', + name: 'Default', + severity: { level: 1 }, + }, + { + id: 'low', + name: 'Default', + severity: { level: 0 }, + }, + { + id: 'nodata', + name: 'Default', + }, + ]; + const ruleType: RuleType< + never, + never, + never, + never, + never, + 'high' | 'medium' | 'low' | 'nodata', + 'recovered', + {} + > = { + id: 'test', + name: 'Test', + actionGroups, + defaultActionGroupId: 'medium', + minimumLicenseRequired: 'basic', + isExportable: true, + executor: jest.fn(), + category: 'test', + producer: 'alerts', + validate: { + params: { validate: (params) => params }, + }, + }; + const registry = new RuleTypeRegistry(ruleTypeRegistryParams); + registry.register(ruleType); + expect(registry.get('test').actionGroups).toEqual([ + ...actionGroups, + { id: 'recovered', name: 'Recovered' }, + ]); + }); + test('throws if the custom recovery group is contained in the RuleType action groups', () => { const ruleType: RuleType< never, diff --git a/x-pack/plugins/alerting/server/rule_type_registry.ts b/x-pack/plugins/alerting/server/rule_type_registry.ts index 50ab1f113ab8b..d1ffe59df3b6f 100644 --- a/x-pack/plugins/alerting/server/rule_type_registry.ts +++ b/x-pack/plugins/alerting/server/rule_type_registry.ts @@ -508,6 +508,27 @@ function augmentActionGroupsWithReserved< ); } + const activeActionGroupSeverities = new Set(); + actionGroups.forEach((actionGroup) => { + if (!!actionGroup.severity) { + if (activeActionGroupSeverities.has(actionGroup.severity.level)) { + throw new Error( + i18n.translate( + 'xpack.alerting.ruleTypeRegistry.register.duplicateActionGroupSeverityError', + { + defaultMessage: + 'Rule type [id="{id}"] cannot be registered. Action group definitions cannot contain duplicate severity levels.', + values: { + id, + }, + } + ) + ); + } + activeActionGroupSeverities.add(actionGroup.severity.level); + } + }); + return { ...ruleType, ...(config?.rules?.overwriteProducer ? { producer: config.rules.overwriteProducer } : {}), diff --git a/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.test.ts b/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.test.ts index e54e2570ada09..cb0e7dc6ac03a 100644 --- a/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.test.ts +++ b/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.test.ts @@ -80,6 +80,7 @@ describe('rule_type_registry_deprecated_consumers', () => { "test.patternLongRunning.cancelAlertsOnRuleTimeout", "test.patternSuccessOrFailure", "test.restricted-noop", + "test.severity", "test.throw", "test.unrestricted-noop", "test.validation", diff --git a/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.ts b/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.ts index e91e99203e8d4..e6979c9f44822 100644 --- a/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.ts +++ b/x-pack/plugins/alerting/server/rule_type_registry_deprecated_consumers.ts @@ -73,6 +73,7 @@ export const ruleTypeIdWithValidLegacyConsumers: Record = { 'test.patternLongRunning.cancelAlertsOnRuleTimeout': [ALERTING_FEATURE_ID], 'test.patternSuccessOrFailure': [ALERTING_FEATURE_ID], 'test.restricted-noop': [ALERTING_FEATURE_ID], + 'test.severity': [ALERTING_FEATURE_ID], 'test.throw': [ALERTING_FEATURE_ID], 'test.unrestricted-noop': [ALERTING_FEATURE_ID], 'test.validation': [ALERTING_FEATURE_ID], diff --git a/x-pack/plugins/alerting/server/task_runner/ad_hoc_task_runner.test.ts b/x-pack/plugins/alerting/server/task_runner/ad_hoc_task_runner.test.ts index f532fdf04eed9..f768f85d17748 100644 --- a/x-pack/plugins/alerting/server/task_runner/ad_hoc_task_runner.test.ts +++ b/x-pack/plugins/alerting/server/task_runner/ad_hoc_task_runner.test.ts @@ -67,6 +67,7 @@ import { ALERT_FLAPPING, ALERT_FLAPPING_HISTORY, ALERT_INSTANCE_ID, + ALERT_SEVERITY_IMPROVING, ALERT_MAINTENANCE_WINDOW_IDS, ALERT_RULE_CATEGORY, ALERT_RULE_CONSUMER, @@ -483,6 +484,7 @@ describe('Ad Hoc Task Runner', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [true], [ALERT_INSTANCE_ID]: '1', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_CONSECUTIVE_MATCHES]: 1, [ALERT_RULE_CATEGORY]: 'My test rule', diff --git a/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts b/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts index 2a13bd4cd7c54..69bc11bc48dc8 100644 --- a/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts +++ b/x-pack/plugins/alerting/server/task_runner/task_runner_alerts_client.test.ts @@ -98,6 +98,7 @@ import { VERSION, ALERT_CONSECUTIVE_MATCHES, ALERT_RULE_EXECUTION_TIMESTAMP, + ALERT_SEVERITY_IMPROVING, } from '@kbn/rule-data-utils'; import { backfillClientMock } from '../backfill_client/backfill_client.mock'; import { ConnectorAdapterRegistry } from '../connector_adapters/connector_adapter_registry'; @@ -570,6 +571,7 @@ describe('Task Runner', () => { [ALERT_FLAPPING]: false, [ALERT_FLAPPING_HISTORY]: [true], [ALERT_INSTANCE_ID]: '1', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_MAINTENANCE_WINDOW_IDS]: [], [ALERT_RULE_CATEGORY]: 'My test rule', [ALERT_RULE_CONSUMER]: 'bar', diff --git a/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.component.tsx b/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.component.tsx index 24dcde46cf902..5c424961d7f50 100644 --- a/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.component.tsx +++ b/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.component.tsx @@ -158,14 +158,14 @@ export const EditorMenu: FC = ({ items: [ ...visTypeAliases.map(getVisTypeAliasMenuItem), ...getAddPanelActionMenuItems(closePopover), + ...ungroupedFactories.map(getEmbeddableFactoryMenuItem), + ...promotedVisTypes.map(getVisTypeMenuItem), ...Object.values(factoryGroupMap).map(({ id, appName, icon, panelId }) => ({ name: appName, icon, panel: panelId, 'data-test-subj': `canvasEditorMenu-${id}Group`, })), - ...ungroupedFactories.map(getEmbeddableFactoryMenuItem), - ...promotedVisTypes.map(getVisTypeMenuItem), ], }, ...Object.values(factoryGroupMap).map( diff --git a/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.tsx b/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.tsx index 4e50d56f3cb77..fd644903ac25d 100644 --- a/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.tsx +++ b/x-pack/plugins/canvas/public/components/workpad_header/editor_menu/editor_menu.tsx @@ -7,7 +7,12 @@ import React, { FC, useCallback, useEffect, useMemo, useState } from 'react'; import { useLocation } from 'react-router-dom'; -import { BaseVisType, VisGroups, VisTypeAlias } from '@kbn/visualizations-plugin/public'; +import { + VisGroups, + type BaseVisType, + type VisTypeAlias, + type VisParams, +} from '@kbn/visualizations-plugin/public'; import { EmbeddableFactory, EmbeddableFactoryDefinition, @@ -201,13 +206,17 @@ export const EditorMenu: FC = ({ addElement }) => { .map(({ factory }) => factory); const promotedVisTypes = getVisTypesByGroup(VisGroups.PROMOTED); + const legacyVisTypes = getVisTypesByGroup(VisGroups.LEGACY); return ( >).concat( + promotedVisTypes, + legacyVisTypes + )} factories={factories} addPanelActions={addPanelActions} visTypeAliases={visTypeAliases} diff --git a/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx b/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx index dcdebf3bf9cd1..82e011366e884 100644 --- a/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx +++ b/x-pack/plugins/cases/public/components/all_cases/all_cases_list.tsx @@ -132,7 +132,7 @@ export const AllCasesList = React.memo( const { selectedColumns, setSelectedColumns } = useCasesColumnsSelection(); - const { columns, isLoadingColumns } = useCasesColumns({ + const { columns, isLoadingColumns, rowHeader } = useCasesColumns({ filterStatus: filterOptions.status ?? [], userProfiles: userProfiles ?? new Map(), isSelectorView, @@ -228,6 +228,7 @@ export const AllCasesList = React.memo( /> ; tableRowProps: EuiBasicTableProps['rowProps']; isLoadingColumns: boolean; + rowHeader?: string; } export const CasesTable: FunctionComponent = ({ @@ -52,6 +53,7 @@ export const CasesTable: FunctionComponent = ({ tableRef, tableRowProps, isLoadingColumns, + rowHeader, }) => { const { permissions } = useCasesContext(); const { getCreateCaseUrl, navigateToCreateCase } = useCreateCaseNavigation(); @@ -81,6 +83,7 @@ export const CasesTable: FunctionComponent = ({ { }, ], "isLoadingColumns": false, + "rowHeader": "title", } `); }); @@ -256,6 +257,7 @@ describe('useCasesColumns ', () => { }, ], "isLoadingColumns": false, + "rowHeader": "title", } `); }); @@ -310,6 +312,7 @@ describe('useCasesColumns ', () => { }, ], "isLoadingColumns": false, + "rowHeader": "title", } `); }); @@ -358,6 +361,7 @@ describe('useCasesColumns ', () => { }, ], "isLoadingColumns": false, + "rowHeader": "title", } `); }); @@ -406,6 +410,7 @@ describe('useCasesColumns ', () => { }, ], "isLoadingColumns": false, + "rowHeader": "title", } `); }); @@ -486,6 +491,7 @@ describe('useCasesColumns ', () => { }, ], "isLoadingColumns": false, + "rowHeader": "title", } `); }); @@ -605,6 +611,7 @@ describe('useCasesColumns ', () => { }, ], "isLoadingColumns": false, + "rowHeader": "title", } `); }); diff --git a/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.tsx b/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.tsx index c5f98fec4a3eb..efdc443366886 100644 --- a/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.tsx +++ b/x-pack/plugins/cases/public/components/all_cases/use_cases_columns.tsx @@ -74,6 +74,7 @@ export interface GetCasesColumn { export interface UseCasesColumnsReturnValue { columns: CasesColumns[]; isLoadingColumns: boolean; + rowHeader: string; } export const useCasesColumns = ({ @@ -371,7 +372,7 @@ export const useCasesColumns = ({ columns.push(actions); } - return { columns, isLoadingColumns }; + return { columns, isLoadingColumns, rowHeader: casesColumnsConfig.title.field }; }; interface Props { diff --git a/x-pack/plugins/cases/public/components/files/files_table.tsx b/x-pack/plugins/cases/public/components/files/files_table.tsx index f42d49dc8e003..ace1f5cef24fe 100644 --- a/x-pack/plugins/cases/public/components/files/files_table.tsx +++ b/x-pack/plugins/cases/public/components/files/files_table.tsx @@ -74,6 +74,7 @@ export const FilesTable = ({ caseId, items, pagination, onChange, isLoading }: F { Array [ Object { "data-test-subj": "cases-files-table-filename", + "field": "name", "name": "Name", "render": [Function], "width": "60%", diff --git a/x-pack/plugins/cases/public/components/files/use_files_table_columns.tsx b/x-pack/plugins/cases/public/components/files/use_files_table_columns.tsx index 3a95686bf3a22..d114a77e32347 100644 --- a/x-pack/plugins/cases/public/components/files/use_files_table_columns.tsx +++ b/x-pack/plugins/cases/public/components/files/use_files_table_columns.tsx @@ -27,8 +27,9 @@ export const useFilesTableColumns = ({ return [ { name: i18n.NAME, + field: 'name', 'data-test-subj': 'cases-files-table-filename', - render: (file: FileJSON) => ( + render: (name: string, file: FileJSON) => ( showPreview(file)} /> ), width: '60%', diff --git a/x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts b/x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts index 5d10b5ee4c9a0..3033da7b043b9 100644 --- a/x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts +++ b/x-pack/plugins/cloud_security_posture/common/schemas/csp_finding.ts @@ -11,7 +11,7 @@ import { CspBenchmarkRuleMetadata } from '../types/latest'; export interface CspFinding { '@timestamp': string; - cluster_id: string; + cluster_id?: string; orchestrator?: CspFindingOrchestrator; cloud?: CspFindingCloud; // only available on CSPM findings result: CspFindingResult; @@ -33,11 +33,12 @@ interface CspFindingOrchestrator { } interface CspFindingCloud { - provider: 'aws'; + provider: 'aws' | 'azure' | 'gcp'; account: { name: string; id: string; }; + region?: string; } interface CspFindingResult { diff --git a/x-pack/plugins/cloud_security_posture/public/components/cloud_security_grouping/use_cloud_security_grouping.ts b/x-pack/plugins/cloud_security_posture/public/components/cloud_security_grouping/use_cloud_security_grouping.ts index ea1aee0ffcef7..d9e7ac07b9dbd 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/cloud_security_grouping/use_cloud_security_grouping.ts +++ b/x-pack/plugins/cloud_security_posture/public/components/cloud_security_grouping/use_cloud_security_grouping.ts @@ -128,6 +128,7 @@ export const useCloudSecurityGrouping = ({ query, error, selectedGroup, + urlQuery, setUrlQuery, uniqueValue, isNoneSelected, diff --git a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx b/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx index ad3e482f614f5..1dcb9454a176a 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.test.tsx @@ -12,7 +12,6 @@ import { renderWrapper } from '../../test/mock_server/mock_server_test_provider' import { NoFindingsStates } from './no_findings_states'; import * as statusHandlers from '../../../server/routes/status/status.handlers.mock'; import * as benchmarksHandlers from '../../../server/routes/benchmarks/benchmarks.handlers.mock'; -import { fleetCspPackageHandler } from './no_findings_states.handlers.mock'; const server = setupMockServer(); @@ -23,10 +22,6 @@ const renderNoFindingsStates = (postureType: 'cspm' | 'kspm' = 'cspm') => { describe('NoFindingsStates', () => { startMockServer(server); - beforeEach(() => { - server.use(fleetCspPackageHandler); - }); - it('shows integrations installation prompt with installation links when integration is not-installed', async () => { server.use(statusHandlers.notInstalledHandler); renderNoFindingsStates(); diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts new file mode 100644 index 0000000000000..38e4edf46f77a --- /dev/null +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts @@ -0,0 +1,236 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { estypes } from '@elastic/elasticsearch'; +import { CspFinding } from '../../../common/schemas/csp_finding'; +import { isArray } from 'lodash'; +import { http, HttpResponse } from 'msw'; +import { v4 as uuidV4 } from 'uuid'; + +export const generateCspFinding = ( + id: string, + evaluation: 'failed' | 'passed' = 'passed' +): CspFinding => { + const timeFiveHoursAgo = Date.now() - 18000000; + const timeFiveHoursAgoToIsoString = new Date(timeFiveHoursAgo).toISOString(); + + return { + agent: { + name: 'cloudbeatVM', + id: `agent-${id}`, + type: 'cloudbeat', + version: '8.13.2', + }, + resource: { + account_id: `/subscriptions/${id}`, + sub_type: 'azure-disk', + account_name: 'csp-team', + name: `disk_${id}`, + id: `/subscriptions/${id}/test/disks/disk_${id}`, + region: 'eastus', + type: 'cloud-compute', + raw: { + id: `/subscriptions/${id}/test/disks/disk_${id}`, + name: `disk_${id}`, + type: 'microsoft.compute/disks', + location: 'eastus', + properties: { + publicNetworkAccess: 'Enabled', + osType: 'Linux', + }, + }, + }, + rule: { + rego_rule_id: 'AZU-1.0-1.0', + references: 'https://elastic.co', + impact: `impact ${id}`, + description: `description ${id}`, + section: `Section ${id}`, + default_value: '', + version: '1.0', + rationale: `rationale ${id}`, + benchmark: { + name: 'CIS Microsoft Azure Foundations', + rule_number: `1.1.${id}`, + id: 'cis_azure', + version: 'v2.0.0', + posture_type: 'cspm', + }, + tags: ['CIS', 'AZURE', 'CIS 1.0', `Section ${id}`], + remediation: `remediation ${id}`, + audit: `audit ${id}`, + name: `Name ${id}`, + id: `rule-${id}`, + profile_applicability: 'profile', + }, + result: { + evaluation, + evidence: { + Resource: { + name: `disk_${id}`, + location: 'eastus', + type: 'microsoft.compute/disks', + properties: { + publicNetworkAccess: 'Enabled', + osType: 'Linux', + }, + }, + }, + }, + cloud: { + provider: 'azure', + region: 'eastus', + account: { + name: 'test', + id: `/subscriptions/${id}`, + }, + }, + '@timestamp': timeFiveHoursAgoToIsoString, + ecs: { + version: '8.6.0', + }, + host: { + name: `host ${id}`, + id: `host-${id}`, + containerized: false, + ip: ['0.0.0.0'], + mac: ['00:00:00:00:00:00'], + hostname: `host-${id}`, + architecture: 'x86_64', + os: { + kernel: '4.19.0-16-cloud-amd64', + codename: 'buster', + type: 'linux', + platform: 'debian', + version: '10.3', + family: 'debian', + name: 'Debian GNU/Linux', + }, + }, + event: { + agent_id_status: 'auth_metadata_missing', + sequence: 1715693351, + ingested: timeFiveHoursAgoToIsoString, + created: timeFiveHoursAgoToIsoString, + kind: 'state', + id: `event-${id}`, + type: ['info'], + category: ['configuration'], + dataset: 'cloud_security_posture.findings', + outcome: 'success', + }, + }; +}; + +export const generateFindingHit = (finding: CspFinding) => { + return { + _index: 'logs-cloud_security_posture.findings_latest-default', + _id: uuidV4(), + _score: null, + _source: finding, + sort: [1715693387715], + }; +}; + +const getFindingsBsearchResponse = (findings: CspFinding[]) => { + const buckets = findings.reduce( + (acc, finding) => { + if (finding.result.evaluation === 'failed') { + acc[0].doc_count = (acc[0].doc_count || 0) + 1; + } else { + acc[1].doc_count = (acc[1].doc_count || 0) + 1; + } + return acc; + }, + [ + { + key: 'failed', + doc_count: 0, + }, + { + key: 'passed', + doc_count: 0, + }, + ] + ); + + return { + id: 0, + result: { + rawResponse: { + took: 1, + timed_out: false, + _shards: { + total: 1, + successful: 1, + skipped: 0, + failed: 0, + }, + hits: { + total: findings.length, + max_score: null, + hits: findings.map(generateFindingHit), + }, + aggregations: { + count: { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 0, + buckets, + }, + }, + }, + isPartial: false, + isRunning: false, + total: 1, + loaded: 1, + isRestored: false, + }, + }; +}; + +export const rulesGetStatesHandler = http.get( + 'internal/cloud_security_posture/rules/_get_states', + () => { + return HttpResponse.json({}); + } +); + +export const bsearchFindingsHandler = (findings: CspFinding[]) => + http.post('internal/bsearch', async ({ request }) => { + const jsonRequest = (await request.json()) as Partial; + + const filter = jsonRequest?.query?.bool?.filter; + + const hasRuleSectionQuerySearchTerm = + isArray(filter) && + isArray(filter[0]?.bool?.should) && + filter[0]?.bool?.should?.[0]?.term?.['rule.section']?.value !== undefined; + + if (hasRuleSectionQuerySearchTerm) { + const filteredFindingJson = findings.filter((finding) => { + const termValue = (filter[0].bool?.should as estypes.QueryDslQueryContainer[])?.[0]?.term?.[ + 'rule.section' + ]?.value; + return finding.rule.section === termValue; + }); + + return HttpResponse.json(getFindingsBsearchResponse(filteredFindingJson)); + } + + const hasRuleSectionFilter = + isArray(filter) && filter?.[0]?.match_phrase?.['rule.section'] !== undefined; + + if (hasRuleSectionFilter) { + const filteredFindingJson = findings.filter((finding) => { + return finding.rule.section === filter?.[0]?.match_phrase?.['rule.section']; + }); + + return HttpResponse.json(getFindingsBsearchResponse(filteredFindingJson)); + } + + return HttpResponse.json(getFindingsBsearchResponse(findings)); + }); diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.test.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.test.tsx index c955cc847a6c9..5cc82042c4727 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.test.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.test.tsx @@ -5,246 +5,276 @@ * 2.0. */ import React from 'react'; -import Chance from 'chance'; -import type { UseQueryResult } from '@tanstack/react-query'; -import { of } from 'rxjs'; -import { useDataView } from '../../common/api/use_data_view'; +import { + getMockServerDependencies, + setupMockServer, + startMockServer, +} from '../../test/mock_server/mock_server'; +import { renderWrapper } from '../../test/mock_server/mock_server_test_provider'; import { Configurations } from './configurations'; -import { TestProvider } from '../../test/test_provider'; -import { dataPluginMock } from '@kbn/data-plugin/public/mocks'; -import { createStubDataView } from '@kbn/data-views-plugin/public/data_views/data_view.stub'; -import { CSP_LATEST_FINDINGS_DATA_VIEW } from '../../../common/constants'; -import * as TEST_SUBJECTS from './test_subjects'; -import type { DataView } from '@kbn/data-plugin/common'; -import { useCspSetupStatusApi } from '../../common/api/use_setup_status_api'; -import { useSubscriptionStatus } from '../../common/hooks/use_subscription_status'; -import { createReactQueryResponse } from '../../test/fixtures/react_query'; -import { useCISIntegrationPoliciesLink } from '../../common/navigation/use_navigate_to_cis_integration_policies'; -import { useCspIntegrationLink } from '../../common/navigation/use_csp_integration_link'; -import { NO_FINDINGS_STATUS_TEST_SUBJ } from '../../components/test_subjects'; -import { render } from '@testing-library/react'; -import { expectIdsInDoc } from '../../test/utils'; -import { PACKAGE_NOT_INSTALLED_TEST_SUBJECT } from '../../components/cloud_posture_page'; -import { useLicenseManagementLocatorApi } from '../../common/api/use_license_management_locator_api'; - -jest.mock('../../common/api/use_data_view'); -jest.mock('../../common/api/use_setup_status_api'); -jest.mock('../../common/api/use_license_management_locator_api'); -jest.mock('../../common/hooks/use_subscription_status'); -jest.mock('../../common/navigation/use_navigate_to_cis_integration_policies'); -jest.mock('../../common/navigation/use_csp_integration_link'); - -const chance = new Chance(); - -beforeEach(() => { - jest.clearAllMocks(); - - (useSubscriptionStatus as jest.Mock).mockImplementation(() => - createReactQueryResponse({ - status: 'success', - data: true, - }) - ); +import { fireEvent, screen, waitFor, within } from '@testing-library/react'; +import { MemoryRouter } from '@kbn/shared-ux-router'; +import { findingsNavigation } from '../../common/navigation/constants'; +import userEvent from '@testing-library/user-event'; +import { FilterManager } from '@kbn/data-plugin/public'; +import { CspClientPluginStartDeps } from '../../types'; +import * as statusHandlers from '../../../server/routes/status/status.handlers.mock'; +import { + bsearchFindingsHandler, + generateCspFinding, + rulesGetStatesHandler, +} from './configurations.handlers.mock'; - (useLicenseManagementLocatorApi as jest.Mock).mockImplementation(() => - createReactQueryResponse({ - status: 'success', - data: true, - }) - ); -}); +const server = setupMockServer(); -const renderFindingsPage = () => { - render( - +const renderFindingsPage = (dependencies = getMockServerDependencies()) => { + return renderWrapper( + - + , + dependencies ); }; describe('', () => { - it('no findings state: not-deployed - shows NotDeployed instead of findings', () => { - (useCspSetupStatusApi as jest.Mock).mockImplementation(() => - createReactQueryResponse({ - status: 'success', - data: { - kspm: { status: 'not-deployed' }, - cspm: { status: 'not-deployed' }, - indicesDetails: [ - { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' }, - { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' }, - ], - }, - }) - ); - (useCISIntegrationPoliciesLink as jest.Mock).mockImplementation(() => chance.url()); - (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url()); + startMockServer(server); + + beforeEach(() => { + server.use(rulesGetStatesHandler); + }); + it('renders integrations installation prompt if integration is not installed', async () => { + server.use(statusHandlers.notInstalledHandler); renderFindingsPage(); - expectIdsInDoc({ - be: [NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED], - notToBe: [ - TEST_SUBJECTS.FINDINGS_CONTAINER, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT, - NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED, - ], - }); + expect(screen.getByText(/loading/i)).toBeInTheDocument(); + await waitFor(() => expect(screen.getByText(/add cspm integration/i)).toBeInTheDocument()); + expect(screen.getByText(/add kspm integration/i)).toBeInTheDocument(); }); - it('no findings state: indexing - shows Indexing instead of findings', () => { - (useCspSetupStatusApi as jest.Mock).mockImplementation(() => - createReactQueryResponse({ - status: 'success', - data: { - kspm: { status: 'indexing' }, - cspm: { status: 'indexing' }, - indicesDetails: [ - { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' }, - { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' }, - ], - }, - }) - ); - (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url()); + it("renders the 'latest findings' DataTable component when the CSPM/KSPM integration status is 'indexed' grouped by 'none'", async () => { + const finding1 = generateCspFinding('0001', 'failed'); + const finding2 = generateCspFinding('0002', 'passed'); + server.use(statusHandlers.indexedHandler); + server.use(bsearchFindingsHandler([finding1, finding2])); renderFindingsPage(); - expectIdsInDoc({ - be: [NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING], - notToBe: [ - TEST_SUBJECTS.FINDINGS_CONTAINER, - NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT, - NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED, - ], - }); - }); + // Loading while checking the status API + expect(screen.getByText(/loading/i)).toBeInTheDocument(); - it('no findings state: index-timeout - shows IndexTimeout instead of findings', () => { - (useCspSetupStatusApi as jest.Mock).mockImplementation(() => - createReactQueryResponse({ - status: 'success', - data: { - kspm: { status: 'index-timeout' }, - cspm: { status: 'index-timeout' }, - indicesDetails: [ - { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' }, - { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' }, - ], - }, - }) + await waitFor(() => + expect(screen.getByTestId('latest_findings_container')).toBeInTheDocument() ); - (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url()); + // loading findings + await waitFor(() => expect(screen.getByText(/loading results/i)).toBeInTheDocument()); - renderFindingsPage(); + await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument()); - expectIdsInDoc({ - be: [NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT], - notToBe: [ - TEST_SUBJECTS.FINDINGS_CONTAINER, - NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING, - NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED, - ], - }); + expect(screen.getByText(finding1.resource.name)).toBeInTheDocument(); + expect(screen.getByText(finding1.resource.id)).toBeInTheDocument(); + expect(screen.getByText(finding1.rule.benchmark.rule_number as string)).toBeInTheDocument(); + expect(screen.getByText(finding1.rule.name)).toBeInTheDocument(); + expect(screen.getByText(finding1.rule.section)).toBeInTheDocument(); + + expect(screen.getByText(finding2.resource.name)).toBeInTheDocument(); + expect(screen.getByText(finding2.resource.id)).toBeInTheDocument(); + expect(screen.getByText(finding2.rule.benchmark.rule_number as string)).toBeInTheDocument(); + expect(screen.getByText(finding2.rule.name)).toBeInTheDocument(); + expect(screen.getByText(finding2.rule.section)).toBeInTheDocument(); + + expect(screen.getByText(/group findings by: none/i)).toBeInTheDocument(); }); - it('no findings state: unprivileged - shows Unprivileged instead of findings', () => { - (useCspSetupStatusApi as jest.Mock).mockImplementation(() => - createReactQueryResponse({ - status: 'success', - data: { - kspm: { status: 'unprivileged' }, - cspm: { status: 'unprivileged' }, - indicesDetails: [ - { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' }, - { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' }, - ], - }, - }) - ); - (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url()); + describe('SearchBar', () => { + it('set search query', async () => { + const finding1 = generateCspFinding('0001', 'failed'); + const finding2 = generateCspFinding('0002', 'passed'); - renderFindingsPage(); + server.use(statusHandlers.indexedHandler); + server.use(bsearchFindingsHandler([finding1, finding2])); + + renderFindingsPage(); + + // Loading while checking the status API + expect(screen.getByText(/loading/i)).toBeInTheDocument(); + + await waitFor(() => + expect(screen.getByTestId('latest_findings_container')).toBeInTheDocument() + ); + // loading findings + await waitFor(() => expect(screen.getByText(/loading results/i)).toBeInTheDocument()); - expectIdsInDoc({ - be: [NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED], - notToBe: [ - TEST_SUBJECTS.FINDINGS_CONTAINER, - NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT, - ], + await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument()); + + const queryInput = screen.getByTestId('queryInput'); + userEvent.paste(queryInput, `rule.section : ${finding1.rule.section}`); + + const submitButton = screen.getByTestId('querySubmitButton'); + userEvent.click(submitButton); + + await waitFor(() => expect(screen.getByText(/1 findings/i)).toBeInTheDocument()); + + expect(screen.getByText(finding1.resource.name)).toBeInTheDocument(); + expect(screen.queryByText(finding2.resource.id)).not.toBeInTheDocument(); + + userEvent.clear(queryInput); + userEvent.click(submitButton); + await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument()); }); - }); + it('renders no results message and reset button when search query does not match', async () => { + const finding1 = generateCspFinding('0001', 'failed'); + const finding2 = generateCspFinding('0002', 'passed'); - it("renders the success state component when 'latest findings' DataView exists and request status is 'success'", async () => { - const source = await dataPluginMock.createStartContract().search.searchSource.create(); - - (useCspSetupStatusApi as jest.Mock).mockImplementation(() => ({ - status: 'success', - data: { - kspm: { status: 'indexed' }, - cspm: { status: 'indexed' }, - indicesDetails: [ - { index: 'logs-cloud_security_posture.findings_latest-default', status: 'not-empty' }, - { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' }, - { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' }, - ], - }, - })); - (source.fetch$ as jest.Mock).mockReturnValue(of({ rawResponse: { hits: { hits: [] } } })); - - (useDataView as jest.Mock).mockReturnValue({ - status: 'success', - data: createStubDataView({ - spec: { - id: CSP_LATEST_FINDINGS_DATA_VIEW, - }, - }), - } as UseQueryResult); + server.use(statusHandlers.indexedHandler); + server.use(bsearchFindingsHandler([finding1, finding2])); - renderFindingsPage(); + renderFindingsPage(); - expectIdsInDoc({ - be: [TEST_SUBJECTS.LATEST_FINDINGS_CONTAINER], - notToBe: [ - NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT, - NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING, - NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED, - ], + // Loading while checking the status API + expect(screen.getByText(/loading/i)).toBeInTheDocument(); + + await waitFor(() => + expect(screen.getByTestId('latest_findings_container')).toBeInTheDocument() + ); + // loading findings + await waitFor(() => expect(screen.getByText(/loading results/i)).toBeInTheDocument()); + + await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument()); + + const queryInput = screen.getByTestId('queryInput'); + userEvent.paste(queryInput, `rule.section : Invalid`); + + const submitButton = screen.getByTestId('querySubmitButton'); + userEvent.click(submitButton); + + await waitFor(() => + expect(screen.getByText(/no results match your search criteria/i)).toBeInTheDocument() + ); + + const resetButton = screen.getByRole('button', { + name: /reset filters/i, + }); + + userEvent.click(resetButton); + await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument()); }); - }); + it('add filter', async () => { + const finding1 = generateCspFinding('0001', 'failed'); + const finding2 = generateCspFinding('0002', 'passed'); - it('renders integrations installation prompt if integration is not installed', async () => { - (useCspSetupStatusApi as jest.Mock).mockImplementation(() => - createReactQueryResponse({ - status: 'success', - data: { - kspm: { status: 'not-installed' }, - cspm: { status: 'not-installed' }, - indicesDetails: [ - { index: 'logs-cloud_security_posture.findings_latest-default', status: 'empty' }, - { index: 'logs-cloud_security_posture.findings-default*', status: 'empty' }, - ], + server.use(statusHandlers.indexedHandler); + server.use(bsearchFindingsHandler([finding1, finding2])); + + renderFindingsPage(); + + // Loading while checking the status API + expect(screen.getByText(/loading/i)).toBeInTheDocument(); + + await waitFor(() => + expect(screen.getByTestId('latest_findings_container')).toBeInTheDocument() + ); + // loading findings + await waitFor(() => expect(screen.getByText(/loading results/i)).toBeInTheDocument()); + + await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument()); + + userEvent.click(screen.getByTestId('addFilter'), undefined, { skipPointerEventsCheck: true }); + + await waitFor(() => + expect(screen.getByTestId('filterFieldSuggestionList')).toBeInTheDocument() + ); + + const filterFieldSuggestionListInput = within( + screen.getByTestId('filterFieldSuggestionList') + ).getByTestId('comboBoxSearchInput'); + + userEvent.paste(filterFieldSuggestionListInput, 'rule.section'); + userEvent.keyboard('{enter}'); + + const filterOperatorListInput = within(screen.getByTestId('filterOperatorList')).getByTestId( + 'comboBoxSearchInput' + ); + userEvent.click(filterOperatorListInput, undefined, { skipPointerEventsCheck: true }); + + const filterOption = within( + screen.getByTestId('comboBoxOptionsList filterOperatorList-optionsList') + ).getByRole('option', { name: 'is' }); + fireEvent.click(filterOption); + + const filterParamsInput = within(screen.getByTestId('filterParams')).getByRole('textbox'); + userEvent.paste(filterParamsInput, finding1.rule.section); + + userEvent.click(screen.getByTestId('saveFilter'), undefined, { + skipPointerEventsCheck: true, + }); + + await waitFor(() => expect(screen.getByText(/1 findings/i)).toBeInTheDocument()); + expect(screen.getByText(finding1.resource.name)).toBeInTheDocument(); + expect(screen.queryByText(finding2.resource.id)).not.toBeInTheDocument(); + }, 10000); + it('remove filter', async () => { + const finding1 = generateCspFinding('0001', 'failed'); + const finding2 = generateCspFinding('0002', 'passed'); + + const mockedFilterManager = new FilterManager(getMockServerDependencies().core.uiSettings); + mockedFilterManager.setFilters([ + { + meta: { + alias: `rule.section: ${finding1.rule.section}`, + negate: false, + disabled: false, + key: 'rule.section', + value: finding1.rule.section, + }, + query: { + match_phrase: { + 'rule.section': finding1.rule.section, + }, + }, }, - }) - ); - (useCspIntegrationLink as jest.Mock).mockImplementation(() => chance.url()); - renderFindingsPage(); + ]); + const mockDependenciesWithFilter = { + ...getMockServerDependencies(), + deps: { + ...getMockServerDependencies().deps, + data: { + ...getMockServerDependencies().deps.data, + query: { + ...getMockServerDependencies().deps.data!.query, + filterManager: mockedFilterManager, + }, + }, + } as unknown as Partial, + }; + + server.use(statusHandlers.indexedHandler); + server.use(bsearchFindingsHandler([finding1, finding2])); + + renderFindingsPage(mockDependenciesWithFilter); + + // Loading while checking the status API + expect(screen.getByText(/loading/i)).toBeInTheDocument(); + + await waitFor(() => + expect(screen.getByTestId('latest_findings_container')).toBeInTheDocument() + ); + // loading findings + await waitFor(() => expect(screen.getByText(/loading results/i)).toBeInTheDocument()); + + await waitFor(() => expect(screen.getByText(/1 findings/i)).toBeInTheDocument()); + expect(screen.getByText(finding1.resource.name)).toBeInTheDocument(); + expect(screen.queryByText(finding2.resource.id)).not.toBeInTheDocument(); + + const deleteFilter = screen.getByRole('button', { + name: `Delete rule.section: ${finding1.rule.section}`, + }); + userEvent.click(deleteFilter); + + await waitFor(() => expect(screen.getByText(/2 findings/i)).toBeInTheDocument()); - expectIdsInDoc({ - be: [PACKAGE_NOT_INSTALLED_TEST_SUBJECT], - notToBe: [ - TEST_SUBJECTS.LATEST_FINDINGS_CONTAINER, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEX_TIMEOUT, - NO_FINDINGS_STATUS_TEST_SUBJ.NO_AGENTS_DEPLOYED, - NO_FINDINGS_STATUS_TEST_SUBJ.INDEXING, - NO_FINDINGS_STATUS_TEST_SUBJ.UNPRIVILEGED, - ], + expect(screen.getByText(finding1.resource.name)).toBeInTheDocument(); + expect(screen.getByText(finding2.resource.name)).toBeInTheDocument(); }); }); }); diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx index 1452bc60c3bf2..1c94500579e48 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.tsx @@ -11,7 +11,7 @@ import { TrackApplicationView } from '@kbn/usage-collection-plugin/public'; import { LATEST_FINDINGS_INDEX_PATTERN } from '../../../common/constants'; import { useCspSetupStatusApi } from '../../common/api/use_setup_status_api'; import { NoFindingsStates } from '../../components/no_findings_states'; -import { CloudPosturePage } from '../../components/cloud_posture_page'; +import { CloudPosturePage, defaultLoadingRenderer } from '../../components/cloud_posture_page'; import { useDataView } from '../../common/api/use_data_view'; import { cloudPosturePages, findingsNavigation } from '../../common/navigation/constants'; import { LatestFindingsContainer } from './latest_findings/latest_findings_container'; @@ -20,7 +20,7 @@ import { DataViewContext } from '../../common/contexts/data_view_context'; export const Configurations = () => { const location = useLocation(); const dataViewQuery = useDataView(LATEST_FINDINGS_INDEX_PATTERN); - const { data: getSetupStatus } = useCspSetupStatusApi(); + const { data: getSetupStatus, isLoading: getSetupStatusIsLoading } = useCspSetupStatusApi(); const hasConfigurationFindings = getSetupStatus?.kspm.status === 'indexed' || getSetupStatus?.cspm.status === 'indexed'; @@ -29,6 +29,7 @@ export const Configurations = () => { const noFindingsForPostureType = getSetupStatus?.cspm.status !== 'not-installed' ? 'cspm' : 'kspm'; + if (getSetupStatusIsLoading) return defaultLoadingRenderer(); if (!hasConfigurationFindings) return ; const dataViewContextValue = { diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_container.tsx index e1580d9c87848..cfb572116e65c 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_container.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_container.tsx @@ -75,7 +75,7 @@ const SubGrouping = ({ }; export const LatestFindingsContainer = () => { - const { grouping, isFetching, setUrlQuery, onResetFilters, error, isEmptyResults } = + const { grouping, isFetching, urlQuery, setUrlQuery, onResetFilters, error, isEmptyResults } = useLatestFindingsGrouping({ groupPanelRenderer, groupStatsRenderer }); const renderChildComponent = ({ @@ -145,7 +145,7 @@ export const LatestFindingsContainer = () => { if (error || isEmptyResults) { return ( <> - + {error && } {isEmptyResults && } @@ -155,7 +155,7 @@ export const LatestFindingsContainer = () => { return ( <> - +
{renderChildComponent({ level: 0, diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings_grouping.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings_grouping.tsx index 802ed52be9228..47f00a9a1927a 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings_grouping.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/use_latest_findings_grouping.tsx @@ -150,6 +150,7 @@ export const useLatestFindingsGrouping = ({ query, onChangeGroupsItemsPerPage, onChangeGroupsPage, + urlQuery, setUrlQuery, uniqueValue, isNoneSelected, @@ -261,6 +262,7 @@ export const useLatestFindingsGrouping = ({ selectedGroup, onChangeGroupsItemsPerPage, onChangeGroupsPage, + urlQuery, setUrlQuery, isGroupSelected: !isNoneSelected, isGroupLoading: !data, diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/layout/findings_search_bar.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/layout/findings_search_bar.tsx index 43077778c4fdf..755ecb86c73ba 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/layout/findings_search_bar.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/layout/findings_search_bar.tsx @@ -22,10 +22,12 @@ interface FindingsSearchBarProps { setQuery(v: Partial): void; loading: boolean; placeholder?: string; + query: SearchBarQueryProps; } export const FindingsSearchBar = ({ loading, + query, setQuery, placeholder = i18n.translate('xpack.csp.findings.searchBar.searchPlaceholder', { defaultMessage: 'Search findings (eg. rule.section : "API Server" )', @@ -55,6 +57,11 @@ export const FindingsSearchBar = ({ onQuerySubmit={setQuery} onFiltersUpdated={(value: Filter[]) => setQuery({ filters: value })} placeholder={placeholder} + query={{ + query: query?.query?.query || '', + language: query?.query?.language || 'kuery', + }} + filters={query?.filters || []} />
); diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx index fa90d4f6209bd..2e1c93f4218f4 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/hooks/use_latest_vulnerabilities_grouping.tsx @@ -129,6 +129,7 @@ export const useLatestVulnerabilitiesGrouping = ({ query, onChangeGroupsItemsPerPage, onChangeGroupsPage, + urlQuery, setUrlQuery, uniqueValue, isNoneSelected, @@ -194,6 +195,7 @@ export const useLatestVulnerabilitiesGrouping = ({ selectedGroup, onChangeGroupsItemsPerPage, onChangeGroupsPage, + urlQuery, setUrlQuery, isGroupSelected: !isNoneSelected, isGroupLoading: !data, diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_container.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_container.tsx index 4a33228e00bab..6b2ed7aea04db 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_container.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_container.tsx @@ -137,13 +137,13 @@ export const LatestVulnerabilitiesContainer = () => { ); }; - const { grouping, isFetching, setUrlQuery, onResetFilters, error, isEmptyResults } = + const { grouping, isFetching, urlQuery, setUrlQuery, onResetFilters, error, isEmptyResults } = useLatestVulnerabilitiesGrouping({ groupPanelRenderer, groupStatsRenderer }); if (error || isEmptyResults) { return ( <> - + {error && } {isEmptyResults && } @@ -152,7 +152,7 @@ export const LatestVulnerabilitiesContainer = () => { } return ( <> - +
{renderChildComponent({ diff --git a/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/dataview.handlers.mock.ts b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/dataview.handlers.mock.ts new file mode 100644 index 0000000000000..266f7f652d299 --- /dev/null +++ b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/dataview.handlers.mock.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { http, HttpResponse } from 'msw'; + +const generateDataViewField = (name: string, type: 'string' | 'date' = 'string') => ({ + name, + type, + esTypes: [type === 'string' ? 'keyword' : 'date'], + searchable: true, + aggregatable: true, + readFromDocValues: true, + metadata_field: false, +}); + +export const defaultDataViewFindHandler = http.get( + 'http://localhost/internal/data_views/fields', + ({ request }) => { + const url = new URL(request.url); + const pattern = url.searchParams.get('pattern'); + + if (pattern === 'logs-cloud_security_posture.findings_latest-*') { + return HttpResponse.json({ + fields: [ + generateDataViewField('@timestamp', 'date'), + generateDataViewField('resource.id'), + generateDataViewField('resource.name'), + generateDataViewField('resource.sub_type'), + generateDataViewField('result.evaluation'), + generateDataViewField('rule.benchmark.rule_number'), + generateDataViewField('rule.name'), + generateDataViewField('rule.section'), + ], + indices: ['logs-cloud_security_posture.findings_latest-default'], + }); + } + + return HttpResponse.json({ + fields: [], + indices: [], + }); + } +); diff --git a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.handlers.mock.ts b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/fleet.handlers.mock.ts similarity index 89% rename from x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.handlers.mock.ts rename to x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/fleet.handlers.mock.ts index 904083ca86f5c..01065b3339455 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/no_findings_states/no_findings_states.handlers.mock.ts +++ b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/fleet.handlers.mock.ts @@ -7,7 +7,7 @@ import { http, HttpResponse } from 'msw'; -export const fleetCspPackageHandler = http.get( +export const defaultFleetCspPackageHandler = http.get( `/api/fleet/epm/packages/cloud_security_posture`, () => { return HttpResponse.json({ diff --git a/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts index 91eb25630b222..311e3ba1b7a27 100644 --- a/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts +++ b/x-pack/plugins/cloud_security_posture/public/test/mock_server/handlers/index.ts @@ -5,6 +5,8 @@ * 2.0. */ +import { defaultDataViewFindHandler } from './dataview.handlers.mock'; +import { defaultFleetCspPackageHandler } from './fleet.handlers.mock'; import { defaultApiLicensingInfo } from './licensing.handlers.mock'; /** @@ -12,4 +14,8 @@ import { defaultApiLicensingInfo } from './licensing.handlers.mock'; * when the mock server is started, but can be overridden by specific tests when needed. * Recommended to use these handlers for common endpoints. */ -export const defaultHandlers = [defaultApiLicensingInfo]; +export const defaultHandlers = [ + defaultApiLicensingInfo, + defaultDataViewFindHandler, + defaultFleetCspPackageHandler, +]; diff --git a/x-pack/plugins/cloud_security_posture/server/create_indices/create_indices.ts b/x-pack/plugins/cloud_security_posture/server/create_indices/create_indices.ts index 81366e8c07ffe..7a1f49e2ac01f 100644 --- a/x-pack/plugins/cloud_security_posture/server/create_indices/create_indices.ts +++ b/x-pack/plugins/cloud_security_posture/server/create_indices/create_indices.ts @@ -253,7 +253,6 @@ const updateIndexTemplate = async ( }, _meta, composed_of: composedOf.filter((ct) => ct !== STACK_COMPONENT_TEMPLATE_LOGS_SETTINGS), - // @ts-expect-error es client do not contains this yet ignore_missing_component_templates: composedOf.filter((templateName) => templateName.endsWith('@custom') ), diff --git a/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts b/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts index d01ecb03dbaed..aa23555033f5c 100644 --- a/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts +++ b/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts @@ -20,7 +20,7 @@ export const registerCreateRoute = ({ lib: { handleEsError }, }: RouteDependencies) => { const bodySchema = schema.object({ - id: schema.string(), + id: schema.string({ maxLength: 1000 }), remoteCluster: schema.string(), leaderIndexPatterns: schema.arrayOf(schema.string()), followIndexPattern: schema.string(), diff --git a/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts b/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts index 84b6096cb3f5b..d7d3a1dce0ce7 100644 --- a/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts +++ b/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts @@ -21,7 +21,7 @@ export const registerCreateRoute = ({ lib: { handleEsError }, }: RouteDependencies) => { const bodySchema = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), remoteCluster: schema.string(), leaderIndex: schema.string(), maxReadRequestOperationCount: schema.maybe(schema.number()), diff --git a/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx b/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx index a0053c6c64c1c..7682e771ac155 100644 --- a/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx +++ b/x-pack/plugins/data_visualizer/public/application/common/components/filebeat_config_flyout/filebeat_config_flyout.tsx @@ -50,11 +50,9 @@ export const FilebeatConfigFlyout: FC = ({ } = useDataVisualizerKibana(); useEffect(() => { - if (security !== undefined) { - security.authc.getCurrentUser().then((user) => { - setUsername(user.username === undefined ? null : user.username); - }); - } + security.authc.getCurrentUser().then((user) => { + setUsername(user.username === undefined ? null : user.username); + }); }, [security]); useEffect(() => { diff --git a/x-pack/plugins/data_visualizer/public/application/common/types/data_visualizer_plugin.ts b/x-pack/plugins/data_visualizer/public/application/common/types/data_visualizer_plugin.ts index cb2c3d680e5b4..cb2e90f7d4bae 100644 --- a/x-pack/plugins/data_visualizer/public/application/common/types/data_visualizer_plugin.ts +++ b/x-pack/plugins/data_visualizer/public/application/common/types/data_visualizer_plugin.ts @@ -16,7 +16,6 @@ import type { SavedSearchPublicPluginStart } from '@kbn/saved-search-plugin/publ import type { FileUploadPluginStart } from '@kbn/file-upload-plugin/public'; import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public'; import type { MapsStartApi } from '@kbn/maps-plugin/public'; -import type { SecurityPluginSetup } from '@kbn/security-plugin/public'; import type { LensPublicStart } from '@kbn/lens-plugin/public'; import type { IndexPatternFieldEditorStart } from '@kbn/data-view-field-editor-plugin/public'; import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public'; @@ -35,7 +34,6 @@ export interface DataVisualizerStartDependencies { fileUpload: FileUploadPluginStart; maps: MapsStartApi; embeddable: EmbeddableStart; - security?: SecurityPluginSetup; share: SharePluginStart; lens?: LensPublicStart; charts: ChartsPluginStart; diff --git a/x-pack/plugins/data_visualizer/public/application/data_drift/data_drift_app_state.tsx b/x-pack/plugins/data_visualizer/public/application/data_drift/data_drift_app_state.tsx index a7d4af94a62c8..24c995ec0652d 100644 --- a/x-pack/plugins/data_visualizer/public/application/data_drift/data_drift_app_state.tsx +++ b/x-pack/plugins/data_visualizer/public/application/data_drift/data_drift_app_state.tsx @@ -68,7 +68,6 @@ export const DataDriftDetectionAppState: FC = ( maps, embeddable, share, - security, fileUpload, lens, dataViewFieldEditor, @@ -82,7 +81,6 @@ export const DataDriftDetectionAppState: FC = ( maps, embeddable, share, - security, fileUpload, lens, dataViewFieldEditor, diff --git a/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/file_data_visualizer.tsx b/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/file_data_visualizer.tsx index 13b3511fc7fc1..01d9d2c37194f 100644 --- a/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/file_data_visualizer.tsx +++ b/x-pack/plugins/data_visualizer/public/application/file_data_visualizer/file_data_visualizer.tsx @@ -25,15 +25,13 @@ export type FileDataVisualizerSpec = typeof FileDataVisualizer; export const FileDataVisualizer: FC = ({ getAdditionalLinks, resultLinks }) => { const coreStart = getCoreStart(); - const { data, maps, embeddable, share, security, fileUpload, cloud, fieldFormats } = - getPluginsStart(); + const { data, maps, embeddable, share, fileUpload, cloud, fieldFormats } = getPluginsStart(); const services = { ...coreStart, data, maps, embeddable, share, - security, fileUpload, fieldFormats, }; diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_embeddable_wrapper.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_embeddable_wrapper.tsx index 4d547635eb504..a7e57e1e550b6 100644 --- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_embeddable_wrapper.tsx +++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/embeddables/grid_embeddable/field_stats_embeddable_wrapper.tsx @@ -78,7 +78,6 @@ const FieldStatisticsWrapper = (props: FieldStatisticTableEmbeddableProps) => { maps, embeddable, share, - security, fileUpload, lens, dataViewFieldEditor, @@ -92,7 +91,6 @@ const FieldStatisticsWrapper = (props: FieldStatisticTableEmbeddableProps) => { maps, embeddable, share, - security, fileUpload, lens, dataViewFieldEditor, diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx index 2ad7500f7e693..9412f08172c48 100644 --- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx +++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/index_data_visualizer.tsx @@ -311,7 +311,6 @@ export const IndexDataVisualizer: FC = ({ maps, embeddable, share, - security, fileUpload, lens, dataViewFieldEditor, @@ -325,7 +324,6 @@ export const IndexDataVisualizer: FC = ({ maps, embeddable, share, - security, fileUpload, lens, dataViewFieldEditor, diff --git a/x-pack/plugins/elastic_assistant/common/constants.ts b/x-pack/plugins/elastic_assistant/common/constants.ts index d8c2630c1aef8..45b473e848750 100755 --- a/x-pack/plugins/elastic_assistant/common/constants.ts +++ b/x-pack/plugins/elastic_assistant/common/constants.ts @@ -14,6 +14,8 @@ export const POST_ACTIONS_CONNECTOR_EXECUTE = `${BASE_PATH}/actions/connector/{c // Attack discovery export const ATTACK_DISCOVERY = `${BASE_PATH}/attack_discovery`; +export const ATTACK_DISCOVERY_BY_CONNECTOR_ID = `${ATTACK_DISCOVERY}/{connectorId}`; +export const ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID = `${ATTACK_DISCOVERY}/cancel/{connectorId}`; // Model Evaluation export const EVALUATE = `${BASE_PATH}/evaluate`; diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/attack_discovery_schema.mock.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/attack_discovery_schema.mock.ts new file mode 100644 index 0000000000000..156011cfbae14 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/__mocks__/attack_discovery_schema.mock.ts @@ -0,0 +1,128 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { estypes } from '@elastic/elasticsearch'; +import { EsAttackDiscoverySchema } from '../ai_assistant_data_clients/attack_discovery/types'; + +export const getAttackDiscoverySearchEsMock = () => { + const searchResponse: estypes.SearchResponse = { + took: 3, + timed_out: false, + _shards: { + total: 2, + successful: 2, + skipped: 0, + failed: 0, + }, + hits: { + total: { + value: 1, + relation: 'eq', + }, + max_score: 0, + hits: [ + { + _index: 'foo', + _id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', + _source: { + id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd', + '@timestamp': '2024-06-07T18:56:17.357Z', + created_at: '2024-06-07T18:56:17.357Z', + users: [ + { + id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0', + name: 'elastic', + }, + ], + status: 'succeeded', + api_config: { + action_type_id: '.gen-ai', + connector_id: 'my-gpt4o-ai', + }, + attack_discoveries: [ + { + summary_markdown: + 'Critical malware detected on {{ host.name cd854ec0-1096-4ca6-a7b8-582655d6b970 }} involving {{ user.name f19e1a0a-de3b-496c-8ace-dd91229e1084 }}. The malware, identified as {{ file.name My Go Application.app }}, was executed with the command line {{ process.command_line xpcproxy application.Appify by Machine Box.My Go Application.20.23 }}.', + id: 'a45bc1af-e652-4f3b-b8ce-408028f29824', + title: 'Critical Malware Detection', + mitre_attack_tactics: ['Execution', 'Persistence', 'Privilege Escalation'], + alert_ids: [ + '094e59adc680420aeb1e0f872b52e17bd2f61aaddde521d53600f0576062ac4d', + 'fdcb45018d3aac5e7a529a455aedc9276ef89b386ca4dbae1d721dd383577d21', + '82baa43f7514ee7fb107ae032606d33afc6092a9c9a9caeffd1fe120a7640698', + 'aef4302768e19c5413c53203c14624bdf9d0656fa3d1d439c633c9880a2f3f6e', + '04cbafe6d7f965908a9155ae0bc559ce537faaf06266df732d7bd6897c83e77e', + '6f73d978ea02a471eba8d82772dc16f26622628b93fa0a651ce847fe7baf9e64', + '7ff1cd151bfdd2678d9efd4e22bfaf15dbfd89a81f40ea2160769c143ecca082', + 'dee8604204be00bc61112fe81358089a5e4d494ac28c95937758383f391a8cec', + '4c49b1fbcb6f9a4cfb355f56edfbc0d5320cd65f9f720546dd99e51d8d6eef84', + ], + details_markdown: `"""- **Host**: {{ host.name cd854ec0-1096-4ca6-a7b8-582655d6b970 }}\n- **User**: {{ user.name f19e1a0a-de3b-496c-8ace-dd91229e1084 }}\n- **Malware**: {{ file.name My Go Application.app }}\n- **Path**: {{ file.path /private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/37D933EC-334D-410A-A741-0F730D6AE3FD/d/Setup.app/Contents/MacOS/My Go Application.app }}\n- **Command Line**: {{ process.command_line xpcproxy application.Appify by Machine Box.My Go Application.20.23 }}\n- **SHA256**: {{ process.hash.sha256 2c63ba2b1a5131b80e567b7a1a93997a2de07ea20d0a8f5149701c67b832c097 }}\n- **Parent Process**: {{ process.parent.name launchd }}\n- **Parent Command Line**: {{ process.parent.command_line /sbin/launchd }}\n- **Code Signature**: {{ process.code_signature.status code failed to satisfy specified code requirement(s) }}"""`, + entity_summary_markdown: + '{{ host.name cd854ec0-1096-4ca6-a7b8-582655d6b970 }} and {{ user.name f19e1a0a-de3b-496c-8ace-dd91229e1084 }} involved in critical malware detection.', + timestamp: '2024-06-07T21:19:08.090Z', + }, + ], + updated_at: '2024-06-07T21:19:08.090Z', + replacements: [ + { + uuid: 'f19e1a0a-de3b-496c-8ace-dd91229e1084', + value: 'root', + }, + { + uuid: 'cd854ec0-1096-4ca6-a7b8-582655d6b970', + value: 'SRVMAC08', + }, + { + uuid: '3517f073-7f5e-42b4-9c42-e8a25dc9e27e', + value: 'james', + }, + { + uuid: 'f04af949-504e-4374-a31e-447e7d5b252e', + value: 'Administrator', + }, + { + uuid: '7eecfdbb-373a-4cbb-9bf7-e91a0be73b29', + value: 'SRVWIN07-PRIV', + }, + { + uuid: '8b73ea51-4c7a-4caa-a424-5b2495eabd2a', + value: 'SRVWIN07', + }, + { + uuid: '908405b1-fc8b-4fef-9bdf-35895896a1e3', + value: 'SRVWIN06', + }, + { + uuid: '7e8a2687-74d6-47d2-951c-522e21a44853', + value: 'SRVNIX05', + }, + ], + namespace: 'default', + generation_intervals: [ + { + date: '2024-06-07T21:19:08.089Z', + duration_ms: 110906, + }, + { + date: '2024-06-07T20:04:35.715Z', + duration_ms: 104593, + }, + { + date: '2024-06-07T18:58:27.880Z', + duration_ms: 130526, + }, + ], + alerts_context_count: 20, + average_interval_ms: 115341, + }, + }, + ], + }, + }; + return searchResponse; +}; diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/data_clients.mock.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/data_clients.mock.ts index be69365724341..a5196f93b6917 100644 --- a/x-pack/plugins/elastic_assistant/server/__mocks__/data_clients.mock.ts +++ b/x-pack/plugins/elastic_assistant/server/__mocks__/data_clients.mock.ts @@ -8,9 +8,12 @@ import type { PublicMethodsOf } from '@kbn/utility-types'; import { AIAssistantConversationsDataClient } from '../ai_assistant_data_clients/conversations'; import { AIAssistantDataClient } from '../ai_assistant_data_clients'; +import { AttackDiscoveryDataClient } from '../ai_assistant_data_clients/attack_discovery'; type ConversationsDataClientContract = PublicMethodsOf; export type ConversationsDataClientMock = jest.Mocked; +type AttackDiscoveryDataClientContract = PublicMethodsOf; +export type AttackDiscoveryDataClientMock = jest.Mocked; const createConversationsDataClientMock = () => { const mocked: ConversationsDataClientMock = { @@ -32,6 +35,22 @@ export const conversationsDataClientMock: { create: createConversationsDataClientMock, }; +const createAttackDiscoveryDataClientMock = (): AttackDiscoveryDataClientMock => ({ + getAttackDiscovery: jest.fn(), + createAttackDiscovery: jest.fn(), + findAttackDiscoveryByConnectorId: jest.fn(), + updateAttackDiscovery: jest.fn(), + getReader: jest.fn(), + getWriter: jest.fn().mockResolvedValue({ bulk: jest.fn() }), + findDocuments: jest.fn(), +}); + +export const attackDiscoveryDataClientMock: { + create: () => AttackDiscoveryDataClientMock; +} = { + create: createAttackDiscoveryDataClientMock, +}; + type AIAssistantDataClientContract = PublicMethodsOf; export type AIAssistantDataClientMock = jest.Mocked; diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts new file mode 100644 index 0000000000000..1c43f112da2bb --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/__mocks__/raw_attack_discoveries.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/** + * A mock response from invoking the `attack-discovery` tool. + * This is a JSON string that represents the response from the tool + */ +export const getRawAttackDiscoveriesMock = () => + '{\n "alertsContextCount": 20,\n "attackDiscoveries": [\n {\n "alertIds": [\n "9bb601522d0c0b83783488a27a3ede5bd6a788f4f1ceef07cc8f12ac55f27563",\n "b9d6df8ab34e36c6868c097ff28dd01075df85a5ac1f084ef569ee8c6a4cf660",\n "014b433c3436ef5325cadacc35b6cb2ba8932a9c2ea0ba26d899f95c6fb61395",\n "28017987e64abb6ac486f1410f977d97ebd3a7172189cfdf943a48a59b968066"\n ],\n "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed a suspicious process {{ process.name unix1 }} with command line {{ process.command_line /Users/james/unix1 /Users/james/library/Keychains/login.keychain-db TempTemp1234!! }}\\\\n- The process was spawned by another suspicious process {{ process.parent.name My Go Application.app }} with command line {{ process.parent.command_line /private/var/folders/_b/rmcpc65j6nv11ygrs50ctcjr0000gn/T/AppTranslocation/6D63F08A-011C-4511-8556-EAEF9AFD6340/d/Setup.app/Contents/MacOS/My Go Application.app }}\\\\n- The parent process was launched by the system process {{ process.parent.parent.name launchd }}\\\\n- Both the child and parent processes had untrusted code signatures\\\\n- The child process attempted to access the user\'s login keychain, potentially indicating credential theft",\n "entitySummaryMarkdown": "Suspicious activity on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} by {{ user.name 3c8c81bd-0e52-4ce7-a836-48e718dfb6e4 }}",\n "mitreAttackTactics": [\n "Credential Access",\n "Defense Evasion",\n "Execution"\n ],\n "summaryMarkdown": "Suspicious activity detected on a macOS host involving a potentially malicious process attempting to access user credentials. The process was spawned by another untrusted process launched by the system, indicating a multi-stage attack potentially involving credential theft and defense evasion techniques.",\n "title": "Potential Credential Theft on macOS Host"\n },\n {\n "alertIds": [\n "64bcd8a322e6e6aebaee252982d0249cc96bdd75023ea05f58c228a7417c0dfc"\n ],\n "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed the system utility {{ process.name osascript }} with command line {{ process.command_line osascript -e display dialog \\"MacOS wants to access System Preferences\\\\n\\\\t\\\\t\\\\nPlease enter your password.\\" with title \\"System Preferences\\" with icon file \\"System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:ToolbarAdvanced.icns\\" default answer \\"\\" giving up after 30 with hidden answer ¬ }}\\\\n- This appears to be an attempt to phish for user credentials by displaying a fake system dialog\\\\n- The osascript process was spawned by the suspicious process {{ process.parent.name My Go Application.app }} with untrusted code signature",\n "entitySummaryMarkdown": "Potential credential phishing attempt on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} targeting {{ user.name 3c8c81bd-0e52-4ce7-a836-48e718dfb6e4 }}",\n "mitreAttackTactics": [\n "Credential Access",\n "Initial Access",\n "Execution"\n ],\n "summaryMarkdown": "A credential phishing attempt was detected on a macOS host, likely initiated by a malicious process. The attack used osascript to display a fake system dialog prompting the user to enter their password.",\n "title": "Credential Phishing Attempt on macOS"\n },\n {\n "alertIds": [\n "245b60b908ddd84cad06671e273aa7be50699abd27e59423be4415f38c4aeb99",\n "616ac711e967e07a9b725e66aa93321eabf29e4b51f9598a4a11f21ab7ed0f12",\n "035c0295b1c64fd2ebba1b751a3565fd6759942247e9df6e1496c5e332d51840"\n ],\n "detailsMarkdown": "- {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} (macOS {{ host.os.version 13.4 }}) executed a suspicious process {{ process.name My Go Application.app }} with command line {{ process.command_line xpcproxy application.Appify by Machine Box.My Go Application.20.23 }}\\\\n- This process had an untrusted code signature and was launched by the system process {{ process.parent.name launchd }}\\\\n- It appears to have spawned the process {{ process.name unix1 }} in an attempt to obfuscate its activities\\\\n- The unix1 process attempted to make itself executable by running {{ process.name chmod }} with arguments {{ process.command_line chmod 777 /Users/james/unix1 }}",\n "entitySummaryMarkdown": "Suspicious activity involving process obfuscation on {{ host.name cb186c4a-3d70-4878-8ffe-18d84b5df86f }} by {{ user.name fec12d87-2476-4b82-a50d-0829f3815a42 }}",\n "mitreAttackTactics": [\n "Defense Evasion",\n "Execution"\n ],\n "summaryMarkdown": "A suspicious process was detected on a macOS host that appeared to be attempting to obfuscate its activities by spawning other processes and making them executable. The initial process had an untrusted code signature, indicating potentially malicious intent.",\n "title": "Process Obfuscation on macOS Host"\n },\n {\n "alertIds": [\n "54901fb5b0ed88f0c8d737613868a3d62ebc541d31b757349bbe7999d868ce48"\n ],\n "detailsMarkdown": "- {{ host.name 23166d28-d6da-4801-b701-d21ce1a489e5 }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) created a suspicious script file {{ file.path C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.vbs }}\\\\n- The file was created by a Microsoft Word process ({{ process.name WINWORD.EXE }}) with trusted code signature\\\\n- This may indicate an attempt to establish persistence or command-and-control through scripting",\n "entitySummaryMarkdown": "Suspicious script file created on {{ host.name 23166d28-d6da-4801-b701-d21ce1a489e5 }} by {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n "mitreAttackTactics": [\n "Command and Control",\n "Execution"\n ],\n "summaryMarkdown": "A suspicious VBScript file was created on a Windows host, potentially by an compromised Microsoft Word process. This may be an attempt to establish persistence or command-and-control capabilities through scripting.",\n "title": "Suspicious Script File Creation on Windows"\n },\n {\n "alertIds": [\n "7fe0025f2d2b0d32f04b0e533466666967a21a98adae7499cb05add3355b48fc",\n "3875cbad10604636b892d15f7ff753a02a37d3e4bbe91a39a0fcf72f89101e31",\n "bb2767ebef06a5dc2511e2b865f5ed012dfdf20081bc33cab5c9f20b99e01d8f",\n "76d99c72442819a019dfbf3936cda9a6c5713d84a9ae685b2c4e0bb55e5b9862",\n "0f985965cb3d3b14007873290b9fc8f26f1b6ca0945499dfb693787ea6569265"\n ],\n "detailsMarkdown": "- {{ host.name 9a0ea998-7ce5-4dbb-a690-9856eca617ac }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) executed a suspicious PowerShell script {{ process.command_line \\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\\" -exec bypass -file C:\\\\ProgramData\\\\WindowsAppPool\\\\AppPool.ps1 }}\\\\n- The script was launched by the wscript process, which was spawned by a Microsoft Word process ({{ process.parent.name WINWORD.EXE }})\\\\n- The Word process also created a scheduled task to periodically execute the script\\\\n- The PowerShell script appears to be obfuscated, potentially to hide malicious activities\\\\n- This chain of events indicates a multi-stage attack potentially initiated by a malicious Office document",\n "entitySummaryMarkdown": "Suspicious PowerShell activity on {{ host.name 9a0ea998-7ce5-4dbb-a690-9856eca617ac }} by {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n "mitreAttackTactics": [\n "Initial Access",\n "Execution",\n "Defense Evasion"\n ],\n "summaryMarkdown": "A multi-stage attack was detected on a Windows host, potentially initiated by a malicious Microsoft Office document. The attack involved creating a scheduled task to execute an obfuscated PowerShell script, likely to hide malicious activities. This indicates techniques for initial access, execution, and defense evasion.",\n "title": "Multi-Stage Attack on Windows Host"\n },\n {\n "alertIds": [\n "a0c49fb228eca1685bd41df0ab66ca1977140de7916663e7a0918087220dd402",\n "a252ca3096831e3eeab07ab70e9269f98b5a66617b44d709425898813326ca63",\n "0ff7d411ca25a5b851e43562c9c660062624498f908ff4b63590d4b5304682af",\n "4d612c721e432598a5b7ea7bbeb2aaa2944c0a35e263d9984297b5416530c88f"\n ],\n "detailsMarkdown": "- {{ host.name 634eb7d8-0ce0-4591-b5f5-fb65803b89d8 }} (Windows {{ host.os.version 21H2 (10.0.20348.1607) }}) executed a suspicious PowerShell script {{ process.command_line \\"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\\" -ep bypass -file \\"C:\\\\Users\\\\ADMINI~1\\\\AppData\\\\Local\\\\Temp\\\\2\\\\Package Installation Dir\\\\chch.ps1\\" }}\\\\n- The script was launched by the msiexec.exe process, which may indicate an attempt to use a trusted Windows utility for defense evasion\\\\n- Elastic Endpoint detected the Bb malware family in the PowerShell process memory\\\\n- The PowerShell process also made network connections, potentially for command-and-control or data exfiltration",\n "entitySummaryMarkdown": "Malware detected on {{ host.name 634eb7d8-0ce0-4591-b5f5-fb65803b89d8 }} targeting {{ user.name 45bec1b8-eb98-4ddc-aafb-e3f7e02236dc }}",\n "mitreAttackTactics": [\n "Defense Evasion",\n "Execution"\n ],\n "summaryMarkdown": "The B malware was detected on a Windows host, executed through a PowerShell script launched by the msiexec.exe process. This appears to be an attempt to use a trusted Windows utility for defense evasion. The malware process also made network connections, potentially for command-and-control or data exfiltration.",\n "title": "Bb Malware Execution on Windows"\n },\n {\n "alertIds": [\n "764c0944288db1704f7a0fff2db7fe19e8285fa4272dec828ae4186ba0dfd3b3",\n "85672064aeb762a1121139a6d98fd3c5f6be8f18b49e4504c3f5e5a36679afe7"\n ],\n "detailsMarkdown": "- {{ host.name d813c7ba-6141-4292-8f40-c800c27645a4 }} (Linux {{ host.os.version 22.04.1 }}) executed a suspicious process {{ process.command_line sh -c /bin/rm -f /dev/shm/kdmtmpflush;/bin/cp ./74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 /dev/shm/kdmtmpflush && /bin/chmod 755 /dev/shm/kdmtmpflush && /dev/shm/kdmtmpflush --init && /bin/rm -f /dev/shm/kdmtmpflush }}\\\\n- This copied a file with SHA256 hash {{ file.hash.sha256 74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }} to /dev/shm/kdmtmpflush, made it executable, and executed it\\\\n- Elastic Endpoint detected the Door malware family associated with this file",\n "entitySummaryMarkdown": "Malware executed on {{ host.name d813c7ba-6141-4292-8f40-c800c27645a4 }} by {{ user.name fec12d87-2476-4b82-a50d-0829f3815a42 }}",\n "mitreAttackTactics": [\n "Execution"\n ],\n "summaryMarkdown": "The Door malware was executed on a Linux host by copying an untrusted file to a temporary path, making it executable, and running it. This indicates malicious code execution on the compromised system.",\n "title": "Door Malware Execution on Linux"\n }\n ]\n}'; + +export const getRawAttackDiscoveriesReplacementsMock = () => ({ + '3c8c81bd-0e52-4ce7-a836-48e718dfb6e4': 'james', + 'cb186c4a-3d70-4878-8ffe-18d84b5df86f': 'SRVMAC08', + 'fec12d87-2476-4b82-a50d-0829f3815a42': 'root', + '45bec1b8-eb98-4ddc-aafb-e3f7e02236dc': 'Administrator', + '23166d28-d6da-4801-b701-d21ce1a489e5': 'SRVWIN07-PRIV', + '9a0ea998-7ce5-4dbb-a690-9856eca617ac': 'SRVWIN07', + '634eb7d8-0ce0-4591-b5f5-fb65803b89d8': 'SRVWIN06', + 'd813c7ba-6141-4292-8f40-c800c27645a4': 'SRVNIX05', +}); diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts index 0850938633322..2407e09df1e55 100644 --- a/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts +++ b/x-pack/plugins/elastic_assistant/server/__mocks__/request.ts @@ -5,8 +5,15 @@ * 2.0. */ import { httpServerMock } from '@kbn/core/server/mocks'; -import { CAPABILITIES, EVALUATE } from '../../common/constants'; import { + ATTACK_DISCOVERY, + ATTACK_DISCOVERY_BY_CONNECTOR_ID, + ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID, + CAPABILITIES, + EVALUATE, +} from '../../common/constants'; +import { + AttackDiscoveryPostRequestBody, ConversationCreateProps, ConversationUpdateProps, ELASTIC_AI_ASSISTANT_ANONYMIZATION_FIELDS_URL_BULK_ACTION, @@ -188,3 +195,24 @@ export const getAnonymizationFieldsBulkActionRequest = ( }, }, }); + +export const getCancelAttackDiscoveryRequest = (connectorId: string) => + requestMock.create({ + method: 'put', + path: ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID, + params: { connectorId }, + }); + +export const getAttackDiscoveryRequest = (connectorId: string) => + requestMock.create({ + method: 'get', + path: ATTACK_DISCOVERY_BY_CONNECTOR_ID, + params: { connectorId }, + }); + +export const postAttackDiscoveryRequest = (body: AttackDiscoveryPostRequestBody) => + requestMock.create({ + method: 'post', + path: ATTACK_DISCOVERY, + body, + }); diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts index 6c5d9b2bc4d57..c6a9951e89e3e 100644 --- a/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts +++ b/x-pack/plugins/elastic_assistant/server/__mocks__/request_context.ts @@ -14,11 +14,16 @@ import { ElasticAssistantRequestHandlerContext, } from '../types'; import { PluginStartContract as ActionsPluginStart } from '@kbn/actions-plugin/server'; -import { conversationsDataClientMock, dataClientMock } from './data_clients.mock'; +import { + attackDiscoveryDataClientMock, + conversationsDataClientMock, + dataClientMock, +} from './data_clients.mock'; import { AIAssistantConversationsDataClient } from '../ai_assistant_data_clients/conversations'; import { AIAssistantDataClient } from '../ai_assistant_data_clients'; import { AIAssistantKnowledgeBaseDataClient } from '../ai_assistant_data_clients/knowledge_base'; import { defaultAssistantFeatures } from '@kbn/elastic-assistant-common'; +import { AttackDiscoveryDataClient } from '../ai_assistant_data_clients/attack_discovery'; export const createMockClients = () => { const core = coreMock.createRequestHandlerContext(); @@ -36,6 +41,7 @@ export const createMockClients = () => { getAIAssistantConversationsDataClient: conversationsDataClientMock.create(), getAIAssistantKnowledgeBaseDataClient: dataClientMock.create(), getAIAssistantPromptsDataClient: dataClientMock.create(), + getAttackDiscoveryDataClient: attackDiscoveryDataClientMock.create(), getAIAssistantAnonymizationFieldsDataClient: dataClientMock.create(), getSpaceId: jest.fn(), getCurrentUser: jest.fn(), @@ -109,6 +115,10 @@ const createElasticAssistantRequestContextMock = ( () => clients.elasticAssistant.getAIAssistantPromptsDataClient ) as unknown as jest.MockInstance, [], unknown> & (() => Promise), + getAttackDiscoveryDataClient: jest.fn( + () => clients.elasticAssistant.getAttackDiscoveryDataClient + ) as unknown as jest.MockInstance, [], unknown> & + (() => Promise), getAIAssistantKnowledgeBaseDataClient: jest.fn( () => clients.elasticAssistant.getAIAssistantKnowledgeBaseDataClient ) as unknown as jest.MockInstance< diff --git a/x-pack/plugins/elastic_assistant/server/__mocks__/response.ts b/x-pack/plugins/elastic_assistant/server/__mocks__/response.ts index dc5a2ba0e884a..def0a81acea37 100644 --- a/x-pack/plugins/elastic_assistant/server/__mocks__/response.ts +++ b/x-pack/plugins/elastic_assistant/server/__mocks__/response.ts @@ -15,6 +15,8 @@ import { EsPromptsSchema } from '../ai_assistant_data_clients/prompts/types'; import { getPromptsSearchEsMock } from './prompts_schema.mock'; import { EsAnonymizationFieldsSchema } from '../ai_assistant_data_clients/anonymization_fields/types'; import { getAnonymizationFieldsSearchEsMock } from './anonymization_fields_schema.mock'; +import { getAttackDiscoverySearchEsMock } from './attack_discovery_schema.mock'; +import { EsAttackDiscoverySchema } from '../ai_assistant_data_clients/attack_discovery/types'; export const responseMock = { create: httpServerMock.createResponseFactory, @@ -34,6 +36,14 @@ export const getFindConversationsResultWithSingleHit = (): FindResponse => ({ + page: 1, + perPage: 1, + total: 1, + data: getAttackDiscoverySearchEsMock(), + }); + export const getFindPromptsResultWithSingleHit = (): FindResponse => ({ page: 1, perPage: 1, diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/anonymization_fields/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/anonymization_fields/helpers.ts index 7ebfbcf023442..60375a918398c 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/anonymization_fields/helpers.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/anonymization_fields/helpers.ts @@ -53,7 +53,8 @@ export const transformESSearchToAnonymizationFields = ( anonymized: anonymizationFieldSchema.anonymized, updatedAt: anonymizationFieldSchema.updated_at, namespace: anonymizationFieldSchema.namespace, - id: hit._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + id: hit._id!, }; return anonymizationField; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.test.ts new file mode 100644 index 0000000000000..e8ccdbc1d25ca --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.test.ts @@ -0,0 +1,77 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; + +import { createAttackDiscovery } from './create_attack_discovery'; +import { AttackDiscoveryCreateProps, AttackDiscoveryResponse } from '@kbn/elastic-assistant-common'; +import { AuthenticatedUser } from '@kbn/security-plugin-types-common'; +import { getAttackDiscovery } from './get_attack_discovery'; +import { loggerMock } from '@kbn/logging-mocks'; +const mockEsClient = elasticsearchServiceMock.createElasticsearchClient(); +const mockLogger = loggerMock.create(); +jest.mock('./get_attack_discovery'); +const attackDiscoveryCreate: AttackDiscoveryCreateProps = { + attackDiscoveries: [], + apiConfig: { + actionTypeId: 'action-type-id', + connectorId: 'connector-id', + defaultSystemPromptId: 'default-prompt-id', + model: 'model-name', + provider: 'OpenAI', + }, + alertsContextCount: 10, + replacements: { key1: 'value1', key2: 'value2' }, + status: 'running', +}; + +const user = { + username: 'test_user', + profile_uid: '1234', + authentication_realm: { + type: 'my_realm_type', + name: 'my_realm_name', + }, +} as AuthenticatedUser; + +const mockArgs = { + esClient: mockEsClient, + attackDiscoveryIndex: 'attack-discovery-index', + spaceId: 'space-1', + user, + attackDiscoveryCreate, + logger: mockLogger, +}; +const mockGetAttackDiscovery = jest.mocked(getAttackDiscovery); + +describe('createAttackDiscovery', () => { + afterEach(() => { + jest.clearAllMocks(); + }); + + it('should create attack discovery successfully', async () => { + // @ts-expect-error not full response interface + mockEsClient.create.mockResolvedValueOnce({ _id: 'created_id' }); + mockGetAttackDiscovery.mockResolvedValueOnce({ + id: 'created_id', + // ... other attack discovery properties + } as AttackDiscoveryResponse); + + const response = await createAttackDiscovery(mockArgs); + expect(response).not.toBeNull(); + expect(response!.id).toEqual('created_id'); + expect(mockEsClient.create).toHaveBeenCalledTimes(1); + expect(mockGetAttackDiscovery).toHaveBeenCalledTimes(1); + }); + + it('should throw error on elasticsearch create failure', async () => { + mockEsClient.create.mockRejectedValueOnce(new Error('Elasticsearch error')); + await expect(createAttackDiscovery(mockArgs)).rejects.toThrowError('Elasticsearch error'); + expect(mockEsClient.create).toHaveBeenCalledTimes(1); + expect(mockGetAttackDiscovery).not.toHaveBeenCalled(); + }); +}); diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.ts new file mode 100644 index 0000000000000..937c78e4b9eb1 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/create_attack_discovery.ts @@ -0,0 +1,107 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { v4 as uuidv4 } from 'uuid'; +import { ElasticsearchClient, Logger } from '@kbn/core/server'; + +import { AttackDiscoveryCreateProps, AttackDiscoveryResponse } from '@kbn/elastic-assistant-common'; +import { AuthenticatedUser } from '@kbn/security-plugin-types-common'; +import { getAttackDiscovery } from './get_attack_discovery'; +import { CreateAttackDiscoverySchema } from './types'; + +export interface CreateAttackDiscoveryParams { + esClient: ElasticsearchClient; + logger: Logger; + attackDiscoveryIndex: string; + spaceId: string; + user: AuthenticatedUser; + attackDiscoveryCreate: AttackDiscoveryCreateProps; +} + +export const createAttackDiscovery = async ({ + esClient, + attackDiscoveryIndex, + spaceId, + user, + attackDiscoveryCreate, + logger, +}: CreateAttackDiscoveryParams): Promise => { + const createdAt = new Date().toISOString(); + const body = transformToCreateScheme(createdAt, spaceId, user, attackDiscoveryCreate); + const id = attackDiscoveryCreate?.id || uuidv4(); + try { + const response = await esClient.create({ + body, + id, + index: attackDiscoveryIndex, + refresh: 'wait_for', + }); + + const createdAttackDiscovery = await getAttackDiscovery({ + esClient, + attackDiscoveryIndex, + id: response._id, + logger, + user, + }); + return createdAttackDiscovery; + } catch (err) { + logger.error(`Error creating attack discovery: ${err} with id: ${id}`); + throw err; + } +}; + +export const transformToCreateScheme = ( + createdAt: string, + spaceId: string, + user: AuthenticatedUser, + { + attackDiscoveries, + apiConfig, + alertsContextCount, + replacements, + status, + }: AttackDiscoveryCreateProps +): CreateAttackDiscoverySchema => { + return { + '@timestamp': createdAt, + created_at: createdAt, + users: [ + { + id: user.profile_uid, + name: user.username, + }, + ], + status, + api_config: { + action_type_id: apiConfig.actionTypeId, + connector_id: apiConfig.connectorId, + default_system_prompt_id: apiConfig.defaultSystemPromptId, + model: apiConfig.model, + provider: apiConfig.provider, + }, + alerts_context_count: alertsContextCount, + attack_discoveries: attackDiscoveries?.map((attackDiscovery) => ({ + id: attackDiscovery.id, + alert_ids: attackDiscovery.alertIds, + title: attackDiscovery.title, + details_markdown: attackDiscovery.detailsMarkdown, + entity_summary_markdown: attackDiscovery.entitySummaryMarkdown, + mitre_attack_tactics: attackDiscovery.mitreAttackTactics, + summary_markdown: attackDiscovery.summaryMarkdown, + timestamp: attackDiscovery.timestamp ?? createdAt, + })), + updated_at: createdAt, + replacements: replacements + ? Object.keys(replacements).map((key) => ({ + uuid: key, + value: replacements[key], + })) + : undefined, + namespace: spaceId, + }; +}; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/field_maps_configuration.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/field_maps_configuration.ts new file mode 100644 index 0000000000000..51773489c4d6b --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/field_maps_configuration.ts @@ -0,0 +1,181 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FieldMap } from '@kbn/data-stream-adapter'; + +export const attackDiscoveryFieldMap: FieldMap = { + '@timestamp': { + type: 'date', + array: false, + required: false, + }, + users: { + type: 'nested', + array: true, + required: false, + }, + 'users.id': { + type: 'keyword', + array: false, + required: true, + }, + 'users.name': { + type: 'keyword', + array: false, + required: false, + }, + id: { + type: 'keyword', + array: false, + required: true, + }, + updated_at: { + type: 'date', + array: false, + required: false, + }, + created_at: { + type: 'date', + array: false, + required: false, + }, + attack_discoveries: { + type: 'nested', + array: true, + required: false, + }, + 'attack_discoveries.timestamp': { + type: 'date', + array: false, + required: true, + }, + 'attack_discoveries.details_markdown': { + type: 'text', + array: false, + required: true, + }, + + 'attack_discoveries.title': { + type: 'text', + array: false, + required: true, + }, + + 'attack_discoveries.entity_summary_markdown': { + type: 'text', + array: false, + required: true, + }, + + 'attack_discoveries.summary_markdown': { + type: 'text', + array: false, + required: true, + }, + + 'attack_discoveries.mitre_attack_tactics': { + type: 'keyword', + array: true, + required: false, + }, + + 'attack_discoveries.id': { + type: 'keyword', + required: false, + }, + + 'attack_discoveries.alert_ids': { + type: 'keyword', + array: true, + required: true, + }, + + replacements: { + type: 'object', + array: false, + required: false, + }, + 'replacements.value': { + type: 'keyword', + array: false, + required: false, + }, + 'replacements.uuid': { + type: 'keyword', + array: false, + required: false, + }, + api_config: { + type: 'object', + array: false, + required: true, + }, + 'api_config.connector_id': { + type: 'keyword', + array: false, + required: true, + }, + 'api_config.action_type_id': { + type: 'keyword', + array: false, + required: false, + }, + 'api_config.default_system_prompt_id': { + type: 'keyword', + array: false, + required: false, + }, + 'api_config.provider': { + type: 'keyword', + array: false, + required: false, + }, + 'api_config.model': { + type: 'keyword', + array: false, + required: false, + }, + alerts_context_count: { + type: 'integer', + array: false, + required: false, + }, + status: { + type: 'keyword', + array: false, + required: true, + }, + namespace: { + type: 'keyword', + array: false, + required: true, + }, + average_interval_ms: { + type: 'integer', + array: false, + required: false, + }, + failure_reason: { + type: 'keyword', + array: false, + required: false, + }, + generation_intervals: { + type: 'nested', + array: true, + required: false, + }, + 'generation_intervals.date': { + type: 'date', + array: false, + required: true, + }, + 'generation_intervals.duration_ms': { + type: 'integer', + array: false, + required: true, + }, +} as const; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.test.ts new file mode 100644 index 0000000000000..10688ce25b25e --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.test.ts @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import { loggerMock } from '@kbn/logging-mocks'; +import { findAttackDiscoveryByConnectorId } from './find_attack_discovery_by_connector_id'; +import { AuthenticatedUser } from '@kbn/core-security-common'; +import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock'; + +const mockEsClient = elasticsearchServiceMock.createElasticsearchClient(); +const mockLogger = loggerMock.create(); + +const mockResponse = getAttackDiscoverySearchEsMock(); + +const user = { + username: 'test_user', + profile_uid: '1234', + authentication_realm: { + type: 'my_realm_type', + name: 'my_realm_name', + }, +} as AuthenticatedUser; +const mockRequest = { + esClient: mockEsClient, + attackDiscoveryIndex: 'attack-discovery-index', + connectorId: 'connector-id', + user, + logger: mockLogger, +}; +describe('findAttackDiscoveryByConnectorId', () => { + afterEach(() => { + jest.clearAllMocks(); + }); + + it('should find attack discovery by connector id successfully', async () => { + mockEsClient.search.mockResolvedValueOnce(mockResponse); + + const response = await findAttackDiscoveryByConnectorId(mockRequest); + + expect(response).not.toBeNull(); + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(mockLogger.error).not.toHaveBeenCalled(); + }); + + it('should return null if no attack discovery found', async () => { + mockEsClient.search.mockResolvedValueOnce({ ...mockResponse, hits: { hits: [] } }); + + const response = await findAttackDiscoveryByConnectorId(mockRequest); + + expect(response).toBeNull(); + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(mockLogger.error).not.toHaveBeenCalled(); + }); + + it('should throw error on elasticsearch search failure', async () => { + mockEsClient.search.mockRejectedValueOnce(new Error('Elasticsearch error')); + + await expect(findAttackDiscoveryByConnectorId(mockRequest)).rejects.toThrowError( + 'Elasticsearch error' + ); + + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(mockLogger.error).toHaveBeenCalledTimes(1); + }); +}); diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.ts new file mode 100644 index 0000000000000..28a99cb644951 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/find_attack_discovery_by_connector_id.ts @@ -0,0 +1,78 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ElasticsearchClient, Logger } from '@kbn/core/server'; +import { AttackDiscoveryResponse } from '@kbn/elastic-assistant-common'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; +import { EsAttackDiscoverySchema } from './types'; +import { transformESSearchToAttackDiscovery } from './transforms'; + +export interface FindAttackDiscoveryParams { + esClient: ElasticsearchClient; + logger: Logger; + attackDiscoveryIndex: string; + connectorId: string; + user: AuthenticatedUser; +} + +export const findAttackDiscoveryByConnectorId = async ({ + esClient, + logger, + attackDiscoveryIndex, + connectorId, + user, +}: FindAttackDiscoveryParams): Promise => { + const filterByUser = [ + { + nested: { + path: 'users', + query: { + bool: { + must: [ + { + match: user.profile_uid + ? { 'users.id': user.profile_uid } + : { 'users.name': user.username }, + }, + ], + }, + }, + }, + }, + ]; + try { + const response = await esClient.search({ + query: { + bool: { + must: [ + { + bool: { + should: [ + { + term: { + 'api_config.connector_id': connectorId, + }, + }, + ], + }, + }, + ...filterByUser, + ], + }, + }, + _source: true, + ignore_unavailable: true, + index: attackDiscoveryIndex, + seq_no_primary_term: true, + }); + const attackDiscovery = transformESSearchToAttackDiscovery(response); + return attackDiscovery[0] ?? null; + } catch (err) { + logger.error(`Error fetching attack discovery: ${err} with connectorId: ${connectorId}`); + throw err; + } +}; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.test.ts new file mode 100644 index 0000000000000..4ee89fb7a3bc0 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.test.ts @@ -0,0 +1,67 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import { loggerMock } from '@kbn/logging-mocks'; +import { getAttackDiscovery } from './get_attack_discovery'; +import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock'; +import { AuthenticatedUser } from '@kbn/core-security-common'; + +const mockEsClient = elasticsearchServiceMock.createElasticsearchClient(); +const mockLogger = loggerMock.create(); + +const mockResponse = getAttackDiscoverySearchEsMock(); + +const user = { + username: 'test_user', + profile_uid: '1234', + authentication_realm: { + type: 'my_realm_type', + name: 'my_realm_name', + }, +} as AuthenticatedUser; +const mockRequest = { + esClient: mockEsClient, + attackDiscoveryIndex: 'attack-discovery-index', + id: 'discovery-id', + user, + logger: mockLogger, +}; +describe('getAttackDiscovery', () => { + afterEach(() => { + jest.clearAllMocks(); + }); + + it('should get attack discovery by id successfully', async () => { + mockEsClient.search.mockResolvedValueOnce(mockResponse); + + const response = await getAttackDiscovery(mockRequest); + + expect(response).not.toBeNull(); + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(mockLogger.error).not.toHaveBeenCalled(); + }); + + it('should return null if no attack discovery found', async () => { + mockEsClient.search.mockResolvedValueOnce({ ...mockResponse, hits: { hits: [] } }); + + const response = await getAttackDiscovery(mockRequest); + + expect(response).toBeNull(); + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(mockLogger.error).not.toHaveBeenCalled(); + }); + + it('should throw error on elasticsearch search failure', async () => { + mockEsClient.search.mockRejectedValueOnce(new Error('Elasticsearch error')); + + await expect(getAttackDiscovery(mockRequest)).rejects.toThrowError('Elasticsearch error'); + + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(mockLogger.error).toHaveBeenCalledTimes(1); + }); +}); diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.ts new file mode 100644 index 0000000000000..57d4e167d2fa9 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/get_attack_discovery.ts @@ -0,0 +1,78 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ElasticsearchClient, Logger } from '@kbn/core/server'; +import { AttackDiscoveryResponse } from '@kbn/elastic-assistant-common'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; +import { EsAttackDiscoverySchema } from './types'; +import { transformESSearchToAttackDiscovery } from './transforms'; + +export interface GetAttackDiscoveryParams { + esClient: ElasticsearchClient; + logger: Logger; + attackDiscoveryIndex: string; + id: string; + user: AuthenticatedUser; +} + +export const getAttackDiscovery = async ({ + esClient, + logger, + attackDiscoveryIndex, + id, + user, +}: GetAttackDiscoveryParams): Promise => { + const filterByUser = [ + { + nested: { + path: 'users', + query: { + bool: { + must: [ + { + match: user.profile_uid + ? { 'users.id': user.profile_uid } + : { 'users.name': user.username }, + }, + ], + }, + }, + }, + }, + ]; + try { + const response = await esClient.search({ + query: { + bool: { + must: [ + { + bool: { + should: [ + { + term: { + _id: id, + }, + }, + ], + }, + }, + ...filterByUser, + ], + }, + }, + _source: true, + ignore_unavailable: true, + index: attackDiscoveryIndex, + seq_no_primary_term: true, + }); + const attackDiscovery = transformESSearchToAttackDiscovery(response); + return attackDiscovery[0] ?? null; + } catch (err) { + logger.error(`Error fetching attack discovery: ${err} with id: ${id}`); + throw err; + } +}; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/index.ts new file mode 100644 index 0000000000000..b8b1ef12b668c --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/index.ts @@ -0,0 +1,122 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + AttackDiscoveryCreateProps, + AttackDiscoveryUpdateProps, + AttackDiscoveryResponse, +} from '@kbn/elastic-assistant-common'; +import { AuthenticatedUser } from '@kbn/core-security-common'; +import { findAttackDiscoveryByConnectorId } from './find_attack_discovery_by_connector_id'; +import { updateAttackDiscovery } from './update_attack_discovery'; +import { createAttackDiscovery } from './create_attack_discovery'; +import { getAttackDiscovery } from './get_attack_discovery'; +import { AIAssistantDataClient, AIAssistantDataClientParams } from '..'; + +type AttackDiscoveryDataClientParams = AIAssistantDataClientParams; + +export class AttackDiscoveryDataClient extends AIAssistantDataClient { + constructor(public readonly options: AttackDiscoveryDataClientParams) { + super(options); + } + + /** + * Fetches an attack discovery + * @param options + * @param options.id The existing attack discovery id. + * @param options.authenticatedUser Current authenticated user. + * @returns The attack discovery response + */ + public getAttackDiscovery = async ({ + id, + authenticatedUser, + }: { + id: string; + authenticatedUser: AuthenticatedUser; + }): Promise => { + const esClient = await this.options.elasticsearchClientPromise; + return getAttackDiscovery({ + esClient, + logger: this.options.logger, + attackDiscoveryIndex: this.indexTemplateAndPattern.alias, + id, + user: authenticatedUser, + }); + }; + + /** + * Creates an attack discovery, if given at least the "apiConfig" + * @param options + * @param options.attackDiscoveryCreate + * @param options.authenticatedUser + * @returns The Attack Discovery created + */ + public createAttackDiscovery = async ({ + attackDiscoveryCreate, + authenticatedUser, + }: { + attackDiscoveryCreate: AttackDiscoveryCreateProps; + authenticatedUser: AuthenticatedUser; + }): Promise => { + const esClient = await this.options.elasticsearchClientPromise; + return createAttackDiscovery({ + esClient, + logger: this.options.logger, + attackDiscoveryIndex: this.indexTemplateAndPattern.alias, + spaceId: this.spaceId, + user: authenticatedUser, + attackDiscoveryCreate, + }); + }; + + /** + * Find attack discovery by apiConfig connectorId + * @param options + * @param options.connectorId + * @param options.authenticatedUser + * @returns The Attack Discovery created + */ + public findAttackDiscoveryByConnectorId = async ({ + connectorId, + authenticatedUser, + }: { + connectorId: string; + authenticatedUser: AuthenticatedUser; + }): Promise => { + const esClient = await this.options.elasticsearchClientPromise; + return findAttackDiscoveryByConnectorId({ + esClient, + logger: this.options.logger, + attackDiscoveryIndex: this.indexTemplateAndPattern.alias, + connectorId, + user: authenticatedUser, + }); + }; + + /** + * Updates an attack discovery + * @param options + * @param options.attackDiscoveryUpdateProps + * @param options.authenticatedUser + */ + public updateAttackDiscovery = async ({ + attackDiscoveryUpdateProps, + authenticatedUser, + }: { + attackDiscoveryUpdateProps: AttackDiscoveryUpdateProps; + authenticatedUser: AuthenticatedUser; + }): Promise => { + const esClient = await this.options.elasticsearchClientPromise; + return updateAttackDiscovery({ + esClient, + logger: this.options.logger, + attackDiscoveryIndex: attackDiscoveryUpdateProps.backingIndex, + attackDiscoveryUpdateProps, + user: authenticatedUser, + }); + }; +} diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/transforms.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/transforms.ts new file mode 100644 index 0000000000000..d23757fd053d0 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/transforms.ts @@ -0,0 +1,66 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { estypes } from '@elastic/elasticsearch'; +import { AttackDiscoveryResponse } from '@kbn/elastic-assistant-common'; +import { EsAttackDiscoverySchema } from './types'; + +export const transformESSearchToAttackDiscovery = ( + response: estypes.SearchResponse +): AttackDiscoveryResponse[] => { + return response.hits.hits + .filter((hit) => hit._source !== undefined) + .map((hit) => { + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + const adSchema = hit._source!; + const ad: AttackDiscoveryResponse = { + timestamp: adSchema['@timestamp'], + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + id: hit._id!, + backingIndex: hit._index, + createdAt: adSchema.created_at, + updatedAt: adSchema.updated_at, + users: + adSchema.users?.map((user) => ({ + id: user.id, + name: user.name, + })) ?? [], + namespace: adSchema.namespace, + status: adSchema.status, + alertsContextCount: adSchema.alerts_context_count, + apiConfig: { + connectorId: adSchema.api_config.connector_id, + actionTypeId: adSchema.api_config.action_type_id, + defaultSystemPromptId: adSchema.api_config.default_system_prompt_id, + model: adSchema.api_config.model, + provider: adSchema.api_config.provider, + }, + attackDiscoveries: adSchema.attack_discoveries.map((attackDiscovery) => ({ + alertIds: attackDiscovery.alert_ids, + title: attackDiscovery.title, + detailsMarkdown: attackDiscovery.details_markdown, + entitySummaryMarkdown: attackDiscovery.entity_summary_markdown, + mitreAttackTactics: attackDiscovery.mitre_attack_tactics, + summaryMarkdown: attackDiscovery.summary_markdown, + timestamp: attackDiscovery.timestamp, + })), + replacements: adSchema.replacements?.reduce((acc: Record, r) => { + acc[r.uuid] = r.value; + return acc; + }, {}), + generationIntervals: + adSchema.generation_intervals?.map((interval) => ({ + date: interval.date, + durationMs: interval.duration_ms, + })) ?? [], + averageIntervalMs: adSchema.average_interval_ms ?? 0, + failureReason: adSchema.failure_reason, + }; + + return ad; + }); +}; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/types.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/types.ts new file mode 100644 index 0000000000000..6257be7f82431 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/types.ts @@ -0,0 +1,76 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AttackDiscoveryStatus, Provider } from '@kbn/elastic-assistant-common'; +import { EsReplacementSchema } from '../conversations/types'; + +export interface EsAttackDiscoverySchema { + '@timestamp': string; + id: string; + created_at: string; + namespace: string; + attack_discoveries: Array<{ + alert_ids: string[]; + title: string; + timestamp: string; + details_markdown: string; + entity_summary_markdown: string; + mitre_attack_tactics?: string[]; + summary_markdown: string; + id?: string; + }>; + failure_reason?: string; + api_config: { + connector_id: string; + action_type_id: string; + default_system_prompt_id?: string; + provider?: Provider; + model?: string; + }; + alerts_context_count?: number; + replacements?: EsReplacementSchema[]; + status: AttackDiscoveryStatus; + updated_at?: string; + users?: Array<{ + id?: string; + name?: string; + }>; + average_interval_ms?: number; + generation_intervals?: Array<{ date: string; duration_ms: number }>; +} + +export interface CreateAttackDiscoverySchema { + '@timestamp'?: string; + created_at: string; + id?: string | undefined; + attack_discoveries: Array<{ + alert_ids: string[]; + title: string; + timestamp: string; + details_markdown: string; + entity_summary_markdown: string; + mitre_attack_tactics?: string[]; + summary_markdown: string; + id?: string; + }>; + api_config: { + action_type_id: string; + connector_id: string; + default_system_prompt_id?: string; + provider?: Provider; + model?: string; + }; + alerts_context_count?: number; + replacements?: EsReplacementSchema[]; + status: AttackDiscoveryStatus; + users: Array<{ + id?: string; + name?: string; + }>; + updated_at?: string; + namespace: string; +} diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.test.ts new file mode 100644 index 0000000000000..df8615d0336cf --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.test.ts @@ -0,0 +1,183 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import { loggerMock } from '@kbn/logging-mocks'; +import { getAttackDiscovery } from './get_attack_discovery'; +import { updateAttackDiscovery } from './update_attack_discovery'; +import { + AttackDiscoveryResponse, + AttackDiscoveryStatus, + AttackDiscoveryUpdateProps, +} from '@kbn/elastic-assistant-common'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; +jest.mock('./get_attack_discovery'); +const mockEsClient = elasticsearchServiceMock.createElasticsearchClient(); +const mockLogger = loggerMock.create(); +const user = { + username: 'test_user', + profile_uid: '1234', + authentication_realm: { + type: 'my_realm_type', + name: 'my_realm_name', + }, +} as AuthenticatedUser; +const updateProps: AttackDiscoveryUpdateProps = { + id: 'existing-id', + backingIndex: 'attack-discovery-index', + status: 'succeeded' as AttackDiscoveryStatus, + attackDiscoveries: [ + { + alertIds: ['alert-1'], + title: 'Updated Title', + detailsMarkdown: '# Updated Details', + entitySummaryMarkdown: '# Updated Summary', + timestamp: '2024-06-07T21:19:08.090Z', + id: 'existing-id', + mitreAttackTactics: ['T1234'], + summaryMarkdown: '# Updated Summary', + }, + ], +}; +const mockRequest = { + esClient: mockEsClient, + attackDiscoveryIndex: 'attack-discovery-index', + attackDiscoveryUpdateProps: updateProps, + user, + logger: mockLogger, +}; + +const existingAttackDiscovery: AttackDiscoveryResponse = { + id: 'existing-id', + backingIndex: 'attack-discovery-index', + timestamp: '2024-06-07T18:56:17.357Z', + createdAt: '2024-06-07T18:56:17.357Z', + users: [ + { + id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0', + name: 'elastic', + }, + ], + status: 'running', + apiConfig: { + actionTypeId: '.gen-ai', + connectorId: 'my-gpt4o-ai', + }, + attackDiscoveries: [], + updatedAt: '2024-06-07T21:19:08.090Z', + replacements: { + 'f19e1a0a-de3b-496c-8ace-dd91229e1084': 'root', + }, + namespace: 'default', + generationIntervals: [ + { + date: '2024-06-07T21:19:08.089Z', + durationMs: 110906, + }, + { + date: '2024-06-07T20:04:35.715Z', + durationMs: 104593, + }, + { + date: '2024-06-07T18:58:27.880Z', + durationMs: 130526, + }, + ], + alertsContextCount: 20, + averageIntervalMs: 115341, +}; + +const mockGetDiscovery = getAttackDiscovery as jest.Mock; + +describe('updateAttackDiscovery', () => { + const date = '2024-03-28T22:27:28.000Z'; + beforeAll(() => { + jest.useFakeTimers(); + }); + + beforeEach(() => { + jest.setSystemTime(new Date(date)); + jest.clearAllMocks(); + mockGetDiscovery.mockResolvedValue(existingAttackDiscovery); + }); + + it('should update attack discovery successfully', async () => { + const response = await updateAttackDiscovery(mockRequest); + expect(response).not.toBeNull(); + expect(response!.id).toEqual('existing-id'); + expect(mockEsClient.update).toHaveBeenCalledTimes(1); + expect(mockEsClient.update).toHaveBeenCalledWith({ + refresh: 'wait_for', + index: 'attack-discovery-index', + id: 'existing-id', + doc: { + attack_discoveries: [ + { + id: 'existing-id', + alert_ids: ['alert-1'], + title: 'Updated Title', + details_markdown: '# Updated Details', + entity_summary_markdown: '# Updated Summary', + mitre_attack_tactics: ['T1234'], + summary_markdown: '# Updated Summary', + timestamp: date, + }, + ], + id: 'existing-id', + status: 'succeeded', + updated_at: date, + }, + }); + expect(mockGetDiscovery).toHaveBeenCalledTimes(1); + const { attackDiscoveryUpdateProps, ...rest } = mockRequest; + expect(mockGetDiscovery).toHaveBeenCalledWith({ + ...rest, + id: attackDiscoveryUpdateProps.id, + }); + }); + + it('should not update attack_discoveries if none are present', async () => { + const { attackDiscoveries, ...rest } = mockRequest.attackDiscoveryUpdateProps; + const response = await updateAttackDiscovery({ + ...mockRequest, + attackDiscoveryUpdateProps: rest, + }); + + expect(response).not.toBeNull(); + expect(response!.id).toEqual('existing-id'); + expect(mockEsClient.update).toHaveBeenCalledTimes(1); + expect(mockEsClient.update).toHaveBeenCalledWith({ + refresh: 'wait_for', + index: 'attack-discovery-index', + id: 'existing-id', + doc: { + id: 'existing-id', + status: 'succeeded', + updated_at: date, + }, + }); + expect(mockGetDiscovery).toHaveBeenCalledTimes(1); + const { attackDiscoveryUpdateProps, ...rest2 } = mockRequest; + expect(mockGetDiscovery).toHaveBeenCalledWith({ + ...rest2, + id: attackDiscoveryUpdateProps.id, + }); + }); + + it('should throw error on elasticsearch update failure', async () => { + const error = new Error('Elasticsearch update error'); + mockEsClient.update.mockRejectedValueOnce(error); + + await expect(updateAttackDiscovery(mockRequest)).rejects.toThrowError(error); + + expect(mockEsClient.update).toHaveBeenCalledTimes(1); + expect(mockLogger.warn).toHaveBeenCalledTimes(1); + expect(mockLogger.warn).toHaveBeenCalledWith( + `Error updating attackDiscovery: ${error} by ID: existing-id` + ); + }); +}); diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.ts new file mode 100644 index 0000000000000..8db6a2ed2968a --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/attack_discovery/update_attack_discovery.ts @@ -0,0 +1,155 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ElasticsearchClient, Logger } from '@kbn/core/server'; +import { + AttackDiscoveryResponse, + AttackDiscoveryStatus, + AttackDiscoveryUpdateProps, + Provider, + UUID, +} from '@kbn/elastic-assistant-common'; +import { AuthenticatedUser } from '@kbn/security-plugin/common'; +import * as uuid from 'uuid'; +import { EsReplacementSchema } from '../conversations/types'; +import { getAttackDiscovery } from './get_attack_discovery'; + +export interface UpdateAttackDiscoverySchema { + id: UUID; + '@timestamp'?: string; + attack_discoveries?: Array<{ + alert_ids: string[]; + title: string; + timestamp: string; + details_markdown: string; + entity_summary_markdown: string; + mitre_attack_tactics?: string[]; + summary_markdown: string; + id?: string; + }>; + api_config?: { + action_type_id?: string; + connector_id?: string; + default_system_prompt_id?: string; + provider?: Provider; + model?: string; + }; + alerts_context_count?: number; + average_interval_ms?: number; + generation_intervals?: Array<{ date: string; duration_ms: number }>; + replacements?: EsReplacementSchema[]; + status: AttackDiscoveryStatus; + updated_at?: string; + failure_reason?: string; +} + +export interface UpdateAttackDiscoveryParams { + esClient: ElasticsearchClient; + logger: Logger; + user: AuthenticatedUser; + attackDiscoveryIndex: string; + attackDiscoveryUpdateProps: AttackDiscoveryUpdateProps; +} + +export const updateAttackDiscovery = async ({ + esClient, + logger, + attackDiscoveryIndex, + attackDiscoveryUpdateProps, + user, +}: UpdateAttackDiscoveryParams): Promise => { + const updatedAt = new Date().toISOString(); + const params = transformToUpdateScheme(updatedAt, attackDiscoveryUpdateProps); + try { + await esClient.update({ + refresh: 'wait_for', + index: attackDiscoveryIndex, + id: params.id, + doc: params, + }); + + const updatedAttackDiscovery = await getAttackDiscovery({ + esClient, + attackDiscoveryIndex, + id: params.id, + logger, + user, + }); + + return updatedAttackDiscovery; + } catch (err) { + logger.warn(`Error updating attackDiscovery: ${err} by ID: ${params.id}`); + throw err; + } +}; + +export const transformToUpdateScheme = ( + updatedAt: string, + { + alertsContextCount, + apiConfig, + attackDiscoveries, + failureReason, + generationIntervals, + id, + replacements, + status, + }: AttackDiscoveryUpdateProps +): UpdateAttackDiscoverySchema => { + const averageIntervalMsObj = + generationIntervals && generationIntervals.length > 0 + ? { + average_interval_ms: Math.trunc( + generationIntervals.reduce((acc, interval) => acc + interval.durationMs, 0) / + generationIntervals.length + ), + generation_intervals: generationIntervals.map((interval) => ({ + date: interval.date, + duration_ms: interval.durationMs, + })), + } + : {}; + return { + alerts_context_count: alertsContextCount, + ...(apiConfig + ? { + api_config: { + action_type_id: apiConfig.actionTypeId, + connector_id: apiConfig.connectorId, + default_system_prompt_id: apiConfig.defaultSystemPromptId, + model: apiConfig.model, + provider: apiConfig.provider, + }, + } + : {}), + ...(attackDiscoveries + ? { + attack_discoveries: attackDiscoveries.map((attackDiscovery) => ({ + id: attackDiscovery.id ?? uuid.v4(), + alert_ids: attackDiscovery.alertIds, + title: attackDiscovery.title, + details_markdown: attackDiscovery.detailsMarkdown, + entity_summary_markdown: attackDiscovery.entitySummaryMarkdown, + mitre_attack_tactics: attackDiscovery.mitreAttackTactics, + summary_markdown: attackDiscovery.summaryMarkdown, + timestamp: updatedAt, + })), + } + : {}), + failure_reason: failureReason, + id, + replacements: replacements + ? Object.keys(replacements).map((key) => ({ + uuid: key, + value: replacements[key], + })) + : undefined, + status, + updated_at: updatedAt, + ...averageIntervalMsObj, + }; +}; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/transforms.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/transforms.ts index eb8df26625864..39798aeb2fd5e 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/transforms.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/conversations/transforms.ts @@ -81,7 +81,8 @@ export const transformESSearchToConversations = ( return acc; }, {}), namespace: conversationSchema.namespace, - id: hit._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + id: hit._id!, }; return conversation; diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/transforms.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/transforms.ts index f185c5ba8fdc2..475f9f880ee13 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/transforms.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/knowledge_base/transforms.ts @@ -19,7 +19,8 @@ export const transformESSearchToKnowledgeBaseEntry = ( const kbEntrySchema = hit._source!; const kbEntry: KnowledgeBaseEntryResponse = { timestamp: kbEntrySchema['@timestamp'], - id: hit._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + id: hit._id!, createdAt: kbEntrySchema.created_at, createdBy: kbEntrySchema.created_by, updatedAt: kbEntrySchema.updated_at, diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/prompts/helpers.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/prompts/helpers.ts index 84e683121ae75..3a64dc8bb3252 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/prompts/helpers.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_data_clients/prompts/helpers.ts @@ -62,7 +62,8 @@ export const transformESSearchToPrompts = ( isNewConversationDefault: promptSchema.is_new_conversation_default, updatedAt: promptSchema.updated_at, namespace: promptSchema.namespace, - id: hit._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + id: hit._id!, name: promptSchema.name, promptType: promptSchema.prompt_type, isShared: promptSchema.is_shared, diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts index dbdc01dcf9e57..adf31630fdf04 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.test.ts @@ -135,12 +135,18 @@ describe('AI Assistant Service', () => { ); expect(assistantService.isInitialized()).toEqual(true); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(3); - const componentTemplate = clusterClient.cluster.putComponentTemplate.mock.calls[0][0]; - expect(componentTemplate.name).toEqual( - '.kibana-elastic-ai-assistant-component-template-conversations' - ); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(4); + + const expectedTemplates = [ + '.kibana-elastic-ai-assistant-component-template-conversations', + '.kibana-elastic-ai-assistant-component-template-prompts', + '.kibana-elastic-ai-assistant-component-template-anonymization-fields', + '.kibana-elastic-ai-assistant-component-template-attack-discovery', + ]; + expectedTemplates.forEach((t, i) => { + expect(clusterClient.cluster.putComponentTemplate.mock.calls[i][0].name).toEqual(t); + }); }); test('should log error and set initialized to false if creating/updating common component template throws error', async () => { @@ -628,7 +634,19 @@ describe('AI Assistant Service', () => { 'AI Assistant service initialized', async () => assistantService.isInitialized() === true ); - expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(5); + expect(clusterClient.cluster.putComponentTemplate).toHaveBeenCalledTimes(6); + + const expectedTemplates = [ + '.kibana-elastic-ai-assistant-component-template-conversations', + '.kibana-elastic-ai-assistant-component-template-conversations', + '.kibana-elastic-ai-assistant-component-template-conversations', + '.kibana-elastic-ai-assistant-component-template-prompts', + '.kibana-elastic-ai-assistant-component-template-anonymization-fields', + '.kibana-elastic-ai-assistant-component-template-attack-discovery', + ]; + expectedTemplates.forEach((t, i) => { + expect(clusterClient.cluster.putComponentTemplate.mock.calls[i][0].name).toEqual(t); + }); }); test('should retry updating index template for transient ES errors', async () => { @@ -649,7 +667,18 @@ describe('AI Assistant Service', () => { async () => (await getSpaceResourcesInitialized(assistantService)) === true ); - expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledTimes(5); + expect(clusterClient.indices.putIndexTemplate).toHaveBeenCalledTimes(6); + const expectedTemplates = [ + '.kibana-elastic-ai-assistant-index-template-conversations', + '.kibana-elastic-ai-assistant-index-template-conversations', + '.kibana-elastic-ai-assistant-index-template-conversations', + '.kibana-elastic-ai-assistant-index-template-prompts', + '.kibana-elastic-ai-assistant-index-template-anonymization-fields', + '.kibana-elastic-ai-assistant-index-template-attack-discovery', + ]; + expectedTemplates.forEach((t, i) => { + expect(clusterClient.indices.putIndexTemplate.mock.calls[i][0].name).toEqual(t); + }); }); test('should retry updating index settings for existing indices for transient ES errors', async () => { @@ -669,7 +698,7 @@ describe('AI Assistant Service', () => { async () => (await getSpaceResourcesInitialized(assistantService)) === true ); - expect(clusterClient.indices.putSettings).toHaveBeenCalledTimes(5); + expect(clusterClient.indices.putSettings).toHaveBeenCalledTimes(6); }); test('should retry updating index mappings for existing indices for transient ES errors', async () => { @@ -689,7 +718,7 @@ describe('AI Assistant Service', () => { async () => (await getSpaceResourcesInitialized(assistantService)) === true ); - expect(clusterClient.indices.putMapping).toHaveBeenCalledTimes(5); + expect(clusterClient.indices.putMapping).toHaveBeenCalledTimes(6); }); test('should retry creating concrete index for transient ES errors', async () => { diff --git a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts index 619d9e9bca256..351508da01a5a 100644 --- a/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts +++ b/x-pack/plugins/elastic_assistant/server/ai_assistant_service/index.ts @@ -12,6 +12,7 @@ import type { TaskManagerSetupContract } from '@kbn/task-manager-plugin/server'; import type { MlPluginSetup } from '@kbn/ml-plugin/server'; import { AuthenticatedUser } from '@kbn/security-plugin/server'; import { Subject } from 'rxjs'; +import { attackDiscoveryFieldMap } from '../ai_assistant_data_clients/attack_discovery/field_maps_configuration'; import { getDefaultAnonymizationFields } from '../../common/anonymization'; import { AssistantResourceNames, GetElser } from '../types'; import { AIAssistantConversationsDataClient } from '../ai_assistant_data_clients/conversations'; @@ -28,6 +29,7 @@ import { assistantAnonymizationFieldsFieldMap } from '../ai_assistant_data_clien import { AIAssistantDataClient } from '../ai_assistant_data_clients'; import { knowledgeBaseFieldMap } from '../ai_assistant_data_clients/knowledge_base/field_maps_configuration'; import { AIAssistantKnowledgeBaseDataClient } from '../ai_assistant_data_clients/knowledge_base'; +import { AttackDiscoveryDataClient } from '../ai_assistant_data_clients/attack_discovery'; import { createGetElserId, createPipeline, pipelineExists } from './helpers'; const TOTAL_FIELDS_LIMIT = 2500; @@ -52,7 +54,12 @@ export interface CreateAIAssistantClientParams { } export type CreateDataStream = (params: { - resource: 'anonymizationFields' | 'conversations' | 'knowledgeBase' | 'prompts'; + resource: + | 'anonymizationFields' + | 'conversations' + | 'knowledgeBase' + | 'prompts' + | 'attackDiscovery'; fieldMap: FieldMap; kibanaVersion: string; spaceId?: string; @@ -68,6 +75,7 @@ export class AIAssistantService { private knowledgeBaseDataStream: DataStreamSpacesAdapter; private promptsDataStream: DataStreamSpacesAdapter; private anonymizationFieldsDataStream: DataStreamSpacesAdapter; + private attackDiscoveryDataStream: DataStreamSpacesAdapter; private resourceInitializationHelper: ResourceInstallationHelper; private initPromise: Promise; private isKBSetupInProgress: boolean = false; @@ -95,6 +103,11 @@ export class AIAssistantService { kibanaVersion: options.kibanaVersion, fieldMap: assistantAnonymizationFieldsFieldMap, }); + this.attackDiscoveryDataStream = this.createDataStream({ + resource: 'attackDiscovery', + kibanaVersion: options.kibanaVersion, + fieldMap: attackDiscoveryFieldMap, + }); this.initPromise = this.initializeResources(); @@ -201,6 +214,12 @@ export class AIAssistantService { logger: this.options.logger, pluginStop$: this.options.pluginStop$, }); + + await this.attackDiscoveryDataStream.install({ + esClient, + logger: this.options.logger, + pluginStop$: this.options.pluginStop$, + }); } catch (error) { this.options.logger.error(`Error initializing AI assistant resources: ${error.message}`); this.initialized = false; @@ -218,24 +237,28 @@ export class AIAssistantService { knowledgeBase: getResourceName('component-template-knowledge-base'), prompts: getResourceName('component-template-prompts'), anonymizationFields: getResourceName('component-template-anonymization-fields'), + attackDiscovery: getResourceName('component-template-attack-discovery'), }, aliases: { conversations: getResourceName('conversations'), knowledgeBase: getResourceName('knowledge-base'), prompts: getResourceName('prompts'), anonymizationFields: getResourceName('anonymization-fields'), + attackDiscovery: getResourceName('attack-discovery'), }, indexPatterns: { conversations: getResourceName('conversations*'), knowledgeBase: getResourceName('knowledge-base*'), prompts: getResourceName('prompts*'), anonymizationFields: getResourceName('anonymization-fields*'), + attackDiscovery: getResourceName('attack-discovery*'), }, indexTemplate: { conversations: getResourceName('index-template-conversations'), knowledgeBase: getResourceName('index-template-knowledge-base'), prompts: getResourceName('index-template-prompts'), anonymizationFields: getResourceName('index-template-anonymization-fields'), + attackDiscovery: getResourceName('index-template-attack-discovery'), }, pipelines: { knowledgeBase: getResourceName('ingest-pipeline-knowledge-base'), @@ -338,6 +361,25 @@ export class AIAssistantService { }); } + public async createAttackDiscoveryDataClient( + opts: CreateAIAssistantClientParams + ): Promise { + const res = await this.checkResourcesInstallation(opts); + + if (res === null) { + return null; + } + + return new AttackDiscoveryDataClient({ + logger: this.options.logger.get('attackDiscovery'), + currentUser: opts.currentUser, + elasticsearchClientPromise: this.options.elasticsearchClientPromise, + indexPatternsResourceName: this.resourceNames.aliases.attackDiscovery, + kibanaVersion: this.options.kibanaVersion, + spaceId: opts.spaceId, + }); + } + public async createAIAssistantPromptsDataClient( opts: CreateAIAssistantClientParams ): Promise { diff --git a/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts b/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts index 85859b2c232b7..d938310e91d6d 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/telemetry/event_based_telemetry.ts @@ -163,9 +163,121 @@ export const INVOKE_ASSISTANT_ERROR_EVENT: EventTypeOpts<{ }, }; +export const ATTACK_DISCOVERY_SUCCESS_EVENT: EventTypeOpts<{ + actionTypeId: string; + alertsContextCount: number; + alertsCount: number; + configuredAlertsCount: number; + discoveriesGenerated: number; + durationMs: number; + model?: string; + provider?: string; +}> = { + eventType: 'attack_discovery_success', + schema: { + actionTypeId: { + type: 'keyword', + _meta: { + description: 'Kibana connector type', + optional: false, + }, + }, + alertsContextCount: { + type: 'integer', + _meta: { + description: 'Number of alerts sent as context to the LLM', + optional: false, + }, + }, + alertsCount: { + type: 'integer', + _meta: { + description: 'Number of unique alerts referenced in the attack discoveries', + optional: false, + }, + }, + configuredAlertsCount: { + type: 'integer', + _meta: { + description: 'Number of alerts configured by the user', + optional: false, + }, + }, + discoveriesGenerated: { + type: 'integer', + _meta: { + description: 'Quantity of attack discoveries generated', + optional: false, + }, + }, + durationMs: { + type: 'integer', + _meta: { + description: 'Duration of request in ms', + optional: false, + }, + }, + model: { + type: 'keyword', + _meta: { + description: 'LLM model', + optional: true, + }, + }, + provider: { + type: 'keyword', + _meta: { + description: 'OpenAI provider', + optional: true, + }, + }, + }, +}; + +export const ATTACK_DISCOVERY_ERROR_EVENT: EventTypeOpts<{ + actionTypeId: string; + errorMessage: string; + model?: string; + provider?: string; +}> = { + eventType: 'attack_discovery_error', + schema: { + actionTypeId: { + type: 'keyword', + _meta: { + description: 'Kibana connector type', + optional: false, + }, + }, + errorMessage: { + type: 'keyword', + _meta: { + description: 'Error message from Elasticsearch', + }, + }, + + model: { + type: 'keyword', + _meta: { + description: 'LLM model', + optional: true, + }, + }, + provider: { + type: 'keyword', + _meta: { + description: 'OpenAI provider', + optional: true, + }, + }, + }, +}; + export const events: Array> = [ KNOWLEDGE_BASE_EXECUTION_SUCCESS_EVENT, KNOWLEDGE_BASE_EXECUTION_ERROR_EVENT, INVOKE_ASSISTANT_SUCCESS_EVENT, INVOKE_ASSISTANT_ERROR_EVENT, + ATTACK_DISCOVERY_SUCCESS_EVENT, + ATTACK_DISCOVERY_ERROR_EVENT, ]; diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.test.ts new file mode 100644 index 0000000000000..66aca77f1eb8b --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.test.ts @@ -0,0 +1,107 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { cancelAttackDiscoveryRoute } from './cancel_attack_discovery'; + +import { AuthenticatedUser } from '@kbn/core-security-common'; +import { serverMock } from '../../__mocks__/server'; +import { requestContextMock } from '../../__mocks__/request_context'; +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery'; +import { transformESSearchToAttackDiscovery } from '../../ai_assistant_data_clients/attack_discovery/transforms'; +import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock'; +import { getCancelAttackDiscoveryRequest } from '../../__mocks__/request'; +import { updateAttackDiscoveryStatusToCanceled } from './helpers'; +jest.mock('./helpers'); + +const { clients, context } = requestContextMock.createTools(); +const server: ReturnType = serverMock.create(); +clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient(); + +const mockUser = { + username: 'my_username', + authentication_realm: { + type: 'my_realm_type', + name: 'my_realm_name', + }, +} as AuthenticatedUser; +const mockDataClient = { + findAttackDiscoveryByConnectorId: jest.fn(), + updateAttackDiscovery: jest.fn(), + createAttackDiscovery: jest.fn(), + getAttackDiscovery: jest.fn(), +} as unknown as AttackDiscoveryDataClient; +const mockCurrentAd = transformESSearchToAttackDiscovery(getAttackDiscoverySearchEsMock())[0]; +describe('cancelAttackDiscoveryRoute', () => { + beforeEach(() => { + jest.clearAllMocks(); + (updateAttackDiscoveryStatusToCanceled as jest.Mock).mockResolvedValue({ + ...mockCurrentAd, + status: 'canceled', + }); + context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser); + context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(mockDataClient); + + cancelAttackDiscoveryRoute(server.router); + }); + + it('should handle successful request', async () => { + const response = await server.inject( + getCancelAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + expect(response.status).toEqual(200); + expect(response.body).toEqual({ + ...mockCurrentAd, + status: 'canceled', + }); + }); + + it('should handle missing authenticated user', async () => { + context.elasticAssistant.getCurrentUser.mockReturnValue(null); + const response = await server.inject( + getCancelAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + + expect(response.status).toEqual(401); + expect(response.body).toEqual({ + message: 'Authenticated user not found', + status_code: 401, + }); + }); + + it('should handle missing data client', async () => { + context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(null); + const response = await server.inject( + getCancelAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + + expect(response.status).toEqual(500); + expect(response.body).toEqual({ + message: 'Attack discovery data client not initialized', + status_code: 500, + }); + }); + + it('should handle updateAttackDiscoveryStatusToCanceled error', async () => { + (updateAttackDiscoveryStatusToCanceled as jest.Mock).mockRejectedValue(new Error('Oh no!')); + const response = await server.inject( + getCancelAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + expect(response.status).toEqual(500); + expect(response.body).toEqual({ + message: { + error: 'Oh no!', + success: false, + }, + status_code: 500, + }); + }); +}); diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.ts new file mode 100644 index 0000000000000..47b748c9c432a --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/cancel_attack_discovery.ts @@ -0,0 +1,92 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common'; +import { type IKibanaResponse, IRouter, Logger } from '@kbn/core/server'; +import { + AttackDiscoveryCancelResponse, + ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, + AttackDiscoveryCancelRequestParams, +} from '@kbn/elastic-assistant-common'; +import { transformError } from '@kbn/securitysolution-es-utils'; + +import { updateAttackDiscoveryStatusToCanceled } from './helpers'; +import { ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID } from '../../../common/constants'; +import { buildResponse } from '../../lib/build_response'; +import { ElasticAssistantRequestHandlerContext } from '../../types'; + +export const cancelAttackDiscoveryRoute = ( + router: IRouter +) => { + router.versioned + .put({ + access: 'internal', + path: ATTACK_DISCOVERY_CANCEL_BY_CONNECTOR_ID, + options: { + tags: ['access:elasticAssistant'], + }, + }) + .addVersion( + { + version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, + validate: { + request: { + params: buildRouteValidationWithZod(AttackDiscoveryCancelRequestParams), + }, + response: { + 200: { + body: { custom: buildRouteValidationWithZod(AttackDiscoveryCancelResponse) }, + }, + }, + }, + }, + async ( + context, + request, + response + ): Promise> => { + const resp = buildResponse(response); + const assistantContext = await context.elasticAssistant; + const logger: Logger = assistantContext.logger; + try { + const dataClient = await assistantContext.getAttackDiscoveryDataClient(); + + const authenticatedUser = assistantContext.getCurrentUser(); + const connectorId = decodeURIComponent(request.params.connectorId); + if (authenticatedUser == null) { + return resp.error({ + body: `Authenticated user not found`, + statusCode: 401, + }); + } + if (!dataClient) { + return resp.error({ + body: `Attack discovery data client not initialized`, + statusCode: 500, + }); + } + const attackDiscovery = await updateAttackDiscoveryStatusToCanceled( + dataClient, + authenticatedUser, + connectorId + ); + + return response.ok({ + body: attackDiscovery, + }); + } catch (err) { + logger.error(err); + const error = transformError(err); + + return resp.error({ + body: { success: false, error: error.message }, + statusCode: error.statusCode, + }); + } + } + ); +}; diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.test.ts new file mode 100644 index 0000000000000..ad5d3c4bb8d1b --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.test.ts @@ -0,0 +1,116 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getAttackDiscoveryRoute } from './get_attack_discovery'; + +import { AuthenticatedUser } from '@kbn/core-security-common'; +import { serverMock } from '../../__mocks__/server'; +import { requestContextMock } from '../../__mocks__/request_context'; +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery'; +import { transformESSearchToAttackDiscovery } from '../../ai_assistant_data_clients/attack_discovery/transforms'; +import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock'; +import { getAttackDiscoveryRequest } from '../../__mocks__/request'; +jest.mock('./helpers'); + +const { clients, context } = requestContextMock.createTools(); +const server: ReturnType = serverMock.create(); +clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient(); + +const mockUser = { + username: 'my_username', + authentication_realm: { + type: 'my_realm_type', + name: 'my_realm_name', + }, +} as AuthenticatedUser; +const findAttackDiscoveryByConnectorId = jest.fn(); +const mockDataClient = { + findAttackDiscoveryByConnectorId, + updateAttackDiscovery: jest.fn(), + createAttackDiscovery: jest.fn(), + getAttackDiscovery: jest.fn(), +} as unknown as AttackDiscoveryDataClient; +const mockCurrentAd = transformESSearchToAttackDiscovery(getAttackDiscoverySearchEsMock())[0]; +describe('getAttackDiscoveryRoute', () => { + beforeEach(() => { + jest.clearAllMocks(); + context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser); + context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(mockDataClient); + + getAttackDiscoveryRoute(server.router); + findAttackDiscoveryByConnectorId.mockResolvedValue(mockCurrentAd); + }); + + it('should handle successful request', async () => { + const response = await server.inject( + getAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + expect(response.status).toEqual(200); + expect(response.body).toEqual({ + data: mockCurrentAd, + entryExists: true, + }); + }); + + it('should handle missing authenticated user', async () => { + context.elasticAssistant.getCurrentUser.mockReturnValue(null); + const response = await server.inject( + getAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + + expect(response.status).toEqual(401); + expect(response.body).toEqual({ + message: 'Authenticated user not found', + status_code: 401, + }); + }); + + it('should handle missing data client', async () => { + context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(null); + const response = await server.inject( + getAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + + expect(response.status).toEqual(500); + expect(response.body).toEqual({ + message: 'Attack discovery data client not initialized', + status_code: 500, + }); + }); + + it('should handle findAttackDiscoveryByConnectorId null response', async () => { + findAttackDiscoveryByConnectorId.mockResolvedValue(null); + const response = await server.inject( + getAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + expect(response.status).toEqual(200); + expect(response.body).toEqual({ + entryExists: false, + }); + }); + + it('should handle findAttackDiscoveryByConnectorId error', async () => { + findAttackDiscoveryByConnectorId.mockRejectedValue(new Error('Oh no!')); + const response = await server.inject( + getAttackDiscoveryRequest('connector-id'), + requestContextMock.convertContext(context) + ); + expect(response.status).toEqual(500); + expect(response.body).toEqual({ + message: { + error: 'Oh no!', + success: false, + }, + status_code: 500, + }); + }); +}); diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.ts new file mode 100644 index 0000000000000..6f3a46130357b --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/get_attack_discovery.ts @@ -0,0 +1,92 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { buildRouteValidationWithZod } from '@kbn/elastic-assistant-common/impl/schemas/common'; +import { type IKibanaResponse, IRouter, Logger } from '@kbn/core/server'; +import { + AttackDiscoveryGetResponse, + ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, + AttackDiscoveryGetRequestParams, +} from '@kbn/elastic-assistant-common'; +import { transformError } from '@kbn/securitysolution-es-utils'; + +import { ATTACK_DISCOVERY_BY_CONNECTOR_ID } from '../../../common/constants'; +import { buildResponse } from '../../lib/build_response'; +import { ElasticAssistantRequestHandlerContext } from '../../types'; + +export const getAttackDiscoveryRoute = (router: IRouter) => { + router.versioned + .get({ + access: 'internal', + path: ATTACK_DISCOVERY_BY_CONNECTOR_ID, + options: { + tags: ['access:elasticAssistant'], + }, + }) + .addVersion( + { + version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, + validate: { + request: { + params: buildRouteValidationWithZod(AttackDiscoveryGetRequestParams), + }, + response: { + 200: { + body: { custom: buildRouteValidationWithZod(AttackDiscoveryGetResponse) }, + }, + }, + }, + }, + async (context, request, response): Promise> => { + const resp = buildResponse(response); + const assistantContext = await context.elasticAssistant; + const logger: Logger = assistantContext.logger; + try { + const dataClient = await assistantContext.getAttackDiscoveryDataClient(); + + const authenticatedUser = assistantContext.getCurrentUser(); + const connectorId = decodeURIComponent(request.params.connectorId); + if (authenticatedUser == null) { + return resp.error({ + body: `Authenticated user not found`, + statusCode: 401, + }); + } + if (!dataClient) { + return resp.error({ + body: `Attack discovery data client not initialized`, + statusCode: 500, + }); + } + const attackDiscovery = await dataClient.findAttackDiscoveryByConnectorId({ + connectorId, + authenticatedUser, + }); + + return response.ok({ + body: + attackDiscovery != null + ? { + data: attackDiscovery, + entryExists: true, + } + : { + entryExists: false, + }, + }); + } catch (err) { + logger.error(err); + const error = transformError(err); + + return resp.error({ + body: { success: false, error: error.message }, + statusCode: error.statusCode, + }); + } + } + ); +}; diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts new file mode 100644 index 0000000000000..7f4baec88e60e --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.test.ts @@ -0,0 +1,602 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AuthenticatedUser } from '@kbn/core-security-common'; +import moment from 'moment'; +import { + REQUIRED_FOR_ATTACK_DISCOVERY, + addGenerationInterval, + attackDiscoveryStatus, + getAssistantToolParams, + handleToolError, + updateAttackDiscoveryStatusToCanceled, + updateAttackDiscoveryStatusToRunning, + updateAttackDiscoveries, +} from './helpers'; +import { ActionsClientLlm } from '@kbn/langchain/server'; +import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery'; +import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants'; +import type { PluginStartContract as ActionsPluginStart } from '@kbn/actions-plugin/server'; +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import { loggerMock } from '@kbn/logging-mocks'; +import { KibanaRequest } from '@kbn/core-http-server'; +import { + AttackDiscoveryPostRequestBody, + ExecuteConnectorRequestBody, +} from '@kbn/elastic-assistant-common'; +import { coreMock } from '@kbn/core/server/mocks'; +import { transformESSearchToAttackDiscovery } from '../../ai_assistant_data_clients/attack_discovery/transforms'; +import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock'; +import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks'; + +import { + getAnonymizationFieldMock, + getUpdateAnonymizationFieldSchemaMock, +} from '../../__mocks__/anonymization_fields_schema.mock'; + +jest.mock('lodash/fp', () => ({ + uniq: jest.fn((arr) => Array.from(new Set(arr))), +})); + +jest.mock('@kbn/securitysolution-es-utils', () => ({ + transformError: jest.fn((err) => err), +})); +jest.mock('@kbn/langchain/server', () => ({ + ActionsClientLlm: jest.fn(), +})); +jest.mock('../evaluate/utils', () => ({ + getLangSmithTracer: jest.fn().mockReturnValue([]), +})); +jest.mock('../utils', () => ({ + getLlmType: jest.fn().mockReturnValue('llm-type'), +})); +const findAttackDiscoveryByConnectorId = jest.fn(); +const updateAttackDiscovery = jest.fn(); +const createAttackDiscovery = jest.fn(); +const getAttackDiscovery = jest.fn(); +const mockDataClient = { + findAttackDiscoveryByConnectorId, + updateAttackDiscovery, + createAttackDiscovery, + getAttackDiscovery, +} as unknown as AttackDiscoveryDataClient; +const mockEsClient = elasticsearchServiceMock.createElasticsearchClient(); +const mockLogger = loggerMock.create(); +const mockTelemetry = coreMock.createSetup().analytics; +const mockError = new Error('Test error'); + +const mockAuthenticatedUser = { + username: 'user', + profile_uid: '1234', + authentication_realm: { + type: 'my_realm_type', + name: 'my_realm_name', + }, +} as AuthenticatedUser; + +const mockApiConfig = { + connectorId: 'connector-id', + actionTypeId: '.bedrock', + model: 'model', + provider: OpenAiProviderType.OpenAi, +}; + +const mockCurrentAd = transformESSearchToAttackDiscovery(getAttackDiscoverySearchEsMock())[0]; + +const mockActions: ActionsPluginStart = {} as ActionsPluginStart; +// eslint-disable-next-line @typescript-eslint/no-explicit-any +const mockRequest: KibanaRequest = {} as unknown as KibanaRequest< + unknown, + unknown, + any, // eslint-disable-line @typescript-eslint/no-explicit-any + any // eslint-disable-line @typescript-eslint/no-explicit-any +>; + +describe('helpers', () => { + const date = '2024-03-28T22:27:28.000Z'; + beforeAll(() => { + jest.useFakeTimers(); + }); + + afterAll(() => { + jest.useRealTimers(); + }); + beforeEach(() => { + jest.clearAllMocks(); + jest.setSystemTime(new Date(date)); + getAttackDiscovery.mockResolvedValue(mockCurrentAd); + updateAttackDiscovery.mockResolvedValue({}); + }); + describe('getAssistantToolParams', () => { + const alertsIndexPattern = '.alerts-security.alerts-default'; + const esClient = elasticsearchClientMock.createElasticsearchClient(); + const langChainTimeout = 1000; + const latestReplacements = {}; + const llm = new ActionsClientLlm({ + actions: mockActions, + connectorId: 'test-connecter-id', + llmType: 'bedrock', + logger: mockLogger, + request: mockRequest, + temperature: 0, + timeout: 580000, + }); + const onNewReplacements = jest.fn(); + const size = 20; + + const mockParams = { + actions: {} as unknown as ActionsPluginStart, + alertsIndexPattern: 'alerts-*', + anonymizationFields: [{ id: '1', field: 'field1', allowed: true, anonymized: true }], + apiConfig: mockApiConfig, + esClient: mockEsClient, + connectorTimeout: 1000, + langChainTimeout: 2000, + langSmithProject: 'project', + langSmithApiKey: 'api-key', + logger: mockLogger, + latestReplacements: {}, + onNewReplacements: jest.fn(), + request: {} as KibanaRequest< + unknown, + unknown, + ExecuteConnectorRequestBody | AttackDiscoveryPostRequestBody + >, + size: 10, + }; + + it('should return formatted assistant tool params', () => { + const result = getAssistantToolParams(mockParams); + + expect(ActionsClientLlm).toHaveBeenCalledWith( + expect.objectContaining({ + connectorId: 'connector-id', + llmType: 'llm-type', + }) + ); + expect(result.anonymizationFields).toEqual([ + ...mockParams.anonymizationFields, + ...REQUIRED_FOR_ATTACK_DISCOVERY, + ]); + }); + + it('returns the expected AssistantToolParams when anonymizationFields are provided', () => { + const anonymizationFields = [ + getAnonymizationFieldMock(getUpdateAnonymizationFieldSchemaMock()), + ]; + + const result = getAssistantToolParams({ + actions: mockParams.actions, + alertsIndexPattern, + apiConfig: mockApiConfig, + anonymizationFields, + connectorTimeout: 1000, + latestReplacements, + esClient, + langChainTimeout, + logger: mockLogger, + onNewReplacements, + request: mockRequest, + size, + }); + + expect(result).toEqual({ + alertsIndexPattern, + anonymizationFields: [...anonymizationFields, ...REQUIRED_FOR_ATTACK_DISCOVERY], + isEnabledKnowledgeBase: false, + chain: undefined, + esClient, + langChainTimeout, + llm, + logger: mockLogger, + modelExists: false, + onNewReplacements, + replacements: latestReplacements, + request: mockRequest, + size, + }); + }); + + it('returns the expected AssistantToolParams when anonymizationFields is undefined', () => { + const anonymizationFields = undefined; + + const result = getAssistantToolParams({ + actions: mockParams.actions, + alertsIndexPattern, + apiConfig: mockApiConfig, + anonymizationFields, + connectorTimeout: 1000, + latestReplacements, + esClient, + langChainTimeout, + logger: mockLogger, + onNewReplacements, + request: mockRequest, + size, + }); + + expect(result).toEqual({ + alertsIndexPattern, + anonymizationFields: [...REQUIRED_FOR_ATTACK_DISCOVERY], + isEnabledKnowledgeBase: false, + chain: undefined, + esClient, + langChainTimeout, + llm, + logger: mockLogger, + modelExists: false, + onNewReplacements, + replacements: latestReplacements, + request: mockRequest, + size, + }); + }); + + describe('addGenerationInterval', () => { + const generationInterval = { date: '2024-01-01T00:00:00Z', durationMs: 1000 }; + const existingIntervals = [ + { date: '2024-01-02T00:00:00Z', durationMs: 2000 }, + { date: '2024-01-03T00:00:00Z', durationMs: 3000 }, + ]; + + it('should add new interval and maintain length within MAX_GENERATION_INTERVALS', () => { + const result = addGenerationInterval(existingIntervals, generationInterval); + expect(result.length).toBeLessThanOrEqual(5); + expect(result).toContain(generationInterval); + }); + + it('should remove the oldest interval if exceeding MAX_GENERATION_INTERVALS', () => { + const longExistingIntervals = [...Array(5)].map((_, i) => ({ + date: `2024-01-0${i + 2}T00:00:00Z`, + durationMs: (i + 2) * 1000, + })); + const result = addGenerationInterval(longExistingIntervals, generationInterval); + expect(result.length).toBe(5); + expect(result).not.toContain(longExistingIntervals[4]); + }); + }); + + describe('updateAttackDiscoveryStatusToRunning', () => { + it('should update existing attack discovery to running', async () => { + const existingAd = { id: 'existing-id', backingIndex: 'index' }; + findAttackDiscoveryByConnectorId.mockResolvedValue(existingAd); + updateAttackDiscovery.mockResolvedValue(existingAd); + + const result = await updateAttackDiscoveryStatusToRunning( + mockDataClient, + mockAuthenticatedUser, + mockApiConfig + ); + + expect(findAttackDiscoveryByConnectorId).toHaveBeenCalledWith({ + connectorId: mockApiConfig.connectorId, + authenticatedUser: mockAuthenticatedUser, + }); + expect(updateAttackDiscovery).toHaveBeenCalledWith({ + attackDiscoveryUpdateProps: expect.objectContaining({ + status: attackDiscoveryStatus.running, + }), + authenticatedUser: mockAuthenticatedUser, + }); + expect(result).toEqual({ attackDiscoveryId: existingAd.id, currentAd: existingAd }); + }); + + it('should create a new attack discovery if none exists', async () => { + const newAd = { id: 'new-id', backingIndex: 'index' }; + findAttackDiscoveryByConnectorId.mockResolvedValue(null); + createAttackDiscovery.mockResolvedValue(newAd); + + const result = await updateAttackDiscoveryStatusToRunning( + mockDataClient, + mockAuthenticatedUser, + mockApiConfig + ); + + expect(createAttackDiscovery).toHaveBeenCalledWith({ + attackDiscoveryCreate: expect.objectContaining({ + status: attackDiscoveryStatus.running, + }), + authenticatedUser: mockAuthenticatedUser, + }); + expect(result).toEqual({ attackDiscoveryId: newAd.id, currentAd: newAd }); + }); + + it('should throw an error if updating or creating attack discovery fails', async () => { + findAttackDiscoveryByConnectorId.mockResolvedValue(null); + createAttackDiscovery.mockResolvedValue(null); + + await expect( + updateAttackDiscoveryStatusToRunning(mockDataClient, mockAuthenticatedUser, mockApiConfig) + ).rejects.toThrow('Could not create attack discovery for connectorId: connector-id'); + }); + }); + + describe('updateAttackDiscoveryStatusToCanceled', () => { + const existingAd = { + id: 'existing-id', + backingIndex: 'index', + status: attackDiscoveryStatus.running, + }; + it('should update existing attack discovery to canceled', async () => { + findAttackDiscoveryByConnectorId.mockResolvedValue(existingAd); + updateAttackDiscovery.mockResolvedValue(existingAd); + + const result = await updateAttackDiscoveryStatusToCanceled( + mockDataClient, + mockAuthenticatedUser, + mockApiConfig.connectorId + ); + + expect(findAttackDiscoveryByConnectorId).toHaveBeenCalledWith({ + connectorId: mockApiConfig.connectorId, + authenticatedUser: mockAuthenticatedUser, + }); + expect(updateAttackDiscovery).toHaveBeenCalledWith({ + attackDiscoveryUpdateProps: expect.objectContaining({ + status: attackDiscoveryStatus.canceled, + }), + authenticatedUser: mockAuthenticatedUser, + }); + expect(result).toEqual(existingAd); + }); + + it('should throw an error if attack discovery is not running', async () => { + findAttackDiscoveryByConnectorId.mockResolvedValue({ + ...existingAd, + status: attackDiscoveryStatus.succeeded, + }); + await expect( + updateAttackDiscoveryStatusToCanceled( + mockDataClient, + mockAuthenticatedUser, + mockApiConfig.connectorId + ) + ).rejects.toThrow( + 'Connector id connector-id does not have a running attack discovery, and therefore cannot be canceled.' + ); + }); + + it('should throw an error if attack discovery does not exist', async () => { + findAttackDiscoveryByConnectorId.mockResolvedValue(null); + await expect( + updateAttackDiscoveryStatusToCanceled( + mockDataClient, + mockAuthenticatedUser, + mockApiConfig.connectorId + ) + ).rejects.toThrow('Could not find attack discovery for connector id: connector-id'); + }); + it('should throw error if updateAttackDiscovery returns null', async () => { + findAttackDiscoveryByConnectorId.mockResolvedValue(existingAd); + updateAttackDiscovery.mockResolvedValue(null); + + await expect( + updateAttackDiscoveryStatusToCanceled( + mockDataClient, + mockAuthenticatedUser, + mockApiConfig.connectorId + ) + ).rejects.toThrow('Could not update attack discovery for connector id: connector-id'); + }); + }); + + describe('updateAttackDiscoveries', () => { + const mockAttackDiscoveryId = 'attack-discovery-id'; + const mockLatestReplacements = {}; + const mockRawAttackDiscoveries = JSON.stringify({ + alertsContextCount: 5, + attackDiscoveries: [{ alertIds: ['alert-1', 'alert-2'] }, { alertIds: ['alert-3'] }], + }); + const mockSize = 10; + const mockStartTime = moment('2024-03-28T22:25:28.000Z'); + + const mockArgs = { + apiConfig: mockApiConfig, + attackDiscoveryId: mockAttackDiscoveryId, + authenticatedUser: mockAuthenticatedUser, + dataClient: mockDataClient, + latestReplacements: mockLatestReplacements, + logger: mockLogger, + rawAttackDiscoveries: mockRawAttackDiscoveries, + size: mockSize, + startTime: mockStartTime, + telemetry: mockTelemetry, + }; + + it('should update attack discoveries and report success telemetry', async () => { + await updateAttackDiscoveries(mockArgs); + + expect(updateAttackDiscovery).toHaveBeenCalledWith({ + attackDiscoveryUpdateProps: { + alertsContextCount: 5, + attackDiscoveries: [{ alertIds: ['alert-1', 'alert-2'] }, { alertIds: ['alert-3'] }], + status: attackDiscoveryStatus.succeeded, + id: mockAttackDiscoveryId, + replacements: mockLatestReplacements, + backingIndex: mockCurrentAd.backingIndex, + generationIntervals: [ + { date, durationMs: 120000 }, + ...mockCurrentAd.generationIntervals, + ], + }, + authenticatedUser: mockAuthenticatedUser, + }); + + expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_success', { + actionTypeId: mockApiConfig.actionTypeId, + alertsContextCount: 5, + alertsCount: 3, + configuredAlertsCount: mockSize, + discoveriesGenerated: 2, + durationMs: 120000, + model: mockApiConfig.model, + provider: mockApiConfig.provider, + }); + }); + + it('should update attack discoveries without generation interval if no discoveries are found', async () => { + const noDiscoveriesRaw = JSON.stringify({ + alertsContextCount: 0, + attackDiscoveries: [], + }); + + await updateAttackDiscoveries({ + ...mockArgs, + rawAttackDiscoveries: noDiscoveriesRaw, + }); + + expect(updateAttackDiscovery).toHaveBeenCalledWith({ + attackDiscoveryUpdateProps: { + alertsContextCount: 0, + attackDiscoveries: [], + status: attackDiscoveryStatus.succeeded, + id: mockAttackDiscoveryId, + replacements: mockLatestReplacements, + backingIndex: mockCurrentAd.backingIndex, + }, + authenticatedUser: mockAuthenticatedUser, + }); + + expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_success', { + actionTypeId: mockApiConfig.actionTypeId, + alertsContextCount: 0, + alertsCount: 0, + configuredAlertsCount: mockSize, + discoveriesGenerated: 0, + durationMs: 120000, + model: mockApiConfig.model, + provider: mockApiConfig.provider, + }); + }); + + it('should catch and log an error if raw attack discoveries is null', async () => { + await updateAttackDiscoveries({ + ...mockArgs, + rawAttackDiscoveries: null, + }); + expect(mockLogger.error).toHaveBeenCalledTimes(1); + expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', { + actionTypeId: mockArgs.apiConfig.actionTypeId, + errorMessage: 'tool returned no attack discoveries', + model: mockArgs.apiConfig.model, + provider: mockArgs.apiConfig.provider, + }); + }); + + it('should return and not call updateAttackDiscovery when getAttackDiscovery returns a canceled response', async () => { + getAttackDiscovery.mockResolvedValue({ + ...mockCurrentAd, + status: attackDiscoveryStatus.canceled, + }); + await updateAttackDiscoveries(mockArgs); + + expect(mockLogger.error).not.toHaveBeenCalled(); + expect(updateAttackDiscovery).not.toHaveBeenCalled(); + }); + + it('should log the error and report telemetry when getAttackDiscovery rejects', async () => { + getAttackDiscovery.mockRejectedValue(mockError); + await updateAttackDiscoveries(mockArgs); + + expect(mockLogger.error).toHaveBeenCalledWith(mockError); + expect(updateAttackDiscovery).not.toHaveBeenCalled(); + expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', { + actionTypeId: mockArgs.apiConfig.actionTypeId, + errorMessage: mockError.message, + model: mockArgs.apiConfig.model, + provider: mockArgs.apiConfig.provider, + }); + }); + }); + + describe('handleToolError', () => { + const mockArgs = { + apiConfig: mockApiConfig, + attackDiscoveryId: 'discovery-id', + authenticatedUser: mockAuthenticatedUser, + backingIndex: 'backing-index', + dataClient: mockDataClient, + err: mockError, + latestReplacements: {}, + logger: mockLogger, + telemetry: mockTelemetry, + }; + + it('should log the error and update attack discovery status to failed', async () => { + await handleToolError(mockArgs); + + expect(mockLogger.error).toHaveBeenCalledWith(mockError); + expect(updateAttackDiscovery).toHaveBeenCalledWith({ + attackDiscoveryUpdateProps: { + status: attackDiscoveryStatus.failed, + attackDiscoveries: [], + backingIndex: 'foo', + failureReason: 'Test error', + id: 'discovery-id', + replacements: {}, + }, + authenticatedUser: mockArgs.authenticatedUser, + }); + expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', { + actionTypeId: mockArgs.apiConfig.actionTypeId, + errorMessage: mockError.message, + model: mockArgs.apiConfig.model, + provider: mockArgs.apiConfig.provider, + }); + }); + + it('should log the error and report telemetry when updateAttackDiscovery rejects', async () => { + updateAttackDiscovery.mockRejectedValue(mockError); + await handleToolError(mockArgs); + + expect(mockLogger.error).toHaveBeenCalledWith(mockError); + expect(updateAttackDiscovery).toHaveBeenCalledWith({ + attackDiscoveryUpdateProps: { + status: attackDiscoveryStatus.failed, + attackDiscoveries: [], + backingIndex: 'foo', + failureReason: 'Test error', + id: 'discovery-id', + replacements: {}, + }, + authenticatedUser: mockArgs.authenticatedUser, + }); + expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', { + actionTypeId: mockArgs.apiConfig.actionTypeId, + errorMessage: mockError.message, + model: mockArgs.apiConfig.model, + provider: mockArgs.apiConfig.provider, + }); + }); + + it('should return and not call updateAttackDiscovery when getAttackDiscovery returns a canceled response', async () => { + getAttackDiscovery.mockResolvedValue({ + ...mockCurrentAd, + status: attackDiscoveryStatus.canceled, + }); + await handleToolError(mockArgs); + + expect(mockTelemetry.reportEvent).not.toHaveBeenCalled(); + expect(updateAttackDiscovery).not.toHaveBeenCalled(); + }); + + it('should log the error and report telemetry when getAttackDiscovery rejects', async () => { + getAttackDiscovery.mockRejectedValue(mockError); + await handleToolError(mockArgs); + + expect(mockLogger.error).toHaveBeenCalledWith(mockError); + expect(updateAttackDiscovery).not.toHaveBeenCalled(); + expect(mockTelemetry.reportEvent).toHaveBeenCalledWith('attack_discovery_error', { + actionTypeId: mockArgs.apiConfig.actionTypeId, + errorMessage: mockError.message, + model: mockArgs.apiConfig.model, + provider: mockArgs.apiConfig.provider, + }); + }); + }); + }); +}); diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts index 4f916be8105d4..9dca7ee46cbda 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/helpers.ts @@ -5,19 +5,36 @@ * 2.0. */ -import { KibanaRequest } from '@kbn/core/server'; -import { Logger } from '@kbn/logging'; +import { AnalyticsServiceSetup, AuthenticatedUser, KibanaRequest, Logger } from '@kbn/core/server'; import { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; import { + ApiConfig, + AttackDiscovery, AttackDiscoveryPostRequestBody, + AttackDiscoveryResponse, + AttackDiscoveryStatus, ExecuteConnectorRequestBody, + GenerationInterval, Replacements, } from '@kbn/elastic-assistant-common'; import { AnonymizationFieldResponse } from '@kbn/elastic-assistant-common/impl/schemas/anonymization_fields/bulk_crud_anonymization_fields_route.gen'; import { v4 as uuidv4 } from 'uuid'; import { ActionsClientLlm } from '@kbn/langchain/server'; +import { Moment } from 'moment'; +import { transformError } from '@kbn/securitysolution-es-utils'; +import type { PluginStartContract as ActionsPluginStart } from '@kbn/actions-plugin/server'; +import moment from 'moment/moment'; +import { uniq } from 'lodash/fp'; +import { getLangSmithTracer } from '../evaluate/utils'; +import { getLlmType } from '../utils'; +import type { GetRegisteredTools } from '../../services/app_context'; +import { + ATTACK_DISCOVERY_ERROR_EVENT, + ATTACK_DISCOVERY_SUCCESS_EVENT, +} from '../../lib/telemetry/event_based_telemetry'; import { AssistantToolParams } from '../../types'; +import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery'; export const REQUIRED_FOR_ATTACK_DISCOVERY: AnonymizationFieldResponse[] = [ { @@ -35,6 +52,77 @@ export const REQUIRED_FOR_ATTACK_DISCOVERY: AnonymizationFieldResponse[] = [ ]; export const getAssistantToolParams = ({ + actions, + alertsIndexPattern, + anonymizationFields, + apiConfig, + esClient, + connectorTimeout, + langChainTimeout, + langSmithProject, + langSmithApiKey, + logger, + latestReplacements, + onNewReplacements, + request, + size, +}: { + actions: ActionsPluginStart; + alertsIndexPattern: string; + anonymizationFields?: AnonymizationFieldResponse[]; + apiConfig: ApiConfig; + esClient: ElasticsearchClient; + connectorTimeout: number; + langChainTimeout: number; + langSmithProject?: string; + langSmithApiKey?: string; + logger: Logger; + latestReplacements: Replacements; + onNewReplacements: (newReplacements: Replacements) => void; + request: KibanaRequest< + unknown, + unknown, + ExecuteConnectorRequestBody | AttackDiscoveryPostRequestBody + >; + size: number; +}) => { + const traceOptions = { + projectName: langSmithProject, + tracers: [ + ...getLangSmithTracer({ + apiKey: langSmithApiKey, + projectName: langSmithProject, + logger, + }), + ], + }; + + const llm = new ActionsClientLlm({ + actions, + connectorId: apiConfig.connectorId, + llmType: getLlmType(apiConfig.actionTypeId), + logger, + request, + temperature: 0, // zero temperature for attack discovery, because we want structured JSON output + timeout: connectorTimeout, + traceOptions, + }); + + return formatAssistantToolParams({ + alertsIndexPattern, + anonymizationFields, + esClient, + latestReplacements, + langChainTimeout, + llm, + logger, + onNewReplacements, + request, + size, + }); +}; + +const formatAssistantToolParams = ({ alertsIndexPattern, anonymizationFields, esClient, @@ -75,3 +163,254 @@ export const getAssistantToolParams = ({ request, size, }); + +export const attackDiscoveryStatus: { [k: string]: AttackDiscoveryStatus } = { + canceled: 'canceled', + failed: 'failed', + running: 'running', + succeeded: 'succeeded', +}; +const MAX_GENERATION_INTERVALS = 5; + +export const addGenerationInterval = ( + generationIntervals: GenerationInterval[], + generationInterval: GenerationInterval +): GenerationInterval[] => { + const newGenerationIntervals = [generationInterval, ...generationIntervals]; + + if (newGenerationIntervals.length > MAX_GENERATION_INTERVALS) { + return newGenerationIntervals.slice(0, MAX_GENERATION_INTERVALS); // Return the first MAX_GENERATION_INTERVALS items + } + + return newGenerationIntervals; +}; + +export const updateAttackDiscoveryStatusToRunning = async ( + dataClient: AttackDiscoveryDataClient, + authenticatedUser: AuthenticatedUser, + apiConfig: ApiConfig +): Promise<{ + currentAd: AttackDiscoveryResponse; + attackDiscoveryId: string; +}> => { + const foundAttackDiscovery = await dataClient?.findAttackDiscoveryByConnectorId({ + connectorId: apiConfig.connectorId, + authenticatedUser, + }); + const currentAd = foundAttackDiscovery + ? await dataClient?.updateAttackDiscovery({ + attackDiscoveryUpdateProps: { + backingIndex: foundAttackDiscovery.backingIndex, + id: foundAttackDiscovery.id, + status: attackDiscoveryStatus.running, + }, + authenticatedUser, + }) + : await dataClient?.createAttackDiscovery({ + attackDiscoveryCreate: { + apiConfig, + attackDiscoveries: [], + status: attackDiscoveryStatus.running, + }, + authenticatedUser, + }); + + if (!currentAd) { + throw new Error( + `Could not ${foundAttackDiscovery ? 'update' : 'create'} attack discovery for connectorId: ${ + apiConfig.connectorId + }` + ); + } + + return { + attackDiscoveryId: currentAd.id, + currentAd, + }; +}; + +export const updateAttackDiscoveryStatusToCanceled = async ( + dataClient: AttackDiscoveryDataClient, + authenticatedUser: AuthenticatedUser, + connectorId: string +): Promise => { + const foundAttackDiscovery = await dataClient?.findAttackDiscoveryByConnectorId({ + connectorId, + authenticatedUser, + }); + if (foundAttackDiscovery == null) { + throw new Error(`Could not find attack discovery for connector id: ${connectorId}`); + } + if (foundAttackDiscovery.status !== 'running') { + throw new Error( + `Connector id ${connectorId} does not have a running attack discovery, and therefore cannot be canceled.` + ); + } + const updatedAttackDiscovery = await dataClient?.updateAttackDiscovery({ + attackDiscoveryUpdateProps: { + backingIndex: foundAttackDiscovery.backingIndex, + id: foundAttackDiscovery.id, + status: attackDiscoveryStatus.canceled, + }, + authenticatedUser, + }); + + if (!updatedAttackDiscovery) { + throw new Error(`Could not update attack discovery for connector id: ${connectorId}`); + } + + return updatedAttackDiscovery; +}; + +const getDataFromJSON = (adStringified: string) => { + const { alertsContextCount, attackDiscoveries } = JSON.parse(adStringified); + return { alertsContextCount, attackDiscoveries }; +}; + +export const updateAttackDiscoveries = async ({ + apiConfig, + attackDiscoveryId, + authenticatedUser, + dataClient, + latestReplacements, + logger, + rawAttackDiscoveries, + size, + startTime, + telemetry, +}: { + apiConfig: ApiConfig; + attackDiscoveryId: string; + authenticatedUser: AuthenticatedUser; + dataClient: AttackDiscoveryDataClient; + latestReplacements: Replacements; + logger: Logger; + rawAttackDiscoveries: string | null; + size: number; + startTime: Moment; + telemetry: AnalyticsServiceSetup; +}) => { + try { + if (rawAttackDiscoveries == null) { + throw new Error('tool returned no attack discoveries'); + } + const currentAd = await dataClient.getAttackDiscovery({ + id: attackDiscoveryId, + authenticatedUser, + }); + if (currentAd === null || currentAd?.status === 'canceled') { + return; + } + const endTime = moment(); + const durationMs = endTime.diff(startTime); + const { alertsContextCount, attackDiscoveries } = getDataFromJSON(rawAttackDiscoveries); + const updateProps = { + alertsContextCount, + attackDiscoveries, + status: attackDiscoveryStatus.succeeded, + ...(alertsContextCount === 0 || attackDiscoveries === 0 + ? {} + : { + generationIntervals: addGenerationInterval(currentAd.generationIntervals, { + durationMs, + date: new Date().toISOString(), + }), + }), + id: attackDiscoveryId, + replacements: latestReplacements, + backingIndex: currentAd.backingIndex, + }; + + await dataClient.updateAttackDiscovery({ + attackDiscoveryUpdateProps: updateProps, + authenticatedUser, + }); + telemetry.reportEvent(ATTACK_DISCOVERY_SUCCESS_EVENT.eventType, { + actionTypeId: apiConfig.actionTypeId, + alertsContextCount: updateProps.alertsContextCount, + alertsCount: uniq( + updateProps.attackDiscoveries.flatMap( + (attackDiscovery: AttackDiscovery) => attackDiscovery.alertIds + ) + ).length, + configuredAlertsCount: size, + discoveriesGenerated: updateProps.attackDiscoveries.length, + durationMs, + model: apiConfig.model, + provider: apiConfig.provider, + }); + } catch (updateErr) { + logger.error(updateErr); + const updateError = transformError(updateErr); + telemetry.reportEvent(ATTACK_DISCOVERY_ERROR_EVENT.eventType, { + actionTypeId: apiConfig.actionTypeId, + errorMessage: updateError.message, + model: apiConfig.model, + provider: apiConfig.provider, + }); + } +}; + +export const handleToolError = async ({ + apiConfig, + attackDiscoveryId, + authenticatedUser, + dataClient, + err, + latestReplacements, + logger, + telemetry, +}: { + apiConfig: ApiConfig; + attackDiscoveryId: string; + authenticatedUser: AuthenticatedUser; + dataClient: AttackDiscoveryDataClient; + err: Error; + latestReplacements: Replacements; + logger: Logger; + telemetry: AnalyticsServiceSetup; +}) => { + try { + logger.error(err); + const error = transformError(err); + const currentAd = await dataClient.getAttackDiscovery({ + id: attackDiscoveryId, + authenticatedUser, + }); + + if (currentAd === null || currentAd?.status === 'canceled') { + return; + } + await dataClient.updateAttackDiscovery({ + attackDiscoveryUpdateProps: { + attackDiscoveries: [], + status: attackDiscoveryStatus.failed, + id: attackDiscoveryId, + replacements: latestReplacements, + backingIndex: currentAd.backingIndex, + failureReason: error.message, + }, + authenticatedUser, + }); + telemetry.reportEvent(ATTACK_DISCOVERY_ERROR_EVENT.eventType, { + actionTypeId: apiConfig.actionTypeId, + errorMessage: error.message, + model: apiConfig.model, + provider: apiConfig.provider, + }); + } catch (updateErr) { + const updateError = transformError(updateErr); + telemetry.reportEvent(ATTACK_DISCOVERY_ERROR_EVENT.eventType, { + actionTypeId: apiConfig.actionTypeId, + errorMessage: updateError.message, + model: apiConfig.model, + provider: apiConfig.provider, + }); + } +}; + +export const getAssistantTool = (getRegisteredTools: GetRegisteredTools, pluginName: string) => { + // get the attack discovery tool: + const assistantTools = getRegisteredTools(pluginName); + return assistantTools.find((tool) => tool.id === 'attack-discovery'); +}; diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.test.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.test.ts new file mode 100644 index 0000000000000..9ecfb5c2af333 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.test.ts @@ -0,0 +1,142 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AuthenticatedUser } from '@kbn/core-security-common'; +import { postAttackDiscoveryRoute } from './post_attack_discovery'; +import { serverMock } from '../../__mocks__/server'; +import { requestContextMock } from '../../__mocks__/request_context'; +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; +import { AttackDiscoveryDataClient } from '../../ai_assistant_data_clients/attack_discovery'; +import { transformESSearchToAttackDiscovery } from '../../ai_assistant_data_clients/attack_discovery/transforms'; +import { getAttackDiscoverySearchEsMock } from '../../__mocks__/attack_discovery_schema.mock'; +import { postAttackDiscoveryRequest } from '../../__mocks__/request'; +import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/common/openai/constants'; +import { AttackDiscoveryPostRequestBody } from '@kbn/elastic-assistant-common'; +import { + getAssistantTool, + getAssistantToolParams, + updateAttackDiscoveryStatusToRunning, +} from './helpers'; +jest.mock('./helpers'); + +const { clients, context } = requestContextMock.createTools(); +const server: ReturnType = serverMock.create(); +clients.core.elasticsearch.client = elasticsearchServiceMock.createScopedClusterClient(); + +const mockUser = { + username: 'my_username', + authentication_realm: { + type: 'my_realm_type', + name: 'my_realm_name', + }, +} as AuthenticatedUser; +const findAttackDiscoveryByConnectorId = jest.fn(); +const mockDataClient = { + findAttackDiscoveryByConnectorId, + updateAttackDiscovery: jest.fn(), + createAttackDiscovery: jest.fn(), + getAttackDiscovery: jest.fn(), +} as unknown as AttackDiscoveryDataClient; +const mockApiConfig = { + connectorId: 'connector-id', + actionTypeId: '.bedrock', + model: 'model', + provider: OpenAiProviderType.OpenAi, +}; +const mockRequestBody: AttackDiscoveryPostRequestBody = { + subAction: 'invokeAI', + apiConfig: mockApiConfig, + alertsIndexPattern: 'alerts-*', + anonymizationFields: [], + replacements: {}, + model: 'gpt-4', + size: 20, + langSmithProject: 'langSmithProject', + langSmithApiKey: 'langSmithApiKey', +}; +const mockCurrentAd = transformESSearchToAttackDiscovery(getAttackDiscoverySearchEsMock())[0]; +const runningAd = { + ...mockCurrentAd, + status: 'running', +}; +describe('postAttackDiscoveryRoute', () => { + beforeEach(() => { + jest.clearAllMocks(); + context.elasticAssistant.getCurrentUser.mockReturnValue(mockUser); + context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(mockDataClient); + postAttackDiscoveryRoute(server.router); + findAttackDiscoveryByConnectorId.mockResolvedValue(mockCurrentAd); + (getAssistantTool as jest.Mock).mockReturnValue({ getTool: jest.fn() }); + (getAssistantToolParams as jest.Mock).mockReturnValue({ tool: 'tool' }); + (updateAttackDiscoveryStatusToRunning as jest.Mock).mockResolvedValue({ + currentAd: runningAd, + attackDiscoveryId: mockCurrentAd.id, + }); + }); + + it('should handle successful request', async () => { + const response = await server.inject( + postAttackDiscoveryRequest(mockRequestBody), + requestContextMock.convertContext(context) + ); + expect(response.status).toEqual(200); + expect(response.body).toEqual(runningAd); + }); + + it('should handle missing authenticated user', async () => { + context.elasticAssistant.getCurrentUser.mockReturnValue(null); + const response = await server.inject( + postAttackDiscoveryRequest(mockRequestBody), + requestContextMock.convertContext(context) + ); + + expect(response.status).toEqual(401); + expect(response.body).toEqual({ + message: 'Authenticated user not found', + status_code: 401, + }); + }); + + it('should handle missing data client', async () => { + context.elasticAssistant.getAttackDiscoveryDataClient.mockResolvedValue(null); + const response = await server.inject( + postAttackDiscoveryRequest(mockRequestBody), + requestContextMock.convertContext(context) + ); + + expect(response.status).toEqual(500); + expect(response.body).toEqual({ + message: 'Attack discovery data client not initialized', + status_code: 500, + }); + }); + + it('should handle assistantTool null response', async () => { + (getAssistantTool as jest.Mock).mockReturnValue(null); + const response = await server.inject( + postAttackDiscoveryRequest(mockRequestBody), + requestContextMock.convertContext(context) + ); + expect(response.status).toEqual(404); + }); + + it('should handle updateAttackDiscoveryStatusToRunning error', async () => { + (updateAttackDiscoveryStatusToRunning as jest.Mock).mockRejectedValue(new Error('Oh no!')); + const response = await server.inject( + postAttackDiscoveryRequest(mockRequestBody), + requestContextMock.convertContext(context) + ); + expect(response.status).toEqual(500); + expect(response.body).toEqual({ + message: { + error: 'Oh no!', + success: false, + }, + status_code: 500, + }); + }); +}); diff --git a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts index 7859d635ccb30..8ff2cd72ee36c 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/attack_discovery/post_attack_discovery.ts @@ -14,15 +14,19 @@ import { Replacements, } from '@kbn/elastic-assistant-common'; import { transformError } from '@kbn/securitysolution-es-utils'; -import { ActionsClientLlm } from '@kbn/langchain/server'; +import moment from 'moment/moment'; import { ATTACK_DISCOVERY } from '../../../common/constants'; -import { getAssistantToolParams } from './helpers'; +import { + getAssistantTool, + getAssistantToolParams, + handleToolError, + updateAttackDiscoveries, + updateAttackDiscoveryStatusToRunning, +} from './helpers'; import { DEFAULT_PLUGIN_NAME, getPluginNameFromRequest } from '../helpers'; -import { getLangSmithTracer } from '../evaluate/utils'; import { buildResponse } from '../../lib/build_response'; import { ElasticAssistantRequestHandlerContext } from '../../types'; -import { getLlmType } from '../utils'; const ROUTE_HANDLER_TIMEOUT = 10 * 60 * 1000; // 10 * 60 seconds = 10 minutes const LANG_CHAIN_TIMEOUT = ROUTE_HANDLER_TIMEOUT - 10_000; // 9 minutes 50 seconds @@ -57,13 +61,29 @@ export const postAttackDiscoveryRoute = ( }, }, async (context, request, response): Promise> => { + const startTime = moment(); // start timing the generation const resp = buildResponse(response); const assistantContext = await context.elasticAssistant; const logger: Logger = assistantContext.logger; + const telemetry = assistantContext.telemetry; try { // get the actions plugin start contract from the request context: const actions = (await context.elasticAssistant).actions; + const dataClient = await assistantContext.getAttackDiscoveryDataClient(); + const authenticatedUser = assistantContext.getCurrentUser(); + if (authenticatedUser == null) { + return resp.error({ + body: `Authenticated user not found`, + statusCode: 401, + }); + } + if (!dataClient) { + return resp.error({ + body: `Attack discovery data client not initialized`, + statusCode: 500, + }); + } const pluginName = getPluginNameFromRequest({ request, defaultPluginName: DEFAULT_PLUGIN_NAME, @@ -72,9 +92,8 @@ export const postAttackDiscoveryRoute = ( // get parameters from the request body const alertsIndexPattern = decodeURIComponent(request.body.alertsIndexPattern); - const connectorId = decodeURIComponent(request.body.connectorId); const { - actionTypeId, + apiConfig, anonymizationFields, langSmithApiKey, langSmithProject, @@ -91,42 +110,26 @@ export const postAttackDiscoveryRoute = ( latestReplacements = { ...latestReplacements, ...newReplacements }; }; - // get the attack discovery tool: - const assistantTools = (await context.elasticAssistant).getRegisteredTools(pluginName); - const assistantTool = assistantTools.find((tool) => tool.id === 'attack-discovery'); + const assistantTool = getAssistantTool( + (await context.elasticAssistant).getRegisteredTools, + pluginName + ); + if (!assistantTool) { return response.notFound(); // attack discovery tool not found } - const traceOptions = { - projectName: langSmithProject, - tracers: [ - ...getLangSmithTracer({ - apiKey: langSmithApiKey, - projectName: langSmithProject, - logger, - }), - ], - }; - - const llm = new ActionsClientLlm({ - actions, - connectorId, - llmType: getLlmType(actionTypeId), - logger, - request, - temperature: 0, // zero temperature for attack discovery, because we want structured JSON output - timeout: CONNECTOR_TIMEOUT, - traceOptions, - }); - const assistantToolParams = getAssistantToolParams({ + actions, alertsIndexPattern, anonymizationFields, + apiConfig, esClient, latestReplacements, + connectorTimeout: CONNECTOR_TIMEOUT, langChainTimeout: LANG_CHAIN_TIMEOUT, - llm, + langSmithProject, + langSmithApiKey, logger, onNewReplacements, request, @@ -135,23 +138,44 @@ export const postAttackDiscoveryRoute = ( // invoke the attack discovery tool: const toolInstance = assistantTool.getTool(assistantToolParams); - const rawAttackDiscoveries = await toolInstance?.invoke(''); - if (rawAttackDiscoveries == null) { - return response.customError({ - body: { message: 'tool returned no attack discoveries' }, - statusCode: 500, - }); - } - const { alertsContextCount, attackDiscoveries } = JSON.parse(rawAttackDiscoveries); + const { currentAd, attackDiscoveryId } = await updateAttackDiscoveryStatusToRunning( + dataClient, + authenticatedUser, + apiConfig + ); + + toolInstance + ?.invoke('') + .then((rawAttackDiscoveries: string) => + updateAttackDiscoveries({ + apiConfig, + attackDiscoveryId, + authenticatedUser, + dataClient, + latestReplacements, + logger, + rawAttackDiscoveries, + size, + startTime, + telemetry, + }) + ) + .catch((err) => + handleToolError({ + apiConfig, + attackDiscoveryId, + authenticatedUser, + dataClient, + err, + latestReplacements, + logger, + telemetry, + }) + ); return response.ok({ - body: { - alertsContextCount, - attackDiscoveries, - connector_id: connectorId, - replacements: latestReplacements, - }, + body: currentAd, }); } catch (err) { logger.error(err); diff --git a/x-pack/plugins/elastic_assistant/server/routes/index.ts b/x-pack/plugins/elastic_assistant/server/routes/index.ts index 352b91624f7fb..43e1229250f46 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/index.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/index.ts @@ -10,6 +10,7 @@ export { postActionsConnectorExecuteRoute } from './post_actions_connector_execu // Attack Discovery export { postAttackDiscoveryRoute } from './attack_discovery/post_attack_discovery'; +export { getAttackDiscoveryRoute } from './attack_discovery/get_attack_discovery'; // Knowledge Base export { deleteKnowledgeBaseRoute } from './knowledge_base/delete_knowledge_base'; diff --git a/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts b/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts index 374b32d6cceb5..f4da7f9f1803a 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/register_routes.ts @@ -7,6 +7,8 @@ import type { Logger } from '@kbn/core/server'; +import { cancelAttackDiscoveryRoute } from './attack_discovery/cancel_attack_discovery'; +import { getAttackDiscoveryRoute } from './attack_discovery/get_attack_discovery'; import { postAttackDiscoveryRoute } from './attack_discovery/post_attack_discovery'; import { ElasticAssistantPluginRouter, GetElser } from '../types'; import { createConversationRoute } from './user_conversations/create_route'; @@ -78,5 +80,7 @@ export const registerRoutes = ( findAnonymizationFieldsRoute(router, logger); // Attack Discovery + getAttackDiscoveryRoute(router); postAttackDiscoveryRoute(router); + cancelAttackDiscoveryRoute(router); }; diff --git a/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts b/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts index 0a0864882df16..1bfdf33fdb146 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/request_context_factory.ts @@ -93,6 +93,15 @@ export class RequestContextFactory implements IRequestContextFactory { }); }), + getAttackDiscoveryDataClient: memoize(() => { + const currentUser = getCurrentUser(); + return this.assistantService.createAttackDiscoveryDataClient({ + spaceId: getSpaceId(), + logger: this.logger, + currentUser, + }); + }), + getAIAssistantPromptsDataClient: memoize(() => { const currentUser = getCurrentUser(); return this.assistantService.createAIAssistantPromptsDataClient({ diff --git a/x-pack/plugins/elastic_assistant/server/types.ts b/x-pack/plugins/elastic_assistant/server/types.ts index f12bacde983df..50028bfcfd198 100755 --- a/x-pack/plugins/elastic_assistant/server/types.ts +++ b/x-pack/plugins/elastic_assistant/server/types.ts @@ -39,6 +39,7 @@ import { ActionsClientSimpleChatModel, } from '@kbn/langchain/server'; +import { AttackDiscoveryDataClient } from './ai_assistant_data_clients/attack_discovery'; import { AIAssistantConversationsDataClient } from './ai_assistant_data_clients/conversations'; import type { GetRegisteredFeatures, GetRegisteredTools } from './services/app_context'; import { AIAssistantDataClient } from './ai_assistant_data_clients'; @@ -114,6 +115,7 @@ export interface ElasticAssistantApiRequestHandlerContext { getAIAssistantKnowledgeBaseDataClient: ( initializeKnowledgeBase: boolean ) => Promise; + getAttackDiscoveryDataClient: () => Promise; getAIAssistantPromptsDataClient: () => Promise; getAIAssistantAnonymizationFieldsDataClient: () => Promise; telemetry: AnalyticsServiceSetup; @@ -148,24 +150,28 @@ export interface AssistantResourceNames { knowledgeBase: string; prompts: string; anonymizationFields: string; + attackDiscovery: string; }; indexTemplate: { conversations: string; knowledgeBase: string; prompts: string; anonymizationFields: string; + attackDiscovery: string; }; aliases: { conversations: string; knowledgeBase: string; prompts: string; anonymizationFields: string; + attackDiscovery: string; }; indexPatterns: { conversations: string; knowledgeBase: string; prompts: string; anonymizationFields: string; + attackDiscovery: string; }; pipelines: { knowledgeBase: string; diff --git a/x-pack/plugins/elastic_assistant/tsconfig.json b/x-pack/plugins/elastic_assistant/tsconfig.json index dde693653c04c..d5fef57edaf09 100644 --- a/x-pack/plugins/elastic_assistant/tsconfig.json +++ b/x-pack/plugins/elastic_assistant/tsconfig.json @@ -46,6 +46,7 @@ "@kbn/core-security-common", "@kbn/core-saved-objects-api-server", "@kbn/langchain", + "@kbn/stack-connectors-plugin", ], "exclude": [ "target/**/*", diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_overview/api/fetch_api_keys_logic.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_overview/api/fetch_api_keys_logic.tsx index c20bd34876338..e3f604f23dbb9 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_overview/api/fetch_api_keys_logic.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_overview/api/fetch_api_keys_logic.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { ApiKey } from '@kbn/security-plugin/common'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import { createApiLogic } from '../../shared/api_logic/create_api_logic'; import { HttpLogic } from '../../shared/http'; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/getting_started.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/getting_started.tsx index da934fb654a3f..675cd34d23e03 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/getting_started.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/getting_started.tsx @@ -26,7 +26,7 @@ import { CloudDetailsPanel, } from '@kbn/search-api-panels'; -import { ApiKey } from '@kbn/security-plugin/common'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import { PLUGIN_ID } from '../../../../common/constants'; import { KibanaDeps } from '../../../../common/types'; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/panels/api_key_panel_content.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/panels/api_key_panel_content.tsx index 987e6fa4232d0..ff271a3a3d79e 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/panels/api_key_panel_content.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/shared/getting_started/panels/api_key_panel_content.tsx @@ -20,7 +20,7 @@ import { import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import { ApiKey } from '@kbn/security-plugin/common'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import { KibanaLogic } from '../../kibana'; @@ -61,6 +61,7 @@ export const ApiKeyPanelContent: React.FC = ({ apiKeys, open = ({ apiKeys, open hit._id); + const ids = connectorIdsResult.hits.hits.map((hit) => hit._id!); const orphanedJobsCountResponse = await client.asCurrentUser.count({ index: CONNECTORS_JOBS_INDEX, query: getOrphanedJobsCountQuery(ids, isCrawler), diff --git a/x-pack/plugins/enterprise_search/tsconfig.json b/x-pack/plugins/enterprise_search/tsconfig.json index a6bb797de5eb1..86cf6c3968005 100644 --- a/x-pack/plugins/enterprise_search/tsconfig.json +++ b/x-pack/plugins/enterprise_search/tsconfig.json @@ -80,6 +80,7 @@ "@kbn/try-in-console", "@kbn/core-chrome-browser", "@kbn/navigation-plugin", - "@kbn/search-homepage" + "@kbn/search-homepage", + "@kbn/security-plugin-types-common" ] } diff --git a/x-pack/plugins/fleet/common/constants/routes.ts b/x-pack/plugins/fleet/common/constants/routes.ts index ee775ff1dbdd8..2f32d66f4ec74 100644 --- a/x-pack/plugins/fleet/common/constants/routes.ts +++ b/x-pack/plugins/fleet/common/constants/routes.ts @@ -36,6 +36,8 @@ export const EPM_API_ROUTES = { INSTALL_BY_UPLOAD_PATTERN: EPM_PACKAGES_MANY, CUSTOM_INTEGRATIONS_PATTERN: `${EPM_API_ROOT}/custom_integrations`, DELETE_PATTERN: EPM_PACKAGES_ONE, + INSTALL_KIBANA_ASSETS_PATTERN: `${EPM_PACKAGES_ONE}/kibana_assets`, + DELETE_KIBANA_ASSETS_PATTERN: `${EPM_PACKAGES_ONE}/kibana_assets`, FILEPATH_PATTERN: `${EPM_PACKAGES_ONE}/{filePath*}`, CATEGORIES_PATTERN: `${EPM_API_ROOT}/categories`, VERIFICATION_KEY_ID: `${EPM_API_ROOT}/verification_key_id`, @@ -210,6 +212,14 @@ export const DOWNLOAD_SOURCE_API_ROUTES = { DELETE_PATTERN: `${API_ROOT}/agent_download_sources/{sourceId}`, }; +// Fleet debug routes + +export const FLEET_DEBUG_ROUTES = { + INDEX_PATTERN: `${INTERNAL_ROOT}/debug/index`, + SAVED_OBJECTS_PATTERN: `${INTERNAL_ROOT}/debug/saved_objects`, + SAVED_OBJECT_NAMES_PATTERN: `${INTERNAL_ROOT}/debug/saved_object_names`, +}; + // API versioning constants export const API_VERSIONS = { public: { diff --git a/x-pack/plugins/fleet/common/experimental_features.ts b/x-pack/plugins/fleet/common/experimental_features.ts index 6233ef5f820cf..5e8679e555908 100644 --- a/x-pack/plugins/fleet/common/experimental_features.ts +++ b/x-pack/plugins/fleet/common/experimental_features.ts @@ -7,11 +7,7 @@ export type ExperimentalFeatures = typeof allowedExperimentalValues; -/** - * A list of allowed values that can be used in `xpack.fleet.enableExperimental`. - * This object is then used to validate and parse the value entered. - */ -export const allowedExperimentalValues = Object.freeze>({ +const _allowedExperimentalValues = { createPackagePolicyMultiPageLayout: true, packageVerification: true, showDevtoolsRequest: true, @@ -32,9 +28,18 @@ export const allowedExperimentalValues = Object.freeze>( advancedPolicySettings: true, useSpaceAwareness: false, enableReusableIntegrationPolicies: false, -}); +}; + +/** + * A list of allowed values that can be used in `xpack.fleet.enableExperimental`. + * This object is then used to validate and parse the value entered. + */ +export const allowedExperimentalValues = Object.freeze< + Record +>({ ..._allowedExperimentalValues }); -type ExperimentalConfigKeys = Array; +type ExperimentalConfigKey = keyof ExperimentalFeatures; +type ExperimentalConfigKeys = ExperimentalConfigKey[]; type Mutable = { -readonly [P in keyof T]: T[P] }; const allowedKeys = Object.keys(allowedExperimentalValues) as Readonly; @@ -46,7 +51,7 @@ const allowedKeys = Object.keys(allowedExperimentalValues) as Readonly { - const enabledFeatures: Mutable = {}; + const enabledFeatures: Mutable = { ...allowedExperimentalValues }; for (const value of configValue) { if (isValidExperimentalValue(value)) { @@ -60,8 +65,8 @@ export const parseExperimentalConfigValue = (configValue: string[]): Experimenta }; }; -export const isValidExperimentalValue = (value: string) => { - return allowedKeys.includes(value); +export const isValidExperimentalValue = (value: string): value is ExperimentalConfigKey => { + return (allowedKeys as string[]).includes(value); }; export const getExperimentalAllowedValues = (): string[] => [...allowedKeys]; diff --git a/x-pack/plugins/fleet/common/services/routes.ts b/x-pack/plugins/fleet/common/services/routes.ts index 76b963949699a..decef8fe628d5 100644 --- a/x-pack/plugins/fleet/common/services/routes.ts +++ b/x-pack/plugins/fleet/common/services/routes.ts @@ -24,6 +24,7 @@ import { FLEET_SERVER_HOST_API_ROUTES, FLEET_PROXY_API_ROUTES, UNINSTALL_TOKEN_ROUTES, + FLEET_DEBUG_ROUTES, } from '../constants'; export const epmRouteService = { @@ -78,6 +79,12 @@ export const epmRouteService = { .replace(/\/$/, ''); // trim trailing slash }, + getInstallKibanaAssetsPath: (pkgName: string, pkgVersion: string) => { + return EPM_API_ROUTES.INSTALL_KIBANA_ASSETS_PATTERN.replace('{pkgName}', pkgName) + .replace('{pkgVersion}', pkgVersion) + .replace(/\/$/, ''); // trim trailing slash + }, + getUpdatePath: (pkgName: string, pkgVersion: string) => { return EPM_API_ROUTES.INFO_PATTERN.replace('{pkgName}', pkgName).replace( '{pkgVersion}', @@ -316,3 +323,9 @@ export const downloadSourceRoutesService = { DOWNLOAD_SOURCE_API_ROUTES.DELETE_PATTERN.replace('{sourceId}', downloadSourceId), getCreatePath: () => DOWNLOAD_SOURCE_API_ROUTES.CREATE_PATTERN, }; + +export const debugRoutesService = { + getIndexPath: () => FLEET_DEBUG_ROUTES.INDEX_PATTERN, + getSavedObjectsPath: () => FLEET_DEBUG_ROUTES.SAVED_OBJECTS_PATTERN, + getSavedObjectNamesPath: () => FLEET_DEBUG_ROUTES.SAVED_OBJECT_NAMES_PATTERN, +}; diff --git a/x-pack/plugins/fleet/common/types/models/epm.ts b/x-pack/plugins/fleet/common/types/models/epm.ts index 5c5a48642cba8..06a8b979c8eb5 100644 --- a/x-pack/plugins/fleet/common/types/models/epm.ts +++ b/x-pack/plugins/fleet/common/types/models/epm.ts @@ -589,6 +589,7 @@ export interface StateContext { export interface Installation { installed_kibana: KibanaAssetReference[]; + additional_spaces_installed_kibana?: Record; installed_es: EsAssetReference[]; package_assets?: PackageAssetReference[]; es_index_patterns: Record; @@ -649,6 +650,7 @@ export type AssetReference = KibanaAssetReference | EsAssetReference; export interface KibanaAssetReference { id: string; + originId?: string; type: KibanaSavedObjectType; } export interface EsAssetReference { diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx index 99004b53ec349..48f391a4e545d 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/components/actions_menu.tsx @@ -20,6 +20,8 @@ import { FLEET_SERVER_PACKAGE } from '../../../constants'; import { policyHasFleetServer, ExperimentalFeaturesService } from '../../../services'; +import { AgentUpgradeAgentModal } from '../../agents/components'; + import { AgentPolicyYamlFlyout } from './agent_policy_yaml_flyout'; import { AgentPolicyCopyProvider } from './agent_policy_copy_provider'; import { AgentPolicyDeleteProvider } from './agent_policy_delete_provider'; @@ -46,6 +48,7 @@ export const AgentPolicyActionMenu = memo<{ ); const [isUninstallCommandFlyoutOpen, setIsUninstallCommandFlyoutOpen] = useState(false); + const [isUpgradeAgentsModalOpen, setIsUpgradeAgentsModalOpen] = useState(false); const { agentTamperProtectionEnabled } = ExperimentalFeaturesService.get(); @@ -143,6 +146,7 @@ export const AgentPolicyActionMenu = memo<{ {(deleteAgentPolicyPrompt) => ( , ]; + if (authz.fleet.allAgents && !agentPolicy?.is_managed) { + menuItems.push( + { + setIsUpgradeAgentsModalOpen(true); + }} + key="upgradeAgents" + data-test-subj="agentPolicyActionMenuUpgradeAgentsButton" + > + + + ); + } + if (authz.fleet.allAgents && agentTamperProtectionEnabled && !agentPolicy?.is_managed) { menuItems.push( )} + {isUpgradeAgentsModalOpen && ( + + { + setIsUpgradeAgentsModalOpen(false); + }} + /> + + )} {isUninstallCommandFlyoutOpen && ( React.ReactElement; hasFleetServer: boolean; + packagePolicies?: PackagePolicy[]; } export type DeleteAgentPolicy = (agentPolicy: string, onSuccess?: OnSuccessCallback) => void; @@ -34,6 +38,7 @@ type OnSuccessCallback = (agentPolicyDeleted: string) => void; export const AgentPolicyDeleteProvider: React.FunctionComponent = ({ children, hasFleetServer, + packagePolicies, }) => { const { notifications } = useStartServices(); const { @@ -48,6 +53,7 @@ export const AgentPolicyDeleteProvider: React.FunctionComponent = ({ const { getPath } = useLink(); const history = useHistory(); const deleteAgentPolicyMutation = useDeleteAgentPolicyMutation(); + const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get(); const deleteAgentPolicyPrompt: DeleteAgentPolicy = ( agentPolicyToDelete, @@ -106,20 +112,31 @@ export const AgentPolicyDeleteProvider: React.FunctionComponent = ({ history.push(getPath('policies_list')); }; - const fetchAgentsCount = async (agentPolicyToCheck: string) => { - if (!isFleetEnabled || isLoadingAgentsCount) { - return; + const fetchAgentsCount = useCallback( + async (agentPolicyToCheck: string) => { + if (!isFleetEnabled || isLoadingAgentsCount) { + return; + } + setIsLoadingAgentsCount(true); + // filtering out the unenrolled agents assigned to this policy + const agents = await sendGetAgents({ + showInactive: true, + kuery: `policy_id:"${agentPolicyToCheck}" and not status: unenrolled`, + perPage: SO_SEARCH_LIMIT, + }); + setAgentsCount(agents.data?.total ?? 0); + setIsLoadingAgentsCount(false); + }, + [isFleetEnabled, isLoadingAgentsCount] + ); + + const packagePoliciesWithMultiplePolicies = useMemo(() => { + // Find if there are package policies that have multiple agent policies + if (packagePolicies && enableReusableIntegrationPolicies) { + return packagePolicies.some((policy) => policy?.policy_ids.length > 1); } - setIsLoadingAgentsCount(true); - // filtering out the unenrolled agents assigned to this policy - const agents = await sendGetAgents({ - showInactive: true, - kuery: `policy_id:"${agentPolicyToCheck}" and not status: unenrolled`, - perPage: SO_SEARCH_LIMIT, - }); - setAgentsCount(agents.data?.total ?? 0); - setIsLoadingAgentsCount(false); - }; + return false; + }, [enableReusableIntegrationPolicies, packagePolicies]); const renderModal = () => { if (!isModalOpen) { @@ -158,6 +175,21 @@ export const AgentPolicyDeleteProvider: React.FunctionComponent = ({ buttonColor="danger" confirmButtonDisabled={isLoading || isLoadingAgentsCount || !!agentsCount} > + {packagePoliciesWithMultiplePolicies && ( + <> + + } + /> + + + )} {isLoadingAgentsCount ? ( { return { ...jest.requireActual('../../../../../hooks'), useGetAgentPolicies: jest.fn(), + useMultipleAgentPolicies: jest.fn(), useGetOutputs: jest.fn().mockReturnValue({ data: { items: [ @@ -61,6 +60,9 @@ jest.mock('../../../../../hooks', () => { const useGetAgentPoliciesMock = useGetAgentPolicies as jest.MockedFunction< typeof useGetAgentPolicies >; +const useMultipleAgentPoliciesMock = useMultipleAgentPolicies as jest.MockedFunction< + typeof useMultipleAgentPolicies +>; describe('step select agent policy', () => { let testRenderer: TestRenderer; @@ -80,6 +82,7 @@ describe('step select agent policy', () => { beforeEach(() => { testRenderer = createFleetTestRendererMock(); + useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: false }); updateAgentPoliciesMock.mockReset(); }); @@ -124,9 +127,7 @@ describe('step select agent policy', () => { describe('multiple agent policies', () => { beforeEach(() => { - jest - .spyOn(ExperimentalFeaturesService, 'get') - .mockReturnValue({ enableReusableIntegrationPolicies: true }); + useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: true }); useGetAgentPoliciesMock.mockReturnValue({ data: { diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.tsx index 0593c8274a22e..f28593d84ef9a 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/step_select_agent_policy.tsx @@ -24,11 +24,7 @@ import { import { Error } from '../../../../../components'; import type { AgentPolicy, Output, PackageInfo } from '../../../../../types'; -import { - isPackageLimited, - doesAgentPolicyAlreadyIncludePackage, - ExperimentalFeaturesService, -} from '../../../../../services'; +import { isPackageLimited, doesAgentPolicyAlreadyIncludePackage } from '../../../../../services'; import { useGetAgentPolicies, useGetOutputs, @@ -43,6 +39,8 @@ import { PACKAGE_POLICY_SAVED_OBJECT_TYPE, } from '../../../../../../../../common/constants'; +import { useMultipleAgentPolicies } from '../../../../../hooks'; + import { AgentPolicyMultiSelect } from './components/agent_policy_multi_select'; const AgentPolicyFormRow = styled(EuiFormRow)` @@ -229,7 +227,7 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{ const [selectedAgentPolicyError, setSelectedAgentPolicyError] = useState(); - const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get(); + const { canUseMultipleAgentPolicies } = useMultipleAgentPolicies(); const { isLoading, @@ -289,12 +287,10 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{ isFirstLoad && selectedPolicyIds.length === 0 && existingAgentPolicies.length && - (enableReusableIntegrationPolicies - ? agentPolicyMultiOptions.length - : agentPolicyOptions.length) + (canUseMultipleAgentPolicies ? agentPolicyMultiOptions.length : agentPolicyOptions.length) ) { setIsFirstLoad(false); - if (enableReusableIntegrationPolicies) { + if (canUseMultipleAgentPolicies) { const enabledOptions = agentPolicyMultiOptions.filter((option) => !option.disabled); if (enabledOptions.length === 1) { setSelectedPolicyIds([enabledOptions[0].key!]); @@ -313,7 +309,7 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{ }, [ agentPolicyOptions, agentPolicyMultiOptions, - enableReusableIntegrationPolicies, + canUseMultipleAgentPolicies, selectedAgentPolicyIds, selectedPolicyIds, existingAgentPolicies, @@ -424,7 +420,7 @@ export const StepSelectAgentPolicy: React.FunctionComponent<{ ) : null } > - {enableReusableIntegrationPolicies ? ( + {canUseMultipleAgentPolicies ? ( { isServerlessEnabled: true, }, }); - jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ agentless: true }); + jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ agentless: true } as any); (useGetPackageInfoByKeyQuery as jest.Mock).mockReturnValue( getMockPackageInfo({ requiresRoot: false, dataStreamRequiresRoot: false }) ); @@ -703,7 +703,7 @@ describe('When on the package policy create page', () => { }); test('should not force create package policy when not in serverless', async () => { - jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ agentless: false }); + jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ agentless: false } as any); (useStartServices as jest.MockedFunction).mockReturnValue({ ...useStartServices(), cloud: { diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.test.tsx index f00ac0981cd03..7d50d3e494dbb 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.test.tsx @@ -8,8 +8,6 @@ import React from 'react'; import { fireEvent, act, waitFor } from '@testing-library/react'; -import { ExperimentalFeaturesService } from '../../../../../services'; - import type { TestRenderer } from '../../../../../mock'; import { createFleetTestRendererMock } from '../../../../../mock'; @@ -24,6 +22,7 @@ import { sendCreateAgentPolicy, sendBulkGetAgentPolicies, useGetAgentPolicies, + useMultipleAgentPolicies, } from '../../../hooks'; import { useGetOnePackagePolicy } from '../../../../integrations/hooks'; @@ -39,6 +38,7 @@ jest.mock('../../../hooks', () => { sendGetOnePackagePolicy: jest.fn(), sendGetOneAgentPolicy: jest.fn(), sendUpgradePackagePolicyDryRun: jest.fn(), + useMultipleAgentPolicies: jest.fn(), sendGetPackageInfoByKey: jest.fn().mockImplementation((name, version) => Promise.resolve({ data: { @@ -201,6 +201,10 @@ const TestComponent = async () => { }; }; +const useMultipleAgentPoliciesMock = useMultipleAgentPolicies as jest.MockedFunction< + typeof useMultipleAgentPolicies +>; + describe('edit package policy page', () => { let testRenderer: TestRenderer; let renderResult: ReturnType; @@ -250,6 +254,7 @@ describe('edit package policy page', () => { isLoading: false, resendRequest: jest.fn(), }); + useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: false }); }); it('should disable submit button on invalid form with empty package var', async () => { @@ -486,9 +491,8 @@ describe('edit package policy page', () => { describe('modify agent policies', () => { beforeEach(() => { - jest - .spyOn(ExperimentalFeaturesService, 'get') - .mockReturnValue({ enableReusableIntegrationPolicies: true }); + useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: true }); + (sendGetAgentStatus as jest.MockedFunction).mockResolvedValue({ data: { results: { total: 0 } }, }); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.tsx index 73e1a9cf8c137..53e7f2688ef79 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/edit_package_policy_page/index.tsx @@ -50,13 +50,14 @@ import { import { AGENTLESS_POLICY_ID } from '../../../../../../common/constants'; import type { AgentPolicy, PackagePolicyEditExtensionComponentProps } from '../../../types'; -import { ExperimentalFeaturesService, pkgKeyFromPackageInfo } from '../../../services'; +import { pkgKeyFromPackageInfo } from '../../../services'; import { getInheritedNamespace, getRootPrivilegedDataStreams, isRootPrivilegesRequired, } from '../../../../../../common/services'; +import { useMultipleAgentPolicies } from '../../../hooks'; import { RootPrivilegesCallout } from '../create_package_policy_page/single_page_layout/root_callout'; @@ -103,7 +104,7 @@ export const EditPackagePolicyForm = memo<{ agents: { enabled: isFleetEnabled }, } = useConfig(); const { getHref } = useLink(); - const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get(); + const { canUseMultipleAgentPolicies } = useMultipleAgentPolicies(); const { // data @@ -129,7 +130,7 @@ export const EditPackagePolicyForm = memo<{ }); const canWriteIntegrationPolicies = useAuthz().integrations.writeIntegrationPolicies; - useSetIsReadOnly(canWriteIntegrationPolicies); + useSetIsReadOnly(!canWriteIntegrationPolicies); const newSecrets = useMemo(() => { if (!packageInfo) { return []; @@ -520,7 +521,7 @@ export const EditPackagePolicyForm = memo<{ )} - {enableReusableIntegrationPolicies ? ( + {canUseMultipleAgentPolicies ? ( ) : ( replaceConfigurePackage || configurePackage diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/bulk_actions.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/bulk_actions.tsx index 261dfbdd83365..e0235fab01446 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/bulk_actions.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/bulk_actions.tsx @@ -68,7 +68,7 @@ export const AgentBulkActions: React.FunctionComponent = ({ // Actions states const [isReassignFlyoutOpen, setIsReassignFlyoutOpen] = useState(false); const [isUnenrollModalOpen, setIsUnenrollModalOpen] = useState(false); - const [updateModalState, setUpgradeModalState] = useState({ + const [upgradeModalState, setUpgradeModalState] = useState({ isOpen: false, isScheduled: false, isUpdating: false, @@ -256,13 +256,13 @@ export const AgentBulkActions: React.FunctionComponent = ({ /> )} - {updateModalState.isOpen && ( + {upgradeModalState.isOpen && ( { setUpgradeModalState({ isOpen: false, isScheduled: false, isUpdating: false }); refreshAgents(); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/fleet_index_debugger.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/fleet_index_debugger.tsx index 71d4b85981954..887e58a5c6180 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/fleet_index_debugger.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/fleet_index_debugger.tsx @@ -20,20 +20,23 @@ import { useQuery } from '@tanstack/react-query'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import { AGENTS_INDEX, AGENT_ACTIONS_INDEX, API_VERSIONS } from '../../../../../../common'; + import { sendRequest } from '../../../hooks'; +import { debugRoutesService } from '../../../../../../common/services'; + +import { ENROLLMENT_API_KEYS_INDEX } from '../../../constants'; + import { CodeBlock } from './code_block'; const fetchIndex = async (index?: string) => { if (!index) return; - const path = `/${index}/_search`; const response = await sendRequest({ method: 'post', - path: `/api/console/proxy`, - query: { - path, - method: 'GET', - }, + path: debugRoutesService.getIndexPath(), + body: { index }, + version: API_VERSIONS.internal.v1, }); return response; @@ -41,9 +44,9 @@ const fetchIndex = async (index?: string) => { export const FleetIndexDebugger = () => { const indices = [ - { label: '.fleet-agents', value: '.fleet-agents' }, - { label: '.fleet-actions', value: '.fleet-actions' }, - { label: '.fleet-enrollment-api-keys', value: '.fleet-enrollment-api-keys' }, + { label: AGENTS_INDEX, value: AGENTS_INDEX }, + { label: AGENT_ACTIONS_INDEX, value: AGENT_ACTIONS_INDEX }, + { label: ENROLLMENT_API_KEYS_INDEX, value: ENROLLMENT_API_KEYS_INDEX }, ]; const [index, setIndex] = useState(); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_debugger.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_debugger.tsx index 40f0c8e70a59b..cf41612a0d5fd 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_debugger.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_debugger.tsx @@ -22,6 +22,8 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { sendRequest } from '../../../hooks'; +import { debugRoutesService } from '../../../../../../common/services'; + import { OUTPUT_SAVED_OBJECT_TYPE, AGENT_POLICY_SAVED_OBJECT_TYPE, @@ -29,7 +31,7 @@ import { PACKAGES_SAVED_OBJECT_TYPE, DOWNLOAD_SOURCE_SAVED_OBJECT_TYPE, FLEET_SERVER_HOST_SAVED_OBJECT_TYPE, - INGEST_SAVED_OBJECT_INDEX, + API_VERSIONS, } from '../../../../../../common/constants'; import { CodeBlock } from './code_block'; @@ -37,35 +39,22 @@ import { SavedObjectNamesCombo } from './saved_object_names_combo'; const fetchSavedObjects = async (type?: string, name?: string) => { if (!type || !name) return; - const path = `/${INGEST_SAVED_OBJECT_INDEX}/_search`; - const body = { - query: { - bool: { - must: { - match: { [`${type}.name`]: name }, - }, - filter: { - term: { - type, - }, - }, - }, - }, - }; + const response = await sendRequest({ method: 'post', - path: `/api/console/proxy`, - query: { - path, - method: 'GET', + path: debugRoutesService.getSavedObjectsPath(), + body: { + type, + name, }, - body, + version: API_VERSIONS.internal.v1, }); if (response.error) { throw new Error(response.error.message); } - return response.data?.hits; + + return response.data?.saved_objects; }; export const SavedObjectDebugger: React.FunctionComponent = () => { diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_names_combo.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_names_combo.tsx index 356d591fa2bf6..d7ddd8e2dd6aa 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_names_combo.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/debug/components/saved_object_names_combo.tsx @@ -12,35 +12,15 @@ import { EuiComboBox } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { sendRequest } from '../../../hooks'; -import { INGEST_SAVED_OBJECT_INDEX } from '../../../../../../common/constants'; +import { debugRoutesService } from '../../../../../../common/services'; +import { API_VERSIONS } from '../../../../../../common/constants'; const fetchSavedObjectNames = async (type: string) => { - const path = `/${INGEST_SAVED_OBJECT_INDEX}/_search`; - const body = { - size: 0, - query: { - bool: { - filter: { - term: { - type, - }, - }, - }, - }, - aggs: { - names: { - terms: { field: `${type}.name`, size: 500 }, - }, - }, - }; const response = await sendRequest({ method: 'post', - path: `/api/console/proxy`, - query: { - path, - method: 'GET', - }, - body, + path: debugRoutesService.getSavedObjectNamesPath(), + body: { type }, + version: API_VERSIONS.internal.v1, }); if (response.error) { diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx index 5075d532dd3b1..c57d26603c889 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx @@ -192,7 +192,7 @@ describe('EditOutputFlyout', () => { it('should populate secret input with plain text value when editing kafka output', async () => { jest .spyOn(ExperimentalFeaturesService, 'get') - .mockReturnValue({ outputSecretsStorage: true, kafkaOutput: true }); + .mockReturnValue({ outputSecretsStorage: true, kafkaOutput: true } as any); mockedUseFleetStatus.mockReturnValue({ isLoading: false, @@ -232,7 +232,7 @@ describe('EditOutputFlyout', () => { it('should populate secret password input with plain text value when editing kafka output', async () => { jest .spyOn(ExperimentalFeaturesService, 'get') - .mockReturnValue({ outputSecretsStorage: true, kafkaOutput: true }); + .mockReturnValue({ outputSecretsStorage: true, kafkaOutput: true } as any); mockedUseFleetStatus.mockReturnValue({ isLoading: false, @@ -273,7 +273,9 @@ describe('EditOutputFlyout', () => { }); it('should populate secret input with plain text value when editing logstash output', async () => { - jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ outputSecretsStorage: true }); + jest + .spyOn(ExperimentalFeaturesService, 'get') + .mockReturnValue({ outputSecretsStorage: true } as any); mockedUseFleetStatus.mockReturnValue({ isLoading: false, @@ -325,7 +327,7 @@ describe('EditOutputFlyout', () => { it('should render the flyout if the output provided is a remote ES output', async () => { jest .spyOn(ExperimentalFeaturesService, 'get') - .mockReturnValue({ remoteESOutput: true, outputSecretsStorage: true }); + .mockReturnValue({ remoteESOutput: true, outputSecretsStorage: true } as any); mockedUseFleetStatus.mockReturnValue({ isLoading: false, @@ -356,7 +358,7 @@ describe('EditOutputFlyout', () => { it('should populate secret service token input with plain text value when editing remote ES output', async () => { jest .spyOn(ExperimentalFeaturesService, 'get') - .mockReturnValue({ remoteESOutput: true, outputSecretsStorage: true }); + .mockReturnValue({ remoteESOutput: true, outputSecretsStorage: true } as any); mockedUseFleetStatus.mockReturnValue({ isLoading: false, @@ -392,7 +394,7 @@ describe('EditOutputFlyout', () => { }); it('should not display remote ES output in type lists if serverless', async () => { - jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ remoteESOutput: true }); + jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ remoteESOutput: true } as any); mockUseStartServices.mockReset(); mockStartServices(true); const { utils } = renderFlyout({ diff --git a/x-pack/plugins/fleet/public/applications/integrations/hooks/use_read_only_context.tsx b/x-pack/plugins/fleet/public/applications/integrations/hooks/use_read_only_context.tsx index a1cc117cea673..fd30ef4b85090 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/hooks/use_read_only_context.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/hooks/use_read_only_context.tsx @@ -33,7 +33,7 @@ export function useIsReadOnly() { export function useSetIsReadOnly(isReadOnly: boolean) { const context = useContext(ReadOnlyContext); useEffect(() => { - context.setIsReadOnly(true); + context.setIsReadOnly(isReadOnly); return () => context.setIsReadOnly(false); - }, [context]); + }, [context, isReadOnly]); } diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/assets.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/assets.tsx index c8f60a35c9039..e9ae0c148a180 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/assets.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/assets.tsx @@ -10,6 +10,8 @@ import { Redirect } from 'react-router-dom'; import { FormattedMessage } from '@kbn/i18n-react'; import { EuiFlexGroup, EuiFlexItem, EuiLink, EuiSpacer, EuiTitle, EuiCallOut } from '@elastic/eui'; +import { ExperimentalFeaturesService } from '../../../../../../../services'; + import type { EsAssetReference, AssetSOObject, @@ -31,12 +33,11 @@ import { useAuthz, useFleetStatus, } from '../../../../../hooks'; - import { sendGetBulkAssets } from '../../../../../hooks'; import { DeferredAssetsSection } from './deferred_assets_accordion'; - import { AssetsAccordion } from './assets_accordion'; +import { InstallKibanaAssetsButton } from './install_kibana_assets_button'; interface AssetsPanelProps { packageInfo: PackageInfo; @@ -50,6 +51,8 @@ export const AssetsPage = ({ packageInfo, refetchPackageInfo }: AssetsPanelProps const { docLinks } = useStartServices(); const { spaceId } = useFleetStatus(); + const { useSpaceAwareness } = ExperimentalFeaturesService.get(); + const customAssetsExtension = useUIExtension(packageInfo.name, 'package-detail-assets'); const canReadPackageSettings = useAuthz().integrations.readPackageInfo; @@ -62,23 +65,30 @@ export const AssetsPage = ({ packageInfo, refetchPackageInfo }: AssetsPanelProps 'installationInfo' in packageInfo ? packageInfo.installationInfo : undefined; const installedSpaceId = pkgInstallationInfo?.installed_kibana_space_id; - const assetsInstalledInCurrentSpace = !installedSpaceId || installedSpaceId === spaceId; - + const assetsInstalledInCurrentSpace = + !installedSpaceId || + installedSpaceId === spaceId || + pkgInstallationInfo?.additional_spaces_installed_kibana?.[spaceId || 'default']; const [assetSavedObjectsByType, setAssetsSavedObjectsByType] = useState< Record> >({}); const [deferredInstallations, setDeferredInstallations] = useState(); + + const kibanaAssets = useMemo(() => { + return !installedSpaceId || installedSpaceId === spaceId + ? pkgInstallationInfo?.installed_kibana || [] + : pkgInstallationInfo?.additional_spaces_installed_kibana?.[spaceId || 'default'] || []; + }, [ + installedSpaceId, + spaceId, + pkgInstallationInfo?.installed_kibana, + pkgInstallationInfo?.additional_spaces_installed_kibana, + ]); const pkgAssets = useMemo( - () => [ - ...(assetsInstalledInCurrentSpace ? pkgInstallationInfo?.installed_kibana || [] : []), - ...(pkgInstallationInfo?.installed_es || []), - ], - [ - assetsInstalledInCurrentSpace, - pkgInstallationInfo?.installed_es, - pkgInstallationInfo?.installed_kibana, - ] + () => [...kibanaAssets, ...(pkgInstallationInfo?.installed_es || [])], + [kibanaAssets, pkgInstallationInfo?.installed_es] ); + const pkgAssetsByType = useMemo( () => pkgAssets.reduce((acc, asset) => { @@ -231,6 +241,13 @@ export const AssetsPage = ({ packageInfo, refetchPackageInfo }: AssetsPanelProps }} />

+ {useSpaceAwareness ? ( + + ) : null} diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/install_kibana_assets_button.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/install_kibana_assets_button.tsx new file mode 100644 index 0000000000000..d56b39f0c0bcd --- /dev/null +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/assets/install_kibana_assets_button.tsx @@ -0,0 +1,76 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiButton } from '@elastic/eui'; +import React, { useCallback } from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { i18n } from '@kbn/i18n'; + +import type { InstallationInfo } from '../../../../../../../../common/types'; +import { useAuthz, useInstallKibanaAssetsMutation, useStartServices } from '../../../../../hooks'; + +interface InstallKibanaAssetsButtonProps { + title: string; + installInfo: InstallationInfo; + onSuccess?: () => void; +} + +export function InstallKibanaAssetsButton({ + installInfo, + title, + onSuccess, +}: InstallKibanaAssetsButtonProps) { + const { notifications } = useStartServices(); + const { name, version } = installInfo; + const canInstallPackages = useAuthz().integrations.installPackages; + const { mutateAsync, isLoading } = useInstallKibanaAssetsMutation(); + + const handleClickInstall = useCallback(async () => { + try { + await mutateAsync({ + pkgName: name, + pkgVersion: version, + }); + if (onSuccess) { + await onSuccess(); + } + } catch (err) { + notifications.toasts.addError(err, { + title: i18n.translate('xpack.fleet.fleetServerSetup.kibanaInstallAssetsErrorTitle', { + defaultMessage: 'Error installing Kibana assets', + }), + }); + } + }, [mutateAsync, onSuccess, name, version, notifications.toasts]); + + return ( + + {isLoading ? ( + + ) : ( + + )} + + ); +} diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx index 6e1ce1cf8b2d4..d33958c5a68ec 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx @@ -21,7 +21,6 @@ import { i18n } from '@kbn/i18n'; import { FormattedRelative, FormattedMessage } from '@kbn/i18n-react'; import { policyHasFleetServer } from '../../../../../../../../common/services'; -import { ExperimentalFeaturesService } from '../../../../../services'; import { InstallStatus } from '../../../../../types'; import type { GetAgentPoliciesResponseItem, InMemoryPackagePolicy } from '../../../../../types'; @@ -44,6 +43,7 @@ import { import { PackagePolicyAgentsCell } from './components/package_policy_agents_cell'; import { usePackagePoliciesWithAgentPolicy } from './use_package_policies_with_agent_policy'; import { Persona } from './persona'; +import { useMultipleAgentPolicies } from '../../../../../hooks'; interface PackagePoliciesPanelProps { name: string; @@ -103,7 +103,7 @@ export const PackagePoliciesPage = ({ name, version }: PackagePoliciesPanelProps const getPackageInstallStatus = useGetPackageInstallStatus(); const packageInstallStatus = getPackageInstallStatus(name); const { pagination, pageSizeOptions, setPagination } = useUrlPagination(); - const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get(); + const { canUseMultipleAgentPolicies } = useMultipleAgentPolicies(); const { data, @@ -173,7 +173,7 @@ export const PackagePoliciesPage = ({ name, version }: PackagePoliciesPanelProps [setPagination] ); const canShowMultiplePoliciesCell = - enableReusableIntegrationPolicies && canReadIntegrationPolicies && canReadAgentPolicies; + canUseMultipleAgentPolicies && canReadIntegrationPolicies && canReadAgentPolicies; const columns: Array> = useMemo( () => [ { diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/card_utils.test.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/card_utils.test.tsx index 77cfdb3a9102e..40c865f8ad4d8 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/card_utils.test.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/home/card_utils.test.tsx @@ -25,7 +25,7 @@ const getHref = (k: string) => k; describe('Card utils', () => { describe('mapToCard', () => { beforeEach(() => { - ExperimentalFeaturesService.init({}); + ExperimentalFeaturesService.init({} as any); }); it('should use the installed version if available, without prelease', () => { diff --git a/x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx b/x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx index 96849c077f881..e099092b4b863 100644 --- a/x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx +++ b/x-pack/plugins/fleet/public/components/package_policy_actions_menu.test.tsx @@ -12,10 +12,21 @@ import { act } from '@testing-library/react'; import type { AgentPolicy, InMemoryPackagePolicy } from '../types'; import { createIntegrationsTestRendererMock } from '../mock'; -import { ExperimentalFeaturesService } from '../services'; +import { useMultipleAgentPolicies } from '../hooks'; import { PackagePolicyActionsMenu } from './package_policy_actions_menu'; +jest.mock('../hooks', () => { + return { + ...jest.requireActual('../hooks'), + useMultipleAgentPolicies: jest.fn(), + }; +}); + +const useMultipleAgentPoliciesMock = useMultipleAgentPolicies as jest.MockedFunction< + typeof useMultipleAgentPolicies +>; + function renderMenu({ agentPolicies, packagePolicy, @@ -87,9 +98,7 @@ function createMockPackagePolicy( } describe('PackagePolicyActionsMenu', () => { beforeAll(() => { - jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ - enableReusableIntegrationPolicies: false, - } as any); + useMultipleAgentPoliciesMock.mockReturnValue({ canUseMultipleAgentPolicies: false }); }); it('Should disable upgrade button if package does not have upgrade', async () => { diff --git a/x-pack/plugins/fleet/public/components/package_policy_delete_provider.tsx b/x-pack/plugins/fleet/public/components/package_policy_delete_provider.tsx index c4bdd8a4671fd..35f2313f37e0a 100644 --- a/x-pack/plugins/fleet/public/components/package_policy_delete_provider.tsx +++ b/x-pack/plugins/fleet/public/components/package_policy_delete_provider.tsx @@ -10,11 +10,10 @@ import { EuiCallOut, EuiConfirmModal, EuiSpacer, EuiIconTip } from '@elastic/eui import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import { ExperimentalFeaturesService } from '../services'; import { useStartServices, sendDeletePackagePolicy, useConfig } from '../hooks'; import { AGENTS_PREFIX } from '../../common/constants'; import type { AgentPolicy } from '../types'; -import { sendGetAgents } from '../hooks'; +import { sendGetAgents, useMultipleAgentPolicies } from '../hooks'; interface Props { agentPolicies?: AgentPolicy[]; @@ -42,10 +41,10 @@ export const PackagePolicyDeleteProvider: React.FunctionComponent = ({ const [agentsCount, setAgentsCount] = useState(0); const [isLoading, setIsLoading] = useState(false); const onSuccessCallback = useRef(null); - const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get(); + const { canUseMultipleAgentPolicies } = useMultipleAgentPolicies(); const hasMultipleAgentPolicies = - enableReusableIntegrationPolicies && agentPolicies && agentPolicies.length > 1; + canUseMultipleAgentPolicies && agentPolicies && agentPolicies.length > 1; const fetchAgentsCount = useMemo( () => async () => { diff --git a/x-pack/plugins/fleet/public/hooks/index.ts b/x-pack/plugins/fleet/public/hooks/index.ts index e9450a975d3b5..f537698897a19 100644 --- a/x-pack/plugins/fleet/public/hooks/index.ts +++ b/x-pack/plugins/fleet/public/hooks/index.ts @@ -34,3 +34,4 @@ export * from './use_fleet_server_standalone'; export * from './use_locator'; export * from './use_agent_version'; export * from './use_fleet_server_agents'; +export * from './use_multiple_agent_policies'; diff --git a/x-pack/plugins/fleet/public/hooks/use_multiple_agent_policies.ts b/x-pack/plugins/fleet/public/hooks/use_multiple_agent_policies.ts new file mode 100644 index 0000000000000..2adf814e8ffba --- /dev/null +++ b/x-pack/plugins/fleet/public/hooks/use_multiple_agent_policies.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ExperimentalFeaturesService } from '../services'; + +import { useLicense } from './use_license'; + +export const LICENCE_FOR_MULTIPLE_AGENT_POLICIES = 'enterprise'; + +export function useMultipleAgentPolicies() { + const licenseService = useLicense(); + const { enableReusableIntegrationPolicies } = ExperimentalFeaturesService.get(); + + const hasEnterpriseLicence = licenseService.hasAtLeast(LICENCE_FOR_MULTIPLE_AGENT_POLICIES); + + const canUseMultipleAgentPolicies = enableReusableIntegrationPolicies && hasEnterpriseLicence; + + return { canUseMultipleAgentPolicies }; +} diff --git a/x-pack/plugins/fleet/public/hooks/use_request/epm.ts b/x-pack/plugins/fleet/public/hooks/use_request/epm.ts index 03bf36da75763..bd4bec9be6a1a 100644 --- a/x-pack/plugins/fleet/public/hooks/use_request/epm.ts +++ b/x-pack/plugins/fleet/public/hooks/use_request/epm.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { useMutation, useQuery } from '@tanstack/react-query'; +import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'; import { useState } from 'react'; @@ -289,6 +289,11 @@ interface UpdatePackageArgs { body: UpdatePackageRequest['body']; } +interface InstallKibanaAssetsArgs { + pkgName: string; + pkgVersion: string; +} + export const useUpdatePackageMutation = () => { return useMutation( ({ pkgName, pkgVersion, body }: UpdatePackageArgs) => @@ -301,6 +306,22 @@ export const useUpdatePackageMutation = () => { ); }; +export const useInstallKibanaAssetsMutation = () => { + const queryClient = useQueryClient(); + + return useMutation({ + mutationFn: ({ pkgName, pkgVersion }: InstallKibanaAssetsArgs) => + sendRequestForRq({ + path: epmRouteService.getInstallKibanaAssetsPath(pkgName, pkgVersion), + method: 'post', + version: API_VERSIONS.public.v1, + }), + onSuccess: (data, { pkgName, pkgVersion }) => { + return queryClient.invalidateQueries([pkgName, pkgVersion]); + }, + }); +}; + export const sendUpdatePackage = ( pkgName: string, pkgVersion: string, diff --git a/x-pack/plugins/fleet/server/constants/index.ts b/x-pack/plugins/fleet/server/constants/index.ts index 4b71f9e16c8d6..adb7858094865 100644 --- a/x-pack/plugins/fleet/server/constants/index.ts +++ b/x-pack/plugins/fleet/server/constants/index.ts @@ -38,6 +38,7 @@ export { PRECONFIGURATION_API_ROUTES, DOWNLOAD_SOURCE_API_ROOT, DOWNLOAD_SOURCE_API_ROUTES, + FLEET_DEBUG_ROUTES, // Saved Object indices INGEST_SAVED_OBJECT_INDEX, // Saved object types diff --git a/x-pack/plugins/fleet/server/plugin.ts b/x-pack/plugins/fleet/server/plugin.ts index 67240be2cc542..25ac39464e774 100644 --- a/x-pack/plugins/fleet/server/plugin.ts +++ b/x-pack/plugins/fleet/server/plugin.ts @@ -292,6 +292,7 @@ export class FleetPlugin core.status.set(this.fleetStatus$.asObservable()); const experimentalFeatures = parseExperimentalConfigValue(config.enableExperimental ?? []); + const requireAllSpaces = experimentalFeatures.useSpaceAwareness ? false : true; registerSavedObjects(core.savedObjects, { useSpaceAwareness: experimentalFeatures.useSpaceAwareness, @@ -331,7 +332,7 @@ export class FleetPlugin ? [ { name: 'Agents', - requireAllSpaces: true, + requireAllSpaces, privilegeGroups: [ { groupType: 'mutually_exclusive', @@ -365,7 +366,7 @@ export class FleetPlugin }, { name: 'Agent policies', - requireAllSpaces: true, + requireAllSpaces, privilegeGroups: [ { groupType: 'mutually_exclusive', @@ -402,7 +403,7 @@ export class FleetPlugin }, { name: 'Settings', - requireAllSpaces: true, + requireAllSpaces, privilegeGroups: [ { groupType: 'mutually_exclusive', @@ -440,7 +441,7 @@ export class FleetPlugin all: { api: [`${PLUGIN_ID}-read`, `${PLUGIN_ID}-all`], app: [PLUGIN_ID], - requireAllSpaces: true, + requireAllSpaces, catalogue: ['fleet'], savedObject: { all: allSavedObjectTypes, @@ -452,7 +453,7 @@ export class FleetPlugin api: [`${PLUGIN_ID}-read`], app: [PLUGIN_ID], catalogue: ['fleet'], - requireAllSpaces: true, + requireAllSpaces, savedObject: { all: [], read: allSavedObjectTypes, diff --git a/x-pack/plugins/fleet/server/routes/debug/handler.ts b/x-pack/plugins/fleet/server/routes/debug/handler.ts new file mode 100644 index 0000000000000..4f38208fc1781 --- /dev/null +++ b/x-pack/plugins/fleet/server/routes/debug/handler.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { TypeOf } from '@kbn/config-schema'; + +import type { FleetRequestHandler } from '../../types'; +import { fetchIndex, fetchSavedObjectNames, fetchSavedObjects } from '../../services/debug'; +import type { + FetchIndexRequestSchema, + FetchSavedObjectNamesRequestSchema, + FetchSavedObjectsRequestSchema, +} from '../../types/rest_spec/debug'; + +export const fetchIndexHandler: FleetRequestHandler< + undefined, + undefined, + TypeOf +> = async (context, request, response) => { + const coreContext = await context.core; + const esClient = coreContext.elasticsearch.client.asInternalUser; + const res = await fetchIndex(esClient, request.body.index); + return response.ok({ body: res }); +}; + +export const fetchSavedObjectsHandler: FleetRequestHandler< + undefined, + undefined, + TypeOf +> = async (context, request, response) => { + const soClient = (await context.fleet).internalSoClient; + const res = await fetchSavedObjects(soClient, request.body.type, request.body.name); + return response.ok({ body: res }); +}; + +export const fetchSavedObjectNamesHandler: FleetRequestHandler< + undefined, + undefined, + TypeOf +> = async (context, request, response) => { + const soClient = (await context.fleet).internalSoClient; + const res = await fetchSavedObjectNames(soClient, request.body.type); + return response.ok({ body: res }); +}; diff --git a/x-pack/plugins/fleet/server/routes/debug/index.ts b/x-pack/plugins/fleet/server/routes/debug/index.ts new file mode 100644 index 0000000000000..bfe2bfd0f0e20 --- /dev/null +++ b/x-pack/plugins/fleet/server/routes/debug/index.ts @@ -0,0 +1,73 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FleetAuthzRouter } from '../../services/security'; + +import { FLEET_DEBUG_ROUTES } from '../../constants'; +import { API_VERSIONS } from '../../../common/constants'; + +import { + FetchIndexRequestSchema, + FetchSavedObjectNamesRequestSchema, + FetchSavedObjectsRequestSchema, +} from '../../types/rest_spec/debug'; + +import { + fetchIndexHandler, + fetchSavedObjectNamesHandler, + fetchSavedObjectsHandler, +} from './handler'; + +export const registerRoutes = (router: FleetAuthzRouter) => { + router.versioned + .post({ + path: FLEET_DEBUG_ROUTES.INDEX_PATTERN, + access: 'internal', + fleetAuthz: { + fleet: { all: true }, + }, + }) + .addVersion( + { + version: API_VERSIONS.internal.v1, + validate: { request: FetchIndexRequestSchema }, + }, + fetchIndexHandler + ); + + router.versioned + .post({ + path: FLEET_DEBUG_ROUTES.SAVED_OBJECTS_PATTERN, + access: 'internal', + fleetAuthz: { + fleet: { all: true }, + }, + }) + .addVersion( + { + version: API_VERSIONS.internal.v1, + validate: { request: FetchSavedObjectsRequestSchema }, + }, + fetchSavedObjectsHandler + ); + + router.versioned + .post({ + path: FLEET_DEBUG_ROUTES.SAVED_OBJECT_NAMES_PATTERN, + access: 'internal', + fleetAuthz: { + fleet: { all: true }, + }, + }) + .addVersion( + { + version: API_VERSIONS.internal.v1, + validate: { request: FetchSavedObjectNamesRequestSchema }, + }, + fetchSavedObjectNamesHandler + ); +}; diff --git a/x-pack/plugins/fleet/server/routes/epm/handlers.ts b/x-pack/plugins/fleet/server/routes/epm/handlers.ts index 709bd7b362a9f..c98adeb6f737f 100644 --- a/x-pack/plugins/fleet/server/routes/epm/handlers.ts +++ b/x-pack/plugins/fleet/server/routes/epm/handlers.ts @@ -340,6 +340,7 @@ export const installPackageFromRegistryHandler: FleetRequestHandler< return await defaultFleetErrorHandler({ error: res.error, response }); } }; + export const createCustomIntegrationHandler: FleetRequestHandler< undefined, undefined, @@ -640,6 +641,7 @@ const soToInstallationInfo = (pkg: PackageListItem | PackageInfo) => { ...pick(pkg.savedObject, ['created_at', 'updated_at', 'namespaces', 'type']), installed_kibana: attributes.installed_kibana, installed_kibana_space_id: attributes.installed_kibana_space_id, + additional_spaces_installed_kibana: attributes.additional_spaces_installed_kibana, installed_es: attributes.installed_es, install_status: attributes.install_status, install_source: attributes.install_source, diff --git a/x-pack/plugins/fleet/server/routes/epm/index.ts b/x-pack/plugins/fleet/server/routes/epm/index.ts index 3b7260c79aa7f..8f62dbe88d6a6 100644 --- a/x-pack/plugins/fleet/server/routes/epm/index.ts +++ b/x-pack/plugins/fleet/server/routes/epm/index.ts @@ -7,6 +7,8 @@ import type { IKibanaResponse } from '@kbn/core/server'; +import { parseExperimentalConfigValue } from '../../../common/experimental_features'; + import { API_VERSIONS } from '../../../common/constants'; import type { FleetAuthz } from '../../../common'; @@ -48,7 +50,10 @@ import { GetDataStreamsRequestSchema, CreateCustomIntegrationRequestSchema, GetInputsRequestSchema, + InstallKibanaAssetsRequestSchema, + DeleteKibanaAssetsRequestSchema, } from '../../types'; +import type { FleetConfigType } from '../../config'; import { getCategoriesHandler, @@ -70,6 +75,10 @@ import { getInputsHandler, } from './handlers'; import { getFileHandler } from './file_handler'; +import { + deletePackageKibanaAssetsHandler, + installPackageKibanaAssetsHandler, +} from './kibana_assets_handler'; const MAX_FILE_SIZE_BYTES = 104857600; // 100MB @@ -81,7 +90,9 @@ export const READ_PACKAGE_INFO_AUTHZ: FleetAuthzRouteConfig['fleetAuthz'] = { integrations: { readPackageInfo: true }, }; -export const registerRoutes = (router: FleetAuthzRouter) => { +export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType) => { + const experimentalFeatures = parseExperimentalConfigValue(config.enableExperimental); + router.versioned .get({ path: EPM_API_ROUTES.CATEGORIES_PATTERN, @@ -219,6 +230,38 @@ export const registerRoutes = (router: FleetAuthzRouter) => { installPackageFromRegistryHandler ); + if (experimentalFeatures.useSpaceAwareness) { + router.versioned + .post({ + path: EPM_API_ROUTES.INSTALL_KIBANA_ASSETS_PATTERN, + fleetAuthz: { + integrations: { installPackages: true }, + }, + }) + .addVersion( + { + version: API_VERSIONS.public.v1, + validate: { request: InstallKibanaAssetsRequestSchema }, + }, + installPackageKibanaAssetsHandler + ); + + router.versioned + .delete({ + path: EPM_API_ROUTES.DELETE_KIBANA_ASSETS_PATTERN, + fleetAuthz: { + integrations: { installPackages: true }, + }, + }) + .addVersion( + { + version: API_VERSIONS.public.v1, + validate: { request: DeleteKibanaAssetsRequestSchema }, + }, + deletePackageKibanaAssetsHandler + ); + } + router.versioned .post({ path: EPM_API_ROUTES.BULK_INSTALL_PATTERN, diff --git a/x-pack/plugins/fleet/server/routes/epm/kibana_assets_handler.ts b/x-pack/plugins/fleet/server/routes/epm/kibana_assets_handler.ts new file mode 100644 index 0000000000000..8fe83f98669d1 --- /dev/null +++ b/x-pack/plugins/fleet/server/routes/epm/kibana_assets_handler.ts @@ -0,0 +1,113 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { TypeOf } from '@kbn/config-schema'; + +import { defaultFleetErrorHandler, FleetNotFoundError } from '../../errors'; +import { appContextService } from '../../services'; +import { + deleteKibanaAssetsAndReferencesForSpace, + installKibanaAssetsAndReferences, +} from '../../services/epm/kibana/assets/install'; +import { + getInstallationObject, + getInstalledPackageWithAssets, +} from '../../services/epm/packages/get'; +import type { + DeleteKibanaAssetsRequestSchema, + FleetRequestHandler, + InstallKibanaAssetsRequestSchema, +} from '../../types'; + +export const installPackageKibanaAssetsHandler: FleetRequestHandler< + TypeOf, + undefined, + TypeOf +> = async (context, request, response) => { + try { + const fleetContext = await context.fleet; + const savedObjectsClient = fleetContext.internalSoClient; + const logger = appContextService.getLogger(); + const spaceId = fleetContext.spaceId; + const { pkgName, pkgVersion } = request.params; + + const installedPkgWithAssets = await getInstalledPackageWithAssets({ + savedObjectsClient, + pkgName, + logger, + }); + + const installation = await getInstallationObject({ + pkgName, + savedObjectsClient, + }); + + if ( + !installation || + !installedPkgWithAssets || + installedPkgWithAssets?.installation.version !== pkgVersion + ) { + throw new FleetNotFoundError('Requested version is not installed'); + } + + const { packageInfo } = installedPkgWithAssets; + + await installKibanaAssetsAndReferences({ + savedObjectsClient, + logger, + pkgName, + pkgTitle: packageInfo.title, + installAsAdditionalSpace: true, + spaceId, + assetTags: installedPkgWithAssets.packageInfo?.asset_tags, + installedPkg: installation, + packageInstallContext: { + packageInfo, + paths: installedPkgWithAssets.paths, + assetsMap: installedPkgWithAssets.assetsMap, + }, + }); + + return response.ok({ body: { success: true } }); + } catch (error) { + return await defaultFleetErrorHandler({ error, response }); + } +}; + +export const deletePackageKibanaAssetsHandler: FleetRequestHandler< + TypeOf, + undefined +> = async (context, request, response) => { + try { + const fleetContext = await context.fleet; + const savedObjectsClient = fleetContext.internalSoClient; + const logger = appContextService.getLogger(); + const spaceId = fleetContext.spaceId; + const { pkgName, pkgVersion } = request.params; + + const installation = await getInstallationObject({ + pkgName, + savedObjectsClient, + }); + + if (!installation || installation.attributes.version !== pkgVersion) { + throw new FleetNotFoundError('Version is not installed'); + } + + await deleteKibanaAssetsAndReferencesForSpace({ + savedObjectsClient, + logger, + pkgName, + spaceId, + installedPkg: installation, + }); + + return response.ok({ body: { success: true } }); + } catch (error) { + return await defaultFleetErrorHandler({ error, response }); + } +}; diff --git a/x-pack/plugins/fleet/server/routes/index.ts b/x-pack/plugins/fleet/server/routes/index.ts index 5177b85d84dea..77c4fa9eb4249 100644 --- a/x-pack/plugins/fleet/server/routes/index.ts +++ b/x-pack/plugins/fleet/server/routes/index.ts @@ -26,13 +26,14 @@ import { registerRoutes as registerFleetServerHostRoutes } from './fleet_server_ import { registerRoutes as registerFleetProxiesRoutes } from './fleet_proxies'; import { registerRoutes as registerMessageSigningServiceRoutes } from './message_signing_service'; import { registerRoutes as registerUninstallTokenRoutes } from './uninstall_token'; +import { registerRoutes as registerDebugRoutes } from './debug'; export function registerRoutes(fleetAuthzRouter: FleetAuthzRouter, config: FleetConfigType) { // Always register app routes for permissions checking registerAppRoutes(fleetAuthzRouter); // The upload package route is only authorized for the superuser - registerEPMRoutes(fleetAuthzRouter); + registerEPMRoutes(fleetAuthzRouter, config); registerSetupRoutes(fleetAuthzRouter, config); registerAgentPolicyRoutes(fleetAuthzRouter); @@ -47,6 +48,7 @@ export function registerRoutes(fleetAuthzRouter: FleetAuthzRouter, config: Fleet registerHealthCheckRoutes(fleetAuthzRouter); registerMessageSigningServiceRoutes(fleetAuthzRouter); registerUninstallTokenRoutes(fleetAuthzRouter, config); + registerDebugRoutes(fleetAuthzRouter); // Conditional config routes if (config.agents.enabled) { diff --git a/x-pack/plugins/fleet/server/routes/utils/filter_utils_real_queries.test.ts b/x-pack/plugins/fleet/server/routes/utils/filter_utils_real_queries.test.ts index 122a8d7a7ddc7..45b0995aac078 100644 --- a/x-pack/plugins/fleet/server/routes/utils/filter_utils_real_queries.test.ts +++ b/x-pack/plugins/fleet/server/routes/utils/filter_utils_real_queries.test.ts @@ -515,7 +515,7 @@ describe('validateKuery validates real kueries', () => { beforeEach(() => { mockedAppContextService.getExperimentalFeatures.mockReturnValue({ enableStrictKQLValidation: true, - }); + } as any); }); afterEach(() => { mockedAppContextService.getExperimentalFeatures.mockReset(); @@ -849,7 +849,7 @@ describe('validateKuery validates real kueries', () => { beforeEach(() => { mockedAppContextService.getExperimentalFeatures.mockReturnValue({ enableStrictKQLValidation: false, - }); + } as any); }); it('Allows to skip validation for a free text query', async () => { diff --git a/x-pack/plugins/fleet/server/saved_objects/index.ts b/x-pack/plugins/fleet/server/saved_objects/index.ts index f3377b6665cc0..b471491edc3f3 100644 --- a/x-pack/plugins/fleet/server/saved_objects/index.ts +++ b/x-pack/plugins/fleet/server/saved_objects/index.ts @@ -669,6 +669,10 @@ export const getSavedObjectTypes = ( dynamic: false, properties: {}, }, + additional_spaces_installed_kibana: { + type: 'flattened', + index: false, + }, install_started_at: { type: 'date' }, install_version: { type: 'keyword' }, install_status: { type: 'keyword' }, @@ -711,6 +715,16 @@ export const getSavedObjectTypes = ( }, ], }, + '3': { + changes: [ + { + type: 'mappings_addition', + addedMappings: { + additional_spaces_installed_kibana: { type: 'flattened', index: false }, + }, + }, + ], + }, }, migrations: { '7.14.0': migrateInstallationToV7140, diff --git a/x-pack/plugins/fleet/server/services/agent_policies/agent_policies_to_agent_ids.ts b/x-pack/plugins/fleet/server/services/agent_policies/agent_policies_to_agent_ids.ts index 4410aa4494bb6..0586f924633b6 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/agent_policies_to_agent_ids.ts +++ b/x-pack/plugins/fleet/server/services/agent_policies/agent_policies_to_agent_ids.ts @@ -43,5 +43,5 @@ export const getAgentIdsForAgentPolicies = async ( }, }); - return res.hits.hits.map((hit) => hit._id); + return res.hits.hits.map((hit) => hit._id!); }; diff --git a/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.test.ts b/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.test.ts index 42fc4dda938a9..40cda7583a3c1 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.test.ts +++ b/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.test.ts @@ -877,4 +877,51 @@ describe('Fleet - storedPackagePoliciesToAgentInputs', () => { }, ]); }); + + it('does not include processor add_fields when global tags array is empty', async () => { + expect( + await storedPackagePoliciesToAgentInputs( + [ + { + ...mockPackagePolicy, + package: { + name: 'mock_package', + title: 'Mock package', + version: '0.0.0', + }, + inputs: [ + { + ...mockInput, + compiled_input: { + inputVar: 'input-value', + }, + streams: [], + }, + ], + }, + ], + packageInfoCache, + undefined, + undefined, + [] + ) + ).toEqual([ + { + id: 'test-logs-some-uuid', + name: 'mock_package-policy', + package_policy_id: 'some-uuid', + revision: 1, + type: 'test-logs', + data_stream: { namespace: 'default' }, + use_output: 'default', + meta: { + package: { + name: 'mock_package', + version: '0.0.0', + }, + }, + inputVar: 'input-value', + }, + ]); + }); }); diff --git a/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts b/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts index 0a1643f293e58..d7f0c70a0786b 100644 --- a/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts +++ b/x-pack/plugins/fleet/server/services/agent_policies/package_policies_to_agent_inputs.ts @@ -146,7 +146,10 @@ export const storedPackagePoliciesToAgentInputs = async ( ): Promise => { const fullInputs: FullAgentPolicyInput[] = []; - const addFields = globalDataTags ? globalDataTagsToAddFields(globalDataTags) : undefined; + const addFields = + globalDataTags && globalDataTags.length > 0 + ? globalDataTagsToAddFields(globalDataTags) + : undefined; for (const packagePolicy of packagePolicies) { if (!isPolicyEnabled(packagePolicy)) { diff --git a/x-pack/plugins/fleet/server/services/agent_policy.test.ts b/x-pack/plugins/fleet/server/services/agent_policy.test.ts index d5d4813fdb7e0..cd170e6ef6da8 100644 --- a/x-pack/plugins/fleet/server/services/agent_policy.test.ts +++ b/x-pack/plugins/fleet/server/services/agent_policy.test.ts @@ -426,99 +426,255 @@ describe('Agent policy', () => { let soClient: ReturnType; let esClient: ReturnType['asInternalUser']; - beforeEach(() => { - soClient = getSavedObjectMock({ revision: 1, package_policies: ['package-1'] }); - mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ - { - id: 'package-1', - }, - ] as any); - esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + describe('with enableReusableIntegrationPolicies disabled', () => { + beforeEach(() => { + soClient = getSavedObjectMock({ revision: 1, package_policies: ['package-1'] }); + mockedPackagePolicyService.create.mockReset(); + esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + + (getAgentsByKuery as jest.Mock).mockResolvedValue({ + agents: [], + total: 0, + page: 1, + perPage: 10, + }); - (getAgentsByKuery as jest.Mock).mockResolvedValue({ - agents: [], - total: 0, - page: 1, - perPage: 10, + mockedPackagePolicyService.delete.mockResolvedValue([ + { + id: 'package-1', + } as any, + ]); + jest + .spyOn(appContextService, 'getExperimentalFeatures') + .mockReturnValue({ enableReusableIntegrationPolicies: false } as any); }); - mockedPackagePolicyService.delete.mockResolvedValue([ - { - id: 'package-1', - } as any, - ]); - }); + it('should throw error for agent policy which has managed package policy', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + is_managed: true, + }, + ] as any); + try { + await agentPolicyService.delete(soClient, esClient, 'mocked'); + } catch (e) { + expect(e.message).toEqual( + new PackagePolicyRestrictionRelatedError( + `Cannot delete agent policy mocked that contains managed package policies` + ).message + ); + } + }); - it('should throw error for agent policy which has managed package policy', async () => { - mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ - { - id: 'package-1', - is_managed: true, - }, - ] as any); - try { + it('should allow delete with force for agent policy which has managed package policy', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + is_managed: true, + }, + ] as any); + const response = await agentPolicyService.delete(soClient, esClient, 'mocked', { + force: true, + }); + expect(response.id).toEqual('mocked'); + }); + + it('should call audit logger', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + }, + ] as any); await agentPolicyService.delete(soClient, esClient, 'mocked'); - } catch (e) { - expect(e.message).toEqual( - new PackagePolicyRestrictionRelatedError( - `Cannot delete agent policy mocked that contains managed package policies` - ).message + + expect(mockedAuditLoggingService.writeCustomSoAuditLog).toHaveBeenCalledWith({ + action: 'delete', + id: 'mocked', + savedObjectType: AGENT_POLICY_SAVED_OBJECT_TYPE, + }); + }); + + it('should throw error if active agents are assigned to the policy', async () => { + (getAgentsByKuery as jest.Mock).mockResolvedValue({ + agents: [], + total: 2, + page: 1, + perPage: 10, + }); + await expect(agentPolicyService.delete(soClient, esClient, 'mocked')).rejects.toThrowError( + 'Cannot delete an agent policy that is assigned to any active or inactive agents' ); - } - }); + }); - it('should allow delete with force for agent policy which has managed package policy', async () => { - mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ - { - id: 'package-1', - is_managed: true, - }, - ] as any); - const response = await agentPolicyService.delete(soClient, esClient, 'mocked', { - force: true, + it('should delete .fleet-policies entries on agent policy delete', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + }, + ] as any); + esClient.deleteByQuery.mockResolvedValueOnce({ + deleted: 2, + }); + + await agentPolicyService.delete(soClient, esClient, 'mocked'); + + expect(esClient.deleteByQuery).toHaveBeenCalledWith( + expect.objectContaining({ + index: AGENT_POLICY_INDEX, + query: { + term: { + policy_id: 'mocked', + }, + }, + }) + ); + }); + + it('should delete all integration polices', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + policy_id: ['policy_1'], + policy_ids: ['policy_1', 'int_policy_2'], + }, + { + id: 'package-2', + policy_id: ['policy_1'], + policy_ids: ['policy_1'], + }, + { + id: 'package-3', + }, + ] as any); + await agentPolicyService.delete(soClient, esClient, 'mocked'); + expect(mockedPackagePolicyService.delete).toBeCalledWith( + expect.anything(), + expect.anything(), + ['package-1', 'package-2', 'package-3'], + expect.anything() + ); }); - expect(response.id).toEqual('mocked'); }); - it('should call audit logger', async () => { - await agentPolicyService.delete(soClient, esClient, 'mocked'); + describe('with enableReusableIntegrationPolicies enabled', () => { + beforeEach(() => { + soClient = getSavedObjectMock({ revision: 1, package_policies: ['package-1'] }); + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + }, + ] as any); + esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; + + (getAgentsByKuery as jest.Mock).mockResolvedValue({ + agents: [], + total: 0, + page: 1, + perPage: 10, + }); + mockedPackagePolicyService.create.mockReset(); + jest + .spyOn(appContextService, 'getExperimentalFeatures') + .mockReturnValue({ enableReusableIntegrationPolicies: true } as any); + }); - expect(mockedAuditLoggingService.writeCustomSoAuditLog).toHaveBeenCalledWith({ - action: 'delete', - id: 'mocked', - savedObjectType: AGENT_POLICY_SAVED_OBJECT_TYPE, + it('should throw error for agent policy which has managed package policy', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + is_managed: true, + }, + ] as any); + try { + await agentPolicyService.delete(soClient, esClient, 'mocked'); + } catch (e) { + expect(e.message).toEqual( + new PackagePolicyRestrictionRelatedError( + `Cannot delete agent policy mocked that contains managed package policies` + ).message + ); + } }); - }); - it('should throw error if active agents are assigned to the policy', async () => { - (getAgentsByKuery as jest.Mock).mockResolvedValue({ - agents: [], - total: 2, - page: 1, - perPage: 10, + it('should allow delete with force for agent policy which has managed package policy', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + is_managed: true, + }, + ] as any); + const response = await agentPolicyService.delete(soClient, esClient, 'mocked', { + force: true, + }); + expect(response.id).toEqual('mocked'); }); - await expect(agentPolicyService.delete(soClient, esClient, 'mocked')).rejects.toThrowError( - 'Cannot delete an agent policy that is assigned to any active or inactive agents' - ); - }); - it('should delete .fleet-policies entries on agent policy delete', async () => { - esClient.deleteByQuery.mockResolvedValueOnce({ - deleted: 2, + it('should call audit logger', async () => { + await agentPolicyService.delete(soClient, esClient, 'mocked'); + + expect(mockedAuditLoggingService.writeCustomSoAuditLog).toHaveBeenCalledWith({ + action: 'delete', + id: 'mocked', + savedObjectType: AGENT_POLICY_SAVED_OBJECT_TYPE, + }); }); - await agentPolicyService.delete(soClient, esClient, 'mocked'); + it('should throw error if active agents are assigned to the policy', async () => { + (getAgentsByKuery as jest.Mock).mockResolvedValue({ + agents: [], + total: 2, + page: 1, + perPage: 10, + }); + await expect(agentPolicyService.delete(soClient, esClient, 'mocked')).rejects.toThrowError( + 'Cannot delete an agent policy that is assigned to any active or inactive agents' + ); + }); - expect(esClient.deleteByQuery).toHaveBeenCalledWith( - expect.objectContaining({ - index: AGENT_POLICY_INDEX, - query: { - term: { - policy_id: 'mocked', + it('should delete .fleet-policies entries on agent policy delete', async () => { + esClient.deleteByQuery.mockResolvedValueOnce({ + deleted: 2, + }); + + await agentPolicyService.delete(soClient, esClient, 'mocked'); + + expect(esClient.deleteByQuery).toHaveBeenCalledWith( + expect.objectContaining({ + index: AGENT_POLICY_INDEX, + query: { + term: { + policy_id: 'mocked', + }, }, + }) + ); + }); + + it('should only delete package polices that are not shared with other agent policies', async () => { + mockedPackagePolicyService.findAllForAgentPolicy.mockReturnValue([ + { + id: 'package-1', + policy_id: ['policy_1'], + policy_ids: ['policy_1', 'int_policy_2'], }, - }) - ); + { + id: 'package-2', + policy_id: ['policy_1'], + policy_ids: ['policy_1'], + }, + { + id: 'package-3', + }, + ] as any); + await agentPolicyService.delete(soClient, esClient, 'mocked'); + expect(mockedPackagePolicyService.delete).toBeCalledWith( + expect.anything(), + expect.anything(), + ['package-2', 'package-3'], + expect.anything() + ); + }); }); }); diff --git a/x-pack/plugins/fleet/server/services/agent_policy.ts b/x-pack/plugins/fleet/server/services/agent_policy.ts index 029352e145ca6..041b644951e25 100644 --- a/x-pack/plugins/fleet/server/services/agent_policy.ts +++ b/x-pack/plugins/fleet/server/services/agent_policy.ts @@ -1008,16 +1008,22 @@ class AgentPolicyService { `Cannot delete agent policy ${id} that contains managed package policies` ); } + const packagePoliciesToDelete = this.packagePoliciesWithoutMultiplePolicies(packagePolicies); await packagePolicyService.delete( soClient, esClient, - packagePolicies.map((p) => p.id), + packagePoliciesToDelete.map((p) => p.id), { force: options?.force, skipUnassignFromAgentPolicies: true, } ); + logger.debug( + `Deleted package policies with ids ${packagePoliciesToDelete + .map((policy) => policy.id) + .join(', ')}` + ); } if (agentPolicy.is_preconfigured && !options?.force) { @@ -1550,6 +1556,16 @@ class AgentPolicyService { ); } } + + private packagePoliciesWithoutMultiplePolicies(packagePolicies: PackagePolicy[]) { + // Find package policies that don't have multiple agent policies and mark them for deletion + if (appContextService.getExperimentalFeatures().enableReusableIntegrationPolicies) { + return packagePolicies.filter( + (policy) => !policy?.policy_ids || policy?.policy_ids.length <= 1 + ); + } + return packagePolicies; + } } export const agentPolicyService = new AgentPolicyService(); diff --git a/x-pack/plugins/fleet/server/services/agents/action_status.ts b/x-pack/plugins/fleet/server/services/agents/action_status.ts index 60716e23f9666..1435857ffe670 100644 --- a/x-pack/plugins/fleet/server/services/agents/action_status.ts +++ b/x-pack/plugins/fleet/server/services/agents/action_status.ts @@ -323,7 +323,7 @@ async function getHostNames(esClient: ElasticsearchClient, agentIds: string[]) { _source: ['local_metadata.host.name'], }); const hostNames = agentsRes.hits.hits.reduce((acc: { [key: string]: string }, curr) => { - acc[curr._id] = (curr._source as any).local_metadata.host.name; + acc[curr._id!] = (curr._source as any).local_metadata.host.name; return acc; }, {}); diff --git a/x-pack/plugins/fleet/server/services/agents/helpers.ts b/x-pack/plugins/fleet/server/services/agents/helpers.ts index 2ddad0c24abab..7433fa441953d 100644 --- a/x-pack/plugins/fleet/server/services/agents/helpers.ts +++ b/x-pack/plugins/fleet/server/services/agents/helpers.ts @@ -58,7 +58,7 @@ export function searchHitToAgent( })) : undefined; const agent: Agent = { - id: hit._id, + id: hit._id!, type: hit._source?.type!, namespaces: hit._source?.namespaces, active: hit._source?.active!, diff --git a/x-pack/plugins/fleet/server/services/artifacts/mappings.ts b/x-pack/plugins/fleet/server/services/artifacts/mappings.ts index 3645f957417e3..8d5382f1fb193 100644 --- a/x-pack/plugins/fleet/server/services/artifacts/mappings.ts +++ b/x-pack/plugins/fleet/server/services/artifacts/mappings.ts @@ -27,7 +27,7 @@ export const esSearchHitToArtifact = < }: T): Artifact => { return { ...attributesNotNeedingRename, - id, + id: id!, compressionAlgorithm, decodedSha256, decodedSize, diff --git a/x-pack/plugins/fleet/server/services/debug/index.ts b/x-pack/plugins/fleet/server/services/debug/index.ts new file mode 100644 index 0000000000000..b0e9d7167f1a4 --- /dev/null +++ b/x-pack/plugins/fleet/server/services/debug/index.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ElasticsearchClient, SavedObjectsClientContract } from '@kbn/core/server'; + +export async function fetchIndex(esClient: ElasticsearchClient, index: string) { + return esClient.search({ index }); +} + +export async function fetchSavedObjects( + soClient: SavedObjectsClientContract, + type: string, + name: string +) { + return soClient.find({ + type, + search: `\"${name}\"`, // Search for phrase + searchFields: ['name'], // SO type automatically inferred + }); +} + +export async function fetchSavedObjectNames(soClient: SavedObjectsClientContract, type: string) { + return soClient.find({ + type, + aggs: { + names: { + terms: { field: `${type}.attributes.name` }, // cf. SavedObjectsFindOptions definition in packages/core/saved-objects/core-saved-objects-api-server/src/apis/find.ts + }, + }, + }); +} diff --git a/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.test.ts b/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.test.ts index 3547fc70daa15..3b200ac5115cf 100644 --- a/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.test.ts +++ b/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.test.ts @@ -10,10 +10,9 @@ import type { SavedObjectsImportSuccess, SavedObjectsImportResponse, } from '@kbn/core/server'; - import { loggingSystemMock } from '@kbn/core/server/mocks'; -import type { ArchiveAsset } from './install'; +import { type ArchiveAsset } from './install'; jest.mock('timers/promises', () => ({ async setTimeout() {}, diff --git a/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.ts b/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.ts index 2956cb5fe20c2..e7e453648a596 100644 --- a/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.ts +++ b/x-pack/plugins/fleet/server/services/epm/kibana/assets/install.ts @@ -19,32 +19,22 @@ import type { import { createListStream } from '@kbn/utils'; import { partition } from 'lodash'; -import type { IAssignmentService, ITagsClient } from '@kbn/saved-objects-tagging-plugin/server'; - -import { PACKAGES_SAVED_OBJECT_TYPE } from '../../../../../common'; import { getAssetFromAssetsMap, getPathParts } from '../../archive'; import { KibanaAssetType, KibanaSavedObjectType } from '../../../../types'; -import type { - AssetType, - AssetReference, - AssetParts, - Installation, - PackageSpecTags, -} from '../../../../types'; -import { savedObjectTypes } from '../../packages'; -import type { PackageInstallContext } from '../../../../../common/types'; +import type { AssetReference, AssetParts, Installation, PackageSpecTags } from '../../../../types'; +import type { KibanaAssetReference, PackageInstallContext } from '../../../../../common/types'; import { indexPatternTypes, getIndexPatternSavedObjects, makeManagedIndexPatternsGlobal, } from '../index_pattern/install'; -import { saveKibanaAssetsRefs } from '../../packages/install'; +import { kibanaAssetsToAssetsRef, saveKibanaAssetsRefs } from '../../packages/install'; import { deleteKibanaSavedObjectsAssets } from '../../packages/remove'; -import { KibanaSOReferenceError } from '../../../../errors'; - +import { FleetError, KibanaSOReferenceError } from '../../../../errors'; import { withPackageSpan } from '../../packages/utils'; import { tagKibanaAssets } from './tag_assets'; +import { getSpaceAwareSaveobjectsClients } from './saved_objects'; type SavedObjectsImporterContract = Pick; const formatImportErrorsForLog = (errors: SavedObjectsImportFailure[]) => @@ -163,11 +153,8 @@ export async function installKibanaAssets(options: { return installedAssets; } -export async function installKibanaAssetsAndReferences({ +export async function installKibanaAssetsAndReferencesMultispace({ savedObjectsClient, - savedObjectsImporter, - savedObjectTagAssignmentService, - savedObjectTagClient, logger, pkgName, pkgTitle, @@ -175,11 +162,9 @@ export async function installKibanaAssetsAndReferences({ installedPkg, spaceId, assetTags, + installAsAdditionalSpace, }: { savedObjectsClient: SavedObjectsClientContract; - savedObjectsImporter: Pick; - savedObjectTagAssignmentService: IAssignmentService; - savedObjectTagClient: ITagsClient; logger: Logger; pkgName: string; pkgTitle: string; @@ -187,15 +172,89 @@ export async function installKibanaAssetsAndReferences({ installedPkg?: SavedObject; spaceId: string; assetTags?: PackageSpecTags[]; + installAsAdditionalSpace?: boolean; }) { - const kibanaAssets = await getKibanaAssets(packageInstallContext); - if (installedPkg) await deleteKibanaSavedObjectsAssets({ savedObjectsClient, installedPkg }); - // save new kibana refs before installing the assets - const installedKibanaAssetsRefs = await saveKibanaAssetsRefs( + if (installedPkg && !installAsAdditionalSpace) { + // Install in every space => upgrades + const refs = await installKibanaAssetsAndReferences({ + savedObjectsClient, + logger, + pkgName, + pkgTitle, + packageInstallContext, + installedPkg, + spaceId, + assetTags, + installAsAdditionalSpace, + }); + + for (const additionnalSpaceId of Object.keys( + installedPkg.attributes.additional_spaces_installed_kibana ?? {} + )) { + await installKibanaAssetsAndReferences({ + savedObjectsClient, + logger, + pkgName, + pkgTitle, + packageInstallContext, + installedPkg, + spaceId: additionnalSpaceId, + assetTags, + installAsAdditionalSpace: true, + }); + } + return refs; + } + + return installKibanaAssetsAndReferences({ savedObjectsClient, + logger, pkgName, - kibanaAssets - ); + pkgTitle, + packageInstallContext, + installedPkg, + spaceId, + assetTags, + installAsAdditionalSpace, + }); +} + +export async function installKibanaAssetsAndReferences({ + savedObjectsClient, + logger, + pkgName, + pkgTitle, + packageInstallContext, + installedPkg, + spaceId, + assetTags, + installAsAdditionalSpace, +}: { + savedObjectsClient: SavedObjectsClientContract; + logger: Logger; + pkgName: string; + pkgTitle: string; + packageInstallContext: PackageInstallContext; + installedPkg?: SavedObject; + spaceId: string; + assetTags?: PackageSpecTags[]; + installAsAdditionalSpace?: boolean; +}) { + const { savedObjectsImporter, savedObjectTagAssignmentService, savedObjectTagClient } = + getSpaceAwareSaveobjectsClients(spaceId); + const kibanaAssets = await getKibanaAssets(packageInstallContext); + if (installedPkg) { + await deleteKibanaSavedObjectsAssets({ savedObjectsClient, installedPkg, spaceId }); + } + let installedKibanaAssetsRefs: KibanaAssetReference[] = []; + if (!installAsAdditionalSpace) { + // save new kibana refs before installing the assets + installedKibanaAssetsRefs = await saveKibanaAssetsRefs( + savedObjectsClient, + pkgName, + kibanaAssetsToAssetsRef(kibanaAssets) + ); + } const importedAssets = await installKibanaAssets({ savedObjectsClient, @@ -204,6 +263,24 @@ export async function installKibanaAssetsAndReferences({ pkgName, kibanaAssets, }); + if (installAsAdditionalSpace) { + const assets = importedAssets.map( + ({ id, type, destinationId }) => + ({ + id: destinationId ?? id, + originId: id, + type, + } as KibanaAssetReference) + ); + installedKibanaAssetsRefs = await saveKibanaAssetsRefs( + savedObjectsClient, + pkgName, + assets, + installedPkg && installedPkg.attributes.installed_kibana_space_id === spaceId + ? false + : installAsAdditionalSpace + ); + } await withPackageSpan('Create and assign package tags', () => tagKibanaAssets({ savedObjectTagAssignmentService, @@ -220,20 +297,32 @@ export async function installKibanaAssetsAndReferences({ return installedKibanaAssetsRefs; } -export const deleteKibanaInstalledRefs = async ( - savedObjectsClient: SavedObjectsClientContract, - pkgName: string, - installedKibanaRefs: AssetReference[] -) => { - const installedAssetsToSave = installedKibanaRefs.filter(({ id, type }) => { - const assetType = type as AssetType; - return !savedObjectTypes.includes(assetType); - }); +export async function deleteKibanaAssetsAndReferencesForSpace({ + savedObjectsClient, + logger, + pkgName, + installedPkg, + spaceId, +}: { + savedObjectsClient: SavedObjectsClientContract; + logger: Logger; + pkgName: string; + installedPkg: SavedObject; + spaceId: string; +}) { + if (!installedPkg) { + return; + } + + if (installedPkg.attributes.installed_kibana_space_id === spaceId) { + throw new FleetError( + 'Impossible to delete kibana assets from the space where the package was installed, you must uninstall the package.' + ); + } + await deleteKibanaSavedObjectsAssets({ savedObjectsClient, installedPkg, spaceId }); + await saveKibanaAssetsRefs(savedObjectsClient, pkgName, [], true); +} - return savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, { - installed_kibana: installedAssetsToSave, - }); -}; export async function getKibanaAssets( packageInstallContext: PackageInstallContext ): Promise> { diff --git a/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_object.test.ts b/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_object.test.ts new file mode 100644 index 0000000000000..8ac5703265075 --- /dev/null +++ b/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_object.test.ts @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { savedObjectsClientMock, savedObjectsServiceMock } from '@kbn/core/server/mocks'; + +import { appContextService } from '../../../app_context'; + +import { getSpaceAwareSaveobjectsClients } from './saved_objects'; + +jest.mock('../../../app_context'); + +describe('getSpaceAwareSaveobjectsClients', () => { + it('return space scopped clients', () => { + const soStartMock = savedObjectsServiceMock.createStartContract(); + const mockedSavedObjectTagging = { + createInternalAssignmentService: jest.fn(), + createTagClient: jest.fn(), + }; + + const scoppedSoClient = savedObjectsClientMock.create(); + jest + .mocked(appContextService.getInternalUserSOClientForSpaceId) + .mockReturnValue(scoppedSoClient); + + jest.mocked(appContextService.getSavedObjects).mockReturnValue(soStartMock); + jest.mocked(appContextService.getSavedObjectsTagging).mockReturnValue(mockedSavedObjectTagging); + + getSpaceAwareSaveobjectsClients('test1'); + + expect(appContextService.getInternalUserSOClientForSpaceId).toBeCalledWith('test1'); + expect(soStartMock.createImporter).toBeCalledWith(scoppedSoClient, expect.anything()); + expect(mockedSavedObjectTagging.createInternalAssignmentService).toBeCalledWith({ + client: scoppedSoClient, + }); + expect(mockedSavedObjectTagging.createTagClient).toBeCalledWith({ client: scoppedSoClient }); + }); +}); diff --git a/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_objects.ts b/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_objects.ts new file mode 100644 index 0000000000000..c4ff55ca8ac82 --- /dev/null +++ b/x-pack/plugins/fleet/server/services/epm/kibana/assets/saved_objects.ts @@ -0,0 +1,32 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { appContextService } from '../../../app_context'; + +export function getSpaceAwareSaveobjectsClients(spaceId?: string) { + // Saved object client need to be scopped with the package space for saved object tagging + const savedObjectClientWithSpace = appContextService.getInternalUserSOClientForSpaceId(spaceId); + + const savedObjectsImporter = appContextService + .getSavedObjects() + .createImporter(savedObjectClientWithSpace, { importSizeLimit: 15_000 }); + + const savedObjectTagAssignmentService = appContextService + .getSavedObjectsTagging() + .createInternalAssignmentService({ client: savedObjectClientWithSpace }); + + const savedObjectTagClient = appContextService + .getSavedObjectsTagging() + .createTagClient({ client: savedObjectClientWithSpace }); + + return { + savedObjectClientWithSpace, + savedObjectsImporter, + savedObjectTagAssignmentService, + savedObjectTagClient, + }; +} diff --git a/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts b/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts index 780f1ceb60566..97b0eeb823e02 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts @@ -10,12 +10,9 @@ import type { Logger, SavedObject, SavedObjectsClientContract, - ISavedObjectsImporter, } from '@kbn/core/server'; import { SavedObjectsErrorHelpers } from '@kbn/core/server'; -import type { IAssignmentService, ITagsClient } from '@kbn/saved-objects-tagging-plugin/server'; - import type { HTTPAuthorizationHeader } from '../../../../common/http_authorization_header'; import type { PackageInstallContext } from '../../../../common/types'; import { getNormalizedDataStreams } from '../../../../common/services'; @@ -60,9 +57,6 @@ import { installIndexTemplatesAndPipelines } from './install_index_template_pipe // only the more explicit `installPackage*` functions should be used export async function _installPackage({ savedObjectsClient, - savedObjectsImporter, - savedObjectTagAssignmentService, - savedObjectTagClient, esClient, logger, installedPkg, @@ -77,9 +71,6 @@ export async function _installPackage({ skipDataStreamRollover, }: { savedObjectsClient: SavedObjectsClientContract; - savedObjectsImporter: Pick; - savedObjectTagAssignmentService: IAssignmentService; - savedObjectTagClient: ITagsClient; esClient: ElasticsearchClient; logger: Logger; installedPkg?: SavedObject; @@ -157,9 +148,6 @@ export async function _installPackage({ const kibanaAssetPromise = withPackageSpan('Install Kibana assets', () => installKibanaAssetsAndReferences({ savedObjectsClient, - savedObjectsImporter, - savedObjectTagAssignmentService, - savedObjectTagClient, pkgName, pkgTitle, packageInstallContext, diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/install.test.ts index 14f3068795120..53112c5eea673 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/install.test.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/install.test.ts @@ -382,39 +382,6 @@ describe('install', () => { expect(response.status).toEqual('installed'); }); - - it('should use a scoped to package space soClient for tagging', async () => { - const mockedTaggingSo = savedObjectsClientMock.create(); - jest - .mocked(appContextService.getInternalUserSOClientForSpaceId) - .mockReturnValue(mockedTaggingSo); - jest - .mocked(getInstallationObject) - .mockResolvedValueOnce({ attributes: { version: '1.2.0' } } as any); - - jest.spyOn(licenseService, 'hasAtLeast').mockReturnValue(true); - await installPackage({ - spaceId: 'test', - installSource: 'registry', - pkgkey: 'apache-1.3.0', - savedObjectsClient: savedObjectsClientMock.create(), - esClient: {} as ElasticsearchClient, - }); - - expect(appContextService.getInternalUserSOClientForSpaceId).toBeCalledWith('test'); - expect(appContextService.getSavedObjectsTagging().createTagClient).toBeCalledWith( - expect.objectContaining({ - client: mockedTaggingSo, - }) - ); - expect( - appContextService.getSavedObjectsTagging().createInternalAssignmentService - ).toBeCalledWith( - expect.objectContaining({ - client: mockedTaggingSo, - }) - ); - }); }); describe('with enablePackagesStateMachine = true', () => { @@ -632,39 +599,6 @@ describe('install', () => { expect(response.status).toEqual('installed'); }); - - it('should use a scoped to package space soClient for tagging', async () => { - const mockedTaggingSo = savedObjectsClientMock.create(); - jest - .mocked(appContextService.getInternalUserSOClientForSpaceId) - .mockReturnValue(mockedTaggingSo); - jest - .mocked(getInstallationObject) - .mockResolvedValueOnce({ attributes: { version: '1.2.0', installed_kibana: [] } } as any); - - jest.spyOn(licenseService, 'hasAtLeast').mockReturnValue(true); - await installPackage({ - spaceId: 'test', - installSource: 'registry', - pkgkey: 'apache-1.3.0', - savedObjectsClient: savedObjectsClientMock.create(), - esClient: {} as ElasticsearchClient, - }); - - expect(appContextService.getInternalUserSOClientForSpaceId).toBeCalledWith('test'); - expect(appContextService.getSavedObjectsTagging().createTagClient).toBeCalledWith( - expect.objectContaining({ - client: mockedTaggingSo, - }) - ); - expect( - appContextService.getSavedObjectsTagging().createInternalAssignmentService - ).toBeCalledWith( - expect.objectContaining({ - client: mockedTaggingSo, - }) - ); - }); }); }); diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install.ts b/x-pack/plugins/fleet/server/services/epm/packages/install.ts index 9f200e97c3cfd..f27cb794475c9 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/install.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/install.ts @@ -10,6 +10,7 @@ import { i18n } from '@kbn/i18n'; import semverLt from 'semver/functions/lt'; import type Boom from '@hapi/boom'; import moment from 'moment'; +import { omit } from 'lodash'; import type { ElasticsearchClient, SavedObject, @@ -21,7 +22,11 @@ import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants'; import pRetry from 'p-retry'; import type { LicenseType } from '@kbn/licensing-plugin/server'; -import type { PackageDataStreamTypes, PackageInstallContext } from '../../../../common/types'; +import type { + KibanaAssetReference, + PackageDataStreamTypes, + PackageInstallContext, +} from '../../../../common/types'; import type { HTTPAuthorizationHeader } from '../../../../common/http_authorization_header'; import { isPackagePrerelease, getNormalizedDataStreams } from '../../../../common/services'; import { FLEET_INSTALL_FORMAT_VERSION } from '../../../constants/fleet_es_assets'; @@ -619,27 +624,9 @@ async function installPackageCommon(options: { return { error: err, installType, installSource }; } - // Saved object client need to be scopped with the package space for saved object tagging - const savedObjectClientWithSpace = appContextService.getInternalUserSOClientForSpaceId(spaceId); - - const savedObjectsImporter = appContextService - .getSavedObjects() - .createImporter(savedObjectClientWithSpace, { importSizeLimit: 15_000 }); - - const savedObjectTagAssignmentService = appContextService - .getSavedObjectsTagging() - .createInternalAssignmentService({ client: savedObjectClientWithSpace }); - - const savedObjectTagClient = appContextService - .getSavedObjectsTagging() - .createTagClient({ client: savedObjectClientWithSpace }); - // try installing the package, if there was an error, call error handler and rethrow return await _installPackage({ savedObjectsClient, - savedObjectsImporter, - savedObjectTagAssignmentService, - savedObjectTagClient, esClient, logger, installedPkg, @@ -1294,10 +1281,17 @@ export async function createInstallation(options: { return created; } +export const kibanaAssetsToAssetsRef = ( + kibanaAssets: Record +): KibanaAssetReference[] => { + return Object.values(kibanaAssets).flat().map(toAssetReference); +}; + export const saveKibanaAssetsRefs = async ( savedObjectsClient: SavedObjectsClientContract, pkgName: string, - kibanaAssets: Record + assetRefs: KibanaAssetReference[], + saveAsAdditionnalSpace = false ) => { auditLoggingService.writeCustomSoAuditLog({ action: 'update', @@ -1305,20 +1299,43 @@ export const saveKibanaAssetsRefs = async ( savedObjectType: PACKAGES_SAVED_OBJECT_TYPE, }); - const assetRefs = Object.values(kibanaAssets).flat().map(toAssetReference); + const spaceId = savedObjectsClient.getCurrentNamespace() || DEFAULT_SPACE_ID; + // Because Kibana assets are installed in parallel with ES assets with refresh: false, we almost always run into an // issue that causes a conflict error due to this issue: https://github.com/elastic/kibana/issues/126240. This is safe // to retry constantly until it succeeds to optimize this critical user journey path as much as possible. await pRetry( - () => - savedObjectsClient.update( + async () => { + const installation = saveAsAdditionnalSpace + ? await savedObjectsClient + .get(PACKAGES_SAVED_OBJECT_TYPE, pkgName) + .catch((e) => { + if (SavedObjectsErrorHelpers.isNotFoundError(e)) { + return undefined; + } + throw e; + }) + : undefined; + + return savedObjectsClient.update( PACKAGES_SAVED_OBJECT_TYPE, pkgName, - { - installed_kibana: assetRefs, - }, + saveAsAdditionnalSpace + ? { + additional_spaces_installed_kibana: { + ...omit( + installation?.attributes?.additional_spaces_installed_kibana ?? {}, + spaceId + ), + ...(assetRefs.length > 0 ? { [spaceId]: assetRefs } : {}), + }, + } + : { + installed_kibana: assetRefs, + }, { refresh: false } - ), + ); + }, { retries: 20 } // Use a number of retries higher than the number of es asset update operations ); diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.test.ts index c77433774a5cf..5e4dd084b2274 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.test.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.test.ts @@ -41,7 +41,7 @@ jest.mock('../../elasticsearch/ilm/install'); jest.mock('../../elasticsearch/datastream_ilm/install'); import { updateCurrentWriteIndices } from '../../elasticsearch/template/template'; -import { installKibanaAssetsAndReferences } from '../../kibana/assets/install'; +import { installKibanaAssetsAndReferencesMultispace } from '../../kibana/assets/install'; import { MAX_TIME_COMPLETE_INSTALL } from '../../../../../common/constants'; @@ -58,7 +58,9 @@ const mockedUpdateCurrentWriteIndices = updateCurrentWriteIndices as jest.Mocked typeof updateCurrentWriteIndices >; const mockedInstallKibanaAssetsAndReferences = - installKibanaAssetsAndReferences as jest.MockedFunction; + installKibanaAssetsAndReferencesMultispace as jest.MockedFunction< + typeof installKibanaAssetsAndReferencesMultispace + >; function sleep(millis: number) { return new Promise((resolve) => setTimeout(resolve, millis)); @@ -293,9 +295,10 @@ describe('_stateMachineInstallPackage', () => { describe('When timeout is reached', () => { it('restarts installation', async () => { await _stateMachineInstallPackage({ + installSource: 'registry', + installType: 'install', + spaceId: 'default', savedObjectsClient: soClient, - // @ts-ignore - savedObjectsImporter: jest.fn(), esClient, logger: loggerMock.create(), packageInstallContext: { @@ -326,9 +329,10 @@ describe('_stateMachineInstallPackage', () => { describe('With no force flag', () => { it('throws concurrent installation error', async () => { const installPromise = _stateMachineInstallPackage({ + installSource: 'registry', + installType: 'install', + spaceId: 'default', savedObjectsClient: soClient, - // @ts-ignore - savedObjectsImporter: jest.fn(), esClient, logger: loggerMock.create(), packageInstallContext: { @@ -356,9 +360,10 @@ describe('_stateMachineInstallPackage', () => { describe('With force flag provided', () => { it('restarts installation', async () => { await _stateMachineInstallPackage({ + installSource: 'registry', + installType: 'install', + spaceId: 'default', savedObjectsClient: soClient, - // @ts-ignore - savedObjectsImporter: jest.fn(), esClient, logger: loggerMock.create(), packageInstallContext: { diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.ts index d66334b315a42..afad28d28a461 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/_state_machine_package_install.ts @@ -9,12 +9,9 @@ import type { Logger, SavedObject, SavedObjectsClientContract, - ISavedObjectsImporter, } from '@kbn/core/server'; import { SavedObjectsErrorHelpers } from '@kbn/core/server'; -import type { IAssignmentService, ITagsClient } from '@kbn/saved-objects-tagging-plugin/server'; - import { PackageSavedObjectConflictError } from '../../../../errors'; import type { HTTPAuthorizationHeader } from '../../../../../common/http_authorization_header'; @@ -53,9 +50,6 @@ import { handleState } from './state_machine'; export interface InstallContext extends StateContext { savedObjectsClient: SavedObjectsClientContract; - savedObjectsImporter: Pick; - savedObjectTagAssignmentService: IAssignmentService; - savedObjectTagClient: ITagsClient; esClient: ElasticsearchClient; logger: Logger; installedPkg?: SavedObject; diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.test.ts index e13e3c9b095b2..7d466f03d52fe 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.test.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.test.ts @@ -12,14 +12,15 @@ import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common/constants'; import { appContextService } from '../../../../app_context'; import { createAppContextStartContractMock } from '../../../../../mocks'; -import { installKibanaAssetsAndReferences } from '../../../kibana/assets/install'; +import { installKibanaAssetsAndReferencesMultispace } from '../../../kibana/assets/install'; jest.mock('../../../kibana/assets/install'); import { stepInstallKibanaAssets } from './step_install_kibana_assets'; -const mockedInstallKibanaAssetsAndReferences = - installKibanaAssetsAndReferences as jest.MockedFunction; +const mockedInstallKibanaAssetsAndReferencesMultispace = jest.mocked( + installKibanaAssetsAndReferencesMultispace +); describe('stepInstallKibanaAssets', () => { let soClient: jest.Mocked; @@ -42,8 +43,6 @@ describe('stepInstallKibanaAssets', () => { it('Should call installKibanaAssetsAndReferences', async () => { const installationPromise = stepInstallKibanaAssets({ savedObjectsClient: soClient, - // @ts-ignore - savedObjectsImporter: jest.fn(), esClient, logger: loggerMock.create(), packageInstallContext: { @@ -68,14 +67,14 @@ describe('stepInstallKibanaAssets', () => { }); await expect(installationPromise).resolves.not.toThrowError(); - expect(mockedInstallKibanaAssetsAndReferences).toBeCalledTimes(1); + expect(mockedInstallKibanaAssetsAndReferencesMultispace).toBeCalledTimes(1); }); esClient = elasticsearchServiceMock.createClusterClient().asInternalUser; appContextService.start(createAppContextStartContractMock()); it('Should correctly handle errors', async () => { // force errors from this function - mockedInstallKibanaAssetsAndReferences.mockImplementation(async () => { + mockedInstallKibanaAssetsAndReferencesMultispace.mockImplementation(async () => { throw new Error('mocked async error A: should be caught'); }); diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.ts b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.ts index 56649c04428ac..2db6f622d3281 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/install_state_machine/steps/step_install_kibana_assets.ts @@ -5,32 +5,20 @@ * 2.0. */ -import { installKibanaAssetsAndReferences } from '../../../kibana/assets/install'; +import { installKibanaAssetsAndReferencesMultispace } from '../../../kibana/assets/install'; import { withPackageSpan } from '../../utils'; import type { InstallContext } from '../_state_machine_package_install'; export async function stepInstallKibanaAssets(context: InstallContext) { - const { - savedObjectsClient, - savedObjectsImporter, - savedObjectTagAssignmentService, - savedObjectTagClient, - logger, - installedPkg, - packageInstallContext, - spaceId, - } = context; + const { savedObjectsClient, logger, installedPkg, packageInstallContext, spaceId } = context; const { packageInfo } = packageInstallContext; const { name: pkgName, title: pkgTitle } = packageInfo; const kibanaAssetPromise = withPackageSpan('Install Kibana assets', () => - installKibanaAssetsAndReferences({ + installKibanaAssetsAndReferencesMultispace({ savedObjectsClient, - savedObjectsImporter, - savedObjectTagAssignmentService, - savedObjectTagClient, pkgName, pkgTitle, packageInstallContext, diff --git a/x-pack/plugins/fleet/server/services/epm/packages/remove.ts b/x-pack/plugins/fleet/server/services/epm/packages/remove.ts index 436c2efaa2275..5369da9da82e2 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/remove.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/remove.ts @@ -181,6 +181,7 @@ async function deleteAssets( installed_es: installedEs, installed_kibana: installedKibana, installed_kibana_space_id: spaceId = DEFAULT_SPACE_ID, + additional_spaces_installed_kibana: installedInAdditionalSpacesKibana = {}, }: Installation, savedObjectsClient: SavedObjectsClientContract, esClient: ElasticsearchClient @@ -237,6 +238,9 @@ async function deleteAssets( await Promise.all([ ...deleteESAssets(otherAssets, esClient), deleteKibanaAssets(installedKibana, spaceId), + Object.entries(installedInAdditionalSpacesKibana).map(([additionalSpaceId, kibanaAssets]) => + deleteKibanaAssets(kibanaAssets, additionalSpaceId) + ), ]); } catch (err) { // in the rollback case, partial installs are likely, so missing assets are not an error @@ -271,21 +275,32 @@ async function deleteComponentTemplate(esClient: ElasticsearchClient, name: stri export async function deleteKibanaSavedObjectsAssets({ savedObjectsClient, installedPkg, + spaceId, }: { savedObjectsClient: SavedObjectsClientContract; installedPkg: SavedObject; + spaceId?: string; }) { - const { installed_kibana: installedRefs, installed_kibana_space_id: spaceId } = - installedPkg.attributes; - if (!installedRefs.length) return; + const { installed_kibana_space_id: installedSpaceId } = installedPkg.attributes; + + let refsToDelete: KibanaAssetReference[]; + let spaceIdToDelete: string | undefined; + if (!spaceId || spaceId === installedSpaceId) { + refsToDelete = installedPkg.attributes.installed_kibana; + spaceIdToDelete = installedSpaceId; + } else { + refsToDelete = installedPkg.attributes.additional_spaces_installed_kibana?.[spaceId] ?? []; + spaceIdToDelete = spaceId; + } + if (!refsToDelete.length) return; const logger = appContextService.getLogger(); - const assetsToDelete = installedRefs + const assetsToDelete = refsToDelete .filter(({ type }) => kibanaSavedObjectTypes.includes(type)) .map(({ id, type }) => ({ id, type } as KibanaAssetReference)); try { - await deleteKibanaAssets(assetsToDelete, spaceId); + await deleteKibanaAssets(assetsToDelete, spaceIdToDelete); } catch (err) { // in the rollback case, partial installs are likely, so missing assets are not an error if (!SavedObjectsErrorHelpers.isNotFoundError(err)) { diff --git a/x-pack/plugins/fleet/server/services/files/client_from_host.ts b/x-pack/plugins/fleet/server/services/files/client_from_host.ts index 4329743f92fbf..814d342ddd993 100644 --- a/x-pack/plugins/fleet/server/services/files/client_from_host.ts +++ b/x-pack/plugins/fleet/server/services/files/client_from_host.ts @@ -180,7 +180,7 @@ export class FleetFromHostFilesClient implements FleetFromHostFileClientInterfac } = fileDoc._source; const file: FleetFile = { - id: fileDoc._id, + id: fileDoc._id!, agents: [agentId], sha256: hash?.sha256 ?? '', created: new Date(created).toISOString(), diff --git a/x-pack/plugins/fleet/server/services/files/index.ts b/x-pack/plugins/fleet/server/services/files/index.ts index 203bc374b2bf1..c7a00ee597f62 100644 --- a/x-pack/plugins/fleet/server/services/files/index.ts +++ b/x-pack/plugins/fleet/server/services/files/index.ts @@ -78,12 +78,12 @@ export async function fileIdsWithoutChunksByIndex( ): Promise<{ fileIdsByIndex: FileIdsByIndex; allFileIds: Set }> { const allFileIds: Set = new Set(); const noChunkFileIdsByIndex = files.reduce((acc, file) => { - allFileIds.add(file._id); + allFileIds.add(file._id!); const { index: metadataIndex } = parseFileStorageIndex(file._index); const fileIds = acc[metadataIndex]; - acc[metadataIndex] = fileIds ? fileIds.add(file._id) : new Set([file._id]); + acc[metadataIndex] = fileIds ? fileIds.add(file._id!) : new Set([file._id!]); return acc; }, {} as FileIdsByIndex); diff --git a/x-pack/plugins/fleet/server/services/output.test.ts b/x-pack/plugins/fleet/server/services/output.test.ts index 887a0ac9e0c8f..3bc9003162f44 100644 --- a/x-pack/plugins/fleet/server/services/output.test.ts +++ b/x-pack/plugins/fleet/server/services/output.test.ts @@ -40,7 +40,7 @@ mockedAppContextService.getLogger.mockImplementation(() => { } as unknown as Logger; }); -mockedAppContextService.getExperimentalFeatures.mockReturnValue({}); +mockedAppContextService.getExperimentalFeatures.mockReturnValue({} as any); const mockedAgentPolicyService = agentPolicyService as jest.Mocked; diff --git a/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts b/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts index 211026bf6e487..4cb5aa1221db7 100644 --- a/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts +++ b/x-pack/plugins/fleet/server/services/security/uninstall_token_service/index.ts @@ -284,7 +284,7 @@ export class UninstallTokenService implements UninstallTokenServiceInterface { ? `${this.soClient.getCurrentNamespace()}:` : ''; return { - id: _id.replace(`${namespacePrefix}${UNINSTALL_TOKENS_SAVED_OBJECT_TYPE}:`, ''), + id: _id!.replace(`${namespacePrefix}${UNINSTALL_TOKENS_SAVED_OBJECT_TYPE}:`, ''), policy_id: policyId, policy_name: policyIdNameDictionary[policyId] ?? null, created_at: _source.created_at, diff --git a/x-pack/plugins/fleet/server/types/rest_spec/debug.ts b/x-pack/plugins/fleet/server/types/rest_spec/debug.ts new file mode 100644 index 0000000000000..a94c112fe4e00 --- /dev/null +++ b/x-pack/plugins/fleet/server/types/rest_spec/debug.ts @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { schema } from '@kbn/config-schema'; + +export const FetchIndexRequestSchema = { + body: schema.object({ + index: schema.string(), + }), +}; + +export const FetchSavedObjectsRequestSchema = { + body: schema.object({ + type: schema.string(), + name: schema.string(), + }), +}; + +export const FetchSavedObjectNamesRequestSchema = { + body: schema.object({ + type: schema.string(), + }), +}; diff --git a/x-pack/plugins/fleet/server/types/rest_spec/epm.ts b/x-pack/plugins/fleet/server/types/rest_spec/epm.ts index 3264926b39498..4b83c7f7c7c58 100644 --- a/x-pack/plugins/fleet/server/types/rest_spec/epm.ts +++ b/x-pack/plugins/fleet/server/types/rest_spec/epm.ts @@ -241,6 +241,26 @@ export const DeletePackageRequestSchema = { ), }; +export const InstallKibanaAssetsRequestSchema = { + params: schema.object({ + pkgName: schema.string(), + pkgVersion: schema.string(), + }), + // body is deprecated on delete request + body: schema.nullable( + schema.object({ + force: schema.maybe(schema.boolean()), + }) + ), +}; + +export const DeleteKibanaAssetsRequestSchema = { + params: schema.object({ + pkgName: schema.string(), + pkgVersion: schema.string(), + }), +}; + export const DeletePackageRequestSchemaDeprecated = { params: schema.object({ pkgkey: schema.string(), diff --git a/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts b/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts index 302b92a98407e..dabfaa73231d6 100644 --- a/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts +++ b/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts @@ -32,7 +32,7 @@ async function createPolicy( * We only specify a rough structure based on https://www.elastic.co/guide/en/elasticsearch/reference/current/_actions.html. */ const bodySchema = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), deprecated: schema.maybe(schema.boolean()), phases: schema.object({ hot: schema.any(), diff --git a/x-pack/plugins/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts b/x-pack/plugins/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts index 3f6b4ce843e89..ef119db413707 100644 --- a/x-pack/plugins/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts +++ b/x-pack/plugins/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts @@ -78,6 +78,7 @@ async function updateIndexTemplate( } if (isLegacy) { + // @ts-expect-error Types of property auto_expand_replicas are incompatible. return client.indices.putTemplate({ name: templateName, body: indexTemplate }); } // @ts-expect-error Type 'IndexSettings' is not assignable to type 'IndicesIndexSettings'. diff --git a/x-pack/plugins/index_management/server/routes/api/component_templates/register_update_route.ts b/x-pack/plugins/index_management/server/routes/api/component_templates/register_update_route.ts index 65d939ef5f886..eb9fdb87d9a74 100644 --- a/x-pack/plugins/index_management/server/routes/api/component_templates/register_update_route.ts +++ b/x-pack/plugins/index_management/server/routes/api/component_templates/register_update_route.ts @@ -43,7 +43,6 @@ export const registerUpdateRoute = ({ template: template as estypes.IndicesIndexState, version, _meta, - // @ts-expect-error deprecated property is not yet part of the API types deprecated, }, }); diff --git a/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts b/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts index 58d593d543455..f5bddb2b138ea 100644 --- a/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts +++ b/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts @@ -8,7 +8,7 @@ import { schema } from '@kbn/config-schema'; export const componentTemplateSchema = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), template: schema.object({ settings: schema.maybe(schema.object({}, { unknowns: 'allow' })), aliases: schema.maybe(schema.object({}, { unknowns: 'allow' })), diff --git a/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts b/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts index 8b43fc19d2a31..24110cc685676 100644 --- a/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts +++ b/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts @@ -17,7 +17,7 @@ import { normalizeFieldsList, getIndices, FieldCapsList, getCommonFields } from const validationSchema = schema.object({ policy: schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), type: schema.oneOf([ schema.literal('match'), schema.literal('range'), diff --git a/x-pack/plugins/index_management/server/routes/api/templates/lib.ts b/x-pack/plugins/index_management/server/routes/api/templates/lib.ts index f900e76ac17f5..757ba6fd6da7f 100644 --- a/x-pack/plugins/index_management/server/routes/api/templates/lib.ts +++ b/x-pack/plugins/index_management/server/routes/api/templates/lib.ts @@ -55,6 +55,7 @@ export const saveTemplate = async ({ body: { index_patterns, version, + // @ts-expect-error Types of property auto_expand_replicas are incompatible. settings, mappings, aliases, diff --git a/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts b/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts index 782277d3abc03..73dc3f59a08b1 100644 --- a/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts +++ b/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts @@ -8,7 +8,7 @@ import { schema } from '@kbn/config-schema'; export const templateSchema = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), indexPatterns: schema.arrayOf(schema.string()), version: schema.maybe(schema.number()), order: schema.maybe(schema.number()), diff --git a/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts b/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts index 4e82b2fa0f8f7..ab23b58afba48 100644 --- a/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts +++ b/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts @@ -14,7 +14,7 @@ import { RouteDependencies } from '../../types'; import { pipelineSchema } from './shared'; const bodySchema = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), ...pipelineSchema, }); diff --git a/x-pack/plugins/integration_assistant/__jest__/fixtures/build_integration.ts b/x-pack/plugins/integration_assistant/__jest__/fixtures/build_integration.ts new file mode 100644 index 0000000000000..78228d5a4cbca --- /dev/null +++ b/x-pack/plugins/integration_assistant/__jest__/fixtures/build_integration.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Integration } from '../../common/api/model/common_attributes'; + +export const testIntegration: Integration = { + name: 'integration', + title: 'Integration', + description: 'Integration description', + dataStreams: [ + { + name: 'datastream', + title: 'Datastream', + description: 'Datastream description', + inputTypes: ['filestream', 'tcp', 'udp'], + docs: [ + { + key: 'value', + anotherKey: 'anotherValue', + }, + ], + rawSamples: ['{"test1": "test1"}'], + pipeline: { + processors: [ + { + set: { + field: 'ecs.version', + value: '8.11.0', + }, + }, + { + rename: { + field: 'message', + target_field: 'event.original', + ignore_missing: true, + if: 'ctx.event?.original == null', + }, + }, + ], + }, + }, + ], +}; diff --git a/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.test.ts b/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.test.ts new file mode 100644 index 0000000000000..f7ef31f5fdb99 --- /dev/null +++ b/x-pack/plugins/integration_assistant/common/api/categorization/categorization_route.test.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { expectParseSuccess } from '@kbn/zod-helpers'; +import { CategorizationRequestBody } from './categorization_route'; +import { getCategorizationRequestMock } from '../model/api_test.mock'; + +describe('Categorization request schema', () => { + test('full request validate', () => { + const payload: CategorizationRequestBody = getCategorizationRequestMock(); + + const result = CategorizationRequestBody.safeParse(payload); + expectParseSuccess(result); + expect(result.data).toEqual(payload); + }); +}); diff --git a/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.test.ts b/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.test.ts new file mode 100644 index 0000000000000..770c3ff96f675 --- /dev/null +++ b/x-pack/plugins/integration_assistant/common/api/ecs/ecs_route.test.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { expectParseSuccess } from '@kbn/zod-helpers'; +import { EcsMappingRequestBody } from './ecs_route'; +import { getEcsMappingRequestMock } from '../model/api_test.mock'; + +describe('Ecs Mapping request schema', () => { + test('full request validate', () => { + const payload: EcsMappingRequestBody = getEcsMappingRequestMock(); + + const result = EcsMappingRequestBody.safeParse(payload); + expectParseSuccess(result); + expect(result.data).toEqual(payload); + }); +}); diff --git a/x-pack/plugins/integration_assistant/common/api/model/api_test.mock.ts b/x-pack/plugins/integration_assistant/common/api/model/api_test.mock.ts new file mode 100644 index 0000000000000..92208abd04832 --- /dev/null +++ b/x-pack/plugins/integration_assistant/common/api/model/api_test.mock.ts @@ -0,0 +1,82 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { BuildIntegrationRequestBody } from '../build_integration/build_integration'; +import type { CategorizationRequestBody } from '../categorization/categorization_route'; +import type { EcsMappingRequestBody } from '../ecs/ecs_route'; +import type { RelatedRequestBody } from '../related/related_route'; +import type { DataStream, Integration, Pipeline } from './common_attributes'; + +const rawSamples = ['{"test1": "test1"}']; + +export const getDataStreamMock = (): DataStream => ({ + description: 'Test description', + name: 'Test name', + inputTypes: ['filestream'], + title: 'Test title', + docs: [ + { + key: 'value', + anotherKey: 'anotherValue', + }, + ], + rawSamples, + pipeline: getPipelineMock(), +}); + +export const getIntegrationMock = (): Integration => ({ + description: 'Test description', + name: 'Test name', + title: 'Test title', + dataStreams: [getDataStreamMock()], +}); + +export const getPipelineMock = (): Pipeline => ({ + processors: [ + { + set: { + field: 'ecs.version', + value: '8.11.0', + }, + }, + { + rename: { + field: 'message', + target_field: 'event.original', + ignore_missing: true, + if: 'ctx.event?.original == null', + }, + }, + ], +}); + +export const getCategorizationRequestMock = (): CategorizationRequestBody => ({ + connectorId: 'test-connector-id', + currentPipeline: getPipelineMock(), + dataStreamName: 'test-data-stream-name', + packageName: 'test-package-name', + rawSamples, +}); + +export const getBuildIntegrationRequestMock = (): BuildIntegrationRequestBody => ({ + integration: getIntegrationMock(), +}); + +export const getEcsMappingRequestMock = (): EcsMappingRequestBody => ({ + rawSamples, + dataStreamName: 'test-data-stream-name', + packageName: 'test-package-name', + connectorId: 'test-connector-id', +}); + +export const getRelatedRequestMock = (): RelatedRequestBody => ({ + dataStreamName: 'test-data-stream-name', + packageName: 'test-package-name', + rawSamples, + connectorId: 'test-connector-id', + currentPipeline: getPipelineMock(), +}); diff --git a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml index d876e72bef5b7..24cb71ed5274c 100644 --- a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml +++ b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.schema.yaml @@ -70,6 +70,7 @@ components: - aws_s3 - azure_blob_storage - azure_eventhub + - cel - cloudfoundry - filestream - gcp_pubsub @@ -142,15 +143,3 @@ components: logo: type: string description: The logo of the integration. - - PipelineResults: - type: array - description: An array of pipeline results. - items: - type: object - - Errors: - type: array - description: An array of errors. - items: - type: object diff --git a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts index d64c53ee388d9..fdb20931ccce0 100644 --- a/x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts +++ b/x-pack/plugins/integration_assistant/common/api/model/common_attributes.ts @@ -81,6 +81,7 @@ export const InputType = z.enum([ 'aws_s3', 'azure_blob_storage', 'azure_eventhub', + 'cel', 'cloudfoundry', 'filestream', 'gcp_pubsub', @@ -155,15 +156,3 @@ export const Integration = z.object({ */ logo: z.string().optional(), }); - -/** - * An array of pipeline results. - */ -export type PipelineResults = z.infer; -export const PipelineResults = z.array(z.object({})); - -/** - * An array of errors. - */ -export type Errors = z.infer; -export const Errors = z.array(z.object({})); diff --git a/x-pack/plugins/integration_assistant/common/api/model/response_schemas.schema.yaml b/x-pack/plugins/integration_assistant/common/api/model/response_schemas.schema.yaml index 100581cd21ceb..8afbab533a6d3 100644 --- a/x-pack/plugins/integration_assistant/common/api/model/response_schemas.schema.yaml +++ b/x-pack/plugins/integration_assistant/common/api/model/response_schemas.schema.yaml @@ -57,9 +57,12 @@ components: CheckPipelineAPIResponse: type: object required: - - pipelineResults + - results properties: - pipelineResults: - $ref: "./common_attributes.schema.yaml#/components/schemas/PipelineResults" - errors: - $ref: "./common_attributes.schema.yaml#/components/schemas/Errors" + results: + type: object + required: + - docs + properties: + docs: + $ref: "./common_attributes.schema.yaml#/components/schemas/Docs" diff --git a/x-pack/plugins/integration_assistant/common/api/model/response_schemas.ts b/x-pack/plugins/integration_assistant/common/api/model/response_schemas.ts index f8a42d2081488..7e6eee10576f8 100644 --- a/x-pack/plugins/integration_assistant/common/api/model/response_schemas.ts +++ b/x-pack/plugins/integration_assistant/common/api/model/response_schemas.ts @@ -16,7 +16,7 @@ import { z } from 'zod'; -import { Docs, Errors, Mapping, Pipeline, PipelineResults } from './common_attributes'; +import { Docs, Mapping, Pipeline } from './common_attributes'; export type EcsMappingAPIResponse = z.infer; export const EcsMappingAPIResponse = z.object({ @@ -44,6 +44,7 @@ export const RelatedAPIResponse = z.object({ export type CheckPipelineAPIResponse = z.infer; export const CheckPipelineAPIResponse = z.object({ - pipelineResults: PipelineResults, - errors: Errors.optional(), + results: z.object({ + docs: Docs, + }), }); diff --git a/x-pack/plugins/integration_assistant/common/api/related/related_route.test.ts b/x-pack/plugins/integration_assistant/common/api/related/related_route.test.ts new file mode 100644 index 0000000000000..8f69c13303056 --- /dev/null +++ b/x-pack/plugins/integration_assistant/common/api/related/related_route.test.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { expectParseSuccess } from '@kbn/zod-helpers'; +import { RelatedRequestBody } from './related_route'; +import { getRelatedRequestMock } from '../model/api_test.mock'; + +describe('Related request schema', () => { + test('full request validate', () => { + const payload: RelatedRequestBody = getRelatedRequestMock(); + + const result = RelatedRequestBody.safeParse(payload); + expectParseSuccess(result); + expect(result.data).toEqual(payload); + }); +}); diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/authorization_wrapper.tsx b/x-pack/plugins/integration_assistant/public/common/components/authorization/authorization_wrapper.tsx new file mode 100644 index 0000000000000..3890cd3b797cd --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/authorization_wrapper.tsx @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { EuiCallOut } from '@elastic/eui'; +import React, { useMemo, type PropsWithChildren } from 'react'; +import { useAuthorization, type Authorization } from '../../hooks/use_authorization'; +import { MissingPrivilegesDescription } from './missing_privileges_description'; +import * as i18n from './translations'; + +type AuthorizationWrapperProps = PropsWithChildren>; +export const AuthorizationWrapper = React.memo( + ({ children, ...authRequired }) => { + const authorization = useAuthorization(); + + const isAuthorized = useMemo( + () => + Object.entries(authRequired).every( + ([key, enabled]) => !enabled || authorization[key as keyof Authorization] + ), + [authorization, authRequired] + ); + + if (!isAuthorized) { + return ( + + + + ); + } + + return <>{children}; + } +); +AuthorizationWrapper.displayName = 'AuthorizationWrapper'; diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/index.ts b/x-pack/plugins/integration_assistant/public/common/components/authorization/index.ts new file mode 100644 index 0000000000000..b70eae012a8ad --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +export { AuthorizationWrapper } from './authorization_wrapper'; +export { MissingPrivilegesTooltip } from './missing_privileges_tooltip'; diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_description.tsx b/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_description.tsx new file mode 100644 index 0000000000000..15365aeb3a08e --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_description.tsx @@ -0,0 +1,40 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import React from 'react'; +import { EuiCode, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import type { Authorization } from '../../hooks/use_authorization'; +import * as i18n from './translations'; + +type MissingPrivilegesDescriptionProps = Partial; +export const MissingPrivilegesDescription = React.memo( + ({ canCreateIntegrations, canCreateConnectors, canExecuteConnectors }) => { + return ( + + {i18n.PRIVILEGES_REQUIRED_TITLE} + + +
    + {canCreateIntegrations && ( + <> +
  • {i18n.REQUIRED_PRIVILEGES.FLEET_ALL}
    • +
  • {i18n.REQUIRED_PRIVILEGES.INTEGRATIONS_ALL}
    • + + )} + {canCreateConnectors ? ( +
  • {i18n.REQUIRED_PRIVILEGES.CONNECTORS_ALL}
    • + ) : ( + <>{canExecuteConnectors &&
  • {i18n.REQUIRED_PRIVILEGES.CONNECTORS_READ}
    • } + )} +
+ + + {i18n.CONTACT_ADMINISTRATOR} + + ); + } +); +MissingPrivilegesDescription.displayName = 'MissingPrivilegesDescription'; diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_tooltip.tsx b/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_tooltip.tsx new file mode 100644 index 0000000000000..ae684c56136f1 --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/missing_privileges_tooltip.tsx @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import React from 'react'; +import { EuiToolTip } from '@elastic/eui'; +import type { Authorization } from '../../hooks/use_authorization'; +import { MissingPrivilegesDescription } from './missing_privileges_description'; +import * as i18n from './translations'; + +type MissingPrivilegesTooltip = Partial & { + children: React.ReactElement; // EuiToolTip requires a single ReactElement child +}; +export const MissingPrivilegesTooltip = React.memo( + ({ children, ...authMissing }) => ( + } + > + {children} + + ) +); +MissingPrivilegesTooltip.displayName = 'MissingPrivilegesTooltip'; diff --git a/x-pack/plugins/integration_assistant/public/common/components/authorization/translations.ts b/x-pack/plugins/integration_assistant/public/common/components/authorization/translations.ts new file mode 100644 index 0000000000000..9da73799dc69c --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/common/components/authorization/translations.ts @@ -0,0 +1,56 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { i18n } from '@kbn/i18n'; + +export const PRIVILEGES_MISSING_TITLE = i18n.translate( + 'xpack.integrationAssistant.missingPrivileges.title', + { + defaultMessage: 'Missing privileges', + } +); + +export const PRIVILEGES_REQUIRED_TITLE = i18n.translate( + 'xpack.integrationAssistant.missingPrivileges.privilegesNeededTitle', + { + defaultMessage: 'The minimum Kibana privileges required to use this feature are:', + } +); + +export const REQUIRED_PRIVILEGES = { + FLEET_ALL: i18n.translate( + 'xpack.integrationAssistant.missingPrivileges.requiredPrivileges.fleet', + { + defaultMessage: 'Management > Fleet: All', + } + ), + INTEGRATIONS_ALL: i18n.translate( + 'xpack.integrationAssistant.missingPrivileges.requiredPrivileges.integrations', + { + defaultMessage: 'Management > Integrations: All', + } + ), + CONNECTORS_READ: i18n.translate( + 'xpack.integrationAssistant.missingPrivileges.requiredPrivileges.connectorsRead', + { + defaultMessage: 'Management > Connectors: Read', + } + ), + CONNECTORS_ALL: i18n.translate( + 'xpack.integrationAssistant.missingPrivileges.requiredPrivileges.connectorsAll', + { + defaultMessage: 'Management > Connectors: All', + } + ), +}; + +export const CONTACT_ADMINISTRATOR = i18n.translate( + 'xpack.integrationAssistant.missingPrivileges.contactAdministrator', + { + defaultMessage: 'Contact your administrator for assistance.', + } +); diff --git a/x-pack/plugins/integration_assistant/public/common/constants.ts b/x-pack/plugins/integration_assistant/public/common/constants.ts index 3141980ee134e..5efd69dc6914c 100644 --- a/x-pack/plugins/integration_assistant/public/common/constants.ts +++ b/x-pack/plugins/integration_assistant/public/common/constants.ts @@ -10,3 +10,9 @@ export enum Page { upload = 'upload', assistant = 'assistant', } + +export const PagePath = { + [Page.landing]: '/create', + [Page.upload]: '/create/upload', + [Page.assistant]: '/create/assistant', +}; diff --git a/x-pack/plugins/integration_assistant/public/common/hooks/use_authorization.ts b/x-pack/plugins/integration_assistant/public/common/hooks/use_authorization.ts new file mode 100644 index 0000000000000..c4ce31bf96cca --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/common/hooks/use_authorization.ts @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { useKibana } from './use_kibana'; + +export interface Authorization { + canCreateIntegrations: boolean; + canExecuteConnectors: boolean; + canCreateConnectors: boolean; +} +export const useAuthorization = (): Authorization => { + const { capabilities } = useKibana().services.application; + const { fleet: integrations, fleetv2: fleet, actions } = capabilities; + return { + canCreateIntegrations: Boolean(fleet?.all && integrations?.all), + canExecuteConnectors: Boolean(actions?.show && actions?.execute), + canCreateConnectors: Boolean(actions?.save), + }; +}; + +export interface RoutesAuthorization { + canUseIntegrationAssistant: boolean; + canUseIntegrationUpload: boolean; +} +export const useRoutesAuthorization = (): RoutesAuthorization => { + const { canCreateIntegrations, canExecuteConnectors } = useAuthorization(); + return { + canUseIntegrationAssistant: canCreateIntegrations && canExecuteConnectors, + canUseIntegrationUpload: canCreateIntegrations, + }; +}; diff --git a/x-pack/plugins/integration_assistant/public/common/hooks/use_kibana.ts b/x-pack/plugins/integration_assistant/public/common/hooks/use_kibana.ts index fe90de3266df6..440c504d6b334 100644 --- a/x-pack/plugins/integration_assistant/public/common/hooks/use_kibana.ts +++ b/x-pack/plugins/integration_assistant/public/common/hooks/use_kibana.ts @@ -6,6 +6,6 @@ */ import { useKibana as _useKibana } from '@kbn/kibana-react-plugin/public'; -import type { CreateIntegrationServices } from '../../components/create_integration/types'; +import type { Services } from '../../services'; -export const useKibana = () => _useKibana(); +export const useKibana = () => _useKibana(); diff --git a/x-pack/plugins/integration_assistant/public/common/hooks/use_navigate.ts b/x-pack/plugins/integration_assistant/public/common/hooks/use_navigate.ts index 57f608fea3e51..e8465ca14ec3d 100644 --- a/x-pack/plugins/integration_assistant/public/common/hooks/use_navigate.ts +++ b/x-pack/plugins/integration_assistant/public/common/hooks/use_navigate.ts @@ -6,26 +6,18 @@ */ import { useCallback } from 'react'; -import { Page } from '../constants'; +import { Page, PagePath } from '../constants'; import { useKibana } from './use_kibana'; export { Page }; // re-export for convenience -const getPathFromPage = (page: Page): string => - page === Page.landing ? '/create' : `/create/${page}`; - export const useNavigate = () => { const { navigateToApp } = useKibana().services.application; const navigateToPage = useCallback( (page: Page) => { - navigateToApp('integrations', { path: getPathFromPage(page) }); + navigateToApp('integrations', { path: PagePath[page] }); }, [navigateToApp] ); return navigateToPage; }; - -export const usePageUrl = (page: Page) => { - const { getUrlForApp } = useKibana().services.application; - return getUrlForApp('integrations', { path: getPathFromPage(page) }); -}; diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration.tsx index 257d27ab41159..e915ac920d7df 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration.tsx @@ -8,21 +8,40 @@ import React from 'react'; import { Switch } from 'react-router-dom'; import { Route } from '@kbn/shared-ux-router'; import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; -import type { CreateIntegrationServices } from './types'; +import type { Services } from '../../services'; +import { TelemetryContextProvider } from './telemetry'; import { CreateIntegrationLanding } from './create_integration_landing'; import { CreateIntegrationUpload } from './create_integration_upload'; import { CreateIntegrationAssistant } from './create_integration_assistant'; +import { Page, PagePath } from '../../common/constants'; +import { useRoutesAuthorization } from '../../common/hooks/use_authorization'; interface CreateIntegrationProps { - services: CreateIntegrationServices; + services: Services; } export const CreateIntegration = React.memo(({ services }) => ( - - - - - + + + )); + CreateIntegration.displayName = 'CreateIntegration'; + +const CreateIntegrationRouter = React.memo(() => { + const { canUseIntegrationAssistant, canUseIntegrationUpload } = useRoutesAuthorization(); + + return ( + + {canUseIntegrationAssistant && ( + + )} + {canUseIntegrationUpload && ( + + )} + + + ); +}); +CreateIntegrationRouter.displayName = 'CreateIntegrationRouter'; diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/create_integration_assistant.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/create_integration_assistant.tsx index 20afd201ec848..d2aec8dd2a661 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/create_integration_assistant.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/create_integration_assistant.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import React, { useReducer, useMemo, useCallback } from 'react'; +import React, { useReducer, useMemo, useCallback, useEffect } from 'react'; import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template'; import { Header } from './header'; import { Footer } from './footer'; @@ -15,17 +15,23 @@ import { DataStreamStep, isDataStreamStepReady } from './steps/data_stream_step' import { ReviewStep, isReviewStepReady } from './steps/review_step'; import { DeployStep } from './steps/deploy_step'; import { reducer, initialState, ActionsProvider, type Actions } from './state'; +import { useTelemetry } from '../telemetry'; export const CreateIntegrationAssistant = React.memo(() => { const [state, dispatch] = useReducer(reducer, initialState); + const telemetry = useTelemetry(); + useEffect(() => { + telemetry.reportAssistantOpen(); + }, [telemetry]); + const actions = useMemo( () => ({ setStep: (payload) => { dispatch({ type: 'SET_STEP', payload }); }, - setConnectorId: (payload) => { - dispatch({ type: 'SET_CONNECTOR_ID', payload }); + setConnector: (payload) => { + dispatch({ type: 'SET_CONNECTOR', payload }); }, setIntegrationSettings: (payload) => { dispatch({ type: 'SET_INTEGRATION_SETTINGS', payload }); @@ -60,19 +66,18 @@ export const CreateIntegrationAssistant = React.memo(() => {
- {state.step === 1 && } + {state.step === 1 && } {state.step === 2 && } {state.step === 3 && ( )} {state.step === 4 && ( @@ -81,7 +86,7 @@ export const CreateIntegrationAssistant = React.memo(() => { )} diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/footer.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/footer.tsx index eecf85bd6f455..bcb3cf8ad21f8 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/footer.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/footer/footer.tsx @@ -9,6 +9,7 @@ import { EuiLoadingSpinner } from '@elastic/eui'; import React, { useCallback, useMemo } from 'react'; import { ButtonsFooter } from '../../../../common/components/buttons_footer'; import { useNavigate, Page } from '../../../../common/hooks/use_navigate'; +import { useTelemetry } from '../../telemetry'; import { useActions, type State } from '../state'; import * as i18n from './translations'; @@ -35,6 +36,7 @@ interface FooterProps { export const Footer = React.memo( ({ currentStep, onGenerate, isGenerating, isNextStepEnabled = false }) => { + const telemetry = useTelemetry(); const { setStep } = useActions(); const navigate = useNavigate(); @@ -47,12 +49,13 @@ export const Footer = React.memo( }, [currentStep, navigate, setStep]); const onNext = useCallback(() => { + telemetry.reportAssistantStepComplete({ step: currentStep }); if (currentStep === 3) { onGenerate(); } else { setStep(currentStep + 1); } - }, [currentStep, onGenerate, setStep]); + }, [currentStep, onGenerate, setStep, telemetry]); const nextButtonText = useMemo(() => { if (currentStep === 3) { diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/state.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/state.ts index 3d2fa4b5a31b2..161d1b0646541 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/state.ts +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/state.ts @@ -10,7 +10,7 @@ import type { AIConnector, IntegrationSettings } from './types'; export interface State { step: number; - connectorId?: AIConnector['id']; + connector?: AIConnector; integrationSettings?: IntegrationSettings; isGenerating: boolean; result?: { @@ -21,7 +21,7 @@ export interface State { export const initialState: State = { step: 1, - connectorId: undefined, + connector: undefined, integrationSettings: undefined, isGenerating: false, result: undefined, @@ -29,7 +29,7 @@ export const initialState: State = { type Action = | { type: 'SET_STEP'; payload: State['step'] } - | { type: 'SET_CONNECTOR_ID'; payload: State['connectorId'] } + | { type: 'SET_CONNECTOR'; payload: State['connector'] } | { type: 'SET_INTEGRATION_SETTINGS'; payload: State['integrationSettings'] } | { type: 'SET_IS_GENERATING'; payload: State['isGenerating'] } | { type: 'SET_GENERATED_RESULT'; payload: State['result'] }; @@ -43,8 +43,8 @@ export const reducer = (state: State, action: Action): State => { isGenerating: false, ...(action.payload < state.step && { result: undefined }), // reset the result when we go back }; - case 'SET_CONNECTOR_ID': - return { ...state, connectorId: action.payload }; + case 'SET_CONNECTOR': + return { ...state, connector: action.payload }; case 'SET_INTEGRATION_SETTINGS': return { ...state, integrationSettings: action.payload }; case 'SET_IS_GENERATING': @@ -58,7 +58,7 @@ export const reducer = (state: State, action: Action): State => { export interface Actions { setStep: (payload: State['step']) => void; - setConnectorId: (payload: State['connectorId']) => void; + setConnector: (payload: State['connector']) => void; setIntegrationSettings: (payload: State['integrationSettings']) => void; setIsGenerating: (payload: State['isGenerating']) => void; setResult: (payload: State['result']) => void; diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_selector.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_selector.tsx index f398cf13b7106..6684ed95dde2f 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_selector.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_selector.tsx @@ -42,7 +42,7 @@ export const ConnectorSelector = React.memo( const { triggersActionsUi: { actionTypeRegistry }, } = useKibana().services; - const { setConnectorId } = useActions(); + const { setConnector } = useActions(); const rowCss = useRowCss(); return ( <> @@ -50,7 +50,7 @@ export const ConnectorSelector = React.memo( setConnectorId(connector.id)} + onClick={() => setConnector(connector)} hasShadow={false} hasBorder paddingSize="l" diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_step.tsx index 39941ee5cf0cc..8b2ec53406a06 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_step.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/connector_step.tsx @@ -8,6 +8,11 @@ import React, { useCallback, useEffect, useState } from 'react'; import { useLoadConnectors } from '@kbn/elastic-assistant'; import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner, EuiPopover, EuiLink } from '@elastic/eui'; +import { + AuthorizationWrapper, + MissingPrivilegesTooltip, +} from '../../../../../common/components/authorization'; +import { useAuthorization } from '../../../../../common/hooks/use_authorization'; import { useKibana } from '../../../../../common/hooks/use_kibana'; import { StepContentWrapper } from '../step_content_wrapper'; import { ConnectorSelector } from './connector_selector'; @@ -18,25 +23,21 @@ import * as i18n from './translations'; /** * List of allowed action type IDs for the integrations assistant. - * Replace by ['.bedrock', '.gen-ai'] to allow OpenAI connectors. */ const AllowedActionTypeIds = ['.bedrock']; interface ConnectorStepProps { - connectorId: string | undefined; + connector: AIConnector | undefined; } -export const ConnectorStep = React.memo(({ connectorId }) => { - const { - http, - notifications: { toasts }, - } = useKibana().services; - const { setConnectorId } = useActions(); +export const ConnectorStep = React.memo(({ connector }) => { + const { http, notifications } = useKibana().services; + const { setConnector } = useActions(); const [connectors, setConnectors] = useState(); const { isLoading, data: aiConnectors, refetch: refetchConnectors, - } = useLoadConnectors({ http, toasts }); + } = useLoadConnectors({ http, toasts: notifications.toasts }); useEffect(() => { if (aiConnectors != null) { @@ -47,10 +48,10 @@ export const ConnectorStep = React.memo(({ connectorId }) => setConnectors(filteredAiConnectors); if (filteredAiConnectors && filteredAiConnectors.length === 1) { // pre-select the connector if there is only one - setConnectorId(filteredAiConnectors[0].id); + setConnector(filteredAiConnectors[0]); } } - }, [aiConnectors, setConnectorId]); + }, [aiConnectors, setConnector]); const onConnectorSaved = useCallback(() => refetchConnectors(), [refetchConnectors]); @@ -70,13 +71,15 @@ export const ConnectorStep = React.memo(({ connectorId }) => <> {hasConnectors ? ( - + ) : ( - + + + )} )} @@ -91,6 +94,7 @@ interface CreateConnectorPopoverProps { onConnectorSaved: () => void; } const CreateConnectorPopover = React.memo(({ onConnectorSaved }) => { + const { canCreateConnectors } = useAuthorization(); const [isOpen, setIsPopoverOpen] = useState(false); const openPopover = useCallback(() => setIsPopoverOpen(true), []); const closePopover = useCallback(() => setIsPopoverOpen(false), []); @@ -100,6 +104,13 @@ const CreateConnectorPopover = React.memo(({ onConn closePopover(); }, [onConnectorSaved, closePopover]); + if (!canCreateConnectors) { + return ( + + {i18n.CREATE_CONNECTOR} + + ); + } return ( {i18n.CREATE_CONNECTOR}} diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/is_step_ready.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/is_step_ready.ts index b8b65183ac781..5b425b0940094 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/is_step_ready.ts +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/connector_step/is_step_ready.ts @@ -7,4 +7,4 @@ import type { State } from '../../state'; -export const isConnectorStepReady = ({ connectorId }: State) => connectorId != null; +export const isConnectorStepReady = ({ connector }: State) => connector != null; diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/data_stream_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/data_stream_step.tsx index 2c817342ece77..24b290a158f04 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/data_stream_step.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/data_stream_step.tsx @@ -30,6 +30,7 @@ export const InputTypeOptions: Array<{ value: InputType; text: string }> = [ { value: 'aws_s3', text: 'AWS S3' }, { value: 'azure_blob_storage', text: 'Azure Blob Storage' }, { value: 'azure_eventhub', text: 'Azure Event Hub' }, + { value: 'cel', text: 'Common Expression Language (CEL)' }, { value: 'cloudfoundry', text: 'Cloud Foundry' }, { value: 'filestream', text: 'File Stream' }, { value: 'gcp_pubsub', text: 'GCP Pub/Sub' }, @@ -46,11 +47,11 @@ const getNameFromTitle = (title: string) => title.toLowerCase().replaceAll(/[^a- interface DataStreamStepProps { integrationSettings: State['integrationSettings']; - connectorId: State['connectorId']; + connector: State['connector']; isGenerating: State['isGenerating']; } export const DataStreamStep = React.memo( - ({ integrationSettings, connectorId, isGenerating }) => { + ({ integrationSettings, connector, isGenerating }) => { const { setIntegrationSettings, setIsGenerating, setStep, setResult } = useActions(); const { isLoading: isLoadingPackageNames, packageNames } = useLoadPackageNames(); // this is used to avoid duplicate names @@ -217,7 +218,7 @@ export const DataStreamStep = React.memo( {isGenerating && ( diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/generation_modal.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/generation_modal.tsx index b3b3d1f455374..08df5d3d2d74b 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/generation_modal.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/data_stream_step/generation_modal.tsx @@ -35,6 +35,7 @@ import { import { useKibana } from '../../../../../common/hooks/use_kibana'; import type { State } from '../../state'; import * as i18n from './translations'; +import { useTelemetry } from '../../../telemetry'; export type OnComplete = (result: State['result']) => void; @@ -49,22 +50,29 @@ const progressText: Record = { interface UseGenerationProps { integrationSettings: State['integrationSettings']; - connectorId: State['connectorId']; + connector: State['connector']; onComplete: OnComplete; } export const useGeneration = ({ integrationSettings, - connectorId, + connector, onComplete, }: UseGenerationProps) => { + const { reportGenerationComplete } = useTelemetry(); const { http, notifications } = useKibana().services; const [progress, setProgress] = useState(); const [error, setError] = useState(null); useEffect(() => { - if (http == null || integrationSettings == null || notifications?.toasts == null) { + if ( + http == null || + connector == null || + integrationSettings == null || + notifications?.toasts == null + ) { return; } + const generationStartedAt = Date.now(); const abortController = new AbortController(); const deps = { http, abortSignal: abortController.signal }; @@ -74,7 +82,7 @@ export const useGeneration = ({ packageName: integrationSettings.name ?? '', dataStreamName: integrationSettings.dataStreamName ?? '', rawSamples: integrationSettings.logsSampleParsed ?? [], - connectorId: connectorId ?? '', + connectorId: connector.id, }; setProgress('ecs'); @@ -100,18 +108,44 @@ export const useGeneration = ({ setProgress('related'); const relatedGraphResult = await runRelatedGraph(relatedRequest, deps); if (abortController.signal.aborted) return; - if (!isEmpty(relatedGraphResult?.results)) { - onComplete(relatedGraphResult.results); + + if (isEmpty(relatedGraphResult?.results)) { + throw new Error('Results not found in response'); } + + reportGenerationComplete({ + connector, + integrationSettings, + durationMs: Date.now() - generationStartedAt, + }); + + onComplete(relatedGraphResult.results); } catch (e) { if (abortController.signal.aborted) return; - setError(`Error: ${e.body.message}`); + const errorMessage = e.body?.message ?? e.message; + + reportGenerationComplete({ + connector, + integrationSettings, + durationMs: Date.now() - generationStartedAt, + error: errorMessage, + }); + + setError(`Error: ${errorMessage}`); } })(); return () => { abortController.abort(); }; - }, [onComplete, setProgress, connectorId, http, integrationSettings, notifications?.toasts]); + }, [ + onComplete, + setProgress, + connector, + http, + integrationSettings, + reportGenerationComplete, + notifications?.toasts, + ]); return { progress, @@ -135,16 +169,16 @@ const useModalCss = () => { interface GenerationModalProps { integrationSettings: State['integrationSettings']; - connectorId: State['connectorId']; + connector: State['connector']; onComplete: OnComplete; onClose: () => void; } export const GenerationModal = React.memo( - ({ integrationSettings, connectorId, onComplete, onClose }) => { + ({ integrationSettings, connector, onComplete, onClose }) => { const { headerCss, bodyCss } = useModalCss(); const { progress, error } = useGeneration({ integrationSettings, - connectorId, + connector, onComplete, }); diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/deploy_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/deploy_step.tsx index 44a05c062e9a5..dcf353a00727e 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/deploy_step.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/deploy_step.tsx @@ -26,15 +26,15 @@ import * as i18n from './translations'; interface DeployStepProps { integrationSettings: State['integrationSettings']; result: State['result']; - connectorId: State['connectorId']; + connector: State['connector']; } export const DeployStep = React.memo( - ({ integrationSettings, result, connectorId }) => { + ({ integrationSettings, result, connector }) => { const { isLoading, error, integrationFile, integrationName } = useDeployIntegration({ integrationSettings, result, - connectorId, + connector, }); const onSaveZip = useCallback(() => { diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/use_deploy_integration.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/use_deploy_integration.ts index 76bac6ae66a1d..f036562edc9d8 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/use_deploy_integration.ts +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/deploy_step/use_deploy_integration.ts @@ -12,16 +12,22 @@ import type { State } from '../../state'; import { runBuildIntegration, runInstallPackage } from '../../../../../common/lib/api'; import { defaultLogoEncoded } from '../default_logo'; import { getIntegrationNameFromResponse } from '../../../../../common/lib/api_parsers'; +import { useTelemetry } from '../../../telemetry'; interface PipelineGenerationProps { integrationSettings: State['integrationSettings']; result: State['result']; - connectorId: State['connectorId']; + connector: State['connector']; } export type ProgressItem = 'build' | 'install'; -export const useDeployIntegration = ({ integrationSettings, result }: PipelineGenerationProps) => { +export const useDeployIntegration = ({ + integrationSettings, + result, + connector, +}: PipelineGenerationProps) => { + const telemetry = useTelemetry(); const { http, notifications } = useKibana().services; const [integrationFile, setIntegrationFile] = useState(null); const [integrationName, setIntegrationName] = useState(); @@ -31,6 +37,7 @@ export const useDeployIntegration = ({ integrationSettings, result }: PipelineGe useEffect(() => { if ( http == null || + connector == null || integrationSettings == null || notifications?.toasts == null || result?.pipeline == null @@ -74,6 +81,11 @@ export const useDeployIntegration = ({ integrationSettings, result }: PipelineGe const integrationNameFromResponse = getIntegrationNameFromResponse(installResult); if (integrationNameFromResponse) { setIntegrationName(integrationNameFromResponse); + telemetry.reportAssistantComplete({ + integrationName: integrationNameFromResponse, + integrationSettings, + connector, + }); } else { throw new Error('Integration name not found in response'); } @@ -92,9 +104,11 @@ export const useDeployIntegration = ({ integrationSettings, result }: PipelineGe setIntegrationFile, http, integrationSettings, + connector, notifications?.toasts, result?.docs, result?.pipeline, + telemetry, ]); return { diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/review_step.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/review_step.tsx index 205bb454e72b9..ab958eb4a7a53 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/review_step.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/review_step.tsx @@ -38,17 +38,15 @@ const flyoutBodyCss = css` interface ReviewStepProps { integrationSettings: State['integrationSettings']; - connectorId: State['connectorId']; result: State['result']; isGenerating: State['isGenerating']; } export const ReviewStep = React.memo( - ({ integrationSettings, connectorId, isGenerating, result }) => { + ({ integrationSettings, isGenerating, result }) => { const [customPipeline, setCustomPipeline] = useState(); const { error: checkPipelineError } = useCheckPipeline({ customPipeline, integrationSettings, - connectorId, }); const [isPipelineEditionVisible, setIsPipelineEditionVisible] = useState(false); diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/use_check_pipeline.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/use_check_pipeline.ts index 6facf05b2da1f..83975d97b8085 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/use_check_pipeline.ts +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/steps/review_step/use_check_pipeline.ts @@ -14,15 +14,10 @@ import { runCheckPipelineResults } from '../../../../../common/lib/api'; interface CheckPipelineProps { integrationSettings: State['integrationSettings']; - connectorId: State['connectorId']; customPipeline: Pipeline | undefined; } -export const useCheckPipeline = ({ - integrationSettings, - connectorId, - customPipeline, -}: CheckPipelineProps) => { +export const useCheckPipeline = ({ integrationSettings, customPipeline }: CheckPipelineProps) => { const { http, notifications } = useKibana().services; const { setIsGenerating, setResult } = useActions(); const [error, setError] = useState(null); @@ -49,17 +44,17 @@ export const useCheckPipeline = ({ const ecsGraphResult = await runCheckPipelineResults(parameters, deps); if (abortController.signal.aborted) return; - if (isEmpty(ecsGraphResult?.pipelineResults) || ecsGraphResult?.errors?.length) { + if (isEmpty(ecsGraphResult?.results.docs)) { setError('No results for the pipeline'); return; } setResult({ pipeline: customPipeline, - docs: ecsGraphResult.pipelineResults, + docs: ecsGraphResult.results.docs, }); } catch (e) { if (abortController.signal.aborted) return; - setError(`Error: ${e.body.message}`); + setError(`Error: ${e.body.message ?? e.message}`); } finally { setIsGenerating(false); } @@ -70,7 +65,6 @@ export const useCheckPipeline = ({ }; }, [ setIsGenerating, - connectorId, http, integrationSettings, notifications?.toasts, diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/types.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/types.ts index 1273a255f9b94..9e0100f2e95d5 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/types.ts +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_assistant/types.ts @@ -5,10 +5,24 @@ * 2.0. */ +import type { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common'; +import type { ActionConnector } from '@kbn/triggers-actions-ui-plugin/public'; +import type { UserConfiguredActionConnector } from '@kbn/triggers-actions-ui-plugin/public/types'; import type { InputType } from '../../../../common'; -// TODO: find a better home for this type -export type { AIConnector } from '@kbn/elastic-assistant/impl/connectorland/connector_selector'; +interface GenAiConfig { + apiUrl?: string; + defaultModel?: string; +} + +export type AIConnector = ActionConnector & { + // related to OpenAI connectors, ex: Azure OpenAI, OpenAI + apiProvider?: OpenAiProviderType; +}; +export type ConfiguredAIConnectorType = UserConfiguredActionConnector< + GenAiConfig, + Record +>; export interface IntegrationSettings { title?: string; diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/create_integration_landing.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/create_integration_landing.tsx index 1fbbb3263864b..b1e29dc25db93 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/create_integration_landing.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_landing/create_integration_landing.tsx @@ -22,6 +22,11 @@ import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template'; import { AssistantAvatar } from '@kbn/elastic-assistant'; import { css } from '@emotion/react'; import { FormattedMessage } from '@kbn/i18n-react'; +import { useAuthorization } from '../../../common/hooks/use_authorization'; +import { + AuthorizationWrapper, + MissingPrivilegesTooltip, +} from '../../../common/components/authorization'; import { IntegrationImageHeader } from '../../../common/components/integration_image_header'; import { ButtonsFooter } from '../../../common/components/buttons_footer'; import { SectionWrapper } from '../../../common/components/section_wrapper'; @@ -36,100 +41,115 @@ const useAssistantCardCss = () => { `; }; -export const CreateIntegrationLanding = React.memo(() => { +const IntegrationAssistantCard = React.memo(() => { + const { canExecuteConnectors } = useAuthorization(); const navigate = useNavigate(); const assistantCardCss = useAssistantCardCss(); return ( - - - - + + + + + + - - + +

{i18n.ASSISTANT_TITLE}

+ + + + + {i18n.ASSISTANT_DESCRIPTION} + + + + + + {canExecuteConnectors ? ( + navigate(Page.assistant)}>{i18n.ASSISTANT_BUTTON} + ) : ( + + {i18n.ASSISTANT_BUTTON} + + )} + + + + ); +}); +IntegrationAssistantCard.displayName = 'IntegrationAssistantCard'; + +export const CreateIntegrationLanding = React.memo(() => { + const navigate = useNavigate(); + return ( + + + + + + + + + + + - + - - - -

{i18n.ASSISTANT_TITLE}

- - - - - {i18n.ASSISTANT_DESCRIPTION} - - - - - - navigate(Page.assistant)}> - {i18n.ASSISTANT_BUTTON} - + + navigate(Page.upload)}> + + + ), + }} + /> + - - - - - - - - - - navigate(Page.upload)}> - - - ), - }} - /> - - - - - + + + diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/create_integration_upload.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/create_integration_upload.tsx index 36bad5fe69316..e2a4b381eab18 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/create_integration_upload.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/create_integration_upload/create_integration_upload.tsx @@ -16,10 +16,12 @@ import { IntegrationImageHeader } from '../../../common/components/integration_i import { runInstallPackage, type RequestDeps } from '../../../common/lib/api'; import { getIntegrationNameFromResponse } from '../../../common/lib/api_parsers'; import { useNavigate, Page } from '../../../common/hooks/use_navigate'; +import { useTelemetry } from '../telemetry'; import { DocsLinkSubtitle } from './docs_link_subtitle'; import * as i18n from './translations'; export const CreateIntegrationUpload = React.memo(() => { + const telemetry = useTelemetry(); const navigate = useNavigate(); const { http } = useKibana().services; const [file, setFile] = useState(); @@ -49,19 +51,24 @@ export const CreateIntegrationUpload = React.memo(() => { const integrationNameFromResponse = getIntegrationNameFromResponse(response); if (integrationNameFromResponse) { + telemetry.reportUploadZipIntegrationComplete({ + integrationName: integrationNameFromResponse, + }); setIntegrationName(integrationNameFromResponse); } else { throw new Error('Integration name not found in response'); } } catch (e) { if (!abortController.signal.aborted) { - setError(`${i18n.UPLOAD_ERROR}: ${e.body.message}`); + const errorMessage = e.body?.message ?? e.message; + telemetry.reportUploadZipIntegrationComplete({ error: errorMessage }); + setError(`${i18n.UPLOAD_ERROR}: ${errorMessage}`); } } finally { setIsLoading(false); } })(); - }, [file, http, setIntegrationName, setError]); + }, [file, http, telemetry, setIntegrationName, setError]); return ( diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/index.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/index.tsx index 460928b81b611..84e5bd8eaa067 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/index.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/index.tsx @@ -7,7 +7,8 @@ import { EuiLoadingSpinner } from '@elastic/eui'; import React, { Suspense } from 'react'; -import type { CreateIntegrationServices } from './types'; +import type { Services } from '../../services'; +import type { CreateIntegrationComponent } from './types'; const CreateIntegration = React.lazy(() => import('./create_integration').then((module) => ({ @@ -15,7 +16,7 @@ const CreateIntegration = React.lazy(() => })) ); -export const getCreateIntegrationLazy = (services: CreateIntegrationServices) => +export const getCreateIntegrationLazy = (services: Services): CreateIntegrationComponent => React.memo(function CreateIntegrationLazy() { return ( }> diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/telemetry.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration/telemetry.tsx new file mode 100644 index 0000000000000..fd62e54b20c83 --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/telemetry.tsx @@ -0,0 +1,171 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import React, { useCallback, useMemo, useRef, type PropsWithChildren } from 'react'; +import { v4 as uuidV4 } from 'uuid'; +import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common'; +import { TelemetryEventType } from '../../services/telemetry/types'; +import { useKibana } from '../../common/hooks/use_kibana'; +import type { + AIConnector, + ConfiguredAIConnectorType, + IntegrationSettings, +} from './create_integration_assistant/types'; + +const stepNames: Record = { + '1': 'Connector Step', + '2': 'Integration Step', + '3': 'DataStream Step', + '4': 'Review Step', + '5': 'Deploy Step', +}; + +type ReportUploadZipIntegrationComplete = (params: { + integrationName?: string; + error?: string; +}) => void; +type ReportAssistantOpen = () => void; +type ReportAssistantStepComplete = (params: { step: number }) => void; +type ReportGenerationComplete = (params: { + connector: AIConnector; + integrationSettings: IntegrationSettings; + durationMs: number; + error?: string; +}) => void; +type ReportAssistantComplete = (params: { + integrationName: string; + integrationSettings: IntegrationSettings; + connector: AIConnector; +}) => void; + +interface TelemetryContextProps { + reportUploadZipIntegrationComplete: ReportUploadZipIntegrationComplete; + reportAssistantOpen: ReportAssistantOpen; + reportAssistantStepComplete: ReportAssistantStepComplete; + reportGenerationComplete: ReportGenerationComplete; + reportAssistantComplete: ReportAssistantComplete; +} + +const TelemetryContext = React.createContext(null); +export const useTelemetry = () => { + const context = React.useContext(TelemetryContext); + if (!context) { + throw new Error('useTelemetry must be used within a TelemetryContextProvider'); + } + return context; +}; + +export const TelemetryContextProvider = React.memo>(({ children }) => { + const sessionData = useRef({ sessionId: uuidV4(), startedAt: Date.now() }); + const stepsData = useRef({ startedAt: Date.now() }); + + const { telemetry } = useKibana().services; + + const reportUploadZipIntegrationComplete = useCallback( + ({ integrationName, error }) => { + telemetry.reportEvent(TelemetryEventType.UploadIntegrationZipComplete, { + integrationName, + errorMessage: error, + }); + }, + [telemetry] + ); + + const reportAssistantOpen = useCallback(() => { + const sessionId = uuidV4(); + sessionData.current = { sessionId, startedAt: Date.now() }; + stepsData.current = { startedAt: Date.now() }; + telemetry.reportEvent(TelemetryEventType.IntegrationAssistantOpen, { + sessionId, + }); + }, [telemetry]); + + const reportAssistantStepComplete = useCallback( + ({ step }) => { + telemetry.reportEvent(TelemetryEventType.IntegrationAssistantStepComplete, { + sessionId: sessionData.current.sessionId, + step, + stepName: stepNames[step.toString()] ?? 'Unknown Step', + durationMs: Date.now() - stepsData.current.startedAt, + sessionElapsedTime: Date.now() - sessionData.current.startedAt, + }); + stepsData.current = { startedAt: Date.now() }; + }, + [telemetry] + ); + + const reportGenerationComplete = useCallback( + ({ connector, integrationSettings, durationMs, error }) => { + telemetry.reportEvent(TelemetryEventType.IntegrationAssistantGenerationComplete, { + sessionId: sessionData.current.sessionId, + sampleRows: integrationSettings?.logsSampleParsed?.length ?? 0, + actionTypeId: connector.actionTypeId, + model: getConnectorModel(connector), + provider: connector.apiProvider ?? 'unknown', + durationMs, + errorMessage: error, + }); + }, + [telemetry] + ); + + const reportAssistantComplete = useCallback( + ({ integrationName, integrationSettings, connector }) => { + telemetry.reportEvent(TelemetryEventType.IntegrationAssistantComplete, { + sessionId: sessionData.current.sessionId, + integrationName, + integrationDescription: integrationSettings?.description ?? 'unknown', + dataStreamName: integrationSettings?.dataStreamName ?? 'unknown', + inputType: integrationSettings?.inputType ?? 'unknown', + actionTypeId: connector.actionTypeId, + model: getConnectorModel(connector), + provider: connector.apiProvider ?? 'unknown', + durationMs: Date.now() - sessionData.current.startedAt, + }); + }, + [telemetry] + ); + + const value = useMemo( + () => ({ + reportUploadZipIntegrationComplete, + reportAssistantOpen, + reportAssistantStepComplete, + reportGenerationComplete, + reportAssistantComplete, + }), + [ + reportUploadZipIntegrationComplete, + reportAssistantOpen, + reportAssistantStepComplete, + reportGenerationComplete, + reportAssistantComplete, + ] + ); + return {children}; +}); +TelemetryContextProvider.displayName = 'TelemetryContextProvider'; + +const getConnectorModel = (connector: AIConnector): string => { + let model: string = 'unknown'; + if (!connector.isPreconfigured) { + const { apiUrl, defaultModel } = (connector as ConfiguredAIConnectorType).config ?? {}; + if (connector.apiProvider === OpenAiProviderType.AzureAi) { + model = getAzureModelFromParameter(apiUrl ?? '') ?? 'unknown'; + } else { + model = defaultModel ?? 'unknown'; + } + } + return model; +}; + +const getAzureModelFromParameter = (url: string): string | undefined => { + const urlSearchParams = new URLSearchParams(new URL(url).search); + if (urlSearchParams.get('api-version')) { + return `OpenAI version ${urlSearchParams.get('api-version')}`; + } + return undefined; +}; diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration/types.ts b/x-pack/plugins/integration_assistant/public/components/create_integration/types.ts index b1970c52d3bca..9fa3554d95040 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration/types.ts +++ b/x-pack/plugins/integration_assistant/public/components/create_integration/types.ts @@ -4,9 +4,5 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import type { CoreStart } from '@kbn/core/public'; -import type { IntegrationAssistantPluginStartDependencies } from '../../types'; - -export type CreateIntegrationServices = CoreStart & IntegrationAssistantPluginStartDependencies; export type CreateIntegrationComponent = React.ComponentType; diff --git a/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/index.tsx b/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/index.tsx index 7a89b89113522..af39fdec1cf59 100644 --- a/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/index.tsx +++ b/x-pack/plugins/integration_assistant/public/components/create_integration_card_button/index.tsx @@ -7,7 +7,7 @@ import { EuiLoadingSpinner } from '@elastic/eui'; import React, { Suspense } from 'react'; -import type { CreateIntegrationCardButtonProps } from './create_integration_card_button'; +import type { CreateIntegrationCardButtonComponent } from './types'; const CreateIntegrationCardButton = React.lazy(() => import('./create_integration_card_button').then((module) => ({ @@ -15,8 +15,8 @@ const CreateIntegrationCardButton = React.lazy(() => })) ); -export const getCreateIntegrationCardButtonLazy = () => - React.memo(function CreateIntegrationCardButtonLazy(props: CreateIntegrationCardButtonProps) { +export const getCreateIntegrationCardButtonLazy = (): CreateIntegrationCardButtonComponent => + React.memo(function CreateIntegrationCardButtonLazy(props) { return ( }> diff --git a/x-pack/plugins/integration_assistant/public/index.ts b/x-pack/plugins/integration_assistant/public/index.ts index 1ef32ec38169b..9c77b3c7d71bc 100644 --- a/x-pack/plugins/integration_assistant/public/index.ts +++ b/x-pack/plugins/integration_assistant/public/index.ts @@ -6,8 +6,8 @@ */ import { IntegrationAssistantPlugin } from './plugin'; +export type { IntegrationAssistantPluginSetup, IntegrationAssistantPluginStart } from './types'; export function plugin() { return new IntegrationAssistantPlugin(); } -export type { IntegrationAssistantPluginSetup, IntegrationAssistantPluginStart } from './types'; diff --git a/x-pack/plugins/integration_assistant/public/plugin.ts b/x-pack/plugins/integration_assistant/public/plugin.ts index 188b9697a2798..9eb03950062c6 100644 --- a/x-pack/plugins/integration_assistant/public/plugin.ts +++ b/x-pack/plugins/integration_assistant/public/plugin.ts @@ -13,11 +13,15 @@ import type { } from './types'; import { getCreateIntegrationLazy } from './components/create_integration'; import { getCreateIntegrationCardButtonLazy } from './components/create_integration_card_button'; +import { Telemetry, type Services } from './services'; export class IntegrationAssistantPlugin implements Plugin { - public setup(_: CoreSetup): IntegrationAssistantPluginSetup { + private telemetry = new Telemetry(); + + public setup(core: CoreSetup): IntegrationAssistantPluginSetup { + this.telemetry.setup(core.analytics); return {}; } @@ -25,7 +29,12 @@ export class IntegrationAssistantPlugin core: CoreStart, dependencies: IntegrationAssistantPluginStartDependencies ): IntegrationAssistantPluginStart { - const services = { ...core, ...dependencies }; + const services: Services = { + ...core, + ...dependencies, + telemetry: this.telemetry.start(), + }; + return { CreateIntegration: getCreateIntegrationLazy(services), CreateIntegrationCardButton: getCreateIntegrationCardButtonLazy(), diff --git a/x-pack/plugins/integration_assistant/public/services/index.ts b/x-pack/plugins/integration_assistant/public/services/index.ts new file mode 100644 index 0000000000000..346c3e2d04a37 --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/services/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { CoreStart } from '@kbn/core/public'; +import type { IntegrationAssistantPluginStartDependencies } from '../types'; +import type { TelemetryService } from './telemetry/service'; + +export { Telemetry } from './telemetry/service'; + +export type Services = CoreStart & + IntegrationAssistantPluginStartDependencies & { telemetry: TelemetryService }; diff --git a/x-pack/plugins/integration_assistant/public/services/telemetry/events.ts b/x-pack/plugins/integration_assistant/public/services/telemetry/events.ts new file mode 100644 index 0000000000000..91d8abbf68dbd --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/services/telemetry/events.ts @@ -0,0 +1,208 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import type { RootSchema } from '@kbn/core-analytics-browser'; +import { TelemetryEventType, type TelemetryEventTypeData } from './types'; + +type TelemetryEventsSchemas = { + [T in TelemetryEventType]: RootSchema>; +}; + +/** + * telemetryEventsSchemas + * Defines the schema for each of the event types + * */ +export const telemetryEventsSchemas: TelemetryEventsSchemas = { + [TelemetryEventType.UploadIntegrationZipComplete]: { + integrationName: { + type: 'keyword', + _meta: { + description: 'The name of the integration in the zip file that was uploaded', + optional: true, + }, + }, + errorMessage: { + type: 'text', + _meta: { + description: 'The error message if the upload failed', + optional: true, + }, + }, + }, + + [TelemetryEventType.IntegrationAssistantOpen]: { + sessionId: { + type: 'keyword', + _meta: { + description: 'The ID to identify all the events the same session', + optional: false, + }, + }, + }, + + [TelemetryEventType.IntegrationAssistantStepComplete]: { + sessionId: { + type: 'keyword', + _meta: { + description: 'The ID to identify all the events the same session', + optional: false, + }, + }, + step: { + type: 'long', + _meta: { + description: 'The step number', + optional: false, + }, + }, + stepName: { + type: 'keyword', + _meta: { + description: 'The name of the step', + optional: false, + }, + }, + durationMs: { + type: 'long', + _meta: { + description: 'Time spent in the current step', + optional: false, + }, + }, + sessionElapsedTime: { + type: 'long', + _meta: { + description: 'Total time spent in the current generation session', + optional: false, + }, + }, + }, + + [TelemetryEventType.IntegrationAssistantGenerationComplete]: { + sessionId: { + type: 'keyword', + _meta: { + description: 'The ID to identify all the events the same session', + optional: false, + }, + }, + sampleRows: { + type: 'long', + _meta: { + description: 'The number of log rows provided as sample data', + optional: false, + }, + }, + durationMs: { + type: 'long', + _meta: { + description: 'Time spent in the generation process', + optional: false, + }, + }, + actionTypeId: { + type: 'keyword', + _meta: { + description: 'The connector action type ID', + optional: false, + }, + }, + model: { + type: 'keyword', + _meta: { + description: 'The model used to generate the integration', + optional: false, + }, + }, + provider: { + type: 'keyword', + _meta: { + description: 'The provider of the LLM', + optional: false, + }, + }, + errorMessage: { + type: 'text', + _meta: { + description: 'The error message if the generation failed', + optional: true, + }, + }, + }, + + [TelemetryEventType.IntegrationAssistantComplete]: { + sessionId: { + type: 'keyword', + _meta: { + description: 'The ID to identify all the events the same session', + optional: false, + }, + }, + durationMs: { + type: 'long', + _meta: { + description: 'Total time spent in the workflow', + optional: false, + }, + }, + integrationName: { + type: 'keyword', + _meta: { + description: 'The name of the integration', + optional: false, + }, + }, + integrationDescription: { + type: 'keyword', + _meta: { + description: 'The description of the integration', + optional: false, + }, + }, + dataStreamName: { + type: 'keyword', + _meta: { + description: 'The name of the data stream used for the integration', + optional: false, + }, + }, + inputType: { + type: 'keyword', + _meta: { + description: 'The input type used for the integration', + optional: false, + }, + }, + actionTypeId: { + type: 'keyword', + _meta: { + description: 'The connector action type ID', + optional: false, + }, + }, + model: { + type: 'keyword', + _meta: { + description: 'The model used to generate the integration', + optional: false, + }, + }, + provider: { + type: 'keyword', + _meta: { + description: 'The provider of the LLM', + optional: false, + }, + }, + errorMessage: { + type: 'text', + _meta: { + description: 'The error message if the workflow failed', + optional: true, + }, + }, + }, +}; diff --git a/x-pack/plugins/integration_assistant/public/services/telemetry/service.ts b/x-pack/plugins/integration_assistant/public/services/telemetry/service.ts new file mode 100644 index 0000000000000..647cd79df37eb --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/services/telemetry/service.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import type { AnalyticsServiceSetup } from '@kbn/core-analytics-browser'; +import { telemetryEventsSchemas } from './events'; +import type { TelemetryEventType, TelemetryEventTypeData } from './types'; + +export interface TelemetryService { + reportEvent: ( + eventType: T, + eventData: TelemetryEventTypeData + ) => void; +} + +/** + * Service that interacts with the Core's analytics module + */ +export class Telemetry { + private analytics?: AnalyticsServiceSetup; + + public setup(analytics: AnalyticsServiceSetup) { + this.analytics = analytics; + + Object.entries(telemetryEventsSchemas).forEach(([eventType, schema]) => { + const event = { eventType, schema }; + analytics.registerEventType>(event); + }); + } + + public start(): TelemetryService { + const reportEvent = this.analytics?.reportEvent.bind(this.analytics); + if (!reportEvent) { + throw new Error( + 'The Telemetry.setup() method has not been invoked, be sure to call it during the plugin setup.' + ); + } + return { reportEvent }; + } +} diff --git a/x-pack/plugins/integration_assistant/public/services/telemetry/types.ts b/x-pack/plugins/integration_assistant/public/services/telemetry/types.ts new file mode 100644 index 0000000000000..98ba1c0792caa --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/services/telemetry/types.ts @@ -0,0 +1,74 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// Event type definitions +export enum TelemetryEventType { + UploadIntegrationZipComplete = 'upload_integration_zip_complete', + IntegrationAssistantOpen = 'integration_assistant_open', + IntegrationAssistantStepComplete = 'integration_assistant_step_complete', + IntegrationAssistantGenerationComplete = 'integration_assistant_generation_complete', + IntegrationAssistantComplete = 'integration_assistant_complete', +} + +// Event data definitions + +interface UploadIntegrationZipCompleteData { + integrationName?: string; + errorMessage?: string; +} + +interface IntegrationAssistantOpenData { + sessionId: string; +} + +interface IntegrationAssistantStepCompleteData { + sessionId: string; + step: number; + stepName: string; + durationMs: number; // Time spent in the current step + sessionElapsedTime: number; // Total time spent in the current generation session +} + +interface IntegrationAssistantGenerationCompleteData { + sessionId: string; + sampleRows: number; + durationMs: number; + actionTypeId: string; + model: string; + provider: string; + errorMessage?: string; +} + +interface IntegrationAssistantCompleteData { + sessionId: string; + durationMs: number; + integrationName: string; + integrationDescription: string; + dataStreamName: string; + inputType: string; + actionTypeId: string; + model: string; + provider: string; + errorMessage?: string; +} + +/** + * TelemetryEventTypeData + * Defines the relation between event types and their corresponding event data + * */ +export type TelemetryEventTypeData = + T extends TelemetryEventType.UploadIntegrationZipComplete + ? UploadIntegrationZipCompleteData + : T extends TelemetryEventType.IntegrationAssistantOpen + ? IntegrationAssistantOpenData + : T extends TelemetryEventType.IntegrationAssistantStepComplete + ? IntegrationAssistantStepCompleteData + : T extends TelemetryEventType.IntegrationAssistantGenerationComplete + ? IntegrationAssistantGenerationCompleteData + : T extends TelemetryEventType.IntegrationAssistantComplete + ? IntegrationAssistantCompleteData + : never; diff --git a/x-pack/plugins/integration_assistant/public/services/types.ts b/x-pack/plugins/integration_assistant/public/services/types.ts new file mode 100644 index 0000000000000..0221da63b2676 --- /dev/null +++ b/x-pack/plugins/integration_assistant/public/services/types.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import type { CoreStart } from '@kbn/core/public'; +import type { IntegrationAssistantPluginStartDependencies } from '../types'; +import type { TelemetryService } from './telemetry/service'; + +export type Services = CoreStart & + IntegrationAssistantPluginStartDependencies & { telemetry: TelemetryService }; diff --git a/x-pack/plugins/integration_assistant/public/types.ts b/x-pack/plugins/integration_assistant/public/types.ts index a4e55990a0dbe..35f108f84883c 100644 --- a/x-pack/plugins/integration_assistant/public/types.ts +++ b/x-pack/plugins/integration_assistant/public/types.ts @@ -4,7 +4,6 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import type { SpacesPluginSetup, SpacesPluginStart } from '@kbn/spaces-plugin/public'; import type { TriggersAndActionsUIPublicPluginSetup, TriggersAndActionsUIPublicPluginStart, @@ -22,10 +21,8 @@ export interface IntegrationAssistantPluginStart { export interface IntegrationAssistantPluginSetupDependencies { triggersActionsUi: TriggersAndActionsUIPublicPluginSetup; - spaces: SpacesPluginSetup; } export interface IntegrationAssistantPluginStartDependencies { triggersActionsUi: TriggersAndActionsUIPublicPluginStart; - spaces: SpacesPluginStart; } diff --git a/x-pack/plugins/integration_assistant/server/graphs/categorization/validate.test.ts b/x-pack/plugins/integration_assistant/server/graphs/categorization/validate.test.ts new file mode 100644 index 0000000000000..95c56c777a315 --- /dev/null +++ b/x-pack/plugins/integration_assistant/server/graphs/categorization/validate.test.ts @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { handleCategorizationValidation } from './validate'; +import type { CategorizationState } from '../../types'; +import { categorizationTestState } from '../../../__jest__/fixtures/categorization'; + +const testState: CategorizationState = categorizationTestState; + +describe('Testing categorization invalid category', () => { + it('handleCategorizationValidation()', async () => { + testState.pipelineResults = [{ test: 'testresult', event: { category: ['foo'] } }]; + const response = handleCategorizationValidation(testState); + expect(response.invalidCategorization).toEqual([ + { + error: + "field event.category's values (foo) is not one of the allowed values (api, authentication, configuration, database, driver, email, file, host, iam, intrusion_detection, library, malware, network, package, process, registry, session, threat, vulnerability, web)", + }, + ]); + expect(response.lastExecutedChain).toBe('handleCategorizationValidation'); + }); +}); + +describe('Testing categorization invalid type', () => { + it('handleCategorizationValidation()', async () => { + testState.pipelineResults = [{ test: 'testresult', event: { type: ['foo'] } }]; + const response = handleCategorizationValidation(testState); + expect(response.invalidCategorization).toEqual([ + { + error: + "field event.type's values (foo) is not one of the allowed values (access, admin, allowed, change, connection, creation, deletion, denied, end, error, group, indicator, info, installation, protocol, start, user)", + }, + ]); + expect(response.lastExecutedChain).toBe('handleCategorizationValidation'); + }); +}); + +describe('Testing categorization invalid compatibility', () => { + it('handleCategorizationValidation()', async () => { + testState.pipelineResults = [ + { test: 'testresult', event: { category: ['authentication'], type: ['access'] } }, + ]; + const response = handleCategorizationValidation(testState); + expect(response.invalidCategorization).toEqual([ + { + error: 'event.type (access) not compatible with any of the event.category (authentication)', + }, + ]); + expect(response.lastExecutedChain).toBe('handleCategorizationValidation'); + }); +}); diff --git a/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.ts b/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.ts index 531822b313112..0bf04e566c649 100644 --- a/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.ts +++ b/x-pack/plugins/integration_assistant/server/routes/pipeline_routes.ts @@ -37,11 +37,13 @@ export function registerPipelineRoutes(router: IRouter 0) { - return res.badRequest({ body: JSON.stringify(results.errors) }); + const { errors, pipelineResults } = await testPipeline(rawSamples, pipeline, client); + if (errors?.length) { + return res.badRequest({ body: JSON.stringify(errors) }); } - return res.ok({ body: CheckPipelineResponse.parse(results) }); + return res.ok({ + body: CheckPipelineResponse.parse({ results: { docs: pipelineResults } }), + }); } catch (e) { return res.badRequest({ body: e }); } diff --git a/x-pack/plugins/integration_assistant/server/templates/agent/cel.yml.hbs b/x-pack/plugins/integration_assistant/server/templates/agent/cel.yml.hbs new file mode 100644 index 0000000000000..2947f6343a763 --- /dev/null +++ b/x-pack/plugins/integration_assistant/server/templates/agent/cel.yml.hbs @@ -0,0 +1,163 @@ +data_stream: + dataset: {{data_stream.dataset}} +interval: {{resource_interval}} + +program: {{escape_string program}} + +{{#if state}} +state: + {{state}} +{{/if}} +redact.delete: {{delete_redacted_fields}} +{{#if redact_fields}} +redact.fields: +{{#each redact_fields as |field|}} + - {{field}} +{{/each}} +{{/if}} + +{{#if regexp}} +regexp: + {{regexp}} +{{/if}} + +{{#if username}} +auth.basic.user: {{username}} +{{/if}} +{{#if password}} +auth.basic.password: {{password}} +{{/if}} + +{{#unless username}} +{{#unless password}} +{{#if digest_username}} +auth.digest.user: {{digest_username}} +{{/if}} +{{#if digest_password}} +auth.digest.password: {{digest_password}} +{{#if digest_no_reuse}} +auth.digest.no_reuse: true +{{/if}} +{{/if}} +{{/unless}} +{{/unless}} + +{{#if pipeline}} +pipeline: {{pipeline}} +{{/if}} + +{{#unless username}} +{{#unless password}} +{{#unless digest_username}} +{{#unless digest_password}} +{{#if oauth_id}} +auth.oauth2.client.id: {{oauth_id}} +{{/if}} +{{#if oauth_secret}} +auth.oauth2.client.secret: {{oauth_secret}} +{{/if}} +{{#if oauth_token_url}} +auth.oauth2.token_url: {{oauth_token_url}} +{{/if}} +{{#if oauth_provider}} +auth.oauth2.provider: {{oauth_provider}} +{{/if}} +{{#if oauth_scopes}} +auth.oauth2.scopes: +{{#each oauth_scopes as |scope|}} + - {{scope}} +{{/each}} +{{/if}} +{{#if oauth_google_credentials_file}} +auth.oauth2.google.credentials_file: {{oauth_google_credentials_file}} +{{/if}} +{{#if oauth_google_credentials_json}} +auth.oauth2.google.credentials_json: '{{oauth_google_credentials_json}}' +{{/if}} +{{#if oauth_google_jwt_file}} +auth.oauth2.google.jwt_file: {{oauth_google_jwt_file}} +{{/if}} +{{#if oauth_google_jwt_json}} +auth.oauth2.google.jwt_json: {{oauth_google_jwt_json}} +{{/if}} +{{#if oauth_google_delegated_account}} +auth.oauth2.google.delegated_account: {{oauth_google_delegated_account}} +{{/if}} +{{#if oauth_azure_tenant_id}} +auth.oauth2.azure.tenant_id: {{oauth_azure_tenant_id}} +{{/if}} +{{#if oauth_azure_resource}} +auth.oauth2.azure.resource: {{oauth_azure_resource}} +{{/if}} +{{#if oauth_okta_jwk_file}} +auth.oauth2.okta.jwk_file: {{oauth_okta_jwk_file}} +{{/if}} +{{#if oauth_okta_jwk_json}} +auth.oauth2.okta.jwk_json: {{oauth_okta_jwk_json}} +{{/if}} +{{#if oauth_okta_jwk_pem}} +auth.oauth2.okta.jwk_pem: {{oauth_okta_jwk_pem}} +{{/if}} +{{#if oauth_endpoint_params}} +auth.oauth2.endpoint_params: + {{oauth_endpoint_params}} +{{/if}} +{{/unless}} +{{/unless}} +{{/unless}} +{{/unless}} + +resource.url: {{resource_url}} +{{#if resource_ssl}} +resource.ssl: + {{resource_ssl}} +{{/if}} +{{#if resource_proxy_url}} +resource.proxy_url: {{resource_proxy_url}} +{{/if}} +{{#if resource_retry_max_attempts}} +resource.retry.max_attempts: {{resource_retry_max_attempts}} +{{/if}} +{{#if resource_retry_wait_min}} +resource.retry.wait_min: {{resource_retry_wait_min}} +{{/if}} +{{#if resource_retry_wait_max}} +resource.retry.wait_max: {{resource_retry_wait_max}} +{{/if}} +{{#if resource_redirect_forward_headers}} +resource.redirect.forward_headers: {{resource_redirect_forward_headers}} +{{/if}} +{{#if resource_redirect_headers_ban_list}} +resource.redirect.headers_ban_list: +{{#each resource_redirect_headers_ban_list as |item|}} + - {{item}} +{{/each}} +{{/if}} +{{#if resource_redirect_max_redirects}} +resource.redirect.max_redirects: {{resource_redirect_max_redirects}} +{{/if}} +{{#if resource_rate_limit_limit}} +resource.rate_limit.limit: {{resource_rate_limit_limit}} +{{/if}} +{{#if resource_rate_limit_burst}} +resource.rate_limit.burst: {{resource_rate_limit_burst}} +{{/if}} + +{{#if enable_request_tracer}} +resource.tracer.filename: "../../logs/cel/http-request-trace-*.ndjson" +resource.tracer.maxbackups: 5 +{{/if}} + +{{#if tags}} +tags: +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{/if}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} \ No newline at end of file diff --git a/x-pack/plugins/integration_assistant/server/templates/manifest/cel_manifest.yml.njk b/x-pack/plugins/integration_assistant/server/templates/manifest/cel_manifest.yml.njk new file mode 100644 index 0000000000000..04db3351691d4 --- /dev/null +++ b/x-pack/plugins/integration_assistant/server/templates/manifest/cel_manifest.yml.njk @@ -0,0 +1,339 @@ +- input: cel + title: | + {{ data_stream_title }} + description: | + {{ data_stream_description }} + vars: + - name: data_stream.dataset + type: text + title: Dataset name + description: | + Dataset to write data to. Changing the dataset will send the data to a different index. You can't use `-` in the name of a dataset and only valid characters for [Elasticsearch index names](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html). + default: cel.cel + required: true + show_user: true + - name: pipeline + type: text + title: Ingest Pipeline + description: | + The Ingest Node pipeline ID to be used by the integration. + required: false + show_user: true + - name: resource_url + type: text + title: Resource URL + description: i.e. scheme://host:port/path + show_user: true + required: true + default: https://server.example.com:8089/api + - name: resource_interval + type: text + title: Resource Interval + description: How often the API is polled, supports seconds, minutes and hours. + show_user: true + required: true + default: 1m + - name: program + type: textarea + title: The CEL program to be run for each polling. + description: | + Program is the CEL program that is executed each polling period to get and transform the API data. + More information can be found in the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_execution). + show_user: true + multi: false + required: true + default: | + # // Fetch the agent's public IP every minute and note when the last request was made. + # // It does not use the Resource URL configuration value. + # bytes(get("https://api.ipify.org/?format=json").Body).as(body, { + # "events": [body.decode_json().with({ + # "last_requested_at": has(state.cursor) && has(state.cursor.last_requested_at) ? + # state.cursor.last_requested_at + # : + # now + # })], + # "cursor": {"last_requested_at": now} + # }) + - name: state + type: yaml + title: Initial CEL evaluation state + description: | + State is the initial state to be provided to the program. If it has a cursor field, that field will be overwritten by any stored cursor, but will be available if no stored cursor exists. + More information can be found in the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#input-state-cel). + show_user: true + multi: false + required: false + - name: regexp + type: yaml + title: Defined Regular Expressions + description: | + Regexps is the set of regular expression to be made available to the program by name. The syntax used is [RE2](https://github.com/google/re2/wiki/Syntax). + More information can be found in the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#regexp-cel). + show_user: true + multi: false + required: false + default: | + #products: '(?i)(Elasticsearch|Beats|Logstash|Kibana)' + #solutions: '(?i)(Search|Observability|Security)' + - name: username + type: text + title: Basic Auth Username + show_user: true + required: false + description: The username to be used with Basic Auth headers + - name: password + type: password + title: Basic Auth Password + show_user: true + required: false + description: The password to be used with Basic Auth headers + secret: true + - name: digest_username + type: text + title: Digest Auth Username + show_user: true + required: false + description: The username to be used with Digest Auth headers + - name: digest_password + type: password + title: Digest Auth Password + show_user: true + required: false + description: The password to be used with Digest Auth headers + secret: true + - name: digest_no_reuse + type: bool + title: Digest No Challenge Reuse + show_user: true + required: false + description: Selecting no challenge reuse prevents the transport from reusing digest challenges + - name: oauth_id + type: text + title: OAuth2 Client ID + description: Client ID used for OAuth2 authentication + show_user: true + required: false + - name: oauth_secret + type: password + title: OAuth2 Client Secret + description: Client secret used for OAuth2 authentication + show_user: true + required: false + secret: true + - name: oauth_token_url + type: text + title: OAuth2 Token URL + description: The URL endpoint that will be used to generate the tokens during the oAuth2 flow. It is required if no oauth_custom variable is set or provider is not specified in oauth_custom variable. + show_user: true + required: false + secret: false + - name: redact_fields + type: text + title: Redacted fields + description: | + Fields to redact in debug logs. When logging at debug-level the input state and CEL evaluation state are included + in logs. This may leak secrets, so list sensitive state fields in this configuration. + show_user: true + multi: true + required: false + - name: delete_redacted_fields + type: bool + title: Delete redacted fields + description: | + The default behavior for field redaction is to replace characters with `*`s. If field value length or presence will + leak information, the fields can be deleted from logging by setting this configuration to true. + show_user: true + multi: false + default: false + required: true + - name: resource_ssl + type: yaml + title: Resource SSL Configuration + description: i.e. certificate_authorities, supported_protocols, verification_mode etc, more examples found in the [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) + multi: false + required: false + show_user: false + - name: resource_timeout + type: text + title: Resource Timeout + description: Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h. Default is "30"s. + show_user: false + multi: false + required: false + - name: resource_proxy_url + type: text + title: Resource Proxy + description: This specifies proxy configuration in the form of `http[s]://:@:`. + show_user: false + multi: false + required: false + - name: resource_retry_max_attempts + type: text + title: Resource Retry Max Attempts + description: The maximum number of retries for the HTTP client. Default is "5". + show_user: false + multi: false + required: false + - name: resource_retry_wait_min + type: text + title: Resource Retry Wait Min + description: The minimum time to wait before a retry is attempted. Default is "1s". + show_user: false + multi: false + required: false + - name: resource_retry_wait_max + type: text + title: Resource Retry Wait Max + description: The maximum time to wait before a retry is attempted. Default is "60s". + show_user: false + multi: false + required: false + - name: resource_redirect_forward_headers + type: bool + title: Resource Redirect Forward Headers + description: When set to true resource headers are forwarded in case of a redirect. Default is "false". + show_user: false + multi: false + required: false + - name: resource_redirect_headers_ban_list + type: text + title: Resource Redirect Headers Ban List + description: When Redirect Forward Headers is set to true, all headers except the ones defined in this list will be forwarded. All headers are forwarded by default. + show_user: false + multi: true + required: false + - name: resource_redirect_max_redirects + type: text + title: Resource Redirect Max Redirects + description: The maximum number of redirects to follow for a resource. Default is "10". + show_user: false + multi: false + required: false + - name: resource_rate_limit_limit + type: text + title: Resource Rate Limit + description: The value of the response that specifies the total limit. + show_user: false + multi: false + required: false + - name: resource_rate_limit_burst + type: text + title: Resource Rate Limit Burst + description: The maximum burst size. Burst is the maximum number of resource requests that can be made above the overall rate limit. + show_user: false + multi: false + required: false + - name: oauth_provider + type: text + title: OAuth2 Provider + description: Used to configure supported oAuth2 providers. Each supported provider will require specific settings. It is not set by default. Supported providers are "azure" and "google". + show_user: false + multi: false + required: false + - name: oauth_scopes + type: text + title: OAuth2 Scopes + description: A list of scopes that will be resourceed during the oAuth2 flow. It is optional for all providers. + show_user: false + multi: true + required: false + - name: oauth_google_credentials_file + type: text + title: OAuth2 Google Credentials File + description: The full path to the credentials file for Google. + show_user: false + multi: false + required: false + - name: oauth_google_credentials_json + type: text + title: OAuth2 Google Credentials JSON + description: Your Google credentials information as raw JSON. + show_user: false + multi: false + required: false + - name: oauth_google_jwt_file + type: text + title: OAuth2 Google JWT File + description: Full path to the JWT Account Key file for Google. + show_user: false + multi: false + required: false + - name: oauth_google_jwt_json + type: text + title: OAuth2 Google JWT JSON + description: Your Google JWT information as raw JSON. + multi: false + required: false + show_user: false + - name: oauth_google_delegated_account + type: text + title: OAuth2 Google Delegated account + description: Email of the delegated account used to create the credentials (usually an admin). + show_user: false + multi: false + required: false + - name: oauth_azure_tenant_id + type: text + title: OAuth2 Azure Tenant ID + description: Optional setting used for authentication when using Azure provider. Since it is used in the process to generate the token_url, it can’t be used in combination with it. + show_user: false + multi: false + required: false + - name: oauth_azure_resource + type: text + title: OAuth2 Azure Resource + description: Optional setting for the accessed WebAPI resource when using azure provider. + show_user: false + multi: false + required: false + - name: oauth_okta_jwt_file + type: text + title: OAuth2 Okta JWT File + description: Full path to the JWT account private key file for Okta. + show_user: false + multi: false + required: false + - name: oauth_okta_jwt_json + type: text + title: OAuth2 Okta JWT JSON + description: Your Okta JWT private key as raw JSON. + multi: false + required: false + show_user: false + - name: oauth_okta_jwt_pem + type: text + title: OAuth2 Okta JWT PEM + description: Your Okta JWT private key encoded as a PEM block. + multi: false + required: false + show_user: false + - name: oauth_endpoint_params + type: yaml + title: OAuth2 Endpoint Params + description: Set of values that will be sent on each resource to the token_url. Each param key can have multiple values. Can be set for all providers except google. + show_user: false + multi: false + required: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + - name: tags + type: text + title: Tags + multi: true + show_user: false + default: + - forwarded + - name: enable_request_tracer + type: bool + title: Enable request tracing + multi: false + required: false + show_user: false + description: > + The request tracer logs HTTP requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-cel.html#_resource_tracer_filename) for details. \ No newline at end of file diff --git a/x-pack/plugins/integration_assistant/tsconfig.json b/x-pack/plugins/integration_assistant/tsconfig.json index 9a18a1ca1794b..f16493407b415 100644 --- a/x-pack/plugins/integration_assistant/tsconfig.json +++ b/x-pack/plugins/integration_assistant/tsconfig.json @@ -27,9 +27,10 @@ "@kbn/kibana-react-plugin", "@kbn/code-editor", "@kbn/monaco", - "@kbn/spaces-plugin", "@kbn/triggers-actions-ui-plugin", "@kbn/shared-ux-router", - "@kbn/zod-helpers" + "@kbn/zod-helpers", + "@kbn/stack-connectors-plugin", + "@kbn/core-analytics-browser" ] } diff --git a/x-pack/plugins/lens/public/plugin.ts b/x-pack/plugins/lens/public/plugin.ts index cd48b0b33782e..ba615678c334e 100644 --- a/x-pack/plugins/lens/public/plugin.ts +++ b/x-pack/plugins/lens/public/plugin.ts @@ -46,6 +46,7 @@ import { ACTION_VISUALIZE_FIELD, VISUALIZE_FIELD_TRIGGER, VisualizeFieldContext, + ADD_PANEL_TRIGGER, } from '@kbn/ui-actions-plugin/public'; import { VISUALIZE_EDITOR_TRIGGER, @@ -648,7 +649,7 @@ export class LensPlugin { // Displays the add ESQL panel in the dashboard add Panel menu const createESQLPanelAction = new CreateESQLPanelAction(startDependencies, core); - startDependencies.uiActions.addTriggerAction('ADD_PANEL_TRIGGER', createESQLPanelAction); + startDependencies.uiActions.addTriggerAction(ADD_PANEL_TRIGGER, createESQLPanelAction); const discoverLocator = startDependencies.share?.url.locators.get('DISCOVER_APP_LOCATOR'); if (discoverLocator) { diff --git a/x-pack/plugins/lens/public/trigger_actions/open_lens_config/create_action.tsx b/x-pack/plugins/lens/public/trigger_actions/open_lens_config/create_action.tsx index 07301f2394130..f1d58f9702fb4 100644 --- a/x-pack/plugins/lens/public/trigger_actions/open_lens_config/create_action.tsx +++ b/x-pack/plugins/lens/public/trigger_actions/open_lens_config/create_action.tsx @@ -9,6 +9,7 @@ import type { CoreStart } from '@kbn/core/public'; import { Action, IncompatibleActionError } from '@kbn/ui-actions-plugin/public'; import { EmbeddableApiContext } from '@kbn/presentation-publishing'; import { apiIsPresentationContainer } from '@kbn/presentation-containers'; +import { COMMON_VISUALIZATION_GROUPING } from '@kbn/visualizations-plugin/public'; import type { LensPluginStartDependencies } from '../../plugin'; const ACTION_CREATE_ESQL_CHART = 'ACTION_CREATE_ESQL_CHART'; @@ -20,6 +21,8 @@ export class CreateESQLPanelAction implements Action { public id = ACTION_CREATE_ESQL_CHART; public order = 50; + public grouping = COMMON_VISUALIZATION_GROUPING; + constructor( protected readonly startDependencies: LensPluginStartDependencies, protected readonly core: CoreStart diff --git a/x-pack/plugins/lens/public/vis_type_alias.ts b/x-pack/plugins/lens/public/vis_type_alias.ts index e20b60a11c57a..90d1df663d3e4 100644 --- a/x-pack/plugins/lens/public/vis_type_alias.ts +++ b/x-pack/plugins/lens/public/vis_type_alias.ts @@ -27,6 +27,7 @@ export const getLensAliasConfig = (): VisTypeAlias => ({ note: i18n.translate('xpack.lens.visTypeAlias.note', { defaultMessage: 'Recommended for most users.', }), + order: 60, icon: 'lensApp', stage: 'production', appExtensions: { diff --git a/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.ts b/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.ts index 46ac86a5c8aae..a41a78a6b8fed 100644 --- a/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.ts +++ b/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.ts @@ -61,7 +61,8 @@ export const transformElasticHitsToListItem = ({ created_at, created_by, deserializer, - id: _id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + id: _id!, list_id, // meta can be null if deleted (empty in PUT payload), since update_by_query set deleted values as null // return it as undefined to keep it consistent with payload diff --git a/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx b/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx index 161acd3e5db73..76b2e17cb002e 100644 --- a/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx +++ b/x-pack/plugins/maps/public/classes/sources/es_search_source/es_search_source.tsx @@ -19,12 +19,7 @@ import { Adapters } from '@kbn/inspector-plugin/common/adapters'; import { SortDirection, SortDirectionNumeric } from '@kbn/data-plugin/common'; import { getTileUrlParams } from '@kbn/maps-vector-tile-utils'; import { AbstractESSource } from '../es_source'; -import { - getHttp, - getSearchService, - getSecurityService, - getTimeFilter, -} from '../../../kibana_services'; +import { getCore, getHttp, getSearchService, getTimeFilter } from '../../../kibana_services'; import { addFieldToDSL, getField, @@ -532,7 +527,7 @@ export class ESSearchSource extends AbstractESSource implements IMvtVectorSource if (!(await this._isDrawingIndex())) { return {}; } - const user = await getSecurityService()?.authc.getCurrentUser(); + const user = await getCore().security.authc.getCurrentUser(); const timestamp = new Date().toISOString(); return { created: { diff --git a/x-pack/plugins/maps/public/kibana_services.ts b/x-pack/plugins/maps/public/kibana_services.ts index e7dfeb2e08957..9c11f56a7f5c7 100644 --- a/x-pack/plugins/maps/public/kibana_services.ts +++ b/x-pack/plugins/maps/public/kibana_services.ts @@ -90,7 +90,6 @@ export const getUrlForApp = () => coreStart.application.getUrlForApp; export const getNavigateToUrl = () => coreStart.application.navigateToUrl; export const getSavedObjectsTagging = () => pluginsStart.savedObjectsTagging; export const getPresentationUtilContext = () => pluginsStart.presentationUtil.ContextProvider; -export const getSecurityService = () => pluginsStart.security; export const getSpacesApi = () => pluginsStart.spaces; export const getTheme = () => coreStart.theme; export const getApplication = () => coreStart.application; diff --git a/x-pack/plugins/maps/public/maps_vis_type_alias.ts b/x-pack/plugins/maps/public/maps_vis_type_alias.ts index 48a96a2d0f988..dc7c8cc8dc7bd 100644 --- a/x-pack/plugins/maps/public/maps_vis_type_alias.ts +++ b/x-pack/plugins/maps/public/maps_vis_type_alias.ts @@ -33,6 +33,7 @@ export function getMapsVisTypeAlias() { description: appDescription, icon: APP_ICON, stage: 'production' as VisualizationStage, + order: 40, appExtensions: { visualizations: { docTypes: [MAP_SAVED_OBJECT_TYPE], diff --git a/x-pack/plugins/maps/public/plugin.ts b/x-pack/plugins/maps/public/plugin.ts index 42d40cc64e64a..169731af566fe 100644 --- a/x-pack/plugins/maps/public/plugin.ts +++ b/x-pack/plugins/maps/public/plugin.ts @@ -36,7 +36,6 @@ import type { FileUploadPluginStart } from '@kbn/file-upload-plugin/public'; import type { PresentationUtilPluginStart } from '@kbn/presentation-util-plugin/public'; import type { SavedObjectTaggingPluginStart } from '@kbn/saved-objects-tagging-plugin/public'; import type { ChartsPluginStart } from '@kbn/charts-plugin/public'; -import type { SecurityPluginStart } from '@kbn/security-plugin/public'; import type { SpacesPluginStart } from '@kbn/spaces-plugin/public'; import type { CloudSetup } from '@kbn/cloud-plugin/public'; import type { LensPublicSetup } from '@kbn/lens-plugin/public'; @@ -123,7 +122,6 @@ export interface MapsPluginStartDependencies { visualizations: VisualizationsStart; savedObjectsTagging?: SavedObjectTaggingPluginStart; presentationUtil: PresentationUtilPluginStart; - security?: SecurityPluginStart; spaces?: SpacesPluginStart; mapsEms: MapsEmsPluginPublicStart; contentManagement: ContentManagementPublicStart; diff --git a/x-pack/plugins/ml/common/constants/app.ts b/x-pack/plugins/ml/common/constants/app.ts index d74e1cb30c761..dd41353184fd4 100644 --- a/x-pack/plugins/ml/common/constants/app.ts +++ b/x-pack/plugins/ml/common/constants/app.ts @@ -11,7 +11,7 @@ export const PLUGIN_ID = 'ml'; export const PLUGIN_ICON = 'machineLearningApp'; export const PLUGIN_ICON_SOLUTION = 'logoKibana'; export const ML_APP_NAME = i18n.translate('xpack.ml.navMenu.mlAppNameText', { - defaultMessage: 'Machine Learning', + defaultMessage: 'Machine Learning and Analytics', }); export const ML_APP_ROUTE = '/app/ml'; export const ML_INTERNAL_BASE_PATH = '/internal/ml'; diff --git a/x-pack/plugins/ml/public/application/notifications/components/notifications_list.tsx b/x-pack/plugins/ml/public/application/notifications/components/notifications_list.tsx index cb2f64c69050b..0cfb482fda7f7 100644 --- a/x-pack/plugins/ml/public/application/notifications/components/notifications_list.tsx +++ b/x-pack/plugins/ml/public/application/notifications/components/notifications_list.tsx @@ -397,6 +397,7 @@ export const NotificationsList: FC = () => { columns={columns} + rowHeader="timestamp" items={itemsPerPage} itemId={'id'} loading={isLoading} diff --git a/x-pack/plugins/ml/public/ui_actions/create_anomaly_chart.tsx b/x-pack/plugins/ml/public/ui_actions/create_anomaly_chart.tsx index c4b88bdd43306..28b7b413827a5 100644 --- a/x-pack/plugins/ml/public/ui_actions/create_anomaly_chart.tsx +++ b/x-pack/plugins/ml/public/ui_actions/create_anomaly_chart.tsx @@ -41,6 +41,10 @@ export function createAddAnomalyChartsPanelAction( getIconType: () => PLUGIN_ICON, }, ], + order: 30, + getIconType(): string { + return 'visLine'; + }, getDisplayName: () => i18n.translate('xpack.ml.components.mlAnomalyExplorerEmbeddable.displayName', { defaultMessage: 'Anomaly chart', diff --git a/x-pack/plugins/ml/public/ui_actions/create_single_metric_viewer.tsx b/x-pack/plugins/ml/public/ui_actions/create_single_metric_viewer.tsx index 55b3bdf44663b..3b1e06f62538a 100644 --- a/x-pack/plugins/ml/public/ui_actions/create_single_metric_viewer.tsx +++ b/x-pack/plugins/ml/public/ui_actions/create_single_metric_viewer.tsx @@ -42,6 +42,8 @@ export function createAddSingleMetricViewerPanelAction( getIconType: () => PLUGIN_ICON, }, ], + order: 20, + getIconType: () => 'visLine', getDisplayName: () => i18n.translate('xpack.ml.components.singleMetricViewerEmbeddable.displayName', { defaultMessage: 'Single metric viewer', diff --git a/x-pack/plugins/ml/public/ui_actions/create_swim_lane.tsx b/x-pack/plugins/ml/public/ui_actions/create_swim_lane.tsx index 388b32148847f..b0f47eb4e1dc7 100644 --- a/x-pack/plugins/ml/public/ui_actions/create_swim_lane.tsx +++ b/x-pack/plugins/ml/public/ui_actions/create_swim_lane.tsx @@ -5,6 +5,7 @@ * 2.0. */ +import React from 'react'; import { i18n } from '@kbn/i18n'; import type { PresentationContainer } from '@kbn/presentation-containers'; import type { EmbeddableApiContext } from '@kbn/presentation-publishing'; @@ -41,6 +42,28 @@ export function createAddSwimlanePanelAction( getIconType: () => PLUGIN_ICON, }, ], + order: 40, + // @ts-expect-error getIconType is typed as string, but EuiIcon accepts ReactComponent for custom icons. + // See https://github.com/elastic/kibana/issues/184643 + getIconType: () => (iconProps) => + ( + + + + + + + + ), getDisplayName: () => i18n.translate('xpack.ml.components.jobAnomalyScoreEmbeddable.displayName', { defaultMessage: 'Anomaly swim lane', diff --git a/x-pack/plugins/ml/public/ui_actions/index.ts b/x-pack/plugins/ml/public/ui_actions/index.ts index 66dd1f0f06f34..1b650d331d007 100644 --- a/x-pack/plugins/ml/public/ui_actions/index.ts +++ b/x-pack/plugins/ml/public/ui_actions/index.ts @@ -8,7 +8,7 @@ import type { CoreSetup } from '@kbn/core/public'; import { CONTEXT_MENU_TRIGGER } from '@kbn/embeddable-plugin/public'; import { CREATE_PATTERN_ANALYSIS_TO_ML_AD_JOB_TRIGGER } from '@kbn/ml-ui-actions'; -import type { UiActionsSetup } from '@kbn/ui-actions-plugin/public'; +import { type UiActionsSetup, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; import type { MlPluginStart, MlStartDependencies } from '../plugin'; import { createApplyEntityFieldFiltersAction } from './apply_entity_filters_action'; import { createApplyInfluencerFiltersAction } from './apply_influencer_filters_action'; @@ -67,9 +67,9 @@ export function registerMlUiActions( uiActions.registerAction(addAnomalyChartsPanelAction); // Assign triggers - uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addSingleMetricViewerPanelAction); - uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addSwimlanePanelAction); - uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addAnomalyChartsPanelAction); + uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addSingleMetricViewerPanelAction); + uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addSwimlanePanelAction); + uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addAnomalyChartsPanelAction); uiActions.addTriggerAction(CONTEXT_MENU_TRIGGER, openInExplorerAction); uiActions.attachAction(CONTEXT_MENU_TRIGGER, openInSingleMetricViewerAction.id); diff --git a/x-pack/plugins/ml/server/lib/alerts/register_jobs_monitoring_rule_type.ts b/x-pack/plugins/ml/server/lib/alerts/register_jobs_monitoring_rule_type.ts index 6afb7dc38e88b..b311a637eb2d7 100644 --- a/x-pack/plugins/ml/server/lib/alerts/register_jobs_monitoring_rule_type.ts +++ b/x-pack/plugins/ml/server/lib/alerts/register_jobs_monitoring_rule_type.ts @@ -288,6 +288,7 @@ export function registerJobsMonitoringRuleType({ id: alertName, actionGroup: ANOMALY_DETECTION_JOB_REALTIME_ISSUE, context, + // @ts-expect-error type mismatch payload, }); }); @@ -301,6 +302,7 @@ export function registerJobsMonitoringRuleType({ alertsClient.setAlertData({ id: recoveredAlertId, context: testResult.context, + // @ts-expect-error type mismatch payload: testResult.payload, }); } diff --git a/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js b/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js index 306f04c7ca95c..8ffe9fb71bcdb 100644 --- a/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js +++ b/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js @@ -125,7 +125,7 @@ function aggregateAnomalies(anomalyRecords, interval, dateFormatTz) { return []; } - const aggregatedData = {}; + const aggregatedData = Object.create(null); anomalyRecords.forEach((record) => { // Use moment.js to get start of interval. const roundedTime = @@ -133,27 +133,32 @@ function aggregateAnomalies(anomalyRecords, interval, dateFormatTz) { ? moment(record.timestamp).tz(dateFormatTz).startOf(interval).valueOf() : moment(record.timestamp).startOf(interval).valueOf(); if (aggregatedData[roundedTime] === undefined) { - aggregatedData[roundedTime] = {}; + aggregatedData[roundedTime] = Object.create(null); } // Aggregate by job, then detectorIndex. const jobId = record.job_id; const jobsAtTime = aggregatedData[roundedTime]; - if (jobsAtTime[jobId] === undefined) { - jobsAtTime[jobId] = {}; + if (jobsAtTime[jobId] === undefined || Object.hasOwn(jobsAtTime, jobId) === false) { + jobsAtTime[jobId] = Object.create(null); } // Aggregate by detector - default to function_description if no description available. const detectorIndex = record.detector_index; + if (typeof detectorIndex !== 'number') { + return; + } const detectorsForJob = jobsAtTime[jobId]; if (detectorsForJob[detectorIndex] === undefined) { - detectorsForJob[detectorIndex] = {}; + detectorsForJob[detectorIndex] = Object.create(null); } // Now add an object for the anomaly with the highest anomaly score per entity. // For the choice of entity, look in order for byField, overField, partitionField. // If no by/over/partition, default to an empty String. - const entitiesForDetector = detectorsForJob[detectorIndex]; + const entitiesForDetector = Object.hasOwn(detectorsForJob, detectorIndex) + ? detectorsForJob[detectorIndex] + : Object.create(null); // TODO - are we worried about different byFields having the same // value e.g. host=server1 and machine=server1? @@ -163,7 +168,7 @@ function aggregateAnomalies(anomalyRecords, interval, dateFormatTz) { } if (entitiesForDetector[entity] === undefined) { entitiesForDetector[entity] = record; - } else { + } else if (Object.hasOwn(entitiesForDetector, entity)) { if (record.record_score > entitiesForDetector[entity].record_score) { entitiesForDetector[entity] = record; } diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/_health/index.ts b/x-pack/plugins/monitoring/server/routes/api/v1/_health/index.ts index 8a04150a7bbde..5ed5b85168ee2 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/_health/index.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/_health/index.ts @@ -30,6 +30,9 @@ export function registerV1HealthRoute(server: MonitoringCore) { validate: { query: validateQuery, }, + options: { + access: 'internal', + }, async handler(req: LegacyRequest) { const logger = req.getLogger(); const timeRange = { diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/enable.ts b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/enable.ts index 326033e61f1c0..8b919fd1f86ea 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/enable.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/enable.ts @@ -19,6 +19,9 @@ export function enableAlertsRoute(server: MonitoringCore, npRoute: RouteDependen { path: '/api/monitoring/v1/alerts/enable', validate: false, + options: { + access: 'internal', + }, }, async (context, request, response) => { try { diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/status.ts b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/status.ts index a9efc14c8c458..64a0b7b92d85f 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/alerts/status.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/alerts/status.ts @@ -28,6 +28,9 @@ export function alertStatusRoute(npRoute: RouteDependencies) { }), }), }, + options: { + access: 'internal', + }, }, async (context, request, response) => { try { diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/apm/instance.ts b/x-pack/plugins/monitoring/server/routes/api/v1/apm/instance.ts index 92266c20596dc..8c8d7e0ad2c69 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/apm/instance.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/apm/instance.ts @@ -29,6 +29,9 @@ export function apmInstanceRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const apmUuid = req.params.apmUuid; const config = server.config; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/apm/instances.ts b/x-pack/plugins/monitoring/server/routes/api/v1/apm/instances.ts index 3dbe30c459ba6..bb8086867ed05 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/apm/instances.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/apm/instances.ts @@ -27,6 +27,9 @@ export function apmInstancesRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const ccs = req.payload.ccs; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/apm/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/apm/overview.ts index 468f267d517bd..12f0fcda23cb6 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/apm/overview.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/apm/overview.ts @@ -28,6 +28,9 @@ export function apmOverviewRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/beats/beat_detail.ts b/x-pack/plugins/monitoring/server/routes/api/v1/beats/beat_detail.ts index 1a6e1da429f93..30ef661feb0f4 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/beats/beat_detail.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/beats/beat_detail.ts @@ -29,6 +29,9 @@ export function beatsDetailRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const clusterUuid = req.params.clusterUuid; const beatUuid = req.params.beatUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/beats/beats.ts b/x-pack/plugins/monitoring/server/routes/api/v1/beats/beats.ts index f78a4902734fa..b59cec2898617 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/beats/beats.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/beats/beats.ts @@ -27,6 +27,9 @@ export function beatsListingRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const ccs = req.payload.ccs; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/beats/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/beats/overview.ts index 3fac0fea06db5..cbdc28ebf4f9b 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/beats/overview.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/beats/overview.ts @@ -29,6 +29,9 @@ export function beatsOverviewRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const ccs = req.payload.ccs; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/check_access/check_access.ts b/x-pack/plugins/monitoring/server/routes/api/v1/check_access/check_access.ts index d1688bfbb087a..baab09e81becd 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/check_access/check_access.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/check_access/check_access.ts @@ -21,6 +21,9 @@ export function checkAccessRoute(server: MonitoringCore) { method: 'get', path: '/api/monitoring/v1/check_access', validate: {}, + options: { + access: 'internal', + }, handler: async (req: LegacyRequest) => { const response: { has_access?: boolean } = {}; try { diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.ts b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.ts index 864b2beec5b7b..97a6bb8407b12 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/cluster.ts @@ -30,6 +30,9 @@ export function clusterRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, handler: async (req) => { const options = { clusterUuid: req.params.clusterUuid, diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.ts b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.ts index 1e5883360d09b..ab74302fa4e27 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/cluster/clusters.ts @@ -30,6 +30,9 @@ export function clustersRoute(server: MonitoringCore) { validate: { body: validateBody, }, + options: { + access: 'internal', + }, handler: async (req) => { // NOTE using try/catch because checkMonitoringAuth is expected to throw // an error when current logged-in user doesn't have permission to read diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr.ts index efc3c439d7776..137175010cb22 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr.ts @@ -271,6 +271,9 @@ export function ccrRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const ccs = req.payload.ccs; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts index cc37e52c0d9e8..3e215aaf67e35 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts @@ -95,6 +95,9 @@ export function ccrShardRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const index = req.params.index; const shardId = req.params.shardId; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts index 86a46dd8fae41..d420056d4ec0e 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts @@ -36,6 +36,9 @@ export function esIndexRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, handler: async (req) => { try { const config = server.config; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/indices.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/indices.ts index 00956410d8c4d..d453a89b7d9dc 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/indices.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/indices.ts @@ -32,6 +32,9 @@ export function esIndicesRoute(server: MonitoringCore) { query: validateQuery, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const { clusterUuid } = req.params; const { show_system_indices: showSystemIndices } = req.query; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts index f51ca41ee4e9f..25f72a93c0c98 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts @@ -29,6 +29,9 @@ export function mlJobRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts index 4c95edeb718e1..a07b55b9be635 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts @@ -41,6 +41,9 @@ export function esNodeRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const showSystemIndices = req.payload.showSystemIndices ?? false; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/nodes.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/nodes.ts index f291af318bf9b..30bc527eea598 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/nodes.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/nodes.ts @@ -32,6 +32,9 @@ export function esNodesRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const { pagination, diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.ts index 2d3b3600085d4..0b97f9ea63363 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch/overview.ts @@ -34,6 +34,9 @@ export function esOverviewRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts index df2fafa2a952c..1aa326d872654 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts @@ -18,6 +18,9 @@ export function clusterSettingsCheckRoute(server: MonitoringCore) { method: 'get', path: '/api/monitoring/v1/elasticsearch_settings/check/cluster', validate: {}, + options: { + access: 'internal', + }, async handler(req) { try { const response = await checkClusterSettings(req); // needs to be try/catch to handle privilege error diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts index 192d5b995e10c..65726a56d8473 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts @@ -83,6 +83,9 @@ export function internalMonitoringCheckRoute(server: MonitoringCore, npRoute: Ro validate: { body: validateBody, }, + options: { + access: 'internal', + }, }, async (context, request, response) => { try { diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts index 90c37c6f910c9..6edabba7e7646 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts @@ -18,6 +18,9 @@ export function nodesSettingsCheckRoute(server: MonitoringCore) { method: 'get', path: '/api/monitoring/v1/elasticsearch_settings/check/nodes', validate: {}, + options: { + access: 'internal', + }, async handler(req) { try { const response = await checkNodesSettings(req); // needs to be try/catch to handle privilege error diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts index 941818699ede2..c171a20917c1f 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts @@ -18,6 +18,9 @@ export function setCollectionEnabledRoute(server: MonitoringCore) { method: 'put', path: '/api/monitoring/v1/elasticsearch_settings/set/collection_enabled', validate: {}, + options: { + access: 'internal', + }, async handler(req) { try { const response = await setCollectionEnabled(req); diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts index eb4798efc36cc..8cb27c86fac0c 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts @@ -18,6 +18,9 @@ export function setCollectionIntervalRoute(server: MonitoringCore) { method: 'put', path: '/api/monitoring/v1/elasticsearch_settings/set/collection_interval', validate: {}, + options: { + access: 'internal', + }, async handler(req) { try { const response = await setCollectionInterval(req); diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/enterprise_search/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/enterprise_search/overview.ts index 6581b52655cee..2491e391c3947 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/enterprise_search/overview.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/enterprise_search/overview.ts @@ -28,6 +28,9 @@ export function entSearchOverviewRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const clusterUuid = req.params.clusterUuid; try { diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instance.ts b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instance.ts index d93b4ad829186..c265bbc9f4e27 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instance.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instance.ts @@ -29,6 +29,9 @@ export function kibanaInstanceRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req: LegacyRequest) { const clusterUuid = req.params.clusterUuid; const kibanaUuid = req.params.kibanaUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instances.ts b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instances.ts index ebd8c870c33d1..0d63a12eff74a 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instances.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/instances.ts @@ -27,6 +27,9 @@ export function kibanaInstancesRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/overview.ts index 936dbd95c1727..f398a1bda59d7 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/kibana/overview.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/kibana/overview.ts @@ -29,6 +29,9 @@ export function kibanaOverviewRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/node.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/node.ts index 4c0088b4112e6..5c7bbc36b168c 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/node.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/node.ts @@ -34,6 +34,9 @@ export function logstashNodeRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/nodes.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/nodes.ts index 169165b0893fe..c4e32d86eec3a 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/nodes.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/nodes.ts @@ -26,6 +26,9 @@ export function logstashNodesRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/overview.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/overview.ts index 8937c1dc7a9ad..26d63693fd6dd 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/overview.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/overview.ts @@ -28,6 +28,9 @@ export function logstashOverviewRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipeline.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipeline.ts index ba4eb941f7ffe..99c0a054cc2e1 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipeline.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipeline.ts @@ -34,6 +34,9 @@ export function logstashPipelineRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts index fe4d2c2b64ed7..791b6a5b16aec 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts @@ -25,6 +25,9 @@ export function logstashClusterPipelineIdsRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const config = server.config; const clusterUuid = req.params.clusterUuid; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts index 07404c28894c4..452be9d2896c6 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts @@ -35,6 +35,9 @@ export function logstashClusterPipelinesRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const { pagination, diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts index 8cf74c1d93cc7..19cd898267fad 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts @@ -34,6 +34,9 @@ export function logstashNodePipelinesRoute(server: MonitoringCore) { params: validateParams, body: validateBody, }, + options: { + access: 'internal', + }, async handler(req) { const { pagination, diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts b/x-pack/plugins/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts index 7f8a03cf03c6b..4ebd330270bb4 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts @@ -35,6 +35,9 @@ export function clusterSetupStatusRoute(server: MonitoringCore) { query: validateQuery, body: validateBody, }, + options: { + access: 'internal', + }, handler: async (req) => { const clusterUuid = req.params.clusterUuid; const skipLiveData = req.query.skipLiveData; diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts b/x-pack/plugins/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts index cdecf346bae9d..59426eeaa99b4 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts @@ -19,6 +19,9 @@ export function disableElasticsearchInternalCollectionRoute(server: MonitoringCo validate: { params: createValidationFunction(postDisableInternalCollectionRequestParamsRT), }, + options: { + access: 'internal', + }, handler: async (req) => { // NOTE using try/catch because checkMonitoringAuth is expected to throw // an error when current logged-in user doesn't have permission to read diff --git a/x-pack/plugins/monitoring/server/routes/api/v1/setup/node_setup_status.ts b/x-pack/plugins/monitoring/server/routes/api/v1/setup/node_setup_status.ts index 58d51fa3edcf2..7f91386020228 100644 --- a/x-pack/plugins/monitoring/server/routes/api/v1/setup/node_setup_status.ts +++ b/x-pack/plugins/monitoring/server/routes/api/v1/setup/node_setup_status.ts @@ -35,6 +35,9 @@ export function nodeSetupStatusRoute(server: MonitoringCore) { query: validateQuery, body: validateBody, }, + options: { + access: 'internal', + }, handler: async (req) => { const nodeUuid = req.params.nodeUuid; const skipLiveData = req.query.skipLiveData; diff --git a/x-pack/plugins/monitoring_collection/server/routes/api/v1/dynamic_route/get_metrics_by_type.ts b/x-pack/plugins/monitoring_collection/server/routes/api/v1/dynamic_route/get_metrics_by_type.ts index 4d18eeb6ec922..95e1770826d6f 100644 --- a/x-pack/plugins/monitoring_collection/server/routes/api/v1/dynamic_route/get_metrics_by_type.ts +++ b/x-pack/plugins/monitoring_collection/server/routes/api/v1/dynamic_route/get_metrics_by_type.ts @@ -37,6 +37,7 @@ export function registerDynamicRoute({ { path: `${MONITORING_COLLECTION_BASE_PATH}/{type}`, options: { + access: 'internal', authRequired: true, tags: ['api'], // ensures that unauthenticated calls receive a 401 rather than a 302 redirect to login page }, diff --git a/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/general_settings.ts b/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/general_settings.ts index e7d04ffa3d97c..07db609558346 100644 --- a/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/general_settings.ts +++ b/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/general_settings.ts @@ -546,7 +546,7 @@ export const generalSettings: RawSettingDefinition[] = [ 'as it can lead to an explosion of transaction groups.\n' + 'Take a look at the `transaction_name_groups` option on how to mitigate this problem by grouping URLs together.', }), - includeAgents: ['java'], + includeAgents: ['java', 'dotnet'], }, { @@ -565,6 +565,6 @@ export const generalSettings: RawSettingDefinition[] = [ 'such as `GET /users/42/cart` and `GET /users/73/cart` into a single transaction name `GET /users/*/cart`,\n' + 'hence reducing the transaction name cardinality.', }), - includeAgents: ['java'], + includeAgents: ['java', 'dotnet'], }, ]; diff --git a/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml b/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml index 60c8a74d75b88..d37137302fd21 100644 --- a/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml +++ b/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml @@ -15,6 +15,7 @@ paths: post: summary: Create an APM agent key description: Create a new agent key for APM. + operationId: createAgentKey tags: - APM agent keys requestBody: @@ -56,6 +57,7 @@ paths: get: summary: Search for annotations description: Search for annotations related to a specific service. + operationId: getAnnotation tags: - APM annotations parameters: @@ -110,6 +112,7 @@ paths: post: summary: Create a service annotation description: Create a new annotation for a specific service. + operationId: createAnnotation tags: - APM annotations parameters: diff --git a/x-pack/plugins/observability_solution/apm/public/components/alerting/utils/fields.tsx b/x-pack/plugins/observability_solution/apm/public/components/alerting/utils/fields.tsx index 14b10cb24ea30..53b327300c215 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/alerting/utils/fields.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/alerting/utils/fields.tsx @@ -5,9 +5,9 @@ * 2.0. */ import moment from 'moment'; -import { EuiFieldNumber } from '@elastic/eui'; +import { EuiExpression, EuiFieldNumber, EuiFormRow, EuiPopover } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import React from 'react'; +import React, { useState } from 'react'; import { ERROR_GROUP_ID, SERVICE_ENVIRONMENT, @@ -42,7 +42,7 @@ export function ServiceField({ void; step?: number; }) { + const [thresholdPopoverOpen, serThresholdPopoverOpen] = useState(false); + const [isAboveValue, setIsAboveValue] = useState(String(value)); + return ( - { + serThresholdPopoverOpen(false); + }} + button={ + { + serThresholdPopoverOpen(true); + }} + /> + } > - onChange(parseInt(e.target.value, 10))} - append={unit} - compressed - step={step} - /> - + + { + const thresholdVal = e.target.value; + // Update the value to continue typing (if user stopped at . or ,) + setIsAboveValue(thresholdVal); + // Only send the value back to the rule if it's a valid number + if (!isNaN(Number(thresholdVal))) { + onChange(Number(thresholdVal)); + } + }} + append={unit} + isInvalid={!isNumeric(isAboveValue)} + compressed + step={step} + /> + + ); } diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/dashboard_catalog.ts b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/dashboard_catalog.ts index 7293c045093f1..2d3ea5fded80b 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/dashboard_catalog.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/dashboard_catalog.ts @@ -9,6 +9,9 @@ export const AGENT_NAME_DASHBOARD_FILE_MAPPING: Record = { nodejs: 'nodejs', 'opentelemetry/nodejs': 'opentelemetry_nodejs', java: 'java', + 'opentelemetry/java': 'opentelemetry_java', + 'opentelemetry/java/opentelemetry-java-instrumentation': 'opentelemetry_java', + 'opentelemetry/java/elastic': 'opentelemetry_java', }; /** @@ -35,6 +38,12 @@ export async function loadDashboardFile(filename: string): Promise { './java.json' ); } + case 'opentelemetry_java': { + return import( + /* webpackChunkName: "lazyJavaDashboard" */ + './opentelemetry_java.json' + ); + } default: { break; } diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/opentelemetry_java.json b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/opentelemetry_java.json new file mode 100644 index 0000000000000..727caf4636a67 --- /dev/null +++ b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/dashboards/opentelemetry_java.json @@ -0,0 +1 @@ +{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"1b6a901c-d055-485f-b404-9a86fd52985d\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"1b6a901c-d055-485f-b404-9a86fd52985d\",\"fieldName\":\"service.node.name\",\"title\":\"Node name\",\"grow\":true,\"width\":\"medium\",\"enhancements\":{},\"selectedOptions\":[]}}}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"agent.name : \\\"opentelemetry/java/opentelemetry-java-instrumentation\\\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":10,\"i\":\"7b6cce32-fe3c-47a3-8784-6646ee4d5b24\"},\"panelIndex\":\"7b6cce32-fe3c-47a3-8784-6646ee4d5b24\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-ffdfcd10-9cab-4806-813b-5c1c5053584e\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"03bdc1b7-9f72-4d24-89ae-72014a51a251\",\"isTransposed\":false,\"oneClickFilter\":false},{\"columnId\":\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\",\"isTransposed\":false},{\"columnId\":\"fc9f178f-1bf3-4ec9-b709-2cf563038d8b\",\"isTransposed\":false},{\"columnId\":\"fd3d4405-64dd-4bdd-b5a6-79a89e9d7730\",\"isTransposed\":false},{\"columnId\":\"8bf5c093-6115-4f73-a279-1dd576647e20\",\"isTransposed\":false},{\"columnId\":\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7d\",\"isTransposed\":false,\"colorMode\":\"text\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#209280\",\"stop\":0.6},{\"color\":\"#54b399\",\"stop\":0.7},{\"color\":\"#d6bf57\",\"stop\":0.8},{\"color\":\"#e7664c\",\"stop\":0.9},{\"color\":\"#cc5642\",\"stop\":1.9}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#54b399\",\"stop\":0.6},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#e7664c\",\"stop\":0.8},{\"color\":\"#cc5642\",\"stop\":0.9}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null,\"rangeType\":\"number\"}},\"isMetric\":true},{\"columnId\":\"68989fb9-3c56-406d-bb30-3d3a56a19d1b\",\"isTransposed\":false,\"isMetric\":true,\"colorMode\":\"text\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#209280\",\"stop\":0.5},{\"color\":\"#54b399\",\"stop\":0.7},{\"color\":\"#d6bf57\",\"stop\":0.8},{\"color\":\"#e7664c\",\"stop\":0.9},{\"color\":\"#cc5642\",\"stop\":1.9}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#54b399\",\"stop\":0.5},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#e7664c\",\"stop\":0.8},{\"color\":\"#cc5642\",\"stop\":0.9}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null,\"rangeType\":\"number\"}}}],\"layerId\":\"ffdfcd10-9cab-4806-813b-5c1c5053584e\",\"layerType\":\"data\"},\"query\":{\"query\":\"(not agent.name :\\\"java\\\" ) and (jvm.cpu.recent_utilization :* or jvm.memory.used:* or jvm.thread.count :*)\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ffdfcd10-9cab-4806-813b-5c1c5053584e\":{\"columns\":{\"03bdc1b7-9f72-4d24-89ae-72014a51a251\":{\"label\":\"JVM (Top 10)\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"service.node.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\":{\"label\":\"Heap memory avg\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":1}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type : \\\"heap\\\" \",\"language\":\"kuery\"}},\"fc9f178f-1bf3-4ec9-b709-2cf563038d8b\":{\"label\":\"Non-heap memory avg\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":1}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"non_heap\\\" \",\"language\":\"kuery\"}},\"fd3d4405-64dd-4bdd-b5a6-79a89e9d7730\":{\"label\":\"Thread count max\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"jvm.thread.count\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true},\"8bf5c093-6115-4f73-a279-1dd576647e20\":{\"label\":\"Host name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX0\":{\"label\":\"Part of Heap usage avg [%]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX1\":{\"label\":\"Part of Heap usage avg [%]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX2\":{\"label\":\"Part of Heap usage avg [%]\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX0\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX1\"],\"location\":{\"min\":0,\"max\":50},\"text\":\"average(jvm.memory.used)/average(jvm.memory.limit)\"}},\"references\":[\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX0\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX1\"],\"customLabel\":true},\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7d\":{\"label\":\"Heap usage avg [%]\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"average(jvm.memory.used)/average(jvm.memory.limit)\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":1}}},\"references\":[\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX2\"],\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"customLabel\":true},\"68989fb9-3c56-406d-bb30-3d3a56a19d1b\":{\"label\":\"CPU avg\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.cpu.recent_utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":1}}},\"customLabel\":true}},\"columnOrder\":[\"03bdc1b7-9f72-4d24-89ae-72014a51a251\",\"8bf5c093-6115-4f73-a279-1dd576647e20\",\"68989fb9-3c56-406d-bb30-3d3a56a19d1b\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7d\",\"bc1e385f-8a20-4227-980c-ee1f462e9c5b\",\"fc9f178f-1bf3-4ec9-b709-2cf563038d8b\",\"fd3d4405-64dd-4bdd-b5a6-79a89e9d7730\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX0\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX1\",\"b39b043b-9abc-4a0e-b15c-f82e84f0fb7dX2\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":15,\"i\":\"5e044c2f-a316-4180-8f21-571fec481377\"},\"panelIndex\":\"5e044c2f-a316-4180-8f21-571fec481377\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a\",\"type\":\"index-pattern\"},{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-2df2bccd-257b-4ec4-ba84-b022128ff511\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"maxLines\":1,\"showSingleSeries\":true,\"shouldTruncate\":true,\"isInside\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"Usage [bytes]\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"7f101489-db13-43e3-a1cd-fc0e9117361a\",\"accessors\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\"},{\"layerId\":\"2df2bccd-257b-4ec4-ba84-b022128ff511\",\"layerType\":\"data\",\"accessors\":[\"8cbe1326-c46a-437b-ad96-5fb9feefa997\"],\"seriesType\":\"line\",\"xAccessor\":\"51a76fb0-bc4e-4c0c-aa43-38b96b8778a0\"}],\"valuesInLegend\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7f101489-db13-43e3-a1cd-fc0e9117361a\":{\"columns\":{\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\":{\"label\":\"Avg. committed\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.committed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"}},\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\":{\"label\":\"Avg. used\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"}}},\"columnOrder\":[\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\",\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"apm_static_data_view_id_default\"},\"2df2bccd-257b-4ec4-ba84-b022128ff511\":{\"linkToLayers\":[],\"columns\":{\"51a76fb0-bc4e-4c0c-aa43-38b96b8778a0\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"8cbe1326-c46a-437b-ad96-5fb9feefa997\":{\"label\":\"Limit\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"}}},\"columnOrder\":[\"51a76fb0-bc4e-4c0c-aa43-38b96b8778a0\",\"8cbe1326-c46a-437b-ad96-5fb9feefa997\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"apm_static_data_view_id_default\"}},\"currentIndexPatternId\":\"apm_static_data_view_id_default\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Heap memory usage\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":24,\"h\":15,\"i\":\"5dd8b3f8-67f4-41d3-84f2-37d20d0f4020\"},\"panelIndex\":\"5dd8b3f8-67f4-41d3-84f2-37d20d0f4020\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"maxLines\":1,\"showSingleSeries\":true,\"shouldTruncate\":true,\"isInside\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"Usage [bytes]\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"7f101489-db13-43e3-a1cd-fc0e9117361a\",\"accessors\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\"}],\"valuesInLegend\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7f101489-db13-43e3-a1cd-fc0e9117361a\":{\"columns\":{\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\":{\"label\":\"Avg. committed\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.committed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type : \\\"non_heap\\\" \",\"language\":\"kuery\"}},\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\":{\"label\":\"Avg. used\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true,\"filter\":{\"query\":\"labels.jvm_memory_type : \\\"non_heap\\\" \",\"language\":\"kuery\"}}},\"columnOrder\":[\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\",\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"7d04d69b-99a3-462c-b4fd-0b51bd50a508\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"apm_static_data_view_id_default\"}},\"currentIndexPatternId\":\"apm_static_data_view_id_default\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Non-heap memory usage\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":40,\"w\":24,\"h\":15,\"i\":\"ca9786a7-abfe-452c-9c89-ab331870ca68\"},\"panelIndex\":\"ca9786a7-abfe-452c-9c89-ab331870ca68\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"maxLines\":1,\"showSingleSeries\":true,\"shouldTruncate\":true,\"isInside\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"Usage [%]\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"7f101489-db13-43e3-a1cd-fc0e9117361a\",\"accessors\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\",\"splitAccessor\":\"40532e8d-8c6f-4e08-a07f-4fd9a058d5cf\"}],\"valuesInLegend\":false},\"query\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7f101489-db13-43e3-a1cd-fc0e9117361a\":{\"columns\":{\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX0\":{\"label\":\"Part of Avg. usage\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX1\":{\"label\":\"Part of Avg. usage\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX2\":{\"label\":\"Part of Avg. usage\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX0\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX1\"],\"location\":{\"min\":0,\"max\":50},\"text\":\"average(jvm.memory.used)/average(jvm.memory.limit)\"}},\"references\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX0\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX1\"],\"customLabel\":true},\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\":{\"label\":\"Avg. usage\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"average(jvm.memory.used)/average(jvm.memory.limit)\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"references\":[\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX2\"],\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"customLabel\":true},\"40532e8d-8c6f-4e08-a07f-4fd9a058d5cf\":{\"label\":\"Top 3 values of labels.jvm_memory_pool_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"labels.jvm_memory_pool_name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"40532e8d-8c6f-4e08-a07f-4fd9a058d5cf\",\"ef5df4a6-4c75-41f2-8aca-c15b4bcf394c\",\"009fb3d0-5ef3-450e-822c-ab6d936c50eb\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX0\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX1\",\"009fb3d0-5ef3-450e-822c-ab6d936c50ebX2\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"\"},\"title\":\"Heap memory usage by pool\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":15,\"i\":\"4d8c0963-10dc-4ade-bb61-cbce3965daa5\"},\"panelIndex\":\"4d8c0963-10dc-4ade-bb61-cbce3965daa5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-c250b2e7-1fbf-4b7b-9f85-ddfd0edeb332\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"4bee55ff-0735-4106-8e03-c68b714c86bd\"},{\"isTransposed\":false,\"columnId\":\"6630a2e5-966f-42e9-9621-60dfc2b7acfd\",\"colorMode\":\"none\"},{\"columnId\":\"0e3b242f-bb52-44fd-bb92-41cc1d0b9e06\",\"isTransposed\":false},{\"columnId\":\"31a2ee0a-02ec-46e9-877a-0e86e2c09abb\",\"isTransposed\":false,\"colorMode\":\"none\"},{\"columnId\":\"8c139e35-5893-41aa-a82d-f1c9e16fac1b\",\"isTransposed\":false,\"colorMode\":\"text\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#209280\",\"stop\":0.5},{\"color\":\"#54b399\",\"stop\":0.6},{\"color\":\"#d6bf57\",\"stop\":0.7},{\"color\":\"#e7664c\",\"stop\":0.8},{\"color\":\"#cc5642\",\"stop\":1.8}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#54b399\",\"stop\":0.5},{\"color\":\"#d6bf57\",\"stop\":0.6},{\"color\":\"#e7664c\",\"stop\":0.7},{\"color\":\"#cc5642\",\"stop\":0.8}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null,\"rangeType\":\"number\"}}}],\"layerId\":\"c250b2e7-1fbf-4b7b-9f85-ddfd0edeb332\",\"layerType\":\"data\"},\"query\":{\"query\":\"labels.jvm_memory_type :\\\"heap\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c250b2e7-1fbf-4b7b-9f85-ddfd0edeb332\":{\"columns\":{\"4bee55ff-0735-4106-8e03-c68b714c86bd\":{\"label\":\"Memory pool\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"labels.jvm_memory_pool_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6630a2e5-966f-42e9-9621-60dfc2b7acfd\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6630a2e5-966f-42e9-9621-60dfc2b7acfd\":{\"label\":\"Committed [bytes]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.committed\",\"isBucketed\":false,\"scale\":\"ratio\",\"reducedTimeRange\":\"5m\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"emptyAsNull\":true},\"customLabel\":true},\"0e3b242f-bb52-44fd-bb92-41cc1d0b9e06\":{\"label\":\"Limit [bytes]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"reducedTimeRange\":\"5m\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"emptyAsNull\":true},\"customLabel\":true},\"31a2ee0a-02ec-46e9-877a-0e86e2c09abb\":{\"label\":\"Used [bytes]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"reducedTimeRange\":\"5m\",\"params\":{\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}},\"emptyAsNull\":true},\"customLabel\":true},\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX0\":{\"label\":\"Part of Used [%]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.used\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"jvm.memory.used: *\",\"language\":\"kuery\"},\"reducedTimeRange\":\"5m\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX1\":{\"label\":\"Part of Used [%]\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.memory.limit\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"jvm.memory.limit: *\",\"language\":\"kuery\"},\"reducedTimeRange\":\"5m\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX2\":{\"label\":\"Part of Used [%]\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX0\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX1\"],\"location\":{\"min\":0,\"max\":103},\"text\":\"average(jvm.memory.used, kql='jvm.memory.used: *')/average(jvm.memory.limit, kql='jvm.memory.limit: *')\"}},\"references\":[\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX0\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX1\"],\"customLabel\":true},\"8c139e35-5893-41aa-a82d-f1c9e16fac1b\":{\"label\":\"Used [%]\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"average(jvm.memory.used, kql='jvm.memory.used: *')/average(jvm.memory.limit, kql='jvm.memory.limit: *')\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"references\":[\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX2\"],\"reducedTimeRange\":\"5m\",\"customLabel\":true}},\"columnOrder\":[\"4bee55ff-0735-4106-8e03-c68b714c86bd\",\"0e3b242f-bb52-44fd-bb92-41cc1d0b9e06\",\"6630a2e5-966f-42e9-9621-60dfc2b7acfd\",\"31a2ee0a-02ec-46e9-877a-0e86e2c09abb\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1b\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX0\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX1\",\"8c139e35-5893-41aa-a82d-f1c9e16fac1bX2\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"apm_static_data_view_id_default\"}},\"currentIndexPatternId\":\"apm_static_data_view_id_default\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Heap memory pools\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":15,\"i\":\"298e0934-8feb-44b8-8e5e-246a173a7036\"},\"panelIndex\":\"298e0934-8feb-44b8-8e5e-246a173a7036\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-f29b4866-f576-49a4-af42-efafad81d0ff\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"f29b4866-f576-49a4-af42-efafad81d0ff\",\"accessors\":[\"2cb44b2f-fff3-45e4-b40e-e067daf21b52\",\"2d12ce33-9691-4f4a-9717-eab6e4fed767\",\"3ac12c4e-f2c9-4914-b461-1ec3e96ac6e7\",\"28a6e0b4-1f21-4b22-b006-aa2d8ff69b27\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"fd579e72-9688-4cc3-987a-814c255ef7a4\",\"yConfig\":[{\"forAccessor\":\"3ac12c4e-f2c9-4914-b461-1ec3e96ac6e7\",\"color\":\"#d6bf57\"},{\"forAccessor\":\"28a6e0b4-1f21-4b22-b006-aa2d8ff69b27\",\"color\":\"#da8b45\"}]}],\"yTitle\":\"Utilization [%]\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f29b4866-f576-49a4-af42-efafad81d0ff\":{\"columns\":{\"fd579e72-9688-4cc3-987a-814c255ef7a4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2cb44b2f-fff3-45e4-b40e-e067daf21b52\":{\"label\":\"System average\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.system.cpu.utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"2d12ce33-9691-4f4a-9717-eab6e4fed767\":{\"label\":\"System max\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"jvm.system.cpu.utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"3ac12c4e-f2c9-4914-b461-1ec3e96ac6e7\":{\"label\":\"Process average\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.cpu.recent_utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"28a6e0b4-1f21-4b22-b006-aa2d8ff69b27\":{\"label\":\"Process max\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"jvm.cpu.recent_utilization\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2,\"compact\":false}}},\"customLabel\":true}},\"columnOrder\":[\"fd579e72-9688-4cc3-987a-814c255ef7a4\",\"2cb44b2f-fff3-45e4-b40e-e067daf21b52\",\"2d12ce33-9691-4f4a-9717-eab6e4fed767\",\"3ac12c4e-f2c9-4914-b461-1ec3e96ac6e7\",\"28a6e0b4-1f21-4b22-b006-aa2d8ff69b27\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"apm_static_data_view_id_default\"}},\"currentIndexPatternId\":\"apm_static_data_view_id_default\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"CPU Usage\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":40,\"w\":24,\"h\":15,\"i\":\"042cf2ef-9cd4-458c-87be-e6ac2c9d6d7e\"},\"panelIndex\":\"042cf2ef-9cd4-458c-87be-e6ac2c9d6d7e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"apm_static_data_view_id_default\",\"name\":\"indexpattern-datasource-layer-ba118f97-82fd-4867-ae97-a071c22c7360\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"ba118f97-82fd-4867-ae97-a071c22c7360\",\"accessors\":[\"adb88f79-f380-4a6a-9f90-91316ececf1f\",\"92bdf4ef-b458-4c05-b4a3-d65db50c0ecc\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69640a9f-0f72-46d0-94b2-47930dc0272e\"}],\"yTitle\":\"Thread count\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ba118f97-82fd-4867-ae97-a071c22c7360\":{\"columns\":{\"69640a9f-0f72-46d0-94b2-47930dc0272e\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"adb88f79-f380-4a6a-9f90-91316ececf1f\":{\"label\":\"Max\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"jvm.thread.count\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"92bdf4ef-b458-4c05-b4a3-d65db50c0ecc\":{\"label\":\"Average\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"jvm.thread.count\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69640a9f-0f72-46d0-94b2-47930dc0272e\",\"92bdf4ef-b458-4c05-b4a3-d65db50c0ecc\",\"adb88f79-f380-4a6a-9f90-91316ececf1f\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Thread count\"}]","timeRestore":false,"title":"JVM-Dashboard - otel","version":2},"coreMigrationVersion":"8.8.0","created_at":"2024-04-30T09:07:18.434Z","created_by":"u_2555277038_cloud","id":"f29edbb0-2a0e-11ee-ba40-b1a1a11f1941","managed":false,"references":[{"id":"apm_static_data_view_id_default","name":"7b6cce32-fe3c-47a3-8784-6646ee4d5b24:indexpattern-datasource-layer-ffdfcd10-9cab-4806-813b-5c1c5053584e","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"5e044c2f-a316-4180-8f21-571fec481377:indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"5e044c2f-a316-4180-8f21-571fec481377:indexpattern-datasource-layer-2df2bccd-257b-4ec4-ba84-b022128ff511","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"5dd8b3f8-67f4-41d3-84f2-37d20d0f4020:indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"ca9786a7-abfe-452c-9c89-ab331870ca68:indexpattern-datasource-layer-7f101489-db13-43e3-a1cd-fc0e9117361a","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"4d8c0963-10dc-4ade-bb61-cbce3965daa5:indexpattern-datasource-layer-c250b2e7-1fbf-4b7b-9f85-ddfd0edeb332","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"298e0934-8feb-44b8-8e5e-246a173a7036:indexpattern-datasource-layer-f29b4866-f576-49a4-af42-efafad81d0ff","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"042cf2ef-9cd4-458c-87be-e6ac2c9d6d7e:indexpattern-datasource-layer-ba118f97-82fd-4867-ae97-a071c22c7360","type":"index-pattern"},{"id":"apm_static_data_view_id_default","name":"controlGroup_1b6a901c-d055-485f-b404-9a86fd52985d:optionsListDataView","type":"index-pattern"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2024-04-30T09:07:18.434Z","version":"WzkyNiwyXQ=="} diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_map/popover/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_map/popover/index.tsx index b2abed890ee35..a66f77909072d 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/service_map/popover/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_map/popover/index.tsx @@ -54,11 +54,15 @@ function getContentsComponent( return ResourceContents; } - if (isTraceExplorerEnabled && selectedElementData.source && selectedElementData.target) { + if (isTraceExplorerEnabled && selectedElementData.sourceData && selectedElementData.targetData) { return EdgeContents; } - return DependencyContents; + if (selectedElementData.label) { + return DependencyContents; + } + + return null; } export interface ContentsProps { @@ -100,7 +104,6 @@ export function Popover({ focusedServiceName, environment, kuery, start, end }: const x = box ? box.x1 + box.w / 2 : -10000; const y = box ? box.y1 + box.h / 2 : -10000; - const isOpen = !!selectedElement; const triggerStyle: CSSProperties = { background: 'transparent', height: renderedHeight, @@ -177,6 +180,8 @@ export function Popover({ focusedServiceName, environment, kuery, start, end }: const ContentsComponent = getContentsComponent(selectedElementData, isTraceExplorerEnabled); + const isOpen = !!selectedElement && !!ContentsComponent; + return ( - + {ContentsComponent && ( + + )} ); diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.stories.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.stories.tsx index 296f66a51e98b..2ccf0d64b41a1 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.stories.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.stories.tsx @@ -8,7 +8,7 @@ import { Meta, Story } from '@storybook/react'; import React, { ComponentProps } from 'react'; import { CoreStart } from '@kbn/core/public'; import { createKibanaReactContext } from '@kbn/kibana-react-plugin/public'; -import { ApiKey } from '@kbn/security-plugin/common/model'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import type { ApmPluginContextValue } from '../../../../context/apm_plugin/apm_plugin_context'; import { MockApmPluginContextWrapper } from '../../../../context/apm_plugin/mock_apm_plugin_context'; import { AgentKeysTable } from './agent_keys_table'; diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.tsx index 3fe05455307d0..142ffbd905637 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/agent_keys_table.tsx @@ -8,7 +8,7 @@ import React, { useState } from 'react'; import { i18n } from '@kbn/i18n'; import { EuiInMemoryTable, EuiBasicTableColumn, EuiInMemoryTableProps } from '@elastic/eui'; -import { ApiKey } from '@kbn/security-plugin/common/model'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import { TimestampTooltip } from '../../../shared/timestamp_tooltip'; import { ConfirmDeleteModal } from './confirm_delete_modal'; diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/confirm_delete_modal.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/confirm_delete_modal.tsx index 5974acdcb35e2..da7f39d5ad7d7 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/confirm_delete_modal.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/confirm_delete_modal.tsx @@ -8,7 +8,7 @@ import React, { useState } from 'react'; import { i18n } from '@kbn/i18n'; import { EuiConfirmModal } from '@elastic/eui'; -import { ApiKey } from '@kbn/security-plugin/common/model'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context'; import { callApmApi } from '../../../../services/rest/create_call_apm_api'; diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/index.tsx index 005bc9f33d9f1..960e4cac31663 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_keys/index.tsx @@ -17,7 +17,7 @@ import { EuiButton, EuiLoadingSpinner, } from '@elastic/eui'; -import { ApiKey } from '@kbn/security-plugin/common/model'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import { useFetcher, FETCH_STATUS } from '../../../../hooks/use_fetcher'; import { PermissionDenied } from './prompts/permission_denied'; import { ApiKeysNotEnabled } from './prompts/api_keys_not_enabled'; diff --git a/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys.ts b/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys.ts index b10f82f69aede..120b520a73edc 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/agent_keys/get_agent_keys.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { ApiKey } from '@kbn/security-plugin/common/model'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import { ApmPluginRequestHandlerContext } from '../typings'; export interface AgentKeysResponse { diff --git a/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts index 08bc47c44822a..1b3787e285eef 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts @@ -130,7 +130,7 @@ const deleteAgentConfigurationRoute = createApmServerRoute({ logger.info(`Deleting config ${service.name}/${service.environment} (${exactConfig.id})`); const deleteConfigurationResult = await deleteConfiguration({ - configurationId: exactConfig.id, + configurationId: exactConfig.id!, internalESClient, }); @@ -266,7 +266,7 @@ const agentConfigurationSearchRoute = createApmServerRoute({ if (willMarkAsApplied) { await markAppliedByAgent({ - id: configuration._id, + id: configuration._id!, body: configuration._source, internalESClient, }); diff --git a/x-pack/plugins/observability_solution/apm/tsconfig.json b/x-pack/plugins/observability_solution/apm/tsconfig.json index c763acff6ea85..375283b72f6b6 100644 --- a/x-pack/plugins/observability_solution/apm/tsconfig.json +++ b/x-pack/plugins/observability_solution/apm/tsconfig.json @@ -120,7 +120,10 @@ "@kbn/presentation-publishing", "@kbn/react-kibana-context-render", "@kbn/react-kibana-context-theme", - "@kbn/test-jest-helpers" + "@kbn/test-jest-helpers", + "@kbn/security-plugin-types-common" ], - "exclude": ["target/**/*"] + "exclude": [ + "target/**/*" + ] } diff --git a/x-pack/plugins/observability_solution/asset_manager/README.md b/x-pack/plugins/observability_solution/asset_manager/README.md deleted file mode 100644 index d73bfbb53b087..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Asset Manager Plugin - -This plugin provides access to observed asset data, such as information about hosts, pods, containers, services, and more. - -## Documentation - -### User Docs - -For those interested in making use of the APIs provided by this plugin, see [our API docs](./docs/api.md). - -### Developer Docs - -For those working on this plugin directly and developing it, please see [our development docs](./docs/development.md). diff --git a/x-pack/plugins/observability_solution/asset_manager/common/config.ts b/x-pack/plugins/observability_solution/asset_manager/common/config.ts deleted file mode 100644 index 22d1c2ace4578..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/common/config.ts +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { schema, TypeOf } from '@kbn/config-schema'; - -export const INDEX_DEFAULTS = { - logs: 'filebeat-*,logs-*', -}; - -export const configSchema = schema.object({ - alphaEnabled: schema.maybe(schema.boolean()), - // Designate where various types of data live. - // NOTE: this should be handled in a centralized way for observability, so - // that when a user configures these differently from the known defaults, - // that value is propagated everywhere. For now, we duplicate the value here. - sourceIndices: schema.object( - { - logs: schema.string({ defaultValue: INDEX_DEFAULTS.logs }), - }, - { defaultValue: INDEX_DEFAULTS } - ), -}); - -export type AssetManagerConfig = TypeOf; - -/** - * The following map is passed to the server plugin setup under the - * exposeToBrowser: option, and controls which of the above config - * keys are allow-listed to be available in the browser config. - * - * NOTE: anything exposed here will be visible in the UI dev tools, - * and therefore MUST NOT be anything that is sensitive information! - */ -export const exposeToBrowserConfig = { - alphaEnabled: true, -} as const; - -type ValidKeys = keyof { - [K in keyof typeof exposeToBrowserConfig as typeof exposeToBrowserConfig[K] extends true - ? K - : never]: true; -}; - -export type AssetManagerPublicConfig = Pick; diff --git a/x-pack/plugins/observability_solution/asset_manager/common/constants_routes.ts b/x-pack/plugins/observability_solution/asset_manager/common/constants_routes.ts deleted file mode 100644 index 6bbde84cc668b..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/common/constants_routes.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export const ASSET_MANAGER_API_BASE = '/api/asset-manager'; - -function base(path: string) { - return `${ASSET_MANAGER_API_BASE}${path}`; -} - -export const GET_ASSETS = base('/assets'); -export const GET_RELATED_ASSETS = base('/assets/related'); -export const GET_ASSETS_DIFF = base('/assets/diff'); - -export const GET_HOSTS = base('/assets/hosts'); -export const GET_SERVICES = base('/assets/services'); -export const GET_CONTAINERS = base('/assets/containers'); -export const GET_PODS = base('/assets/pods'); diff --git a/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts b/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts deleted file mode 100644 index 108e4b254343f..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/common/types_api.ts +++ /dev/null @@ -1,315 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import * as rt from 'io-ts'; -import { - dateRt, - inRangeFromStringRt, - datemathStringRt, - createLiteralValueFromUndefinedRT, -} from '@kbn/io-ts-utils'; - -export const assetTypeRT = rt.keyof({ - 'k8s.pod': null, - 'k8s.cluster': null, - 'k8s.node': null, -}); - -export type AssetType = rt.TypeOf; - -export const assetKindRT = rt.keyof({ - cluster: null, - host: null, - pod: null, - container: null, - service: null, -}); - -export type AssetKind = rt.TypeOf; - -export const assetStatusRT = rt.keyof({ - CREATING: null, - ACTIVE: null, - DELETING: null, - FAILED: null, - UPDATING: null, - PENDING: null, - UNKNOWN: null, -}); - -export type AssetStatus = rt.TypeOf; - -// https://github.com/gcanti/io-ts/blob/master/index.md#union-of-string-literals -export const cloudProviderNameRT = rt.keyof({ - aws: null, - gcp: null, - azure: null, - other: null, - unknown: null, - none: null, -}); - -export type CloudProviderName = rt.TypeOf; - -const withTimestampRT = rt.type({ - '@timestamp': rt.string, -}); - -export type WithTimestamp = rt.TypeOf; - -export const ECSDocumentRT = rt.intersection([ - withTimestampRT, - rt.partial({ - 'kubernetes.namespace': rt.string, - 'kubernetes.pod.name': rt.string, - 'kubernetes.pod.uid': rt.string, - 'kubernetes.pod.start_time': rt.string, - 'kubernetes.node.name': rt.string, - 'kubernetes.node.start_time': rt.string, - 'orchestrator.api_version': rt.string, - 'orchestrator.namespace': rt.string, - 'orchestrator.organization': rt.string, - 'orchestrator.type': rt.string, - 'orchestrator.cluster.id': rt.string, - 'orchestrator.cluster.name': rt.string, - 'orchestrator.cluster.url': rt.string, - 'orchestrator.cluster.version': rt.string, - 'cloud.provider': cloudProviderNameRT, - 'cloud.instance.id': rt.string, - 'cloud.region': rt.string, - 'cloud.service.name': rt.string, - 'service.environment': rt.string, - }), -]); - -export type ECSDocument = rt.TypeOf; - -export const assetRT = rt.intersection([ - ECSDocumentRT, - rt.type({ - 'asset.ean': rt.string, - 'asset.id': rt.string, - 'asset.kind': assetKindRT, - }), - // mixed required and optional require separate hashes combined via intersection - // https://github.com/gcanti/io-ts/blob/master/index.md#mixing-required-and-optional-props - rt.partial({ - 'asset.collection_version': rt.string, - 'asset.name': rt.string, - 'asset.type': assetTypeRT, - 'asset.status': assetStatusRT, - 'asset.parents': rt.union([rt.string, rt.array(rt.string)]), - 'asset.children': rt.union([rt.string, rt.array(rt.string)]), - 'asset.references': rt.union([rt.string, rt.array(rt.string)]), - 'asset.namespace': rt.string, - }), -]); - -export type Asset = rt.TypeOf; - -export type AssetWithoutTimestamp = Omit; - -export interface K8sPod extends WithTimestamp { - id: string; - name?: string; - ean: string; - node?: string; - cloud?: { - provider?: CloudProviderName; - region?: string; - }; -} - -export interface K8sNodeMetricBucket { - timestamp: number; - date?: string; - averageMemoryAvailable: number | null; - averageMemoryUsage: number | null; - maxMemoryUsage: number | null; - averageCpuCoreNs: number | null; - maxCpuCoreNs: number | null; -} - -export interface K8sNodeLog { - timestamp: number; - message: string; -} - -export interface K8sNode extends WithTimestamp { - id: string; - name?: string; - ean: string; - pods?: K8sPod[]; - cluster?: K8sCluster; - cloud?: { - provider?: CloudProviderName; - region?: string; - }; - metrics?: K8sNodeMetricBucket[]; - logs?: K8sNodeLog[]; -} - -export interface K8sCluster extends WithTimestamp { - name?: string; - nodes?: K8sNode[]; - ean: string; - status?: AssetStatus; - version?: string; - cloud?: { - provider?: CloudProviderName; - region?: string; - }; -} - -export const assetFiltersSingleKindRT = rt.exact( - rt.partial({ - type: rt.union([assetTypeRT, rt.array(assetTypeRT)]), - ean: rt.union([rt.string, rt.array(rt.string)]), - id: rt.string, - parentEan: rt.string, - ['cloud.provider']: rt.string, - ['cloud.region']: rt.string, - ['orchestrator.cluster.name']: rt.string, - }) -); - -export type SingleKindAssetFilters = rt.TypeOf; - -const supportedKindRT = rt.union([rt.literal('host'), rt.literal('service')]); -export const assetFiltersRT = rt.intersection([ - assetFiltersSingleKindRT, - rt.partial({ kind: rt.union([supportedKindRT, rt.array(supportedKindRT)]) }), -]); - -export type AssetFilters = rt.TypeOf; - -export const relationRT = rt.union([ - rt.literal('ancestors'), - rt.literal('descendants'), - rt.literal('references'), -]); - -export type Relation = rt.TypeOf; -export type RelationField = keyof Pick< - Asset, - 'asset.children' | 'asset.parents' | 'asset.references' ->; - -export const sizeRT = rt.union([ - inRangeFromStringRt(1, 100), - createLiteralValueFromUndefinedRT(10), -]); -export const assetDateRT = rt.union([dateRt, datemathStringRt]); - -/** - * Hosts - */ -export const getHostAssetsQueryOptionsRT = rt.intersection([ - rt.strict({ from: assetDateRT }), - rt.partial({ - to: assetDateRT, - size: sizeRT, - stringFilters: rt.string, - filters: assetFiltersSingleKindRT, - }), -]); -export type GetHostAssetsQueryOptions = rt.TypeOf; -export const getHostAssetsResponseRT = rt.type({ - hosts: rt.array(assetRT), -}); -export type GetHostAssetsResponse = rt.TypeOf; - -/** - * Containers - */ -export const getContainerAssetsQueryOptionsRT = rt.intersection([ - rt.strict({ from: assetDateRT }), - rt.partial({ - to: assetDateRT, - size: sizeRT, - stringFilters: rt.string, - filters: assetFiltersSingleKindRT, - }), -]); -export type GetContainerAssetsQueryOptions = rt.TypeOf; -export const getContainerAssetsResponseRT = rt.type({ - containers: rt.array(assetRT), -}); -export type GetContainerAssetsResponse = rt.TypeOf; - -/** - * Services - */ -export const getServiceAssetsQueryOptionsRT = rt.intersection([ - rt.strict({ from: assetDateRT }), - rt.partial({ - from: assetDateRT, - to: assetDateRT, - size: sizeRT, - stringFilters: rt.string, - filters: assetFiltersSingleKindRT, - }), -]); - -export type GetServiceAssetsQueryOptions = rt.TypeOf; -export const getServiceAssetsResponseRT = rt.type({ - services: rt.array(assetRT), -}); -export type GetServiceAssetsResponse = rt.TypeOf; - -/** - * Pods - */ -export const getPodAssetsQueryOptionsRT = rt.intersection([ - rt.strict({ from: assetDateRT }), - rt.partial({ - to: assetDateRT, - size: sizeRT, - stringFilters: rt.string, - filters: assetFiltersSingleKindRT, - }), -]); -export type GetPodAssetsQueryOptions = rt.TypeOf; -export const getPodAssetsResponseRT = rt.type({ - pods: rt.array(assetRT), -}); -export type GetPodAssetsResponse = rt.TypeOf; - -/** - * Assets - */ -export const getAssetsQueryOptionsRT = rt.intersection([ - rt.strict({ from: assetDateRT }), - rt.partial({ - to: assetDateRT, - size: sizeRT, - stringFilters: rt.string, - filters: assetFiltersRT, - }), -]); -export type GetAssetsQueryOptions = rt.TypeOf; -export const getAssetsResponseRT = rt.type({ - assets: rt.array(assetRT), -}); -export type GetAssetsResponse = rt.TypeOf; - -/** - * Managed entities enablement - */ -export const managedEntityEnabledResponseRT = rt.type({ - enabled: rt.boolean, - reason: rt.string, -}); -export type ManagedEntityEnabledResponse = rt.TypeOf; - -export const managedEntityResponseBase = rt.type({ - success: rt.boolean, - reason: rt.string, - message: rt.string, -}); -export type EnableManagedEntityResponse = rt.TypeOf; -export type DisableManagedEntityResponse = rt.TypeOf; diff --git a/x-pack/plugins/observability_solution/asset_manager/common/types_client.ts b/x-pack/plugins/observability_solution/asset_manager/common/types_client.ts deleted file mode 100644 index e779a8a15ae31..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/common/types_client.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { AssetFilters, SingleKindAssetFilters } from './types_api'; - -export interface SharedAssetsOptionsPublic { - from: string; - to?: string; - filters?: F; - stringFilters?: string; -} - -// Methods that return only a single "kind" of asset should not accept -// a filter of "kind" to filter by asset kinds - -export type GetHostsOptionsPublic = SharedAssetsOptionsPublic; -export type GetContainersOptionsPublic = SharedAssetsOptionsPublic; -export type GetPodsOptionsPublic = SharedAssetsOptionsPublic; -export type GetServicesOptionsPublic = SharedAssetsOptionsPublic; -export type GetAssetsOptionsPublic = SharedAssetsOptionsPublic; diff --git a/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.test.ts b/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.test.ts deleted file mode 100644 index 649bcfcb83dc3..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.test.ts +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { HttpSetupMock } from '@kbn/core-http-browser-mocks'; -import { coreMock } from '@kbn/core/public/mocks'; -import { PublicAssetsClient } from './public_assets_client'; -import * as routePaths from '../../common/constants_routes'; - -describe('Public assets client', () => { - let http: HttpSetupMock = coreMock.createSetup().http; - - beforeEach(() => { - http = coreMock.createSetup().http; - }); - - describe('class instantiation', () => { - it('should successfully instantiate', () => { - new PublicAssetsClient(http); - }); - }); - - describe('getHosts', () => { - it('should call the REST API', async () => { - const client = new PublicAssetsClient(http); - await client.getHosts({ from: 'x', to: 'y' }); - expect(http.get).toBeCalledTimes(1); - }); - - it('should include specified "from" and "to" parameters in http.get query', async () => { - const client = new PublicAssetsClient(http); - await client.getHosts({ from: 'x', to: 'y' }); - expect(http.get).toBeCalledWith(routePaths.GET_HOSTS, { - query: { from: 'x', to: 'y' }, - }); - }); - - it('should include provided filters, but in string form', async () => { - const client = new PublicAssetsClient(http); - const filters = { id: '*id-1*' }; - await client.getHosts({ from: 'x', filters }); - expect(http.get).toBeCalledWith(routePaths.GET_HOSTS, { - query: { - from: 'x', - stringFilters: JSON.stringify(filters), - }, - }); - }); - - it('should return the direct results of http.get', async () => { - const client = new PublicAssetsClient(http); - http.get.mockResolvedValueOnce('my hosts'); - const result = await client.getHosts({ from: 'x', to: 'y' }); - expect(result).toBe('my hosts'); - }); - }); - - describe('getContainers', () => { - it('should call the REST API', async () => { - const client = new PublicAssetsClient(http); - await client.getContainers({ from: 'x', to: 'y' }); - expect(http.get).toBeCalledTimes(1); - }); - - it('should include specified "from" and "to" parameters in http.get query', async () => { - const client = new PublicAssetsClient(http); - await client.getContainers({ from: 'x', to: 'y' }); - expect(http.get).toBeCalledWith(routePaths.GET_CONTAINERS, { - query: { from: 'x', to: 'y' }, - }); - }); - - it('should include provided filters, but in string form', async () => { - const client = new PublicAssetsClient(http); - const filters = { id: '*id-1*' }; - await client.getContainers({ from: 'x', filters }); - expect(http.get).toBeCalledWith(routePaths.GET_CONTAINERS, { - query: { - from: 'x', - stringFilters: JSON.stringify(filters), - }, - }); - }); - - it('should return the direct results of http.get', async () => { - const client = new PublicAssetsClient(http); - http.get.mockResolvedValueOnce('my hosts'); - const result = await client.getContainers({ from: 'x', to: 'y' }); - expect(result).toBe('my hosts'); - }); - }); - - describe('getServices', () => { - it('should call the REST API', async () => { - const client = new PublicAssetsClient(http); - await client.getServices({ from: 'x', to: 'y' }); - expect(http.get).toBeCalledTimes(1); - }); - - it('should include specified "from" and "to" parameters in http.get query', async () => { - const client = new PublicAssetsClient(http); - await client.getServices({ from: 'x', to: 'y' }); - expect(http.get).toBeCalledWith(routePaths.GET_SERVICES, { - query: { from: 'x', to: 'y' }, - }); - }); - - it('should include provided filters, but in string form', async () => { - const client = new PublicAssetsClient(http); - const filters = { id: '*id-1*', parentEan: 'container:123' }; - await client.getServices({ from: 'x', filters }); - expect(http.get).toBeCalledWith(routePaths.GET_SERVICES, { - query: { - from: 'x', - stringFilters: JSON.stringify(filters), - }, - }); - }); - - it('should return the direct results of http.get', async () => { - const client = new PublicAssetsClient(http); - http.get.mockResolvedValueOnce('my services'); - const result = await client.getServices({ from: 'x', to: 'y' }); - expect(result).toBe('my services'); - }); - }); -}); diff --git a/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.ts b/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.ts deleted file mode 100644 index 130e723da34a6..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/public/lib/public_assets_client.ts +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { HttpStart } from '@kbn/core/public'; -import { - GetContainersOptionsPublic, - GetHostsOptionsPublic, - GetServicesOptionsPublic, - GetPodsOptionsPublic, - GetAssetsOptionsPublic, -} from '../../common/types_client'; -import { - GetContainerAssetsResponse, - GetHostAssetsResponse, - GetServiceAssetsResponse, - GetPodAssetsResponse, - GetAssetsResponse, -} from '../../common/types_api'; -import { - GET_CONTAINERS, - GET_HOSTS, - GET_SERVICES, - GET_PODS, - GET_ASSETS, -} from '../../common/constants_routes'; -import { IPublicAssetsClient } from '../types'; - -export class PublicAssetsClient implements IPublicAssetsClient { - constructor(private readonly http: HttpStart) {} - - async getHosts(options: GetHostsOptionsPublic) { - const { filters, ...otherOptions } = options; - const results = await this.http.get(GET_HOSTS, { - query: { - stringFilters: JSON.stringify(filters), - ...otherOptions, - }, - }); - - return results; - } - - async getContainers(options: GetContainersOptionsPublic) { - const { filters, ...otherOptions } = options; - const results = await this.http.get(GET_CONTAINERS, { - query: { - stringFilters: JSON.stringify(filters), - ...otherOptions, - }, - }); - - return results; - } - - async getServices(options: GetServicesOptionsPublic) { - const { filters, ...otherOptions } = options; - const results = await this.http.get(GET_SERVICES, { - query: { - stringFilters: JSON.stringify(filters), - ...otherOptions, - }, - }); - - return results; - } - - async getPods(options: GetPodsOptionsPublic) { - const { filters, ...otherOptions } = options; - const results = await this.http.get(GET_PODS, { - query: { - stringFilters: JSON.stringify(filters), - ...otherOptions, - }, - }); - - return results; - } - - async getAssets(options: GetAssetsOptionsPublic) { - const { filters, ...otherOptions } = options; - const results = await this.http.get(GET_ASSETS, { - query: { - stringFilters: JSON.stringify(filters), - ...otherOptions, - }, - }); - - return results; - } -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/index.ts b/x-pack/plugins/observability_solution/asset_manager/server/index.ts deleted file mode 100644 index 86e5e855a74c9..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/index.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { PluginInitializerContext } from '@kbn/core-plugins-server'; -import { AssetManagerConfig } from '../common/config'; -import { AssetManagerServerPluginSetup, AssetManagerServerPluginStart, config } from './plugin'; -import type { WriteSamplesPostBody } from './routes/sample_assets'; - -export type { - AssetManagerConfig, - WriteSamplesPostBody, - AssetManagerServerPluginSetup, - AssetManagerServerPluginStart, -}; -export { config }; - -export const plugin = async (context: PluginInitializerContext) => { - const { AssetManagerServerPlugin } = await import('./plugin'); - return new AssetManagerServerPlugin(context); -}; diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.test.ts deleted file mode 100644 index 8a7aad907a368..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.test.ts +++ /dev/null @@ -1,357 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks'; -import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks'; -import { GetApmIndicesMethod } from '../../asset_client_types'; -import { getContainers } from './get_containers'; -import { - createGetApmIndicesMock, - expectToThrowValidationErrorWithStatusCode, -} from '../../../test_utils'; -import { MetricsDataClient, MetricsDataClientMock } from '@kbn/metrics-data-access-plugin/server'; -import { SearchRequest } from '@elastic/elasticsearch/lib/api/types'; - -function createBaseOptions({ - getApmIndicesMock, - metricsDataClientMock, -}: { - getApmIndicesMock: GetApmIndicesMethod; - metricsDataClientMock: MetricsDataClient; -}) { - return { - sourceIndices: { - logs: 'my-logs*', - }, - getApmIndices: getApmIndicesMock, - metricsClient: metricsDataClientMock, - }; -} - -describe('getContainers', () => { - let getApmIndicesMock = createGetApmIndicesMock(); - let metricsDataClientMock = MetricsDataClientMock.create(); - let baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock }); - let esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser; - let soClientMock = savedObjectsClientMock.create(); - - function resetMocks() { - getApmIndicesMock = createGetApmIndicesMock(); - metricsDataClientMock = MetricsDataClientMock.create(); - baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock }); - esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser; - soClientMock = savedObjectsClientMock.create(); - } - - beforeEach(() => { - resetMocks(); - - // ES returns no results, just enough structure to not blow up - esClientMock.search.mockResolvedValueOnce({ - took: 1, - timed_out: false, - _shards: { - failed: 0, - successful: 1, - total: 1, - }, - hits: { - hits: [], - }, - }); - }); - - it('should query Elasticsearch correctly', async () => { - await getContainers({ - ...baseOptions, - from: 'now-5d', - to: 'now-3d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }); - - expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledTimes(1); - expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledWith({ - savedObjectsClient: soClientMock, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.filter).toEqual([ - { - range: { - '@timestamp': { - gte: 'now-5d', - lte: 'now-3d', - }, - }, - }, - ]); - - expect(bool?.must).toEqual([ - { - exists: { - field: 'container.id', - }, - }, - ]); - - expect(bool?.should).toEqual([ - { exists: { field: 'kubernetes.container.id' } }, - { exists: { field: 'kubernetes.pod.uid' } }, - { exists: { field: 'kubernetes.node.name' } }, - { exists: { field: 'host.hostname' } }, - ]); - }); - - it('should correctly include an EAN filter as a container ID term query', async () => { - const mockContainerId = '123abc'; - - await getContainers({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `container:${mockContainerId}`, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'container.id', - }, - }, - { - term: { - 'container.id': mockContainerId, - }, - }, - ]) - ); - }); - - it('should not query ES and return empty if filtering on non-container EAN', async () => { - const mockId = 'some-id-123'; - - const result = await getContainers({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `pod:${mockId}`, - }, - }); - - expect(esClientMock.search).toHaveBeenCalledTimes(0); - expect(result).toEqual({ containers: [] }); - }); - - it('should throw an error when an invalid EAN is provided', async () => { - try { - await getContainers({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `invalid`, - }, - }); - } catch (error) { - const hasMessage = 'message' in error; - expect(hasMessage).toEqual(true); - expect(error.message).toEqual('invalid is not a valid EAN'); - } - - try { - await getContainers({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `invalid:toomany:colons`, - }, - }); - } catch (error) { - const hasMessage = 'message' in error; - expect(hasMessage).toEqual(true); - expect(error.message).toEqual('invalid:toomany:colons is not a valid EAN'); - } - }); - - it('should include a wildcard ID filter when an ID filter is provided with asterisks included', async () => { - const mockIdPattern = '*partial-id*'; - - await getContainers({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - id: mockIdPattern, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'container.id', - }, - }, - { - wildcard: { - 'container.id': mockIdPattern, - }, - }, - ]) - ); - }); - - it('should include a term ID filter when an ID filter is provided without asterisks included', async () => { - const mockId = 'full-id'; - - await getContainers({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - id: mockId, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'container.id', - }, - }, - { - term: { - 'container.id': mockId, - }, - }, - ]) - ); - }); - - it('should include a term filter for cloud filters', async () => { - const mockCloudProvider = 'gcp'; - const mockCloudRegion = 'us-central-1'; - - await getContainers({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - 'cloud.provider': mockCloudProvider, - 'cloud.region': mockCloudRegion, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'container.id', - }, - }, - { - term: { - 'cloud.provider': mockCloudProvider, - }, - }, - { - term: { - 'cloud.region': mockCloudRegion, - }, - }, - ]) - ); - }); - - it('should reject with 400 for invalid "from" date', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getContainers({ - ...baseOptions, - from: 'now-1zz', - to: 'now-3d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 for invalid "to" date', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getContainers({ - ...baseOptions, - from: 'now-5d', - to: 'now-3fe', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 when "from" is a date that is after "to"', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getContainers({ - ...baseOptions, - from: 'now', - to: 'now-5d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 when "from" is in the future', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getContainers({ - ...baseOptions, - from: 'now+1d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); -}); diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.ts deleted file mode 100644 index c3c11bc375a84..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/containers/get_containers.ts +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; -import { Asset } from '../../../../common/types_api'; -import { GetContainersOptionsPublic } from '../../../../common/types_client'; -import { - AssetClientDependencies, - AssetClientOptionsWithInjectedValues, -} from '../../asset_client_types'; -import { parseEan } from '../../parse_ean'; -import { collectContainers } from '../../collectors'; -import { validateStringDateRange } from '../../validators/validate_date_range'; - -export type GetContainersOptions = GetContainersOptionsPublic & AssetClientDependencies; -export type GetContainersOptionsInjected = - AssetClientOptionsWithInjectedValues; - -export async function getContainers( - options: GetContainersOptionsInjected -): Promise<{ containers: Asset[] }> { - validateStringDateRange(options.from, options.to); - - const metricsIndices = await options.metricsClient.getMetricIndices({ - savedObjectsClient: options.savedObjectsClient, - }); - - const filters: QueryDslQueryContainer[] = []; - - if (options.filters?.ean) { - const ean = Array.isArray(options.filters.ean) ? options.filters.ean[0] : options.filters.ean; - const { kind, id } = parseEan(ean); - - // if EAN filter isn't targeting a container asset, we don't need to do this query - if (kind !== 'container') { - return { - containers: [], - }; - } - - filters.push({ - term: { - 'container.id': id, - }, - }); - } - - if (options.filters?.id) { - const fn = options.filters.id.includes('*') ? 'wildcard' : 'term'; - filters.push({ - [fn]: { - 'container.id': options.filters.id, - }, - }); - } - - if (options.filters?.['cloud.provider']) { - filters.push({ - term: { - 'cloud.provider': options.filters['cloud.provider'], - }, - }); - } - - if (options.filters?.['cloud.region']) { - filters.push({ - term: { - 'cloud.region': options.filters['cloud.region'], - }, - }); - } - - const { assets } = await collectContainers({ - client: options.elasticsearchClient, - from: options.from, - to: options.to || 'now', - filters, - sourceIndices: { - metrics: metricsIndices, - logs: options.sourceIndices.logs, - }, - }); - - return { - containers: assets, - }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.test.ts deleted file mode 100644 index 1f7d1e7007bb5..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.test.ts +++ /dev/null @@ -1,357 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks'; -import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks'; -import { GetApmIndicesMethod } from '../../asset_client_types'; -import { getHosts } from './get_hosts'; -import { - createGetApmIndicesMock, - expectToThrowValidationErrorWithStatusCode, -} from '../../../test_utils'; -import { MetricsDataClient, MetricsDataClientMock } from '@kbn/metrics-data-access-plugin/server'; -import { SearchRequest } from '@elastic/elasticsearch/lib/api/types'; - -function createBaseOptions({ - getApmIndicesMock, - metricsDataClientMock, -}: { - getApmIndicesMock: GetApmIndicesMethod; - metricsDataClientMock: MetricsDataClient; -}) { - return { - sourceIndices: { - logs: 'my-logs*', - }, - getApmIndices: getApmIndicesMock, - metricsClient: metricsDataClientMock, - }; -} - -describe('getHosts', () => { - let getApmIndicesMock = createGetApmIndicesMock(); - let metricsDataClientMock = MetricsDataClientMock.create(); - let baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock }); - let esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser; - let soClientMock = savedObjectsClientMock.create(); - - function resetMocks() { - getApmIndicesMock = createGetApmIndicesMock(); - metricsDataClientMock = MetricsDataClientMock.create(); - baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock }); - esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser; - soClientMock = savedObjectsClientMock.create(); - } - - beforeEach(() => { - resetMocks(); - - // ES returns no results, just enough structure to not blow up - esClientMock.search.mockResolvedValueOnce({ - took: 1, - timed_out: false, - _shards: { - failed: 0, - successful: 1, - total: 1, - }, - hits: { - hits: [], - }, - }); - }); - - it('should query Elasticsearch correctly', async () => { - await getHosts({ - ...baseOptions, - from: 'now-5d', - to: 'now-3d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }); - - expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledTimes(1); - expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledWith({ - savedObjectsClient: soClientMock, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.filter).toEqual([ - { - range: { - '@timestamp': { - gte: 'now-5d', - lte: 'now-3d', - }, - }, - }, - ]); - - expect(bool?.must).toEqual([ - { - exists: { - field: 'host.hostname', - }, - }, - ]); - - expect(bool?.should).toEqual([ - { exists: { field: 'kubernetes.node.name' } }, - { exists: { field: 'kubernetes.pod.uid' } }, - { exists: { field: 'container.id' } }, - { exists: { field: 'cloud.provider' } }, - ]); - }); - - it('should correctly include an EAN filter as a hostname term query', async () => { - const mockHostName = 'some-hostname-123'; - - await getHosts({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `host:${mockHostName}`, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'host.hostname', - }, - }, - { - terms: { - 'host.hostname': [mockHostName], - }, - }, - ]) - ); - }); - - it('should not query ES and return empty if filtering on non-host EAN', async () => { - const mockId = 'some-id-123'; - - const result = await getHosts({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `container:${mockId}`, - }, - }); - - expect(esClientMock.search).toHaveBeenCalledTimes(0); - expect(result).toEqual({ hosts: [] }); - }); - - it('should throw an error when an invalid EAN is provided', async () => { - try { - await getHosts({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `invalid`, - }, - }); - } catch (error) { - const hasMessage = 'message' in error; - expect(hasMessage).toEqual(true); - expect(error.message).toEqual('invalid is not a valid EAN'); - } - - try { - await getHosts({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `invalid:toomany:colons`, - }, - }); - } catch (error) { - const hasMessage = 'message' in error; - expect(hasMessage).toEqual(true); - expect(error.message).toEqual('invalid:toomany:colons is not a valid EAN'); - } - }); - - it('should include a wildcard ID filter when an ID filter is provided with asterisks included', async () => { - const mockIdPattern = '*partial-id*'; - - await getHosts({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - id: mockIdPattern, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'host.hostname', - }, - }, - { - wildcard: { - 'host.hostname': mockIdPattern, - }, - }, - ]) - ); - }); - - it('should include a term ID filter when an ID filter is provided without asterisks included', async () => { - const mockId = 'full-id'; - - await getHosts({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - id: mockId, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'host.hostname', - }, - }, - { - term: { - 'host.hostname': mockId, - }, - }, - ]) - ); - }); - - it('should include a term filter for cloud filters', async () => { - const mockCloudProvider = 'gcp'; - const mockCloudRegion = 'us-central-1'; - - await getHosts({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - 'cloud.provider': mockCloudProvider, - 'cloud.region': mockCloudRegion, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'host.hostname', - }, - }, - { - term: { - 'cloud.provider': mockCloudProvider, - }, - }, - { - term: { - 'cloud.region': mockCloudRegion, - }, - }, - ]) - ); - }); - - it('should reject with 400 for invalid "from" date', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getHosts({ - ...baseOptions, - from: 'now-1zz', - to: 'now-3d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 for invalid "to" date', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getHosts({ - ...baseOptions, - from: 'now-5d', - to: 'now-3fe', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 when "from" is a date that is after "to"', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getHosts({ - ...baseOptions, - from: 'now', - to: 'now-5d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 when "from" is in the future', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getHosts({ - ...baseOptions, - from: 'now+1d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); -}); diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.ts deleted file mode 100644 index 8252c57da3b0f..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/hosts/get_hosts.ts +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; -import { Asset } from '../../../../common/types_api'; -import { collectHosts } from '../../collectors/hosts'; -import { GetHostsOptionsPublic } from '../../../../common/types_client'; -import { - AssetClientDependencies, - AssetClientOptionsWithInjectedValues, -} from '../../asset_client_types'; -import { parseEan } from '../../parse_ean'; -import { validateStringDateRange } from '../../validators/validate_date_range'; - -export type GetHostsOptions = GetHostsOptionsPublic & AssetClientDependencies; -export type GetHostsOptionsInjected = AssetClientOptionsWithInjectedValues; - -export async function getHosts(options: GetHostsOptionsInjected): Promise<{ hosts: Asset[] }> { - validateStringDateRange(options.from, options.to); - - const metricsIndices = await options.metricsClient.getMetricIndices({ - savedObjectsClient: options.savedObjectsClient, - }); - - const filters: QueryDslQueryContainer[] = []; - - if (options.filters?.ean) { - const eans = Array.isArray(options.filters.ean) ? options.filters.ean : [options.filters.ean]; - const hostnames = eans - .map(parseEan) - .filter(({ kind }) => kind === 'host') - .map(({ id }) => id); - - // if EAN filter isn't targeting a host asset, we don't need to do this query - if (hostnames.length === 0) { - return { - hosts: [], - }; - } - - filters.push({ - terms: { - 'host.hostname': hostnames, - }, - }); - } - - if (options.filters?.id) { - const fn = options.filters.id.includes('*') ? 'wildcard' : 'term'; - filters.push({ - [fn]: { - 'host.hostname': options.filters.id, - }, - }); - } - - if (options.filters?.['cloud.provider']) { - filters.push({ - term: { - 'cloud.provider': options.filters['cloud.provider'], - }, - }); - } - - if (options.filters?.['cloud.region']) { - filters.push({ - term: { - 'cloud.region': options.filters['cloud.region'], - }, - }); - } - - const { assets } = await collectHosts({ - client: options.elasticsearchClient, - from: options.from, - to: options.to || 'now', - filters, - sourceIndices: { - metrics: metricsIndices, - logs: options.sourceIndices.logs, - }, - }); - - return { - hosts: assets, - }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.test.ts deleted file mode 100644 index 94d367963588c..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.test.ts +++ /dev/null @@ -1,341 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { elasticsearchClientMock } from '@kbn/core-elasticsearch-client-server-mocks'; -import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks'; -import { GetApmIndicesMethod } from '../../asset_client_types'; -import { getPods } from './get_pods'; -import { - createGetApmIndicesMock, - expectToThrowValidationErrorWithStatusCode, -} from '../../../test_utils'; -import { MetricsDataClient, MetricsDataClientMock } from '@kbn/metrics-data-access-plugin/server'; -import { SearchRequest } from '@elastic/elasticsearch/lib/api/types'; - -function createBaseOptions({ - getApmIndicesMock, - metricsDataClientMock, -}: { - getApmIndicesMock: GetApmIndicesMethod; - metricsDataClientMock: MetricsDataClient; -}) { - return { - sourceIndices: { - logs: 'my-logs*', - }, - getApmIndices: getApmIndicesMock, - metricsClient: metricsDataClientMock, - }; -} - -describe('getPods', () => { - let getApmIndicesMock = createGetApmIndicesMock(); - let metricsDataClientMock = MetricsDataClientMock.create(); - let baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock }); - let esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser; - let soClientMock = savedObjectsClientMock.create(); - - function resetMocks() { - getApmIndicesMock = createGetApmIndicesMock(); - metricsDataClientMock = MetricsDataClientMock.create(); - baseOptions = createBaseOptions({ getApmIndicesMock, metricsDataClientMock }); - esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser; - soClientMock = savedObjectsClientMock.create(); - } - - beforeEach(() => { - resetMocks(); - - // ES returns no results, just enough structure to not blow up - esClientMock.search.mockResolvedValueOnce({ - took: 1, - timed_out: false, - _shards: { - failed: 0, - successful: 1, - total: 1, - }, - hits: { - hits: [], - }, - }); - }); - - it('should query Elasticsearch correctly', async () => { - await getPods({ - ...baseOptions, - from: 'now-5d', - to: 'now-3d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }); - - expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledTimes(1); - expect(metricsDataClientMock.getMetricIndices).toHaveBeenCalledWith({ - savedObjectsClient: soClientMock, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.filter).toEqual([ - { - range: { - '@timestamp': { - gte: 'now-5d', - lte: 'now-3d', - }, - }, - }, - ]); - - expect(bool?.must).toEqual([ - { - exists: { - field: 'kubernetes.pod.uid', - }, - }, - { - exists: { - field: 'kubernetes.node.name', - }, - }, - ]); - }); - - it('should correctly include an EAN filter as a pod ID term query', async () => { - const mockPodId = '123abc'; - - await getPods({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `pod:${mockPodId}`, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'kubernetes.pod.uid', - }, - }, - { - exists: { - field: 'kubernetes.node.name', - }, - }, - { - term: { - 'kubernetes.pod.uid': mockPodId, - }, - }, - ]) - ); - }); - - it('should not query ES and return empty if filtering on non-pod EAN', async () => { - const mockId = 'some-id-123'; - - const result = await getPods({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - ean: `container:${mockId}`, - }, - }); - - expect(esClientMock.search).toHaveBeenCalledTimes(0); - expect(result).toEqual({ pods: [] }); - }); - - it('should include a wildcard ID filter when an ID filter is provided with asterisks included', async () => { - const mockIdPattern = '*partial-id*'; - - await getPods({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - id: mockIdPattern, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'kubernetes.pod.uid', - }, - }, - { - exists: { - field: 'kubernetes.node.name', - }, - }, - { - wildcard: { - 'kubernetes.pod.uid': mockIdPattern, - }, - }, - ]) - ); - }); - - it('should include a term ID filter when an ID filter is provided without asterisks included', async () => { - const mockId = 'full-id'; - - await getPods({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - id: mockId, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'kubernetes.pod.uid', - }, - }, - { - exists: { - field: 'kubernetes.node.name', - }, - }, - { - term: { - 'kubernetes.pod.uid': mockId, - }, - }, - ]) - ); - }); - - it('should include a term filter for cloud filters', async () => { - const mockCloudProvider = 'gcp'; - const mockCloudRegion = 'us-central-1'; - - await getPods({ - ...baseOptions, - from: 'now-1h', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - filters: { - 'cloud.provider': mockCloudProvider, - 'cloud.region': mockCloudRegion, - }, - }); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.must).toEqual( - expect.arrayContaining([ - { - exists: { - field: 'kubernetes.pod.uid', - }, - }, - { - exists: { - field: 'kubernetes.node.name', - }, - }, - { - term: { - 'cloud.provider': mockCloudProvider, - }, - }, - { - term: { - 'cloud.region': mockCloudRegion, - }, - }, - ]) - ); - }); - - it('should reject with 400 for invalid "from" date', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getPods({ - ...baseOptions, - from: 'now-1zz', - to: 'now-3d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 for invalid "to" date', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getPods({ - ...baseOptions, - from: 'now-5d', - to: 'now-3fe', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 when "from" is a date that is after "to"', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getPods({ - ...baseOptions, - from: 'now', - to: 'now-5d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 when "from" is in the future', () => { - return expectToThrowValidationErrorWithStatusCode( - () => - getPods({ - ...baseOptions, - from: 'now+1d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); -}); diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.ts deleted file mode 100644 index db2bc11ae2315..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/pods/get_pods.ts +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; -import { Asset } from '../../../../common/types_api'; -import { GetPodsOptionsPublic } from '../../../../common/types_client'; -import { - AssetClientDependencies, - AssetClientOptionsWithInjectedValues, -} from '../../asset_client_types'; -import { parseEan } from '../../parse_ean'; -import { collectPods } from '../../collectors/pods'; -import { validateStringDateRange } from '../../validators/validate_date_range'; - -export type GetPodsOptions = GetPodsOptionsPublic & AssetClientDependencies; -export type GetPodsOptionsInjected = AssetClientOptionsWithInjectedValues; - -export async function getPods(options: GetPodsOptionsInjected): Promise<{ pods: Asset[] }> { - validateStringDateRange(options.from, options.to); - - const metricsIndices = await options.metricsClient.getMetricIndices({ - savedObjectsClient: options.savedObjectsClient, - }); - - const filters: QueryDslQueryContainer[] = []; - - if (options.filters?.ean) { - const ean = Array.isArray(options.filters.ean) ? options.filters.ean[0] : options.filters.ean; - const { kind, id } = parseEan(ean); - - // if EAN filter isn't targeting a pod asset, we don't need to do this query - if (kind !== 'pod') { - return { - pods: [], - }; - } - - filters.push({ - term: { - 'kubernetes.pod.uid': id, - }, - }); - } - - if (options.filters?.id) { - const fn = options.filters.id.includes('*') ? 'wildcard' : 'term'; - filters.push({ - [fn]: { - 'kubernetes.pod.uid': options.filters.id, - }, - }); - } - - if (options.filters?.['orchestrator.cluster.name']) { - filters.push({ - term: { - 'orchestrator.cluster.name': options.filters['orchestrator.cluster.name'], - }, - }); - } - - if (options.filters?.['cloud.provider']) { - filters.push({ - term: { - 'cloud.provider': options.filters['cloud.provider'], - }, - }); - } - - if (options.filters?.['cloud.region']) { - filters.push({ - term: { - 'cloud.region': options.filters['cloud.region'], - }, - }); - } - - const { assets } = await collectPods({ - client: options.elasticsearchClient, - from: options.from, - to: options.to || 'now', - filters, - sourceIndices: { - metrics: metricsIndices, - logs: options.sourceIndices.logs, - }, - }); - - return { - pods: assets, - }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/services/get_services.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/services/get_services.ts deleted file mode 100644 index b5a68028efcdb..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/accessors/services/get_services.ts +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; -import { Asset } from '../../../../common/types_api'; -import { collectServices } from '../../collectors/services'; -import { parseEan } from '../../parse_ean'; -import { GetServicesOptionsPublic } from '../../../../common/types_client'; -import { - AssetClientDependencies, - AssetClientOptionsWithInjectedValues, -} from '../../asset_client_types'; -import { validateStringDateRange } from '../../validators/validate_date_range'; - -export type GetServicesOptions = GetServicesOptionsPublic & AssetClientDependencies; -export type GetServicesOptionsInjected = AssetClientOptionsWithInjectedValues; - -export async function getServices( - options: GetServicesOptionsInjected -): Promise<{ services: Asset[] }> { - validateStringDateRange(options.from, options.to); - - const filters: QueryDslQueryContainer[] = []; - - if (options.filters?.ean) { - const eans = Array.isArray(options.filters.ean) ? options.filters.ean : [options.filters.ean]; - const services = eans - .map(parseEan) - .filter(({ kind }) => kind === 'service') - .map(({ id }) => id); - - if (services.length === 0) { - return { - services: [], - }; - } - - filters.push({ - terms: { - 'service.name': services, - }, - }); - } - - if (options.filters?.parentEan) { - const { kind, id } = parseEan(options.filters?.parentEan); - - if (kind === 'host') { - filters.push({ - bool: { - should: [{ term: { 'host.name': id } }, { term: { 'host.hostname': id } }], - minimum_should_match: 1, - }, - }); - } - - if (kind === 'container') { - filters.push({ - bool: { - should: [{ term: { 'container.id': id } }], - minimum_should_match: 1, - }, - }); - } - } - - if (options.filters?.id) { - const fn = options.filters.id.includes('*') ? 'wildcard' : 'term'; - filters.push({ - [fn]: { - 'service.name': options.filters.id, - }, - }); - } - - if (options.filters?.['cloud.provider']) { - filters.push({ - term: { - 'cloud.provider': options.filters['cloud.provider'], - }, - }); - } - - if (options.filters?.['cloud.region']) { - filters.push({ - term: { - 'cloud.region': options.filters['cloud.region'], - }, - }); - } - - const apmIndices = await options.getApmIndices(options.savedObjectsClient); - const { assets } = await collectServices({ - client: options.elasticsearchClient, - from: options.from, - to: options.to || 'now', - sourceIndices: { - apm: apmIndices, - }, - filters, - }); - - return { services: assets }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.test.ts deleted file mode 100644 index 9ed5fb536251c..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.test.ts +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - ElasticsearchClientMock, - elasticsearchClientMock, -} from '@kbn/core-elasticsearch-client-server-mocks'; -import { AssetClient } from './asset_client'; -import { MetricsDataClient, MetricsDataClientMock } from '@kbn/metrics-data-access-plugin/server'; -import { savedObjectsClientMock } from '@kbn/core-saved-objects-api-server-mocks'; -import { SearchRequest } from '@elastic/elasticsearch/lib/api/types'; -import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; -import { AssetsValidationError } from './validators/validation_error'; -import { GetApmIndicesMethod } from './asset_client_types'; -import { createGetApmIndicesMock, expectToThrowValidationErrorWithStatusCode } from '../test_utils'; - -function createAssetClient( - metricsDataClient: MetricsDataClient, - getApmIndicesMock: jest.Mocked -) { - return new AssetClient({ - sourceIndices: { - logs: 'my-logs*', - }, - getApmIndices: getApmIndicesMock, - metricsClient: metricsDataClient, - }); -} - -describe('Server assets client', () => { - let metricsDataClientMock: MetricsDataClient = MetricsDataClientMock.create(); - let getApmIndicesMock: jest.Mocked = createGetApmIndicesMock(); - let esClientMock: ElasticsearchClientMock = - elasticsearchClientMock.createScopedClusterClient().asCurrentUser; - let soClientMock: jest.Mocked; - - beforeEach(() => { - // Reset mocks - esClientMock = elasticsearchClientMock.createScopedClusterClient().asCurrentUser; - soClientMock = savedObjectsClientMock.create(); - metricsDataClientMock = MetricsDataClientMock.create(); - getApmIndicesMock = createGetApmIndicesMock(); - - // ES returns no results, just enough structure to not blow up - esClientMock.search.mockResolvedValueOnce({ - took: 1, - timed_out: false, - _shards: { - failed: 0, - successful: 1, - total: 1, - }, - hits: { - hits: [], - }, - }); - }); - - describe('class instantiation', () => { - it('should successfully instantiate', () => { - createAssetClient(metricsDataClientMock, getApmIndicesMock); - }); - }); - - // TODO: Move this block to the get_services accessor folder - describe('getServices', () => { - it('should query Elasticsearch correctly', async () => { - const client = createAssetClient(metricsDataClientMock, getApmIndicesMock); - - await client.getServices({ - from: 'now-5d', - to: 'now-3d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }); - - expect(getApmIndicesMock).toHaveBeenCalledTimes(1); - expect(getApmIndicesMock).toHaveBeenCalledWith(soClientMock); - - const dsl = esClientMock.search.mock.lastCall?.[0] as SearchRequest | undefined; - const { bool } = dsl?.query || {}; - expect(bool).toBeDefined(); - - expect(bool?.filter).toEqual([ - { - range: { - '@timestamp': { - gte: 'now-5d', - lte: 'now-3d', - }, - }, - }, - ]); - - expect(bool?.must).toEqual([ - { - exists: { - field: 'service.name', - }, - }, - ]); - - expect(bool?.should).toBeUndefined(); - }); - - it('should reject with 400 for invalid "from" date', () => { - const client = createAssetClient(metricsDataClientMock, getApmIndicesMock); - - return expect(() => - client.getServices({ - from: 'now-1zz', - to: 'now-3d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }) - ).rejects.toThrow(AssetsValidationError); - }); - - it('should reject with 400 for invalid "to" date', () => { - const client = createAssetClient(metricsDataClientMock, getApmIndicesMock); - - return expectToThrowValidationErrorWithStatusCode( - () => - client.getServices({ - from: 'now-5d', - to: 'now-3fe', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 when "from" is a date that is after "to"', () => { - const client = createAssetClient(metricsDataClientMock, getApmIndicesMock); - - return expectToThrowValidationErrorWithStatusCode( - () => - client.getServices({ - from: 'now', - to: 'now-5d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - - it('should reject with 400 when "from" is in the future', () => { - const client = createAssetClient(metricsDataClientMock, getApmIndicesMock); - - return expectToThrowValidationErrorWithStatusCode( - () => - client.getServices({ - from: 'now+1d', - elasticsearchClient: esClientMock, - savedObjectsClient: soClientMock, - }), - { statusCode: 400 } - ); - }); - }); -}); diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.ts deleted file mode 100644 index 9de64a9e6c000..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client.ts +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { orderBy } from 'lodash'; -import { Asset } from '../../common/types_api'; -import { GetAssetsOptionsPublic } from '../../common/types_client'; -import { getContainers, GetContainersOptions } from './accessors/containers/get_containers'; -import { getHosts, GetHostsOptions } from './accessors/hosts/get_hosts'; -import { getServices, GetServicesOptions } from './accessors/services/get_services'; -import { getPods, GetPodsOptions } from './accessors/pods/get_pods'; -import { AssetClientBaseOptions, AssetClientOptionsWithInjectedValues } from './asset_client_types'; -import { AssetClientDependencies } from './asset_client_types'; - -type GetAssetsOptions = GetAssetsOptionsPublic & AssetClientDependencies; - -export class AssetClient { - constructor(private baseOptions: AssetClientBaseOptions) {} - - injectOptions(options: T): AssetClientOptionsWithInjectedValues { - return { - ...options, - ...this.baseOptions, - }; - } - - async getHosts(options: GetHostsOptions): Promise<{ hosts: Asset[] }> { - const withInjected = this.injectOptions(options); - return await getHosts(withInjected); - } - - async getServices(options: GetServicesOptions): Promise<{ services: Asset[] }> { - const withInjected = this.injectOptions(options); - return await getServices(withInjected); - } - - async getContainers(options: GetContainersOptions): Promise<{ containers: Asset[] }> { - const withInjected = this.injectOptions(options); - return await getContainers(withInjected); - } - - async getPods(options: GetPodsOptions): Promise<{ pods: Asset[] }> { - const withInjected = this.injectOptions(options); - return await getPods(withInjected); - } - - async getAssets(options: GetAssetsOptions): Promise<{ assets: Asset[] }> { - const withInjected = this.injectOptions(options); - const { hosts } = await getHosts(withInjected); - const { services } = await getServices(withInjected); - return { assets: orderBy(hosts.concat(services), ['@timestamp'], ['desc']) }; - } -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client_types.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client_types.ts deleted file mode 100644 index a15886ce3a00a..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/asset_client_types.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { APMDataAccessConfig } from '@kbn/apm-data-access-plugin/server'; -import { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; -import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; -import { MetricsDataClient } from '@kbn/metrics-data-access-plugin/server'; -import { AssetManagerConfig } from '../../common/config'; - -export type GetApmIndicesMethod = ( - soClient: SavedObjectsClientContract -) => Promise; -export interface AssetClientDependencies { - elasticsearchClient: ElasticsearchClient; - savedObjectsClient: SavedObjectsClientContract; -} - -export interface AssetClientBaseOptions { - sourceIndices: AssetManagerConfig['sourceIndices']; - getApmIndices: GetApmIndicesMethod; - metricsClient: MetricsDataClient; -} - -export type AssetClientOptionsWithInjectedValues = T & AssetClientBaseOptions; diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/containers.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/containers.ts deleted file mode 100644 index 2012e05912487..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/containers.ts +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { estypes } from '@elastic/elasticsearch'; -import { Asset } from '../../../common/types_api'; -import { CollectorOptions, QUERY_MAX_SIZE } from '.'; -import { extractFieldValue } from '../utils'; - -export async function collectContainers({ - client, - from, - to, - sourceIndices, - filters = [], - afterKey, -}: CollectorOptions) { - if (!sourceIndices?.metrics || !sourceIndices?.logs) { - throw new Error('missing required metrics/logs indices'); - } - - const musts = [...filters, { exists: { field: 'container.id' } }]; - - const { metrics, logs } = sourceIndices; - const dsl: estypes.SearchRequest = { - index: [metrics, logs], - size: QUERY_MAX_SIZE, - collapse: { - field: 'container.id', - }, - sort: [{ 'container.id': 'asc' }], - _source: false, - fields: [ - '@timestamp', - 'kubernetes.*', - 'cloud.provider', - 'orchestrator.cluster.name', - 'host.name', - 'host.hostname', - ], - query: { - bool: { - filter: [ - { - range: { - '@timestamp': { - gte: from, - lte: to, - }, - }, - }, - ], - must: musts, - should: [ - { exists: { field: 'kubernetes.container.id' } }, - { exists: { field: 'kubernetes.pod.uid' } }, - { exists: { field: 'kubernetes.node.name' } }, - { exists: { field: 'host.hostname' } }, - ], - }, - }, - }; - - if (afterKey) { - dsl.search_after = afterKey; - } - - const esResponse = await client.search(dsl); - - const assets = esResponse.hits.hits.reduce((acc: Asset[], hit: any) => { - const { fields = {} } = hit; - const containerId = extractFieldValue(fields['container.id']); - const podUid = extractFieldValue(fields['kubernetes.pod.uid']); - const nodeName = extractFieldValue(fields['kubernetes.node.name']); - - const parentEan = podUid ? `pod:${podUid}` : `host:${fields['host.hostname']}`; - - const container: Asset = { - '@timestamp': extractFieldValue(fields['@timestamp']), - 'asset.kind': 'container', - 'asset.id': containerId, - 'asset.ean': `container:${containerId}`, - 'asset.parents': [parentEan], - }; - - if (nodeName) { - container['asset.references'] = [`host:${nodeName}`]; - } - - acc.push(container); - - return acc; - }, []); - - const hitsLen = esResponse.hits.hits.length; - const next = hitsLen === QUERY_MAX_SIZE ? esResponse.hits.hits[hitsLen - 1].sort : undefined; - return { assets, afterKey: next }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/hosts.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/hosts.ts deleted file mode 100644 index b624373010f10..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/hosts.ts +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { estypes } from '@elastic/elasticsearch'; -import { Asset } from '../../../common/types_api'; -import { CollectorOptions, QUERY_MAX_SIZE } from '.'; -import { extractFieldValue } from '../utils'; - -export async function collectHosts({ - client, - from, - to, - sourceIndices, - afterKey, - filters = [], -}: CollectorOptions) { - if (!sourceIndices?.metrics || !sourceIndices?.logs) { - throw new Error('missing required metrics/logs indices'); - } - - const { metrics, logs } = sourceIndices; - - const musts = [...filters, { exists: { field: 'host.hostname' } }]; - const dsl: estypes.SearchRequest = { - index: [metrics, logs], - size: QUERY_MAX_SIZE, - collapse: { field: 'host.hostname' }, - sort: [{ 'host.hostname': 'asc' }], - _source: false, - fields: [ - '@timestamp', - 'cloud.*', - 'container.*', - 'host.hostname', - 'kubernetes.*', - 'orchestrator.cluster.name', - ], - query: { - bool: { - filter: [ - { - range: { - '@timestamp': { - gte: from, - lte: to, - }, - }, - }, - ], - must: musts, - should: [ - { exists: { field: 'kubernetes.node.name' } }, - { exists: { field: 'kubernetes.pod.uid' } }, - { exists: { field: 'container.id' } }, - { exists: { field: 'cloud.provider' } }, - ], - }, - }, - }; - - if (afterKey) { - dsl.search_after = afterKey; - } - - const esResponse = await client.search(dsl); - - const assets = esResponse.hits.hits.reduce((acc: Asset[], hit: any) => { - const { fields = {} } = hit; - const hostName = extractFieldValue(fields['host.hostname']); - const k8sNode = extractFieldValue(fields['kubernetes.node.name']); - const k8sPod = extractFieldValue(fields['kubernetes.pod.uid']); - - const hostEan = `host:${k8sNode || hostName}`; - - const host: Asset = { - '@timestamp': extractFieldValue(fields['@timestamp']), - 'asset.kind': 'host', - 'asset.id': k8sNode || hostName, - 'asset.name': k8sNode || hostName, - 'asset.ean': hostEan, - }; - - if (fields['cloud.provider']) { - host['cloud.provider'] = extractFieldValue(fields['cloud.provider']); - } - - if (fields['cloud.instance.id']) { - host['cloud.instance.id'] = extractFieldValue(fields['cloud.instance.id']); - } - - if (fields['cloud.service.name']) { - host['cloud.service.name'] = extractFieldValue(fields['cloud.service.name']); - } - - if (fields['cloud.region']) { - host['cloud.region'] = extractFieldValue(fields['cloud.region']); - } - - if (fields['orchestrator.cluster.name']) { - host['orchestrator.cluster.name'] = extractFieldValue(fields['orchestrator.cluster.name']); - } - - if (k8sPod) { - host['asset.children'] = [`pod:${k8sPod}`]; - } - - acc.push(host); - - return acc; - }, []); - - const hitsLen = esResponse.hits.hits.length; - const next = hitsLen === QUERY_MAX_SIZE ? esResponse.hits.hits[hitsLen - 1].sort : undefined; - return { assets, afterKey: next }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/index.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/index.ts deleted file mode 100644 index f1d79e749cd97..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/index.ts +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { estypes } from '@elastic/elasticsearch'; -import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; -import { ElasticsearchClient } from '@kbn/core/server'; -import { Asset } from '../../../common/types_api'; - -export const QUERY_MAX_SIZE = 10000; - -export type Collector = (opts: CollectorOptions) => Promise; - -export interface CollectorOptions { - client: ElasticsearchClient; - from: string; - to: string; - sourceIndices?: { - apm?: APMIndices; - metrics?: string; - logs?: string; - }; - afterKey?: estypes.SortResults; - filters?: estypes.QueryDslQueryContainer[]; -} - -export interface CollectorResult { - assets: Asset[]; - afterKey?: estypes.SortResults; -} - -export { collectContainers } from './containers'; -export { collectHosts } from './hosts'; -export { collectPods } from './pods'; -export { collectServices } from './services'; diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/pods.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/pods.ts deleted file mode 100644 index e78fa106452ca..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/pods.ts +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { estypes } from '@elastic/elasticsearch'; -import { Asset } from '../../../common/types_api'; -import { CollectorOptions, QUERY_MAX_SIZE } from '.'; -import { extractFieldValue } from '../utils'; - -export async function collectPods({ - client, - from, - to, - sourceIndices, - filters = [], - afterKey, -}: CollectorOptions) { - if (!sourceIndices?.metrics || !sourceIndices?.logs) { - throw new Error('missing required metrics/logs indices'); - } - - const musts = [ - ...filters, - { exists: { field: 'kubernetes.pod.uid' } }, - { exists: { field: 'kubernetes.node.name' } }, - ]; - - const { metrics, logs } = sourceIndices; - const dsl: estypes.SearchRequest = { - index: [metrics, logs], - size: QUERY_MAX_SIZE, - collapse: { - field: 'kubernetes.pod.uid', - }, - sort: [{ 'kubernetes.pod.uid': 'asc' }], - _source: false, - fields: [ - '@timestamp', - 'kubernetes.*', - 'cloud.provider', - 'orchestrator.cluster.name', - 'host.name', - 'host.hostname', - ], - query: { - bool: { - filter: [ - { - range: { - '@timestamp': { - gte: from, - lte: to, - }, - }, - }, - ], - must: musts, - }, - }, - }; - - if (afterKey) { - dsl.search_after = afterKey; - } - - const esResponse = await client.search(dsl); - - const assets = esResponse.hits.hits.reduce((acc: Asset[], hit: any) => { - const { fields = {} } = hit; - const podUid = extractFieldValue(fields['kubernetes.pod.uid']); - const nodeName = extractFieldValue(fields['kubernetes.node.name']); - const clusterName = extractFieldValue(fields['orchestrator.cluster.name']); - - const pod: Asset = { - '@timestamp': extractFieldValue(fields['@timestamp']), - 'asset.kind': 'pod', - 'asset.id': podUid, - 'asset.ean': `pod:${podUid}`, - 'asset.parents': [`host:${nodeName}`], - }; - - if (fields['cloud.provider']) { - pod['cloud.provider'] = extractFieldValue(fields['cloud.provider']); - } - - if (clusterName) { - pod['orchestrator.cluster.name'] = clusterName; - } - - acc.push(pod); - - return acc; - }, []); - - const hitsLen = esResponse.hits.hits.length; - const next = hitsLen === QUERY_MAX_SIZE ? esResponse.hits.hits[hitsLen - 1].sort : undefined; - return { assets, afterKey: next }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/services.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/services.ts deleted file mode 100644 index 4c49f75d13594..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/collectors/services.ts +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { estypes } from '@elastic/elasticsearch'; -import { debug } from '../../../common/debug_log'; -import { Asset } from '../../../common/types_api'; -import { CollectorOptions, QUERY_MAX_SIZE } from '.'; - -export async function collectServices({ - client, - from, - to, - sourceIndices, - afterKey, - filters = [], -}: CollectorOptions) { - if (!sourceIndices?.apm) { - throw new Error('missing required apm indices'); - } - - const { transaction, error, metric } = sourceIndices.apm; - const musts: estypes.QueryDslQueryContainer[] = [ - ...filters, - { - exists: { - field: 'service.name', - }, - }, - ]; - - const dsl: estypes.SearchRequest = { - index: [transaction, error, metric], - size: 0, - _source: false, - query: { - bool: { - filter: [ - { - range: { - '@timestamp': { - gte: from, - lte: to, - }, - }, - }, - ], - must: musts, - }, - }, - aggs: { - services: { - composite: { - size: QUERY_MAX_SIZE, - sources: [ - { - serviceName: { - terms: { - field: 'service.name', - }, - }, - }, - { - serviceEnvironment: { - terms: { - field: 'service.environment', - missing_bucket: true, - }, - }, - }, - ], - }, - aggs: { - last_seen: { - max: { field: '@timestamp' }, - }, - container_and_hosts: { - multi_terms: { - terms: [ - { - field: 'host.hostname', - }, - { - field: 'container.id', - }, - ], - }, - }, - }, - }, - }, - }; - - if (afterKey) { - dsl.aggs!.services!.composite!.after = afterKey; - } - - debug(dsl); - - const esResponse = await client.search(dsl); - - const { after_key: nextKey, buckets = [] } = (esResponse.aggregations?.services || {}) as any; - const assets = buckets.reduce((acc: Asset[], bucket: any) => { - const { - key: { serviceName, serviceEnvironment }, - container_and_hosts: containerHosts, - last_seen: lastSeen, - } = bucket; - - if (!serviceName) { - return acc; - } - - const service: Asset = { - '@timestamp': lastSeen.value_as_string, - 'asset.kind': 'service', - 'asset.id': serviceName, - 'asset.ean': `service:${serviceName}`, - 'asset.references': [], - 'asset.parents': [], - }; - - if (serviceEnvironment) { - service['service.environment'] = serviceEnvironment; - } - - containerHosts.buckets?.forEach((containerBucket: any) => { - const [hostname, containerId] = containerBucket.key; - if (hostname) { - (service['asset.references'] as string[]).push(`host:${hostname}`); - } - - if (containerId) { - (service['asset.parents'] as string[]).push(`container:${containerId}`); - } - }); - - acc.push(service); - - return acc; - }, []); - - return { assets, afterKey: buckets.length === QUERY_MAX_SIZE ? nextKey : undefined }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/manage_index_templates.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/manage_index_templates.ts deleted file mode 100644 index b364e63ff9a1f..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/manage_index_templates.ts +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - ClusterPutComponentTemplateRequest, - IndicesGetIndexTemplateResponse, - IndicesPutIndexTemplateRequest, -} from '@elastic/elasticsearch/lib/api/types'; -import { ElasticsearchClient, Logger } from '@kbn/core/server'; -import { ASSETS_INDEX_PREFIX } from '../constants'; - -function templateExists( - template: IndicesPutIndexTemplateRequest, - existing: IndicesGetIndexTemplateResponse | null -) { - if (existing === null) { - return false; - } - - if (existing.index_templates.length === 0) { - return false; - } - - const checkPatterns = Array.isArray(template.index_patterns) - ? template.index_patterns - : [template.index_patterns]; - - return existing.index_templates.some((t) => { - const { priority: existingPriority = 0 } = t.index_template; - const { priority: incomingPriority = 0 } = template; - if (existingPriority !== incomingPriority) { - return false; - } - - const existingPatterns = Array.isArray(t.index_template.index_patterns) - ? t.index_template.index_patterns - : [t.index_template.index_patterns]; - - if (checkPatterns.every((p) => p && existingPatterns.includes(p))) { - return true; - } - - return false; - }); -} - -interface TemplateManagementOptions { - esClient: ElasticsearchClient; - template: IndicesPutIndexTemplateRequest; - logger: Logger; -} - -interface ComponentManagementOptions { - esClient: ElasticsearchClient; - component: ClusterPutComponentTemplateRequest; - logger: Logger; -} - -export async function maybeCreateTemplate({ - esClient, - template, - logger, -}: TemplateManagementOptions) { - const pattern = ASSETS_INDEX_PREFIX + '*'; - template.index_patterns = [pattern]; - let existing: IndicesGetIndexTemplateResponse | null = null; - try { - existing = await esClient.indices.getIndexTemplate({ name: template.name }); - } catch (error: any) { - if (error?.name !== 'ResponseError' || error?.statusCode !== 404) { - logger.warn(`Asset manager index template lookup failed: ${error.message}`); - } - } - try { - if (!templateExists(template, existing)) { - await esClient.indices.putIndexTemplate(template); - } - } catch (error: any) { - logger.error(`Asset manager index template creation failed: ${error.message}`); - return; - } - - logger.info( - `Asset manager index template is up to date (use debug logging to see what was installed)` - ); - logger.debug(`Asset manager index template: ${JSON.stringify(template)}`); -} - -export async function upsertTemplate({ esClient, template, logger }: TemplateManagementOptions) { - try { - await esClient.indices.putIndexTemplate(template); - } catch (error: any) { - logger.error(`Error updating asset manager index template: ${error.message}`); - return; - } - - logger.info( - `Asset manager index template is up to date (use debug logging to see what was installed)` - ); - logger.debug(`Asset manager index template: ${JSON.stringify(template)}`); -} - -export async function upsertComponent({ esClient, component, logger }: ComponentManagementOptions) { - try { - await esClient.cluster.putComponentTemplate(component); - } catch (error: any) { - logger.error(`Error updating asset manager component template: ${error.message}`); - return; - } - - logger.info( - `Asset manager component template is up to date (use debug logging to see what was installed)` - ); - logger.debug(`Asset manager component template: ${JSON.stringify(component)}`); -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.test.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.test.ts deleted file mode 100644 index b7dc5e592dabd..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.test.ts +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { parseEan } from './parse_ean'; - -describe('parseEan function', () => { - it('should parse a valid EAN and return the kind and id as separate values', () => { - const ean = 'host:some-id-123'; - const { kind, id } = parseEan(ean); - expect(kind).toBe('host'); - expect(id).toBe('some-id-123'); - }); - - it('should throw an error when the provided EAN does not have enough segments', () => { - expect(() => parseEan('invalid-ean')).toThrowError('not a valid EAN'); - expect(() => parseEan('invalid-ean:')).toThrowError('not a valid EAN'); - expect(() => parseEan(':invalid-ean')).toThrowError('not a valid EAN'); - }); - - it('should throw an error when the provided EAN has too many segments', () => { - const ean = 'host:invalid:segments'; - expect(() => parseEan(ean)).toThrowError('not a valid EAN'); - }); - - it('should throw an error when the provided EAN includes an unsupported "kind" value', () => { - const ean = 'unsupported_kind:some-id-123'; - expect(() => parseEan(ean)).toThrowError('not a valid EAN'); - }); -}); diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.ts deleted file mode 100644 index 6be17f40de005..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/parse_ean.ts +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { assetKindRT } from '../../common/types_api'; - -export function parseEan(ean: string) { - const [kind, id, ...rest] = ean.split(':'); - - if (!assetKindRT.is(kind) || !kind || !id || rest.length > 0) { - throw new Error(`${ean} is not a valid EAN`); - } - - return { kind, id }; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/sample_assets.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/sample_assets.ts deleted file mode 100644 index 2e9fbc2bcd5be..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/sample_assets.ts +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { Asset, AssetWithoutTimestamp } from '../../common/types_api'; - -// Provide a list of asset EAN values to remove, to simulate disappearing or -// appearing assets over time. -export function getSampleAssetDocs({ - baseDateTime = new Date(), - excludeEans = [], -}: { - baseDateTime?: Date; - excludeEans?: string[]; -}): Asset[] { - const timestamp = baseDateTime.toISOString(); - return sampleAssets - .filter((asset) => !excludeEans.includes(asset['asset.ean'])) - .map((asset) => { - return { - '@timestamp': timestamp, - ...asset, - }; - }); -} - -const sampleK8sClusters: AssetWithoutTimestamp[] = [ - { - 'asset.type': 'k8s.cluster', - 'asset.kind': 'cluster', - 'asset.id': 'cluster-001', - 'asset.name': 'Cluster 001 (AWS EKS)', - 'asset.ean': 'cluster:cluster-001', - 'orchestrator.type': 'kubernetes', - 'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)', - 'orchestrator.cluster.id': 'cluster-001', - 'cloud.provider': 'aws', - 'cloud.region': 'us-east-1', - 'cloud.service.name': 'eks', - }, - { - 'asset.type': 'k8s.cluster', - 'asset.kind': 'cluster', - 'asset.id': 'cluster-002', - 'asset.name': 'Cluster 002 (Azure AKS)', - 'asset.ean': 'cluster:cluster-002', - 'orchestrator.type': 'kubernetes', - 'orchestrator.cluster.name': 'Cluster 002 (Azure AKS)', - 'orchestrator.cluster.id': 'cluster-002', - 'cloud.provider': 'azure', - 'cloud.region': 'eu-west', - 'cloud.service.name': 'aks', - }, -]; - -const sampleK8sNodes: AssetWithoutTimestamp[] = [ - { - 'asset.type': 'k8s.node', - 'asset.kind': 'host', - 'asset.id': 'node-101', - 'asset.name': 'k8s-node-101-aws', - 'asset.ean': 'host:node-101', - 'asset.parents': ['cluster:cluster-001'], - 'orchestrator.type': 'kubernetes', - 'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)', - 'orchestrator.cluster.id': 'cluster-001', - 'cloud.provider': 'aws', - 'cloud.region': 'us-east-1', - 'cloud.service.name': 'eks', - }, - { - 'asset.type': 'k8s.node', - 'asset.kind': 'host', - 'asset.id': 'node-102', - 'asset.name': 'k8s-node-102-aws', - 'asset.ean': 'host:node-102', - 'asset.parents': ['cluster:cluster-001'], - 'orchestrator.type': 'kubernetes', - 'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)', - 'orchestrator.cluster.id': 'cluster-001', - 'cloud.provider': 'aws', - 'cloud.region': 'us-east-1', - 'cloud.service.name': 'eks', - }, - { - 'asset.type': 'k8s.node', - 'asset.kind': 'host', - 'asset.id': 'node-103', - 'asset.name': 'k8s-node-103-aws', - 'asset.ean': 'host:node-103', - 'asset.parents': ['cluster:cluster-001'], - 'orchestrator.type': 'kubernetes', - 'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)', - 'orchestrator.cluster.id': 'cluster-001', - 'cloud.provider': 'aws', - 'cloud.region': 'us-east-1', - 'cloud.service.name': 'eks', - }, -]; - -const sampleK8sPods: AssetWithoutTimestamp[] = [ - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200xrg1', - 'asset.name': 'k8s-pod-200xrg1-aws', - 'asset.ean': 'pod:pod-200xrg1', - 'asset.parents': ['host:node-101'], - 'asset.references': ['cluster:cluster-001'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200dfp2', - 'asset.name': 'k8s-pod-200dfp2-aws', - 'asset.ean': 'pod:pod-200dfp2', - 'asset.parents': ['host:node-101'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200wwc3', - 'asset.name': 'k8s-pod-200wwc3-aws', - 'asset.ean': 'pod:pod-200wwc3', - 'asset.parents': ['host:node-101'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200naq4', - 'asset.name': 'k8s-pod-200naq4-aws', - 'asset.ean': 'pod:pod-200naq4', - 'asset.parents': ['host:node-102'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200ohr5', - 'asset.name': 'k8s-pod-200ohr5-aws', - 'asset.ean': 'pod:pod-200ohr5', - 'asset.parents': ['host:node-102'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200yyx6', - 'asset.name': 'k8s-pod-200yyx6-aws', - 'asset.ean': 'pod:pod-200yyx6', - 'asset.parents': ['host:node-103'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200psd7', - 'asset.name': 'k8s-pod-200psd7-aws', - 'asset.ean': 'pod:pod-200psd7', - 'asset.parents': ['host:node-103'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200wmc8', - 'asset.name': 'k8s-pod-200wmc8-aws', - 'asset.ean': 'pod:pod-200wmc8', - 'asset.parents': ['host:node-103'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-200ugg9', - 'asset.name': 'k8s-pod-200ugg9-aws', - 'asset.ean': 'pod:pod-200ugg9', - 'asset.parents': ['host:node-103'], - }, -]; - -const sampleCircularReferences: AssetWithoutTimestamp[] = [ - { - 'asset.type': 'k8s.node', - 'asset.kind': 'host', - 'asset.id': 'node-203', - 'asset.name': 'k8s-node-203-aws', - 'asset.ean': 'host:node-203', - 'orchestrator.type': 'kubernetes', - 'orchestrator.cluster.name': 'Cluster 001 (AWS EKS)', - 'orchestrator.cluster.id': 'cluster-001', - 'cloud.provider': 'aws', - 'cloud.region': 'us-east-1', - 'cloud.service.name': 'eks', - 'asset.references': ['pod:pod-203ugg9', 'pod:pod-203ugg5'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-203ugg5', - 'asset.name': 'k8s-pod-203ugg5-aws', - 'asset.ean': 'pod:pod-203ugg5', - 'asset.references': ['host:node-203'], - }, - { - 'asset.type': 'k8s.pod', - 'asset.kind': 'pod', - 'asset.id': 'pod-203ugg9', - 'asset.name': 'k8s-pod-203ugg9-aws', - 'asset.ean': 'pod:pod-203ugg9', - 'asset.references': ['host:node-203'], - }, -]; - -export const sampleAssets: AssetWithoutTimestamp[] = [ - ...sampleK8sClusters, - ...sampleK8sNodes, - ...sampleK8sPods, - ...sampleCircularReferences, -]; diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/write_assets.ts b/x-pack/plugins/observability_solution/asset_manager/server/lib/write_assets.ts deleted file mode 100644 index 72b79bc366b6d..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/write_assets.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { BulkRequest } from '@elastic/elasticsearch/lib/api/types'; -import { debug } from '../../common/debug_log'; -import { Asset } from '../../common/types_api'; -import { ASSETS_INDEX_PREFIX } from '../constants'; -import { ElasticsearchAccessorOptions } from '../types'; - -interface WriteAssetsOptions extends ElasticsearchAccessorOptions { - assetDocs: Asset[]; - namespace?: string; - refresh?: boolean | 'wait_for'; -} - -export async function writeAssets({ - elasticsearchClient, - assetDocs, - namespace = 'default', - refresh = false, -}: WriteAssetsOptions) { - const dsl: BulkRequest = { - refresh, - operations: assetDocs.flatMap((asset) => [ - { create: { _index: `${ASSETS_INDEX_PREFIX}-${asset['asset.type']}-${namespace}` } }, - asset, - ]), - }; - - debug('Performing Write Asset Query', '\n\n', JSON.stringify(dsl, null, 2)); - - return await elasticsearchClient.bulk<{}>(dsl); -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/containers.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/containers.ts deleted file mode 100644 index f96fd79c05812..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/containers.ts +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createRouteValidationFunction } from '@kbn/io-ts-utils'; -import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server'; -import { - GetContainerAssetsQueryOptions, - getContainerAssetsQueryOptionsRT, -} from '../../../common/types_api'; -import { debug } from '../../../common/debug_log'; -import { SetupRouteOptions } from '../types'; -import * as routePaths from '../../../common/constants_routes'; -import { getClientsFromContext, validateStringAssetFilters } from '../utils'; -import { AssetsValidationError } from '../../lib/validators/validation_error'; - -export function containersRoutes({ - router, - server, -}: SetupRouteOptions) { - const validate = createRouteValidationFunction(getContainerAssetsQueryOptionsRT); - router.get( - { - path: routePaths.GET_CONTAINERS, - validate: { - query: (q, res) => { - const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res); - if (invalidResponse) { - return invalidResponse; - } - if (validatedFilters) { - q.filters = validatedFilters; - } - return validate(q, res); - }, - }, - }, - async (context, req, res) => { - const { from = 'now-24h', to = 'now', filters } = req.query || {}; - const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context); - - try { - const response = await server.assetClient.getContainers({ - from, - to, - filters, // safe due to route validation, are there better ways to do this? - elasticsearchClient, - savedObjectsClient, - }); - - return res.ok({ body: response }); - } catch (error: unknown) { - debug('Error while looking up CONTAINER asset records', error); - - if (error instanceof AssetsValidationError) { - return res.customError({ - statusCode: error.statusCode, - body: { - message: `Error while looking up container asset records - ${error.message}`, - }, - }); - } - return res.customError({ - statusCode: 500, - body: { message: 'Error while looking up container asset records - ' + `${error}` }, - }); - } - } - ); -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/hosts.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/hosts.ts deleted file mode 100644 index 74f0724f43587..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/hosts.ts +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createRouteValidationFunction } from '@kbn/io-ts-utils'; -import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server'; -import { GetHostAssetsQueryOptions, getHostAssetsQueryOptionsRT } from '../../../common/types_api'; -import { debug } from '../../../common/debug_log'; -import { SetupRouteOptions } from '../types'; -import * as routePaths from '../../../common/constants_routes'; -import { getClientsFromContext, validateStringAssetFilters } from '../utils'; -import { AssetsValidationError } from '../../lib/validators/validation_error'; - -export function hostsRoutes({ - router, - server, -}: SetupRouteOptions) { - const validate = createRouteValidationFunction(getHostAssetsQueryOptionsRT); - router.get( - { - path: routePaths.GET_HOSTS, - validate: { - query: (q, res) => { - const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res); - if (invalidResponse) { - return invalidResponse; - } - if (validatedFilters) { - q.filters = validatedFilters; - } - return validate(q, res); - }, - }, - }, - async (context, req, res) => { - const { from = 'now-24h', to = 'now', filters } = req.query || {}; - const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context); - - try { - const response = await server.assetClient.getHosts({ - from, - to, - filters, // safe due to route validation, are there better ways to do this? - elasticsearchClient, - savedObjectsClient, - }); - - return res.ok({ body: response }); - } catch (error: unknown) { - debug('Error while looking up HOST asset records', error); - - if (error instanceof AssetsValidationError) { - return res.customError({ - statusCode: error.statusCode, - body: { - message: `Error while looking up host asset records - ${error.message}`, - }, - }); - } - return res.customError({ - statusCode: 500, - body: { message: 'Error while looking up host asset records - ' + `${error}` }, - }); - } - } - ); -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/index.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/index.ts deleted file mode 100644 index b82aa4c15e10f..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/index.ts +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createRouteValidationFunction } from '@kbn/io-ts-utils'; -import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server'; -import { GetAssetsQueryOptions, getAssetsQueryOptionsRT } from '../../../common/types_api'; -import { debug } from '../../../common/debug_log'; -import { SetupRouteOptions } from '../types'; -import * as routePaths from '../../../common/constants_routes'; -import { getClientsFromContext, validateStringAssetFilters } from '../utils'; -import { AssetsValidationError } from '../../lib/validators/validation_error'; - -export function assetsRoutes({ - router, - server, -}: SetupRouteOptions) { - const validate = createRouteValidationFunction(getAssetsQueryOptionsRT); - router.get( - { - path: routePaths.GET_ASSETS, - validate: { - query: (q, res) => { - const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res); - if (invalidResponse) { - return invalidResponse; - } - if (validatedFilters) { - q.filters = validatedFilters; - } - return validate(q, res); - }, - }, - }, - async (context, req, res) => { - const { from = 'now-24h', to = 'now', filters } = req.query || {}; - const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context); - - try { - const response = await server.assetClient.getAssets({ - from, - to, - filters, - elasticsearchClient, - savedObjectsClient, - }); - - return res.ok({ body: response }); - } catch (error: unknown) { - debug('Error while looking up asset records', error); - - if (error instanceof AssetsValidationError) { - return res.customError({ - statusCode: error.statusCode, - body: { - message: `Error while looking up asset records - ${error.message}`, - }, - }); - } - return res.customError({ - statusCode: 500, - body: { message: 'Error while looking up asset records - ' + `${error}` }, - }); - } - } - ); -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/pods.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/pods.ts deleted file mode 100644 index b5ff387641763..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/pods.ts +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createRouteValidationFunction } from '@kbn/io-ts-utils'; -import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server'; -import { GetPodAssetsQueryOptions, getPodAssetsQueryOptionsRT } from '../../../common/types_api'; -import { debug } from '../../../common/debug_log'; -import { SetupRouteOptions } from '../types'; -import * as routePaths from '../../../common/constants_routes'; -import { getClientsFromContext, validateStringAssetFilters } from '../utils'; -import { AssetsValidationError } from '../../lib/validators/validation_error'; - -export function podsRoutes({ - router, - server, -}: SetupRouteOptions) { - const validate = createRouteValidationFunction(getPodAssetsQueryOptionsRT); - router.get( - { - path: routePaths.GET_PODS, - validate: { - query: (q, res) => { - const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res); - if (invalidResponse) { - return invalidResponse; - } - if (validatedFilters) { - q.filters = validatedFilters; - } - return validate(q, res); - }, - }, - }, - async (context, req, res) => { - const { from = 'now-24h', to = 'now', filters } = req.query || {}; - const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context); - - try { - const response = await server.assetClient.getPods({ - from, - to, - filters, - elasticsearchClient, - savedObjectsClient, - }); - - return res.ok({ body: response }); - } catch (error: unknown) { - debug('Error while looking up POD asset records', error); - - if (error instanceof AssetsValidationError) { - return res.customError({ - statusCode: error.statusCode, - body: { - message: `Error while looking up pod asset records - ${error.message}`, - }, - }); - } - return res.customError({ - statusCode: 500, - body: { message: 'Error while looking up pod asset records - ' + `${error}` }, - }); - } - } - ); -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/services.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/services.ts deleted file mode 100644 index 667a9568cda1d..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/assets/services.ts +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createRouteValidationFunction } from '@kbn/io-ts-utils'; -import { RequestHandlerContext } from '@kbn/core-http-request-handler-context-server'; -import { - GetServiceAssetsQueryOptions, - getServiceAssetsQueryOptionsRT, -} from '../../../common/types_api'; -import { debug } from '../../../common/debug_log'; -import { SetupRouteOptions } from '../types'; -import * as routePaths from '../../../common/constants_routes'; -import { getClientsFromContext, validateStringAssetFilters } from '../utils'; -import { AssetsValidationError } from '../../lib/validators/validation_error'; - -export function servicesRoutes({ - router, - server, -}: SetupRouteOptions) { - const validate = createRouteValidationFunction(getServiceAssetsQueryOptionsRT); - // GET /assets/services - router.get( - { - path: routePaths.GET_SERVICES, - validate: { - query: (q, res) => { - const [invalidResponse, validatedFilters] = validateStringAssetFilters(q, res); - if (invalidResponse) { - return invalidResponse; - } - if (validatedFilters) { - q.filters = validatedFilters; - } - return validate(q, res); - }, - }, - }, - async (context, req, res) => { - const { from = 'now-24h', to = 'now', filters } = req.query || {}; - const { elasticsearchClient, savedObjectsClient } = await getClientsFromContext(context); - try { - const response = await server.assetClient.getServices({ - from, - to, - filters, - elasticsearchClient, - savedObjectsClient, - }); - - return res.ok({ body: response }); - } catch (error: unknown) { - debug('Error while looking up SERVICE asset records', error); - - if (error instanceof AssetsValidationError) { - return res.customError({ - statusCode: error.statusCode, - body: { - message: `Error while looking up service asset records - ${error.message}`, - }, - }); - } - - return res.customError({ - statusCode: 500, - body: { message: 'Error while looking up service asset records - ' + `${error}` }, - }); - } - } - ); -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts deleted file mode 100644 index 447051bbb2730..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/sample_assets.ts +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { schema } from '@kbn/config-schema'; -import { RequestHandlerContext } from '@kbn/core/server'; -import { ASSET_MANAGER_API_BASE } from '../../common/constants_routes'; -import { getSampleAssetDocs, sampleAssets } from '../lib/sample_assets'; -import { writeAssets } from '../lib/write_assets'; -import { SetupRouteOptions } from './types'; -import { getClientsFromContext } from './utils'; - -export type WriteSamplesPostBody = { - baseDateTime?: string | number; - excludeEans?: string[]; - refresh?: boolean | 'wait_for'; -} | null; - -export function sampleAssetsRoutes({ - router, -}: SetupRouteOptions) { - const SAMPLE_ASSETS_API_PATH = `${ASSET_MANAGER_API_BASE}/assets/sample`; - - // GET sample assets - router.get( - { - path: SAMPLE_ASSETS_API_PATH, - validate: {}, - }, - async (context, req, res) => { - return res.ok({ body: { results: sampleAssets } }); - } - ); - - // POST sample assets - router.post( - { - path: SAMPLE_ASSETS_API_PATH, - validate: { - body: schema.nullable( - schema.object({ - baseDateTime: schema.maybe( - schema.oneOf([schema.string(), schema.number()]) - ), - excludeEans: schema.maybe(schema.arrayOf(schema.string())), - refresh: schema.maybe(schema.oneOf([schema.boolean(), schema.literal('wait_for')])), - }) - ), - }, - }, - async (context, req, res) => { - const { baseDateTime, excludeEans, refresh } = req.body || {}; - const parsed = baseDateTime === undefined ? undefined : new Date(baseDateTime); - if (parsed?.toString() === 'Invalid Date') { - return res.customError({ - statusCode: 400, - body: { - message: `${baseDateTime} is not a valid date time value`, - }, - }); - } - const { elasticsearchClient } = await getClientsFromContext(context); - const assetDocs = getSampleAssetDocs({ baseDateTime: parsed, excludeEans }); - - try { - const response = await writeAssets({ - elasticsearchClient, - assetDocs, - namespace: 'sample_data', - refresh, - }); - - if (response.errors) { - return res.customError({ - statusCode: 500, - body: { - message: JSON.stringify(response.errors), - }, - }); - } - - return res.ok({ body: response }); - } catch (error: any) { - return res.customError({ - statusCode: 500, - body: { - message: error.message || 'unknown error occurred while creating sample assets', - }, - }); - } - } - ); - - // DELETE all sample assets - router.delete( - { - path: SAMPLE_ASSETS_API_PATH, - validate: {}, - }, - async (context, req, res) => { - const { elasticsearchClient } = await getClientsFromContext(context); - - const sampleDataStreams = await elasticsearchClient.indices.getDataStream({ - name: 'assets-*-sample_data', - expand_wildcards: 'all', - }); - - const deletedDataStreams: string[] = []; - let errorWhileDeleting: string | null = null; - const dataStreamsToDelete = sampleDataStreams.data_streams.map((ds) => ds.name); - - for (let i = 0; i < dataStreamsToDelete.length; i++) { - const dsName = dataStreamsToDelete[i]; - try { - await elasticsearchClient.indices.deleteDataStream({ name: dsName }); - deletedDataStreams.push(dsName); - } catch (error: any) { - errorWhileDeleting = - typeof error.message === 'string' - ? error.message - : `Unknown error occurred while deleting sample data streams, at data stream name: ${dsName}`; - break; - } - } - - if (!errorWhileDeleting && deletedDataStreams.length === dataStreamsToDelete.length) { - return res.ok({ body: { deleted: deletedDataStreams } }); - } else { - return res.custom({ - statusCode: 500, - body: { - message: ['Not all found data streams were deleted', errorWhileDeleting].join(' - '), - deleted: deletedDataStreams, - matching: dataStreamsToDelete, - }, - }); - } - } - ); -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/utils.ts b/x-pack/plugins/observability_solution/asset_manager/server/routes/utils.ts deleted file mode 100644 index 3eb2a855e4854..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/utils.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - RequestHandlerContext, - RouteValidationError, - RouteValidationResultFactory, -} from '@kbn/core/server'; -import { AssetFilters, assetFiltersSingleKindRT } from '../../common/types_api'; - -export async function getClientsFromContext(context: T) { - const coreContext = await context.core; - - return { - coreContext, - elasticsearchClient: coreContext.elasticsearch.client.asCurrentUser, - savedObjectsClient: coreContext.savedObjects.client, - }; -} - -type ValidateStringAssetFiltersReturn = - | [{ error: RouteValidationError }] - | [null, AssetFilters | undefined]; - -export function validateStringAssetFilters( - q: any, - res: RouteValidationResultFactory -): ValidateStringAssetFiltersReturn { - if (typeof q.stringFilters === 'string') { - try { - const parsedFilters = JSON.parse(q.stringFilters); - if (assetFiltersSingleKindRT.is(parsedFilters)) { - return [null, parsedFilters]; - } else { - return [res.badRequest(new Error(`Invalid asset filters - ${q.filters}`))]; - } - } catch (err: any) { - return [res.badRequest(err)]; - } - } - return [null, undefined]; -} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/assets_template.ts b/x-pack/plugins/observability_solution/asset_manager/server/templates/assets_template.ts deleted file mode 100644 index b99ecc4559187..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/templates/assets_template.ts +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { IndicesPutIndexTemplateRequest } from '@elastic/elasticsearch/lib/api/types'; -import { ASSETS_INDEX_PREFIX } from '../constants'; - -export const assetsIndexTemplateConfig: IndicesPutIndexTemplateRequest = { - name: 'assets', - priority: 100, - data_stream: {}, - index_patterns: [`${ASSETS_INDEX_PREFIX}*`], - template: { - settings: {}, - mappings: { - dynamic_templates: [ - { - strings_as_keywords: { - mapping: { - ignore_above: 1024, - type: 'keyword', - }, - match_mapping_type: 'string', - }, - }, - ], - properties: { - '@timestamp': { - type: 'date', - }, - asset: { - type: 'object', - // subobjects appears to not exist in the types, but is a valid ES mapping option - // see: https://www.elastic.co/guide/en/elasticsearch/reference/master/subobjects.html - // @ts-ignore - subobjects: false, - }, - }, - }, - }, -}; diff --git a/x-pack/plugins/observability_solution/asset_manager/server/test_utils.ts b/x-pack/plugins/observability_solution/asset_manager/server/test_utils.ts deleted file mode 100644 index 8e07f201b1599..0000000000000 --- a/x-pack/plugins/observability_solution/asset_manager/server/test_utils.ts +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -// Helper function allows test to verify error was thrown, -// verify error is of the right class type, and error has - -import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; -import { GetApmIndicesMethod } from './lib/asset_client_types'; -import { AssetsValidationError } from './lib/validators/validation_error'; - -// the expected metadata such as statusCode on it -export function expectToThrowValidationErrorWithStatusCode( - testFn: () => Promise, - expectedError: Partial = {} -) { - return expect(async () => { - try { - return await testFn(); - } catch (error: any) { - if (error instanceof AssetsValidationError) { - if (expectedError.statusCode) { - expect(error.statusCode).toEqual(expectedError.statusCode); - } - if (expectedError.message) { - expect(error.message).toEqual(expect.stringContaining(expectedError.message)); - } - } - throw error; - } - }).rejects.toThrow(AssetsValidationError); -} - -export function createGetApmIndicesMock(): jest.Mocked { - return jest.fn(async (client: SavedObjectsClientContract) => ({ - transaction: 'apm-mock-transaction-indices', - span: 'apm-mock-span-indices', - error: 'apm-mock-error-indices', - metric: 'apm-mock-metric-indices', - onboarding: 'apm-mock-onboarding-indices', - sourcemap: 'apm-mock-sourcemap-indices', - })); -} diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/empty_state/empty_state.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/empty_state/empty_state.tsx index 0bba8f2b98b37..9ff2982098498 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/empty_state/empty_state.tsx +++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/empty_state/empty_state.tsx @@ -10,7 +10,7 @@ import { EuiEmptyPrompt, EuiCode } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import { DEFAULT_DATASET_TYPE, DEFAULT_LOGS_DATA_VIEW } from '../../../../common/constants'; +import { DEFAULT_LOGS_DATA_VIEW } from '../../../../common/constants'; import { useEmptyState } from '../../../hooks/use_empty_state'; // Allow for lazy loading @@ -36,7 +36,7 @@ export default function EmptyStateWrapper({ children }: { children: React.ReactN id="xpack.datasetQuality.emptyState.noPrivileges.message" defaultMessage="You don't have the required privileges to view logs data. Make sure you have sufficient privileges to view {datasetPattern}." values={{ - datasetPattern: {`${DEFAULT_DATASET_TYPE}-*`}, + datasetPattern: {DEFAULT_LOGS_DATA_VIEW}, }} /> {/* TODO: Learn more link to docs */} diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/header.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/header.tsx index b217b8972e4b2..da0e2e0c74626 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/header.tsx +++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/header.tsx @@ -10,6 +10,7 @@ import { EuiBetaBadge, EuiLink, EuiPageHeader, EuiCode } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import { DEFAULT_LOGS_DATA_VIEW } from '../../../common/constants'; import { useKibanaContextForPlugin } from '../../utils'; import { datasetQualityAppTitle } from '../../../common/translations'; @@ -39,7 +40,7 @@ export default function Header() { id="xpack.datasetQuality.appDescription" defaultMessage="Monitor the data set quality for {logsPattern} data streams that follow the {ecsNamingSchemeLink}." values={{ - logsPattern: logs-*, + logsPattern: {DEFAULT_LOGS_DATA_VIEW}, ecsNamingSchemeLink: ( { const datasetName = streamPartsToIndexPattern({ @@ -91,7 +91,7 @@ class DatasetQualityPrivileges { public async throwIfCannotReadDataset( esClient: ElasticsearchClient, type = DEFAULT_DATASET_TYPE, - datasetQuery = '*', + datasetQuery = '*-*', space = '*' ): Promise { if (!(await this.canReadDataset(esClient, type, datasetQuery, space))) { diff --git a/x-pack/plugins/observability_solution/entity_manager/README.md b/x-pack/plugins/observability_solution/entity_manager/README.md new file mode 100644 index 0000000000000..325bea1b583e8 --- /dev/null +++ b/x-pack/plugins/observability_solution/entity_manager/README.md @@ -0,0 +1,3 @@ +# Entity Manager Plugin + +This plugin provides access to observed asset data, such as information about hosts, pods, containers, services, and more. \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/entity_manager/common/config.ts b/x-pack/plugins/observability_solution/entity_manager/common/config.ts new file mode 100644 index 0000000000000..5c1edfa618626 --- /dev/null +++ b/x-pack/plugins/observability_solution/entity_manager/common/config.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { schema, TypeOf } from '@kbn/config-schema'; + +export const configSchema = schema.object({}); + +export type EntityManagerConfig = TypeOf; + +/** + * The following map is passed to the server plugin setup under the + * exposeToBrowser: option, and controls which of the above config + * keys are allow-listed to be available in the browser config. + * + * NOTE: anything exposed here will be visible in the UI dev tools, + * and therefore MUST NOT be anything that is sensitive information! + */ +export const exposeToBrowserConfig = {} as const; + +type ValidKeys = keyof { + [K in keyof typeof exposeToBrowserConfig as typeof exposeToBrowserConfig[K] extends true + ? K + : never]: true; +}; + +export type EntityManagerPublicConfig = Pick; diff --git a/x-pack/plugins/observability_solution/asset_manager/common/constants_entities.ts b/x-pack/plugins/observability_solution/entity_manager/common/constants_entities.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/common/constants_entities.ts rename to x-pack/plugins/observability_solution/entity_manager/common/constants_entities.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/common/debug_log.ts b/x-pack/plugins/observability_solution/entity_manager/common/debug_log.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/common/debug_log.ts rename to x-pack/plugins/observability_solution/entity_manager/common/debug_log.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/common/errors.ts b/x-pack/plugins/observability_solution/entity_manager/common/errors.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/common/errors.ts rename to x-pack/plugins/observability_solution/entity_manager/common/errors.ts diff --git a/x-pack/plugins/observability_solution/entity_manager/common/types_api.ts b/x-pack/plugins/observability_solution/entity_manager/common/types_api.ts new file mode 100644 index 0000000000000..90540ab06a243 --- /dev/null +++ b/x-pack/plugins/observability_solution/entity_manager/common/types_api.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as rt from 'io-ts'; + +/** + * Managed entities enablement + */ +export const managedEntityEnabledResponseRT = rt.type({ + enabled: rt.boolean, + reason: rt.string, +}); +export type ManagedEntityEnabledResponse = rt.TypeOf; + +export const managedEntityResponseBase = rt.type({ + success: rt.boolean, + reason: rt.string, + message: rt.string, +}); +export type EnableManagedEntityResponse = rt.TypeOf; +export type DisableManagedEntityResponse = rt.TypeOf; diff --git a/x-pack/plugins/observability_solution/asset_manager/docs/entity_definitions.md b/x-pack/plugins/observability_solution/entity_manager/docs/entity_definitions.md similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/docs/entity_definitions.md rename to x-pack/plugins/observability_solution/entity_manager/docs/entity_definitions.md diff --git a/x-pack/plugins/observability_solution/asset_manager/jest.config.js b/x-pack/plugins/observability_solution/entity_manager/jest.config.js similarity index 68% rename from x-pack/plugins/observability_solution/asset_manager/jest.config.js rename to x-pack/plugins/observability_solution/entity_manager/jest.config.js index 3f091dd5109b3..29fb7c37260fb 100644 --- a/x-pack/plugins/observability_solution/asset_manager/jest.config.js +++ b/x-pack/plugins/observability_solution/entity_manager/jest.config.js @@ -8,11 +8,11 @@ module.exports = { preset: '@kbn/test', rootDir: '../../../..', - roots: ['/x-pack/plugins/observability_solution/asset_manager'], + roots: ['/x-pack/plugins/observability_solution/entity_manager'], coverageDirectory: - '/target/kibana-coverage/jest/x-pack/plugins/observability_solution/asset_manager', + '/target/kibana-coverage/jest/x-pack/plugins/observability_solution/entity_manager', coverageReporters: ['text', 'html'], collectCoverageFrom: [ - '/x-pack/plugins/observability_solution/asset_manager/{common,public,server}/**/*.{js,ts,tsx}', + '/x-pack/plugins/observability_solution/entity_manager/{common,public,server}/**/*.{js,ts,tsx}', ], }; diff --git a/x-pack/plugins/observability_solution/asset_manager/kibana.jsonc b/x-pack/plugins/observability_solution/entity_manager/kibana.jsonc similarity index 59% rename from x-pack/plugins/observability_solution/asset_manager/kibana.jsonc rename to x-pack/plugins/observability_solution/entity_manager/kibana.jsonc index d4c7703deb6eb..b13c51630469e 100644 --- a/x-pack/plugins/observability_solution/asset_manager/kibana.jsonc +++ b/x-pack/plugins/observability_solution/entity_manager/kibana.jsonc @@ -1,20 +1,18 @@ { "type": "plugin", - "id": "@kbn/assetManager-plugin", + "id": "@kbn/entityManager-plugin", "owner": "@elastic/obs-knowledge-team", - "description": "Asset manager plugin for entity assets (inventory, topology, etc)", + "description": "Entity manager plugin for entity assets (inventory, topology, etc)", "plugin": { - "id": "assetManager", + "id": "entityManager", "configPath": [ "xpack", - "assetManager" + "entityManager" ], "optionalPlugins": [ "spaces" ], "requiredPlugins": [ - "apmDataAccess", - "metricsDataAccess", "security", "encryptedSavedObjects", ], diff --git a/x-pack/plugins/observability_solution/asset_manager/public/index.ts b/x-pack/plugins/observability_solution/entity_manager/public/index.ts similarity index 61% rename from x-pack/plugins/observability_solution/asset_manager/public/index.ts rename to x-pack/plugins/observability_solution/entity_manager/public/index.ts index 7837c00909430..e17edb959595d 100644 --- a/x-pack/plugins/observability_solution/asset_manager/public/index.ts +++ b/x-pack/plugins/observability_solution/entity_manager/public/index.ts @@ -7,14 +7,14 @@ import { PluginInitializer, PluginInitializerContext } from '@kbn/core/public'; import { Plugin } from './plugin'; -import { AssetManagerPublicPluginSetup, AssetManagerPublicPluginStart } from './types'; +import { EntityManagerPublicPluginSetup, EntityManagerPublicPluginStart } from './types'; export const plugin: PluginInitializer< - AssetManagerPublicPluginSetup | undefined, - AssetManagerPublicPluginStart | undefined + EntityManagerPublicPluginSetup | undefined, + EntityManagerPublicPluginStart | undefined > = (context: PluginInitializerContext) => { return new Plugin(context); }; -export type { AssetManagerPublicPluginSetup, AssetManagerPublicPluginStart }; -export type AssetManagerAppId = 'assetManager'; +export type { EntityManagerPublicPluginSetup, EntityManagerPublicPluginStart }; +export type EntityManagerAppId = 'entityManager'; diff --git a/x-pack/plugins/observability_solution/asset_manager/public/lib/entity_client.ts b/x-pack/plugins/observability_solution/entity_manager/public/lib/entity_client.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/public/lib/entity_client.ts rename to x-pack/plugins/observability_solution/entity_manager/public/lib/entity_client.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/public/plugin.ts b/x-pack/plugins/observability_solution/entity_manager/public/plugin.ts similarity index 51% rename from x-pack/plugins/observability_solution/asset_manager/public/plugin.ts rename to x-pack/plugins/observability_solution/entity_manager/public/plugin.ts index 8c3dd9115c1ef..0de83b4252b62 100644 --- a/x-pack/plugins/observability_solution/asset_manager/public/plugin.ts +++ b/x-pack/plugins/observability_solution/entity_manager/public/plugin.ts @@ -8,13 +8,12 @@ import { CoreSetup, CoreStart, PluginInitializerContext } from '@kbn/core/public'; import { Logger } from '@kbn/logging'; -import { AssetManagerPluginClass } from './types'; -import { PublicAssetsClient } from './lib/public_assets_client'; -import type { AssetManagerPublicConfig } from '../common/config'; +import { EntityManagerPluginClass } from './types'; +import type { EntityManagerPublicConfig } from '../common/config'; import { EntityClient } from './lib/entity_client'; -export class Plugin implements AssetManagerPluginClass { - public config: AssetManagerPublicConfig; +export class Plugin implements EntityManagerPluginClass { + public config: EntityManagerPublicConfig; public logger: Logger; constructor(context: PluginInitializerContext<{}>) { @@ -23,32 +22,15 @@ export class Plugin implements AssetManagerPluginClass { } setup(core: CoreSetup) { - // Check for config value and bail out if not "alpha-enabled" - if (!this.config.alphaEnabled) { - this.logger.debug('Public is NOT enabled'); - return; - } - - this.logger.debug('Public is enabled'); - - const publicAssetsClient = new PublicAssetsClient(core.http); const entityClient = new EntityClient(core.http); return { - publicAssetsClient, entityClient, }; } start(core: CoreStart) { - // Check for config value and bail out if not "alpha-enabled" - if (!this.config.alphaEnabled) { - return; - } - - const publicAssetsClient = new PublicAssetsClient(core.http); const entityClient = new EntityClient(core.http); return { - publicAssetsClient, entityClient, }; } diff --git a/x-pack/plugins/observability_solution/asset_manager/public/types.ts b/x-pack/plugins/observability_solution/entity_manager/public/types.ts similarity index 59% rename from x-pack/plugins/observability_solution/asset_manager/public/types.ts rename to x-pack/plugins/observability_solution/entity_manager/public/types.ts index 8a89793e361d9..5c7ab11058d4d 100644 --- a/x-pack/plugins/observability_solution/asset_manager/public/types.ts +++ b/x-pack/plugins/observability_solution/entity_manager/public/types.ts @@ -5,33 +5,25 @@ * 2.0. */ import type { Plugin as PluginClass } from '@kbn/core/public'; -import { GetHostsOptionsPublic } from '../common/types_client'; import { DisableManagedEntityResponse, EnableManagedEntityResponse, - GetHostAssetsResponse, ManagedEntityEnabledResponse, } from '../common/types_api'; -export interface AssetManagerPublicPluginSetup { - publicAssetsClient: IPublicAssetsClient; +export interface EntityManagerPublicPluginSetup { entityClient: IEntityClient; } -export interface AssetManagerPublicPluginStart { - publicAssetsClient: IPublicAssetsClient; +export interface EntityManagerPublicPluginStart { entityClient: IEntityClient; } -export type AssetManagerPluginClass = PluginClass< - AssetManagerPublicPluginSetup | undefined, - AssetManagerPublicPluginStart | undefined +export type EntityManagerPluginClass = PluginClass< + EntityManagerPublicPluginSetup | undefined, + EntityManagerPublicPluginStart | undefined >; -export interface IPublicAssetsClient { - getHosts: (options: GetHostsOptionsPublic) => Promise; -} - export interface IEntityClient { isManagedEntityDiscoveryEnabled: () => Promise; enableManagedEntityDiscovery: () => Promise; diff --git a/x-pack/plugins/observability_solution/entity_manager/server/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/index.ts new file mode 100644 index 0000000000000..172b22b588f58 --- /dev/null +++ b/x-pack/plugins/observability_solution/entity_manager/server/index.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { PluginInitializerContext } from '@kbn/core-plugins-server'; +import { EntityManagerConfig } from '../common/config'; +import { EntityManagerServerPluginSetup, EntityManagerServerPluginStart, config } from './plugin'; + +export type { EntityManagerConfig, EntityManagerServerPluginSetup, EntityManagerServerPluginStart }; +export { config }; + +export const plugin = async (context: PluginInitializerContext) => { + const { EntityManagerServerPlugin } = await import('./plugin'); + return new EntityManagerServerPlugin(context); +}; diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts similarity index 92% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts index ecd73b643176e..5d48ff6e36f0d 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/api_key.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/api_key.ts @@ -7,7 +7,7 @@ import { KibanaRequest } from '@kbn/core-http-server'; import { getFakeKibanaRequest } from '@kbn/security-plugin/server/authentication/api_keys/fake_kibana_request'; -import { AssetManagerServerSetup } from '../../../types'; +import { EntityManagerServerSetup } from '../../../types'; import { canRunEntityDiscovery, requiredRunTimePrivileges } from '../privileges'; export interface EntityDiscoveryAPIKey { @@ -17,13 +17,13 @@ export interface EntityDiscoveryAPIKey { } export const checkIfAPIKeysAreEnabled = async ( - server: AssetManagerServerSetup + server: EntityManagerServerSetup ): Promise => { return await server.security.authc.apiKeys.areAPIKeysEnabled(); }; export const checkIfEntityDiscoveryAPIKeyIsValid = async ( - server: AssetManagerServerSetup, + server: EntityManagerServerSetup, apiKey: EntityDiscoveryAPIKey ): Promise => { server.logger.debug('validating API key against authentication service'); @@ -49,7 +49,7 @@ export const checkIfEntityDiscoveryAPIKeyIsValid = async ( }; export const generateEntityDiscoveryAPIKey = async ( - server: AssetManagerServerSetup, + server: EntityManagerServerSetup, req: KibanaRequest ): Promise => { const apiKey = await server.security.authc.apiKeys.grantAsInternalUser(req, { diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/saved_object.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/saved_object.ts similarity index 87% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/saved_object.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/saved_object.ts index 481efc60721a6..5bd5004f1b9bc 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/api_key/saved_object.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/api_key/saved_object.ts @@ -7,18 +7,18 @@ import { SavedObjectsErrorHelpers, SavedObjectsClientContract } from '@kbn/core/server'; import { EntityDiscoveryApiKeyType } from '../../../saved_objects'; -import { AssetManagerServerSetup } from '../../../types'; +import { EntityManagerServerSetup } from '../../../types'; import { EntityDiscoveryAPIKey } from './api_key'; const ENTITY_DISCOVERY_API_KEY_SO_ID = '19540C97-E35C-485B-8566-FB86EC8455E4'; -const getEncryptedSOClient = (server: AssetManagerServerSetup) => { +const getEncryptedSOClient = (server: EntityManagerServerSetup) => { return server.encryptedSavedObjects.getClient({ includedHiddenTypes: [EntityDiscoveryApiKeyType.name], }); }; -export const readEntityDiscoveryAPIKey = async (server: AssetManagerServerSetup) => { +export const readEntityDiscoveryAPIKey = async (server: EntityManagerServerSetup) => { try { const soClient = getEncryptedSOClient(server); const obj = await soClient.getDecryptedAsInternalUser( diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/index.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/auth/index.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/auth/index.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/auth/privileges.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/auth/privileges.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/auth/privileges.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/auth/privileges.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/built_in/constants.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/constants.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/built_in/constants.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/constants.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/built_in/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/index.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/built_in/index.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/index.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/built_in/services.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/services.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/built_in/services.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/built_in/services.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/create_and_install_ingest_pipeline.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/create_and_install_ingest_pipeline.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/create_and_install_ingest_pipeline.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/create_and_install_ingest_pipeline.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/create_and_install_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/create_and_install_transform.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/create_and_install_transform.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/create_and_install_transform.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_entity_definition.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_entity_definition.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_entity_definition.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_index.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_index.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_index.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_index.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_ingest_pipeline.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_ingest_pipeline.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/delete_ingest_pipeline.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/delete_ingest_pipeline.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_id_conflict_error.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_id_conflict_error.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_id_conflict_error.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_id_conflict_error.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_not_found.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_not_found.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_not_found.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_not_found.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_security_exception.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_security_exception.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/entity_security_exception.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/entity_security_exception.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/invalid_transform_error.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/invalid_transform_error.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/errors/invalid_transform_error.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/errors/invalid_transform_error.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/find_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/find_entity_definition.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/find_entity_definition.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/find_entity_definition.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/fixtures/entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/fixtures/entity_definition.ts similarity index 95% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/fixtures/entity_definition.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/fixtures/entity_definition.ts index 3e07c6860a30a..d284e0a2b1a68 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/fixtures/entity_definition.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/fixtures/entity_definition.ts @@ -17,7 +17,7 @@ export const entityDefinition = entityDefinitionSchema.parse({ }, identityFields: ['log.logger', { field: 'event.category', optional: true }], displayNameTemplate: '{{log.logger}}{{#event.category}}:{{.}}{{/event.category}}', - metadata: ['tags', 'host.name'], + metadata: ['tags', 'host.name', 'host.os.name'], metrics: [ { name: 'logRate', diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/generate_index_name.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/generate_index_name.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/generate_index_name.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/generate_index_name.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/get_elasticsearch_query_or_throw.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/get_elasticsearch_query_or_throw.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/get_elasticsearch_query_or_throw.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/get_elasticsearch_query_or_throw.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/retry.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/retry.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/helpers/retry.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/helpers/retry.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap similarity index 90% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap index 8783bab7b5589..f5d7c7e3683b4 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_history_processors.test.ts.snap @@ -83,9 +83,14 @@ Array [ ctx[\\"tags\\"] = ctx.entity.metadata.tags.keySet(); } if (ctx.entity?.metadata?.host?.name != null) { - ctx[\\"host\\"] = new HashMap(); + if(ctx.host == null) ctx[\\"host\\"] = new HashMap(); ctx[\\"host\\"][\\"name\\"] = ctx.entity.metadata.host.name.keySet(); } +if (ctx.entity?.metadata?.host?.os?.name != null) { + if(ctx.host == null) ctx[\\"host\\"] = new HashMap(); + if(ctx.host.os == null) ctx[\\"host\\"][\\"os\\"] = new HashMap(); + ctx[\\"host\\"][\\"os\\"][\\"name\\"] = ctx.entity.metadata.host.os.name.keySet(); +} ", }, }, diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap similarity index 76% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap index 3b6cee7db59f7..bd31c8563be44 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/__snapshots__/generate_latest_processors.test.ts.snap @@ -26,9 +26,14 @@ Array [ ctx[\\"tags\\"] = ctx.entity.metadata.tags.data.keySet(); } if (ctx.entity?.metadata?.host?.name.data != null) { - ctx[\\"host\\"] = new HashMap(); + if(ctx.host == null) ctx[\\"host\\"] = new HashMap(); ctx[\\"host\\"][\\"name\\"] = ctx.entity.metadata.host.name.data.keySet(); } +if (ctx.entity?.metadata?.host?.os?.name.data != null) { + if(ctx.host == null) ctx[\\"host\\"] = new HashMap(); + if(ctx.host.os == null) ctx[\\"host\\"][\\"os\\"] = new HashMap(); + ctx[\\"host\\"][\\"os\\"][\\"name\\"] = ctx.entity.metadata.host.os.name.data.keySet(); +} ", }, }, diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_ingest_pipeline_id.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_ingest_pipeline_id.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_ingest_pipeline_id.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_ingest_pipeline_id.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.test.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.test.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.test.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts similarity index 97% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts index 1d6727bc45f21..dcfa23d398813 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_history_processors.ts @@ -22,7 +22,7 @@ function mapDestinationToPainless(destination: string, source: string) { .map((s) => `["${s}"]`) .join('')} = ctx.entity.metadata.${source}.keySet();`; } - return `${acc}\n ctx${parts + return `${acc}\n if(ctx.${parts.slice(0, currentIndex + 1).join('.')} == null) ctx${parts .slice(0, currentIndex + 1) .map((s) => `["${s}"]`) .join('')} = new HashMap();`; diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_ingest_pipeline_id.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_ingest_pipeline_id.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_ingest_pipeline_id.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_ingest_pipeline_id.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.test.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.test.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.test.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts similarity index 95% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts index 0537270eb1380..992f4e14c8d16 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/ingest_pipeline/generate_latest_processors.ts @@ -16,7 +16,7 @@ function mapDestinationToPainless(destination: string, source: string) { .map((s) => `["${s}"]`) .join('')} = ctx.entity.metadata.${source}.data.keySet();`; } - return `${acc}\n ctx${parts + return `${acc}\n if(ctx.${parts.slice(0, currentIndex + 1).join('.')} == null) ctx${parts .slice(0, currentIndex + 1) .map((s) => `["${s}"]`) .join('')} = new HashMap();`; diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/install_entity_definition.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.test.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/install_entity_definition.test.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.test.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/install_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/install_entity_definition.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/install_entity_definition.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/read_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/read_entity_definition.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/read_entity_definition.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/read_entity_definition.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/save_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/save_entity_definition.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/save_entity_definition.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/save_entity_definition.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/start_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/start_transform.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/start_transform.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/start_transform.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/stop_and_delete_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/stop_and_delete_transform.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/stop_and_delete_transform.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/stop_and_delete_transform.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap similarity index 95% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap index 96cc7bd24afe6..e32b30a757add 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_history_transform.test.ts.snap @@ -49,6 +49,12 @@ Object { "size": 1000, }, }, + "entity.metadata.host.os.name": Object { + "terms": Object { + "field": "host.os.name", + "size": 1000, + }, + }, "entity.metadata.tags": Object { "terms": Object { "field": "tags", diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap similarity index 89% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap index 021305f5d10f6..959c45f20d601 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/__snapshots__/generate_latest_transform.test.ts.snap @@ -65,6 +65,23 @@ Object { }, }, }, + "entity.metadata.host.os.name": Object { + "aggs": Object { + "data": Object { + "terms": Object { + "field": "host.os.name", + "size": 1000, + }, + }, + }, + "filter": Object { + "range": Object { + "event.ingested": Object { + "gte": "now-1m", + }, + }, + }, + }, "entity.metadata.tags": Object { "aggs": Object { "data": Object { diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform.test.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform.test.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform.test.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform_id.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform_id.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_history_transform_id.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_history_transform_id.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.test.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.test.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.test.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.test.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform_id.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform_id.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_latest_transform_id.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_latest_transform_id.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_metadata_aggregations.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_metadata_aggregations.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_metadata_aggregations.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_metadata_aggregations.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_metric_aggregations.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_metric_aggregations.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/transform/generate_metric_aggregations.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/transform/generate_metric_aggregations.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/entities/uninstall_entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/entities/uninstall_entity_definition.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/entities/uninstall_entity_definition.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/entities/uninstall_entity_definition.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/errors.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/errors.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/errors.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/errors.ts diff --git a/x-pack/plugins/observability_solution/entity_manager/server/lib/manage_index_templates.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/manage_index_templates.ts new file mode 100644 index 0000000000000..f3591d82e0d25 --- /dev/null +++ b/x-pack/plugins/observability_solution/entity_manager/server/lib/manage_index_templates.ts @@ -0,0 +1,52 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ClusterPutComponentTemplateRequest, + IndicesPutIndexTemplateRequest, +} from '@elastic/elasticsearch/lib/api/types'; +import { ElasticsearchClient, Logger } from '@kbn/core/server'; + +interface TemplateManagementOptions { + esClient: ElasticsearchClient; + template: IndicesPutIndexTemplateRequest; + logger: Logger; +} + +interface ComponentManagementOptions { + esClient: ElasticsearchClient; + component: ClusterPutComponentTemplateRequest; + logger: Logger; +} + +export async function upsertTemplate({ esClient, template, logger }: TemplateManagementOptions) { + try { + await esClient.indices.putIndexTemplate(template); + } catch (error: any) { + logger.error(`Error updating entity manager index template: ${error.message}`); + return; + } + + logger.info( + `Entity manager index template is up to date (use debug logging to see what was installed)` + ); + logger.debug(`Entity manager index template: ${JSON.stringify(template)}`); +} + +export async function upsertComponent({ esClient, component, logger }: ComponentManagementOptions) { + try { + await esClient.cluster.putComponentTemplate(component); + } catch (error: any) { + logger.error(`Error updating entity manager component template: ${error.message}`); + return; + } + + logger.info( + `Entity manager component template is up to date (use debug logging to see what was installed)` + ); + logger.debug(`Entity manager component template: ${JSON.stringify(component)}`); +} diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/utils.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/utils.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/utils.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/utils.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/validators/validate_date_range.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/validators/validate_date_range.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/validators/validate_date_range.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/validators/validate_date_range.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/lib/validators/validation_error.ts b/x-pack/plugins/observability_solution/entity_manager/server/lib/validators/validation_error.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/lib/validators/validation_error.ts rename to x-pack/plugins/observability_solution/entity_manager/server/lib/validators/validation_error.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/plugin.ts b/x-pack/plugins/observability_solution/entity_manager/server/plugin.ts similarity index 58% rename from x-pack/plugins/observability_solution/asset_manager/server/plugin.ts rename to x-pack/plugins/observability_solution/entity_manager/server/plugin.ts index 46cfa228fde1a..e71f5b36bb468 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/plugin.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/plugin.ts @@ -16,55 +16,45 @@ import { } from '@kbn/core/server'; import { upsertComponent, upsertTemplate } from './lib/manage_index_templates'; import { setupRoutes } from './routes'; -import { assetsIndexTemplateConfig } from './templates/assets_template'; -import { AssetClient } from './lib/asset_client'; import { - AssetManagerPluginSetupDependencies, - AssetManagerPluginStartDependencies, - AssetManagerServerSetup, + EntityManagerPluginSetupDependencies, + EntityManagerPluginStartDependencies, + EntityManagerServerSetup, } from './types'; -import { AssetManagerConfig, configSchema, exposeToBrowserConfig } from '../common/config'; +import { EntityManagerConfig, configSchema, exposeToBrowserConfig } from '../common/config'; import { entitiesBaseComponentTemplateConfig } from './templates/components/base'; import { entitiesEventComponentTemplateConfig } from './templates/components/event'; import { entitiesIndexTemplateConfig } from './templates/entities_template'; import { entityDefinition, EntityDiscoveryApiKeyType } from './saved_objects'; import { entitiesEntityComponentTemplateConfig } from './templates/components/entity'; -export type AssetManagerServerPluginSetup = ReturnType; -export type AssetManagerServerPluginStart = ReturnType; +export type EntityManagerServerPluginSetup = ReturnType; +export type EntityManagerServerPluginStart = ReturnType; -export const config: PluginConfigDescriptor = { +export const config: PluginConfigDescriptor = { schema: configSchema, exposeToBrowser: exposeToBrowserConfig, }; -export class AssetManagerServerPlugin +export class EntityManagerServerPlugin implements Plugin< - AssetManagerServerPluginSetup, - AssetManagerServerPluginStart, - AssetManagerPluginSetupDependencies, - AssetManagerPluginStartDependencies + EntityManagerServerPluginSetup, + EntityManagerServerPluginStart, + EntityManagerPluginSetupDependencies, + EntityManagerPluginStartDependencies > { - public config: AssetManagerConfig; + public config: EntityManagerConfig; public logger: Logger; - public server?: AssetManagerServerSetup; + public server?: EntityManagerServerSetup; - constructor(context: PluginInitializerContext) { + constructor(context: PluginInitializerContext) { this.config = context.config.get(); this.logger = context.logger.get(); } - public setup(core: CoreSetup, plugins: AssetManagerPluginSetupDependencies) { - // Check for config value and bail out if not "alpha-enabled" - if (!this.config.alphaEnabled) { - this.logger.info('Server is NOT enabled'); - return; - } - - this.logger.info('Server is enabled'); - + public setup(core: CoreSetup, plugins: EntityManagerPluginSetupDependencies) { core.savedObjects.registerType(entityDefinition); core.savedObjects.registerType(EntityDiscoveryApiKeyType); plugins.encryptedSavedObjects.registerType({ @@ -73,38 +63,24 @@ export class AssetManagerServerPlugin attributesToIncludeInAAD: new Set(['id', 'name']), }); - const assetClient = new AssetClient({ - sourceIndices: this.config.sourceIndices, - getApmIndices: plugins.apmDataAccess.getApmIndices, - metricsClient: plugins.metricsDataAccess.client, - }); - const router = core.http.createRouter(); this.server = { config: this.config, logger: this.logger, - } as AssetManagerServerSetup; + } as EntityManagerServerSetup; setupRoutes({ router, - assetClient, logger: this.logger, spaces: plugins.spaces, server: this.server, }); - return { - assetClient, - }; + return {}; } - public start(core: CoreStart, plugins: AssetManagerPluginStartDependencies) { - // Check for config value and bail out if not "alpha-enabled" - if (!this.config.alphaEnabled) { - return; - } - + public start(core: CoreStart, plugins: EntityManagerPluginStartDependencies) { if (this.server) { this.server.core = core; this.server.isServerless = core.elasticsearch.getCapabilities().serverless; @@ -113,13 +89,8 @@ export class AssetManagerServerPlugin } const esClient = core.elasticsearch.client.asInternalUser; - upsertTemplate({ - esClient, - template: assetsIndexTemplateConfig, - logger: this.logger, - }).catch(() => {}); // it shouldn't reject, but just in case - // Install entities compoent templates and index template + // Install entities component templates and index template Promise.all([ upsertComponent({ esClient, diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/check.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/check.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/check.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/check.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/disable.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/disable.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/disable.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/enable.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/enablement/enable.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/enablement/enable.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/create.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/create.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/entities/create.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/entities/create.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/delete.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/delete.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/entities/delete.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/entities/delete.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/get.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/get.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/entities/get.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/entities/get.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/entities/reset.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/entities/reset.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/entities/reset.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/entities/reset.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/index.ts similarity index 72% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/index.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/index.ts index 67e6df7dff41b..1ee71ebd197df 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/index.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/index.ts @@ -8,12 +8,6 @@ import { RequestHandlerContext } from '@kbn/core/server'; import { SetupRouteOptions } from './types'; import { pingRoute } from './ping'; -import { sampleAssetsRoutes } from './sample_assets'; -import { assetsRoutes } from './assets'; -import { hostsRoutes } from './assets/hosts'; -import { servicesRoutes } from './assets/services'; -import { containersRoutes } from './assets/containers'; -import { podsRoutes } from './assets/pods'; import { createEntityDefinitionRoute } from './entities/create'; import { deleteEntityDefinitionRoute } from './entities/delete'; import { resetEntityDefinitionRoute } from './entities/reset'; @@ -24,12 +18,6 @@ import { disableEntityDiscoveryRoute } from './enablement/disable'; export function setupRoutes(dependencies: SetupRouteOptions) { pingRoute(dependencies); - sampleAssetsRoutes(dependencies); - assetsRoutes(dependencies); - hostsRoutes(dependencies); - servicesRoutes(dependencies); - containersRoutes(dependencies); - podsRoutes(dependencies); createEntityDefinitionRoute(dependencies); deleteEntityDefinitionRoute(dependencies); resetEntityDefinitionRoute(dependencies); diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/ping.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/ping.ts similarity index 79% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/ping.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/ping.ts index 3d7a20b5fd476..c5f6f65a49a52 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/ping.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/ping.ts @@ -6,18 +6,18 @@ */ import { RequestHandlerContextBase } from '@kbn/core-http-server'; -import { ASSET_MANAGER_API_BASE } from '../../common/constants_routes'; +import { ENTITY_API_PREFIX } from '../../common/constants_entities'; import { SetupRouteOptions } from './types'; export function pingRoute({ router }: SetupRouteOptions) { router.get( { - path: `${ASSET_MANAGER_API_BASE}/ping`, + path: `${ENTITY_API_PREFIX}/ping`, validate: false, }, async (_context, _req, res) => { return res.ok({ - body: { message: 'Asset Manager OK' }, + body: { message: 'Entity Manager OK' }, headers: { 'content-type': 'application/json' }, }); } diff --git a/x-pack/plugins/observability_solution/asset_manager/server/routes/types.ts b/x-pack/plugins/observability_solution/entity_manager/server/routes/types.ts similarity index 77% rename from x-pack/plugins/observability_solution/asset_manager/server/routes/types.ts rename to x-pack/plugins/observability_solution/entity_manager/server/routes/types.ts index 72cb202de2af3..e5c11777a57de 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/routes/types.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/routes/types.ts @@ -8,13 +8,11 @@ import { IRouter, RequestHandlerContextBase } from '@kbn/core-http-server'; import { Logger } from '@kbn/core/server'; import { SpacesPluginSetup } from '@kbn/spaces-plugin/server'; -import { AssetClient } from '../lib/asset_client'; -import { AssetManagerServerSetup } from '../types'; +import { EntityManagerServerSetup } from '../types'; export interface SetupRouteOptions { router: IRouter; - server: AssetManagerServerSetup; - assetClient: AssetClient; + server: EntityManagerServerSetup; logger: Logger; spaces?: SpacesPluginSetup; } diff --git a/x-pack/plugins/observability_solution/asset_manager/server/saved_objects/entity_definition.ts b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_definition.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/saved_objects/entity_definition.ts rename to x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_definition.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/saved_objects/entity_discovery_api_key.ts b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_discovery_api_key.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/saved_objects/entity_discovery_api_key.ts rename to x-pack/plugins/observability_solution/entity_manager/server/saved_objects/entity_discovery_api_key.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/saved_objects/index.ts b/x-pack/plugins/observability_solution/entity_manager/server/saved_objects/index.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/saved_objects/index.ts rename to x-pack/plugins/observability_solution/entity_manager/server/saved_objects/index.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/components/base.ts b/x-pack/plugins/observability_solution/entity_manager/server/templates/components/base.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/templates/components/base.ts rename to x-pack/plugins/observability_solution/entity_manager/server/templates/components/base.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/components/entity.ts b/x-pack/plugins/observability_solution/entity_manager/server/templates/components/entity.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/templates/components/entity.ts rename to x-pack/plugins/observability_solution/entity_manager/server/templates/components/entity.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/components/event.ts b/x-pack/plugins/observability_solution/entity_manager/server/templates/components/event.ts similarity index 100% rename from x-pack/plugins/observability_solution/asset_manager/server/templates/components/event.ts rename to x-pack/plugins/observability_solution/entity_manager/server/templates/components/event.ts diff --git a/x-pack/plugins/observability_solution/asset_manager/server/templates/entities_template.ts b/x-pack/plugins/observability_solution/entity_manager/server/templates/entities_template.ts similarity index 83% rename from x-pack/plugins/observability_solution/asset_manager/server/templates/entities_template.ts rename to x-pack/plugins/observability_solution/entity_manager/server/templates/entities_template.ts index f7d66a0b2a731..d728edcf01418 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/templates/entities_template.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/templates/entities_template.ts @@ -41,10 +41,8 @@ export const entitiesIndexTemplateConfig: IndicesPutIndexTemplateRequest = { { entity_metrics: { mapping: { - // @ts-expect-error this should work per: https://www.elastic.co/guide/en/elasticsearch/reference/current/dynamic-templates.html#match-mapping-type type: '{dynamic_type}', }, - // @ts-expect-error this should work per: https://www.elastic.co/guide/en/elasticsearch/reference/current/dynamic-templates.html#match-mapping-type match_mapping_type: ['long', 'double'], path_match: 'entity.metrics.*', }, diff --git a/x-pack/plugins/observability_solution/asset_manager/server/types.ts b/x-pack/plugins/observability_solution/entity_manager/server/types.ts similarity index 61% rename from x-pack/plugins/observability_solution/asset_manager/server/types.ts rename to x-pack/plugins/observability_solution/entity_manager/server/types.ts index 9df0485f31291..505f44eccf3ff 100644 --- a/x-pack/plugins/observability_solution/asset_manager/server/types.ts +++ b/x-pack/plugins/observability_solution/entity_manager/server/types.ts @@ -6,25 +6,18 @@ */ import { CoreStart, ElasticsearchClient, Logger } from '@kbn/core/server'; -import { - ApmDataAccessPluginSetup, - ApmDataAccessPluginStart, -} from '@kbn/apm-data-access-plugin/server'; -import { MetricsDataPluginSetup } from '@kbn/metrics-data-access-plugin/server'; import { SecurityPluginStart } from '@kbn/security-plugin/server'; import { EncryptedSavedObjectsPluginSetup, EncryptedSavedObjectsPluginStart, } from '@kbn/encrypted-saved-objects-plugin/server'; import { SpacesPluginSetup } from '@kbn/spaces-plugin/server'; -import { AssetClient } from './lib/asset_client'; -import { AssetManagerConfig } from '../common/config'; +import { EntityManagerConfig } from '../common/config'; -export interface AssetManagerServerSetup { +export interface EntityManagerServerSetup { core: CoreStart; - config: AssetManagerConfig; + config: EntityManagerConfig; logger: Logger; - assetClient: AssetClient; security: SecurityPluginStart; encryptedSavedObjects: EncryptedSavedObjectsPluginStart; isServerless: boolean; @@ -34,14 +27,12 @@ export interface ElasticsearchAccessorOptions { elasticsearchClient: ElasticsearchClient; } -export interface AssetManagerPluginSetupDependencies { - apmDataAccess: ApmDataAccessPluginSetup; - metricsDataAccess: MetricsDataPluginSetup; +export interface EntityManagerPluginSetupDependencies { encryptedSavedObjects: EncryptedSavedObjectsPluginSetup; spaces?: SpacesPluginSetup; } -export interface AssetManagerPluginStartDependencies { - apmDataAccess: ApmDataAccessPluginStart; + +export interface EntityManagerPluginStartDependencies { security: SecurityPluginStart; encryptedSavedObjects: EncryptedSavedObjectsPluginStart; } diff --git a/x-pack/plugins/observability_solution/asset_manager/tsconfig.json b/x-pack/plugins/observability_solution/entity_manager/tsconfig.json similarity index 81% rename from x-pack/plugins/observability_solution/asset_manager/tsconfig.json rename to x-pack/plugins/observability_solution/entity_manager/tsconfig.json index c153938f4b33e..176494e26e600 100644 --- a/x-pack/plugins/observability_solution/asset_manager/tsconfig.json +++ b/x-pack/plugins/observability_solution/entity_manager/tsconfig.json @@ -17,13 +17,8 @@ "@kbn/config-schema", "@kbn/core-http-server", "@kbn/core-elasticsearch-client-server-mocks", - "@kbn/io-ts-utils", - "@kbn/core-http-request-handler-context-server", "@kbn/datemath", - "@kbn/apm-data-access-plugin", - "@kbn/core-http-browser-mocks", "@kbn/logging", - "@kbn/metrics-data-access-plugin", "@kbn/core-elasticsearch-server", "@kbn/core-saved-objects-api-server", "@kbn/core-saved-objects-api-server-mocks", diff --git a/x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx b/x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx index 64bc20134a446..9e6d74c5f4cbd 100644 --- a/x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx +++ b/x-pack/plugins/observability_solution/infra/public/apps/logs_app.tsx @@ -12,6 +12,7 @@ import ReactDOM from 'react-dom'; import { Router, Routes, Route } from '@kbn/shared-ux-router'; import { AppMountParameters } from '@kbn/core/public'; import { Storage } from '@kbn/kibana-utils-plugin/public'; +import { AllDatasetsLocatorParams, ALL_DATASETS_LOCATOR_ID } from '@kbn/deeplinks-observability'; import { LinkToLogsPage } from '../pages/link_to/link_to_logs'; import { LogsPage } from '../pages/logs'; import { InfraClientStartDeps, InfraClientStartExports } from '../types'; @@ -73,6 +74,15 @@ const LogsApp: React.FC<{ toastsService={core.notifications.toasts} > + + plugins.share.url.locators + .get(ALL_DATASETS_LOCATOR_ID) + ?.navigate({}) + } + /> {uiCapabilities?.logs?.show && } diff --git a/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx b/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx new file mode 100644 index 0000000000000..71ae9698ea3b9 --- /dev/null +++ b/x-pack/plugins/observability_solution/infra/public/components/logs_deprecation_callout.tsx @@ -0,0 +1,76 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiCallOut } from '@elastic/eui'; +import React from 'react'; +import { i18n } from '@kbn/i18n'; +import { EuiButton } from '@elastic/eui'; +import { AllDatasetsLocatorParams, ALL_DATASETS_LOCATOR_ID } from '@kbn/deeplinks-observability'; +import { getRouterLinkProps } from '@kbn/router-utils'; +import useLocalStorage from 'react-use/lib/useLocalStorage'; + +import { euiThemeVars } from '@kbn/ui-theme'; +import { css } from '@emotion/css'; +import { SharePublicStart } from '@kbn/share-plugin/public/plugin'; +import { useKibanaContextForPlugin } from '../hooks/use_kibana'; + +const DISMISSAL_STORAGE_KEY = 'log_stream_deprecation_callout_dismissed'; + +export const LogsDeprecationCallout = () => { + const { + services: { share }, + } = useKibanaContextForPlugin(); + + const [isDismissed, setDismissed] = useLocalStorage(DISMISSAL_STORAGE_KEY, false); + + if (isDismissed) { + return null; + } + + return ( + setDismissed(true)} + className={calloutStyle} + > +

+ {i18n.translate('xpack.infra.logsDeprecationCallout.p.theNewLogsExplorerLabel', { + defaultMessage: + 'The new Logs Explorer makes viewing and inspecting your logs easier with more features, better performance, and more intuitive navigation. We recommend switching to Logs Explorer, as it will replace Logs Stream in a future version.', + })} +

+ + {i18n.translate('xpack.infra.logsDeprecationCallout.tryLogsExplorerButtonLabel', { + defaultMessage: 'Try Logs Explorer', + })} + + + ); +}; + +const getLogsExplorerLinkProps = (share: SharePublicStart) => { + const locator = share.url.locators.get(ALL_DATASETS_LOCATOR_ID)!; + + return getRouterLinkProps({ + href: locator.getRedirectUrl({}), + onClick: () => locator.navigate({}), + }); +}; + +const calloutStyle = css` + margin-bottom: ${euiThemeVars.euiSizeL}; +`; diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/page_content.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/page_content.tsx index 53ffdb4236b23..d64b4866a4671 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/page_content.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/page_content.tsx @@ -107,7 +107,6 @@ export const LogsPageContent: React.FunctionComponent = () => { )} - ( + diff --git a/x-pack/plugins/observability_solution/infra/public/plugin.ts b/x-pack/plugins/observability_solution/infra/public/plugin.ts index 20f819b7eb34d..f323d7adb6297 100644 --- a/x-pack/plugins/observability_solution/infra/public/plugin.ts +++ b/x-pack/plugins/observability_solution/infra/public/plugin.ts @@ -21,7 +21,8 @@ import { BehaviorSubject, combineLatest, from } from 'rxjs'; import { map } from 'rxjs'; import type { EmbeddableApiContext } from '@kbn/presentation-publishing'; import { apiCanAddNewPanel } from '@kbn/presentation-containers'; -import { IncompatibleActionError } from '@kbn/ui-actions-plugin/public'; +import { IncompatibleActionError, ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; +import { COMMON_EMBEDDABLE_GROUPING } from '@kbn/embeddable-plugin/public'; import type { InfraPublicConfig } from '../common/plugin_config_types'; import { createInventoryMetricRuleType } from './alerting/inventory'; import { createLogThresholdRuleType } from './alerting/log_threshold'; @@ -400,6 +401,8 @@ export class Plugin implements InfraClientPluginClass { plugins.uiActions.registerAction({ id: ADD_LOG_STREAM_ACTION_ID, + grouping: [COMMON_EMBEDDABLE_GROUPING.legacy], + order: 30, getDisplayName: () => i18n.translate('xpack.infra.logStreamEmbeddable.displayName', { defaultMessage: 'Log stream', @@ -427,7 +430,7 @@ export class Plugin implements InfraClientPluginClass { ); }, }); - plugins.uiActions.attachAction('ADD_PANEL_TRIGGER', ADD_LOG_STREAM_ACTION_ID); + plugins.uiActions.attachAction(ADD_PANEL_TRIGGER, ADD_LOG_STREAM_ACTION_ID); const startContract: InfraClientStartExports = { inventoryViews, diff --git a/x-pack/plugins/observability_solution/infra/public/register_feature.ts b/x-pack/plugins/observability_solution/infra/public/register_feature.ts index 968dc72f217e6..9615a2545d542 100644 --- a/x-pack/plugins/observability_solution/infra/public/register_feature.ts +++ b/x-pack/plugins/observability_solution/infra/public/register_feature.ts @@ -25,7 +25,7 @@ export const registerFeatures = (homePlugin: HomePublicPluginSetup) => { }); homePlugin.featureCatalogue.register({ - id: 'logs', + id: 'observability-logs-explorer', title: i18n.translate('xpack.infra.registerFeatures.logsTitle', { defaultMessage: 'Logs', }), @@ -34,7 +34,7 @@ export const registerFeatures = (homePlugin: HomePublicPluginSetup) => { 'Stream logs in real time or scroll through historical views in a console-like experience.', }), icon: 'logsApp', - path: `/app/logs`, + path: `/app/observability-logs-explorer`, showOnHomePage: false, category: 'data', }); diff --git a/x-pack/plugins/observability_solution/logs_explorer/kibana.jsonc b/x-pack/plugins/observability_solution/logs_explorer/kibana.jsonc index 54c4dbe5d8684..b19d2ad0b4e07 100644 --- a/x-pack/plugins/observability_solution/logs_explorer/kibana.jsonc +++ b/x-pack/plugins/observability_solution/logs_explorer/kibana.jsonc @@ -12,21 +12,16 @@ "logsExplorer" ], "requiredPlugins": [ - "controls", "data", "dataViews", "discover", - "embeddable", "fieldFormats", - "fleet", - "kibanaReact", - "kibanaUtils", "navigation", "share", "unifiedSearch", ], "optionalPlugins": [], - "requiredBundles": [], + "requiredBundles": ["controls","embeddable","fleet", "kibanaReact", "kibanaUtils"], "extraPublicDirs": [ "common", ] diff --git a/x-pack/plugins/observability_solution/logs_explorer/public/customizations/custom_data_source_filters.tsx b/x-pack/plugins/observability_solution/logs_explorer/public/customizations/custom_data_source_filters.tsx index 6ffd91e5c9e2f..6b3cf49c0e63c 100644 --- a/x-pack/plugins/observability_solution/logs_explorer/public/customizations/custom_data_source_filters.tsx +++ b/x-pack/plugins/observability_solution/logs_explorer/public/customizations/custom_data_source_filters.tsx @@ -46,6 +46,10 @@ const ControlGroupContainer = euiStyled.div` display: none; } +[data-test-subj='controls-group-wrapper'] { + min-height: 32px; +} + [data-test-subj='optionsListControl__sortingOptionsButton'] { display: none; } diff --git a/x-pack/plugins/observability_solution/logs_shared/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts b/x-pack/plugins/observability_solution/logs_shared/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts index e4eed9b61d349..a6ce92ad25126 100644 --- a/x-pack/plugins/observability_solution/logs_shared/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts +++ b/x-pack/plugins/observability_solution/logs_shared/server/lib/adapters/log_entries/kibana_log_entries_adapter.ts @@ -225,7 +225,7 @@ function mapHitsToLogEntryDocuments(hits: SortedSearchHit[], fields: string[]): ); return { - id: hit._id, + id: hit._id!, index: hit._index, cursor: { time: hit.sort[0], tiebreaker: hit.sort[1] }, fields: logFields, diff --git a/x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts b/x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts index 67437421e4bad..e993c919c3368 100644 --- a/x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts +++ b/x-pack/plugins/observability_solution/observability/common/custom_threshold_rule/helpers/get_group.ts @@ -7,7 +7,7 @@ import { Filter } from '@kbn/es-query'; import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; -import { Group } from '../../typings'; +import type { Group } from '../../typings'; /* * groupFieldName diff --git a/x-pack/plugins/observability_solution/observability/public/application/application.test.tsx b/x-pack/plugins/observability_solution/observability/public/application/application.test.tsx index 5b01eb93b788b..c1148cb7d38df 100644 --- a/x-pack/plugins/observability_solution/observability/public/application/application.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/application/application.test.tsx @@ -74,14 +74,13 @@ describe('renderApp', () => { theme$: themeServiceMock.createTheme$(), } as unknown as AppMountParameters; - const config = { + const config: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, }, }, - } as ConfigSchema; + }; it('renders', async () => { expect(() => { diff --git a/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/get_alert_search_bar_lazy.tsx b/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/get_alert_search_bar_lazy.tsx index 3cd1c1e88c353..433765c27adb2 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/get_alert_search_bar_lazy.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/alert_search_bar/get_alert_search_bar_lazy.tsx @@ -7,7 +7,7 @@ import React, { lazy, Suspense } from 'react'; import { EuiLoadingSpinner } from '@elastic/eui'; -import { ObservabilityAlertSearchBarProps } from './types'; +import type { ObservabilityAlertSearchBarProps } from './types'; const ObservabilityAlertSearchBarLazy = lazy(() => import('./alert_search_bar')); diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx new file mode 100644 index 0000000000000..2b8a79401de70 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/index.tsx @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { lazy, Suspense } from 'react'; +import type { RuleConditionChartProps } from './rule_condition_chart'; + +const RuleConditionChartLazy = lazy(() => import('./rule_condition_chart')); + +export function RuleConditionChart(props: RuleConditionChartProps) { + return ( + + + + ); +} diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx index a8710004876ff..407637520dda7 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/rule_condition_chart/rule_condition_chart.tsx @@ -69,7 +69,7 @@ export interface RuleConditionChartExpressions { timeUnit?: TimeUnitChar; equation?: string; } -interface RuleConditionChartProps { +export interface RuleConditionChartProps { metricExpression: RuleConditionChartExpressions; searchConfiguration: GenericSearchSourceFields; dataView?: DataView; @@ -471,3 +471,6 @@ export function RuleConditionChart({
); } + +// eslint-disable-next-line import/no-default-export +export default RuleConditionChart; diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx index e8545276c572a..61e56b6175838 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/autocomplete_field/autocomplete_field.tsx @@ -21,7 +21,7 @@ function composeStateUpdaters(...updaters: Array updater(currentState, props) || currentState, state); } -interface AutocompleteFieldProps { +export interface AutocompleteFieldProps { isLoadingSuggestions: boolean; isValid: boolean; loadSuggestions: (value: string, cursorPosition: number, maxCount?: number) => void; @@ -330,3 +330,6 @@ const withUnfocused = (state: AutocompleteFieldState) => ({ ...state, isFocused: false, }); + +// eslint-disable-next-line import/no-default-export +export default AutocompleteField; diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx new file mode 100644 index 0000000000000..a7ed90f1a9f4d --- /dev/null +++ b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/index.tsx @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { lazy, Suspense } from 'react'; +import type { WithKueryAutocompletionLifecycleProps } from './with_kuery_autocompletion'; +import type { AutocompleteFieldProps } from './autocomplete_field'; +import type { RuleFlyoutKueryBarProps } from './kuery_bar'; + +const RuleFlyoutKueryBarLazy = lazy(() => import('./kuery_bar')); + +export function RuleFlyoutKueryBar(props: RuleFlyoutKueryBarProps) { + return ( + + + + ); +} + +const AutocompleteFieldLazy = lazy(() => import('./autocomplete_field/autocomplete_field')); + +export function AutocompleteField(props: AutocompleteFieldProps) { + return ( + + + + ); +} + +const WithKueryAutocompletionLazy = lazy(() => import('./with_kuery_autocompletion')); + +export function WithKueryAutocompletion(props: WithKueryAutocompletionLifecycleProps) { + return ( + + + + ); +} diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx index 26115ec331021..1e8359da2aab6 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/kuery_bar.tsx @@ -22,7 +22,7 @@ type LoadSuggestionsFn = ( ) => void; export type CurryLoadSuggestionsType = (loadSuggestions: LoadSuggestionsFn) => LoadSuggestionsFn; -interface Props { +export interface RuleFlyoutKueryBarProps { derivedIndexPattern: DataViewBase; onSubmit: (query: string) => void; onChange?: (query: string) => void; @@ -49,7 +49,7 @@ export function RuleFlyoutKueryBar({ placeholder, curryLoadSuggestions = defaultCurryLoadSuggestions, compressed, -}: Props) { +}: RuleFlyoutKueryBarProps) { const [draftQuery, setDraftQuery] = useState(value || ''); const [isValid, setValidation] = useState(true); @@ -100,3 +100,6 @@ const defaultCurryLoadSuggestions: CurryLoadSuggestionsType = (loadSuggestions) => (...args) => loadSuggestions(...args); + +// eslint-disable-next-line import/no-default-export +export default RuleFlyoutKueryBar; diff --git a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx index 2325434a08234..0d43abc758acb 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/rule_kql_filter/with_kuery_autocompletion.tsx @@ -16,7 +16,7 @@ import type { DataView } from '@kbn/data-views-plugin/public'; import { QuerySuggestion } from '@kbn/unified-search-plugin/public'; import { InfraClientStartDeps, RendererFunction } from '../custom_threshold/types'; -interface WithKueryAutocompletionLifecycleProps { +export interface WithKueryAutocompletionLifecycleProps { kibana: KibanaReactContextValue; children: RendererFunction<{ isLoadingSuggestions: boolean; @@ -111,3 +111,6 @@ class WithKueryAutocompletionComponent extends React.Component< export const WithKueryAutocompletion = withKibana( WithKueryAutocompletionComponent ); + +// eslint-disable-next-line import/no-default-export +export default WithKueryAutocompletion; diff --git a/x-pack/plugins/observability_solution/observability/public/hooks/use_fetch_alert_data.ts b/x-pack/plugins/observability_solution/observability/public/hooks/use_fetch_alert_data.ts index ce1a5ed10a8e0..b9254a979a53c 100644 --- a/x-pack/plugins/observability_solution/observability/public/hooks/use_fetch_alert_data.ts +++ b/x-pack/plugins/observability_solution/observability/public/hooks/use_fetch_alert_data.ts @@ -63,7 +63,7 @@ const getAlertsGroupedById = ( return data.hits.hits.reduce( (acc, { _id, _index, _source }) => ({ ...acc, - [_id]: { + [_id!]: { _id, _index, ..._source, diff --git a/x-pack/plugins/observability_solution/observability/public/index.ts b/x-pack/plugins/observability_solution/observability/public/index.ts index 665bdeb0569b3..27b715a6d8f7e 100644 --- a/x-pack/plugins/observability_solution/observability/public/index.ts +++ b/x-pack/plugins/observability_solution/observability/public/index.ts @@ -57,14 +57,14 @@ export { export type { RulesParams } from './locators/rules'; export { getCoreVitalsComponent } from './pages/overview/components/sections/ux/core_web_vitals/get_core_web_vitals_lazy'; export { ObservabilityAlertSearchBar } from './components/alert_search_bar/get_alert_search_bar_lazy'; -export { DatePicker } from './pages/overview/components/date_picker/date_picker'; +export { DatePicker } from './pages/overview/components/date_picker'; export const LazyAlertsFlyout = lazy(() => import('./components/alerts_flyout/alerts_flyout')); export * from './typings'; import { TopAlert } from './typings/alerts'; -import { AlertSummary } from './pages/alert_details/components/alert_summary'; -import { AlertSummaryField } from './pages/alert_details/components/alert_summary'; +import { AlertSummary } from './pages/alert_details/components'; +import type { AlertSummaryField } from './pages/alert_details/components/alert_summary'; export type { TopAlert, AlertSummary, AlertSummaryField }; export { observabilityFeatureId, observabilityAppId } from '../common'; @@ -73,8 +73,6 @@ export { useFetchDataViews } from './hooks/use_fetch_data_views'; export { useTimeBuckets } from './hooks/use_time_buckets'; export { createUseRulesLink } from './hooks/create_use_rules_link'; export { useSummaryTimeRange } from './hooks/use_summary_time_range'; -export { useGetFilteredRuleTypes } from './hooks/use_get_filtered_rule_types'; -export { useCreateRule } from './hooks/use_create_rule'; export { getApmTraceUrl } from './utils/get_apm_trace_url'; export { buildEsQuery } from './utils/build_es_query'; @@ -94,11 +92,12 @@ export { calculateTimeRangeBucketSize } from './pages/overview/helpers/calculate export type { render } from './utils/test_helper'; export { convertTo } from '../common/utils/formatters/duration'; -export { getElasticsearchQueryOrThrow } from '../common/utils/parse_kuery'; export { formatAlertEvaluationValue } from './utils/format_alert_evaluation_value'; -export { WithKueryAutocompletion } from './components/rule_kql_filter/with_kuery_autocompletion'; -export { AutocompleteField } from './components/rule_kql_filter/autocomplete_field'; -export { RuleFlyoutKueryBar } from './components/rule_kql_filter/kuery_bar'; -export { RuleConditionChart } from './components/rule_condition_chart/rule_condition_chart'; +export { + RuleFlyoutKueryBar, + AutocompleteField, + WithKueryAutocompletion, +} from './components/rule_kql_filter'; +export { RuleConditionChart } from './components/rule_condition_chart'; export { getGroupFilters } from '../common/custom_threshold_rule/helpers/get_group'; export type { GenericAggType } from './components/rule_condition_chart/rule_condition_chart'; diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx index 466e68267424d..4706bed7f5635 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx @@ -96,7 +96,6 @@ const params = { const config: Subset = { unsafe: { alertDetails: { - metrics: { enabled: true }, uptime: { enabled: true }, }, }, diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx index 82c22626aab85..7738b27089a57 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx @@ -28,7 +28,7 @@ export interface AlertSummaryField { label: ReactNode | string; value: ReactNode | string | number; } -interface AlertSummaryProps { +export interface AlertSummaryProps { alert: TopAlert; alertSummaryFields?: AlertSummaryField[]; } @@ -110,3 +110,6 @@ export function AlertSummary({ alert, alertSummaryFields }: AlertSummaryProps) { ); } + +// eslint-disable-next-line import/no-default-export +export default AlertSummary; diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx new file mode 100644 index 0000000000000..8af473faab59d --- /dev/null +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { lazy, Suspense } from 'react'; +import type { AlertSummaryProps } from './alert_summary'; + +const AlertSummaryLazy = lazy(() => import('./alert_summary')); + +export function AlertSummary(props: AlertSummaryProps) { + return ( + + + + ); +} diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.tsx index c9f43ee75bf0c..91ba564df7216 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.tsx @@ -23,16 +23,11 @@ import { ALERT_DURATION, ALERT_FLAPPING, ALERT_RULE_CATEGORY, - ALERT_RULE_TYPE_ID, TIMESTAMP, } from '@kbn/rule-data-utils'; import { css } from '@emotion/react'; import { asDuration } from '../../../../common/utils/formatters'; import { TopAlert } from '../../../typings/alerts'; -import { ExperimentalBadge } from '../../../components/experimental_badge'; -import { METRIC_THRESHOLD_ALERT_TYPE_ID } from '../alert_details'; -import { isAlertDetailsEnabledPerApp } from '../../../utils/is_alert_details_enabled'; -import { usePluginContext } from '../../../hooks/use_plugin_context'; export interface PageTitleProps { alert: TopAlert | null; @@ -52,19 +47,13 @@ export function pageTitleContent(ruleCategory: string) { export function PageTitle({ alert, alertStatus, dataTestSubj }: PageTitleProps) { const { euiTheme } = useEuiTheme(); - const { config } = usePluginContext(); if (!alert) return ; - const showExperimentalBadge = alert.fields[ALERT_RULE_TYPE_ID] === METRIC_THRESHOLD_ALERT_TYPE_ID; - return (
{pageTitleContent(alert.fields[ALERT_RULE_CATEGORY])} - {isAlertDetailsEnabledPerApp(alert, config) && showExperimentalBadge && ( - - )} diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alerts/alerts.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alerts/alerts.test.tsx index 248deae214328..a5067c2968bb5 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alerts/alerts.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alerts/alerts.test.tsx @@ -68,7 +68,6 @@ jest.spyOn(pluginContext, 'usePluginContext').mockImplementation(() => ({ unsafe: { alertDetails: { apm: { enabled: false }, - metrics: { enabled: false }, uptime: { enabled: false }, }, }, diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alerts/components/alert_actions.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alerts/components/alert_actions.test.tsx index 71f7a3db59ee7..da814c916ea15 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alerts/components/alert_actions.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alerts/components/alert_actions.test.tsx @@ -63,14 +63,13 @@ jest.mock('@kbn/triggers-actions-ui-plugin/public/common/lib/kibana/kibana_react })), })); -const config = { +const config: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, }, }, -} as ConfigSchema; +}; const getFormatterMock = jest.fn(); const createRuleTypeRegistryMock = () => ({ diff --git a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx index e3bb21a460067..56ec220cbb940 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/date_picker.tsx @@ -16,17 +16,7 @@ export interface TimePickerQuickRange { display: string; } -export interface TimePickerRefreshInterval { - pause: boolean; - value: number; -} - -export interface TimePickerTimeDefaults { - from: string; - to: string; -} - -interface DatePickerProps { +export interface DatePickerProps { rangeFrom?: string; rangeTo?: string; refreshPaused?: boolean; diff --git a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx new file mode 100644 index 0000000000000..033de0beff657 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/date_picker/index.tsx @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { lazy, Suspense } from 'react'; +import type { DatePickerProps } from './date_picker'; + +const DatePickerLazy = lazy(() => import('./date_picker')); + +export function DatePicker(props: DatePickerProps) { + return ( + + + + ); +} diff --git a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/sections/apm/apm_section.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/sections/apm/apm_section.test.tsx index 4c033be971e68..683d6bd4d9107 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/overview/components/sections/apm/apm_section.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/overview/components/sections/apm/apm_section.test.tsx @@ -49,14 +49,13 @@ describe('APMSection', () => { from: '2020-10-08T06:00:00.000Z', to: '2020-10-08T07:00:00.000Z', }); - const config = { + const config: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, }, }, - } as ConfigSchema; + }; jest.spyOn(pluginContext, 'usePluginContext').mockImplementation(() => ({ appMountParameters: {} as AppMountParameters, diff --git a/x-pack/plugins/observability_solution/observability/public/pages/overview/overview.stories.tsx b/x-pack/plugins/observability_solution/observability/public/pages/overview/overview.stories.tsx index a1023f33f4313..4a9c44151e03c 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/overview/overview.stories.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/overview/overview.stories.tsx @@ -81,7 +81,6 @@ const withCore = makeDecorator({ const config: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, observability: { enabled: false }, }, diff --git a/x-pack/plugins/observability_solution/observability/public/pages/rules/rules.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/rules/rules.test.tsx index 785bbf73c1e99..d8dfec4098f66 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/rules/rules.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/rules/rules.test.tsx @@ -58,7 +58,6 @@ jest.spyOn(pluginContext, 'usePluginContext').mockImplementation(() => ({ unsafe: { alertDetails: { apm: { enabled: false }, - metrics: { enabled: false }, uptime: { enabled: false }, observability: { enabled: false }, }, diff --git a/x-pack/plugins/observability_solution/observability/public/plugin.ts b/x-pack/plugins/observability_solution/observability/public/plugin.ts index ae2fb27aef374..da32d0ab37146 100644 --- a/x-pack/plugins/observability_solution/observability/public/plugin.ts +++ b/x-pack/plugins/observability_solution/observability/public/plugin.ts @@ -90,9 +90,6 @@ import { registerObservabilityRuleTypes } from './rules/register_observability_r export interface ConfigSchema { unsafe: { alertDetails: { - metrics: { - enabled: boolean; - }; logs?: { enabled: boolean; }; diff --git a/x-pack/plugins/observability_solution/observability/public/rules/observability_rule_type_registry_mock.ts b/x-pack/plugins/observability_solution/observability/public/rules/observability_rule_type_registry_mock.ts index 4a2f8cfc3ba8c..30a6c6eda7149 100644 --- a/x-pack/plugins/observability_solution/observability/public/rules/observability_rule_type_registry_mock.ts +++ b/x-pack/plugins/observability_solution/observability/public/rules/observability_rule_type_registry_mock.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { ObservabilityRuleTypeRegistry } from './create_observability_rule_type_registry'; +import type { ObservabilityRuleTypeRegistry } from './create_observability_rule_type_registry'; const createRuleTypeRegistryMock = () => ({ getFormatter: () => () => 'a reason', diff --git a/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.test.ts b/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.test.ts index 101e10a314451..8819bdb71aa14 100644 --- a/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.test.ts +++ b/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.test.ts @@ -28,14 +28,13 @@ import { ConfigSchema } from '../plugin'; import { isAlertDetailsEnabledPerApp } from './is_alert_details_enabled'; import type { TopAlert } from '../typings/alerts'; -const defaultConfig = { +const defaultConfig: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, }, }, -} as ConfigSchema; +}; describe('isAlertDetailsEnabled', () => { describe('Logs alert', () => { const logsAlert = { @@ -63,14 +62,13 @@ describe('isAlertDetailsEnabled', () => { lastUpdated: 1630588131750, } as unknown as TopAlert; it('returns TRUE when rule type is logs.alert.document.count', () => { - const updatedConfig = { + const updatedConfig: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, }, }, - } as ConfigSchema; + }; expect(isAlertDetailsEnabledPerApp(logsAlert, updatedConfig)).toBeTruthy(); }); }); @@ -104,14 +102,13 @@ describe('isAlertDetailsEnabled', () => { }); it('returns TRUE when rule type is apm.transaction_duration', () => { - const updatedConfig = { + const updatedConfig: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, }, }, - } as ConfigSchema; + }; const apmTransactionDurationAlert = { ...APMAlert, fields: { ...APMAlert.fields, [ALERT_RULE_TYPE_ID]: 'apm.transaction_duration' }, @@ -129,7 +126,7 @@ describe('isAlertDetailsEnabled', () => { [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_RULE_UUID]: 'db2ab7c0-0bec-11ec-9ae2-5b10ca924404', [ALERT_START]: '2021-09-02T12:54:09.674Z', - [ALERT_RULE_TYPE_ID]: 'metrics.alert.inventory.threshold', + [ALERT_RULE_TYPE_ID]: 'metrics.alert.threshold', [EVENT_ACTION]: 'active', [ALERT_EVALUATION_VALUE]: 1957, [ALERT_INSTANCE_ID]: '*', @@ -144,20 +141,8 @@ describe('isAlertDetailsEnabled', () => { start: 1630587249674, lastUpdated: 1630588131750, } as unknown as TopAlert; - it('returns FALSE when metrics: { enabled: false }', () => { - expect(isAlertDetailsEnabledPerApp(metricsAlert, defaultConfig)).toBeFalsy(); - }); - - it('returns TRUE when metrics: { enabled: true }', () => { - const updatedConfig = { - unsafe: { - alertDetails: { - metrics: { enabled: true }, - uptime: { enabled: false }, - }, - }, - } as ConfigSchema; - expect(isAlertDetailsEnabledPerApp(metricsAlert, updatedConfig)).toBeTruthy(); + it('returns TRUE when rule type is metrics.alert.threshold', () => { + expect(isAlertDetailsEnabledPerApp(metricsAlert, defaultConfig)).toBeTruthy(); }); }); describe('Uptime alert', () => { @@ -231,25 +216,23 @@ describe('isAlertDetailsEnabled', () => { }); it('returns FALSE when no alert provided', () => { - const updatedConfig = { + const updatedConfig: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: true }, uptime: { enabled: true }, }, }, - } as ConfigSchema; + }; expect(isAlertDetailsEnabledPerApp(null, updatedConfig)).toBeFalsy(); }); it('returns FALSE when a none-listed rule type is checked', () => { - const updatedConfig = { + const updatedConfig: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: true }, uptime: { enabled: true }, }, }, - } as ConfigSchema; + }; const noneListedRuleType = { reason: 'reason message', fields: { diff --git a/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.ts b/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.ts index 3126afc7b5f9d..2775548df21df 100644 --- a/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.ts +++ b/x-pack/plugins/observability_solution/observability/public/utils/is_alert_details_enabled.ts @@ -9,6 +9,7 @@ import { ALERT_RULE_TYPE_ID } from '@kbn/rule-data-utils'; import { ApmRuleType, LOG_THRESHOLD_ALERT_TYPE_ID, + METRIC_THRESHOLD_ALERT_TYPE_ID, OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, SLO_BURN_RATE_RULE_TYPE_ID, } from '@kbn/rule-data-utils'; @@ -18,14 +19,17 @@ import type { TopAlert } from '../typings/alerts'; const ALLOWED_RULE_TYPES = [ ApmRuleType.TransactionDuration, LOG_THRESHOLD_ALERT_TYPE_ID, + METRIC_THRESHOLD_ALERT_TYPE_ID, OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, SLO_BURN_RATE_RULE_TYPE_ID, ]; const isUnsafeAlertDetailsFlag = ( subject: string -): subject is keyof Omit => - ['uptime', 'metrics'].includes(subject); +): subject is keyof Omit< + ConfigSchema['unsafe']['alertDetails'], + 'logs' | 'observability' | 'metrics' +> => ['uptime'].includes(subject); // We are mapping the ruleTypeId from the feature flag with the ruleTypeId from the alert // to know whether the feature flag is enabled or not. diff --git a/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.storybook_decorator.tsx b/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.storybook_decorator.tsx index b8b4fe5ad142a..593c2eafa920e 100644 --- a/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.storybook_decorator.tsx +++ b/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.storybook_decorator.tsx @@ -28,7 +28,6 @@ export function KibanaReactStorybookDecorator(Story: ComponentType) { const config: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, observability: { enabled: false }, }, diff --git a/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.ts b/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.ts index 209e0ce4b2382..4797a76f0e535 100644 --- a/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.ts +++ b/x-pack/plugins/observability_solution/observability/public/utils/kibana_react.ts @@ -8,7 +8,7 @@ import { CoreStart } from '@kbn/core/public'; import { useKibana } from '@kbn/kibana-react-plugin/public'; import { Storage } from '@kbn/kibana-utils-plugin/public'; -import { ObservabilityPublicPluginsStart } from '../plugin'; +import type { ObservabilityPublicPluginsStart } from '../plugin'; export type StartServices = CoreStart & ObservabilityPublicPluginsStart & diff --git a/x-pack/plugins/observability_solution/observability/public/utils/test_helper.tsx b/x-pack/plugins/observability_solution/observability/public/utils/test_helper.tsx index 35ab846a79fcf..dca5d29851469 100644 --- a/x-pack/plugins/observability_solution/observability/public/utils/test_helper.tsx +++ b/x-pack/plugins/observability_solution/observability/public/utils/test_helper.tsx @@ -32,7 +32,6 @@ export const data = dataPluginMock.createStartContract(); const defaultConfig: ConfigSchema = { unsafe: { alertDetails: { - metrics: { enabled: false }, uptime: { enabled: false }, }, }, diff --git a/x-pack/plugins/observability_solution/observability/server/index.ts b/x-pack/plugins/observability_solution/observability/server/index.ts index 6486731fcd90c..55df44f257501 100644 --- a/x-pack/plugins/observability_solution/observability/server/index.ts +++ b/x-pack/plugins/observability_solution/observability/server/index.ts @@ -84,6 +84,7 @@ export const config: PluginConfigDescriptor = { deprecations: ({ unused }) => [ unused('unsafe.thresholdRule.enabled', { level: 'warning' }), unused('unsafe.alertDetails.logs.enabled', { level: 'warning' }), + unused('unsafe.alertDetails.metrics.enabled', { level: 'warning' }), unused('unsafe.alertDetails.observability.enabled', { level: 'warning' }), ], }; diff --git a/x-pack/plugins/observability_solution/observability/tsconfig.json b/x-pack/plugins/observability_solution/observability/tsconfig.json index 84ef4bc7eee11..da98c7fc6494b 100644 --- a/x-pack/plugins/observability_solution/observability/tsconfig.json +++ b/x-pack/plugins/observability_solution/observability/tsconfig.json @@ -52,7 +52,6 @@ "@kbn/logging", "@kbn/share-plugin", "@kbn/core-notifications-browser", - "@kbn/slo-schema", "@kbn/guided-onboarding", "@kbn/charts-plugin", "@kbn/securitysolution-ecs", diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight_base.tsx b/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight_base.tsx index 7e54d7671237c..97f2e0a71a0c6 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight_base.tsx +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/public/components/insight/insight_base.tsx @@ -60,7 +60,7 @@ export function InsightBase({ return ( diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts index 61a8b6adf3ed3..81a9cffc6d033 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/elasticsearch.ts @@ -38,9 +38,8 @@ export function registerElasticsearchFunction({ }, }, async ({ arguments: { method, path, body } }) => { - const response = await ( - await resources.context.core - ).elasticsearch.client.asCurrentUser.transport.request({ + const esClient = (await resources.context.core).elasticsearch.client; + const response = esClient.asCurrentUser.transport.request({ method, path, body, diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/get_relevant_field_names.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/get_relevant_field_names.ts index 557f09784c7f9..74d786bb6727d 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/get_relevant_field_names.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/get_relevant_field_names.ts @@ -33,7 +33,7 @@ export async function getRelevantFieldNames({ messages: Message[]; chat: FunctionCallChatFunction; signal: AbortSignal; -}): Promise<{ fields: string[] }> { +}): Promise<{ fields: string[]; stats: { analyzed: number; total: number } }> { const dataViewsService = await dataViews.dataViewsServiceFactory(savedObjectsClient, esClient); const hasAnyHitsResponse = await esClient.search({ @@ -89,8 +89,13 @@ export async function getRelevantFieldNames({ const shortIdTable = new ShortIdTable(); + const MAX_CHUNKS = 5; + const FIELD_NAMES_PER_CHUNK = 250; + + const fieldNamesToAnalyze = fieldNames.slice(0, MAX_CHUNKS * FIELD_NAMES_PER_CHUNK); + const relevantFields = await Promise.all( - chunk(fieldNames, 250).map(async (fieldsInChunk) => { + chunk(fieldNamesToAnalyze, FIELD_NAMES_PER_CHUNK).map(async (fieldsInChunk) => { const chunkResponse$ = ( await chat('get_relevant_dataset_names', { signal, @@ -165,5 +170,8 @@ export async function getRelevantFieldNames({ }) ); - return { fields: relevantFields.flat() }; + return { + fields: relevantFields.flat(), + stats: { analyzed: fieldNamesToAnalyze.length, total: fieldNames.length }, + }; } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts index bac7963cecbdf..57cac3a4e0c0f 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/functions/get_dataset_info/index.ts @@ -41,14 +41,14 @@ export function registerGetDatasetInfoFunction({ async ({ arguments: { index }, messages, chat }, signal) => { const coreContext = await resources.context.core; - const esClient = coreContext.elasticsearch.client.asCurrentUser; + const esClient = coreContext.elasticsearch.client; const savedObjectsClient = coreContext.savedObjects.client; let indices: string[] = []; try { - const body = await esClient.indices.resolveIndex({ - name: index === '' ? '*' : index, + const body = await esClient.asCurrentUser.indices.resolveIndex({ + name: index === '' ? '*' : index.split(','), expand_wildcards: 'open', }); indices = [ @@ -81,17 +81,17 @@ export function registerGetDatasetInfoFunction({ const relevantFieldNames = await getRelevantFieldNames({ index, messages, - esClient, + esClient: esClient.asCurrentUser, dataViews: await resources.plugins.dataViews.start(), savedObjectsClient, signal, chat, }); - return { content: { indices: [index], fields: relevantFieldNames.fields, + stats: relevantFieldNames.stats, }, }; } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts index dacd52648a6b8..139955742ef6e 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/index.ts @@ -153,7 +153,7 @@ export class ObservabilityAIAssistantClient { } await this.dependencies.esClient.asInternalUser.delete({ - id: conversation._id, + id: conversation._id!, index: conversation._index, refresh: true, }); @@ -634,7 +634,7 @@ export class ObservabilityAIAssistantClient { ); await this.dependencies.esClient.asInternalUser.update({ - id: persistedConversation._id, + id: persistedConversation._id!, index: persistedConversation._index, doc: updatedConversation, refresh: true, @@ -663,7 +663,7 @@ export class ObservabilityAIAssistantClient { ); await this.dependencies.esClient.asInternalUser.update({ - id: document._id, + id: document._id!, index: document._index, doc: { conversation: { title } }, refresh: true, @@ -706,7 +706,7 @@ export class ObservabilityAIAssistantClient { user: this.dependencies.user, queries, categories, - asCurrentUser: this.dependencies.esClient.asCurrentUser, + esClient: this.dependencies.esClient, uiSettingsClient: this.dependencies.uiSettingsClient, }); }; diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts index 318cf83b54373..34f3667d1cb7b 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/index.ts @@ -140,15 +140,14 @@ export class ObservabilityAIAssistantService { const elserModelId = await this.getModelId(); - const esClient = coreStart.elasticsearch.client.asInternalUser; - - await esClient.cluster.putComponentTemplate({ + const esClient = coreStart.elasticsearch.client; + await esClient.asInternalUser.cluster.putComponentTemplate({ create: false, name: this.resourceNames.componentTemplate.conversations, template: conversationComponentTemplate, }); - await esClient.indices.putIndexTemplate({ + await esClient.asInternalUser.indices.putIndexTemplate({ name: this.resourceNames.indexTemplate.conversations, composed_of: [this.resourceNames.componentTemplate.conversations], create: false, @@ -170,7 +169,7 @@ export class ObservabilityAIAssistantService { const conversationAliasName = this.resourceNames.aliases.conversations; await createConcreteWriteIndex({ - esClient, + esClient: esClient.asInternalUser, logger: this.logger, totalFieldsLimit: 10000, indexPatterns: { @@ -183,13 +182,13 @@ export class ObservabilityAIAssistantService { dataStreamAdapter: getDataStreamAdapter({ useDataStreamForAlerts: false }), }); - await esClient.cluster.putComponentTemplate({ + await esClient.asInternalUser.cluster.putComponentTemplate({ create: false, name: this.resourceNames.componentTemplate.kb, template: kbComponentTemplate, }); - await esClient.ingest.putPipeline({ + await esClient.asInternalUser.ingest.putPipeline({ id: this.resourceNames.pipelines.kb, processors: [ { @@ -210,7 +209,7 @@ export class ObservabilityAIAssistantService { ], }); - await esClient.indices.putIndexTemplate({ + await esClient.asInternalUser.indices.putIndexTemplate({ name: this.resourceNames.indexTemplate.kb, composed_of: [this.resourceNames.componentTemplate.kb], create: false, @@ -227,7 +226,7 @@ export class ObservabilityAIAssistantService { const kbAliasName = this.resourceNames.aliases.kb; await createConcreteWriteIndex({ - esClient, + esClient: esClient.asInternalUser, logger: this.logger, totalFieldsLimit: 10000, indexPatterns: { diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/index.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/index.ts index 67cf8bcd000a9..45330f9da2f2b 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/index.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/index.ts @@ -11,18 +11,18 @@ import type { Logger } from '@kbn/logging'; import type { TaskManagerStartContract } from '@kbn/task-manager-plugin/server'; import pLimit from 'p-limit'; import pRetry from 'p-retry'; -import { isEmpty, map, orderBy } from 'lodash'; +import { map, orderBy } from 'lodash'; import { encode } from 'gpt-tokenizer'; import { MlTrainedModelDeploymentNodesStats } from '@elastic/elasticsearch/lib/api/types'; -import { aiAssistantSearchConnectorIndexPattern } from '../../../common'; import { INDEX_QUEUED_DOCUMENTS_TASK_ID, INDEX_QUEUED_DOCUMENTS_TASK_TYPE } from '..'; import { KnowledgeBaseEntry, KnowledgeBaseEntryRole, UserInstruction } from '../../../common/types'; import type { ObservabilityAIAssistantResourceNames } from '../types'; import { getAccessQuery } from '../util/get_access_query'; import { getCategoryQuery } from '../util/get_category_query'; +import { recallFromConnectors } from './recall_from_connectors'; interface Dependencies { - esClient: ElasticsearchClient; + esClient: { asInternalUser: ElasticsearchClient }; resources: ObservabilityAIAssistantResourceNames; logger: Logger; taskManagerStart: TaskManagerStartContract; @@ -85,7 +85,7 @@ export class KnowledgeBaseService { const installModel = async () => { this.dependencies.logger.info('Installing ELSER model'); - await this.dependencies.esClient.ml.putTrainedModel( + await this.dependencies.esClient.asInternalUser.ml.putTrainedModel( { model_id: elserModelId, input: { @@ -99,7 +99,7 @@ export class KnowledgeBaseService { }; const getIsModelInstalled = async () => { - const getResponse = await this.dependencies.esClient.ml.getTrainedModels({ + const getResponse = await this.dependencies.esClient.asInternalUser.ml.getTrainedModels({ model_id: elserModelId, include: 'definition_status', }); @@ -130,7 +130,7 @@ export class KnowledgeBaseService { }, retryOptions); try { - await this.dependencies.esClient.ml.startTrainedModelDeployment({ + await this.dependencies.esClient.asInternalUser.ml.startTrainedModelDeployment({ model_id: elserModelId, wait_for: 'fully_allocated', }); @@ -143,7 +143,7 @@ export class KnowledgeBaseService { } await pRetry(async () => { - const response = await this.dependencies.esClient.ml.getTrainedModelsStats({ + const response = await this.dependencies.esClient.asInternalUser.ml.getTrainedModelsStats({ model_id: elserModelId, }); @@ -193,7 +193,7 @@ export class KnowledgeBaseService { private async processOperation(operation: KnowledgeBaseEntryOperation) { if (operation.type === KnowledgeBaseEntryOperationType.Delete) { - await this.dependencies.esClient.deleteByQuery({ + await this.dependencies.esClient.asInternalUser.deleteByQuery({ index: this.dependencies.resources.aliases.kb, query: { bool: { @@ -274,7 +274,7 @@ export class KnowledgeBaseService { const elserModelId = await this.dependencies.getModelId(); try { - const modelStats = await this.dependencies.esClient.ml.getTrainedModelsStats({ + const modelStats = await this.dependencies.esClient.asInternalUser.ml.getTrainedModelsStats({ model_id: elserModelId, }); const elserModelStats = modelStats.trained_model_stats[0]; @@ -330,7 +330,7 @@ export class KnowledgeBaseService { }, }; - const response = await this.dependencies.esClient.search< + const response = await this.dependencies.esClient.asInternalUser.search< Pick >({ index: [this.dependencies.resources.aliases.kb], @@ -344,139 +344,23 @@ export class KnowledgeBaseService { return response.hits.hits.map((hit) => ({ ...hit._source!, score: hit._score!, - id: hit._id, + id: hit._id!, })); } - private async getConnectorIndices( - client: ElasticsearchClient, - uiSettingsClient: IUiSettingsClient - ) { - // improve performance by running this in parallel with the `uiSettingsClient` request - const responsePromise = client.transport.request({ - method: 'GET', - path: '_connector', - querystring: { - filter_path: 'results.index_name', - }, - }); - - const customSearchConnectorIndex = await uiSettingsClient.get( - aiAssistantSearchConnectorIndexPattern - ); - - if (customSearchConnectorIndex) { - return customSearchConnectorIndex.split(','); - } - - const response = (await responsePromise) as { results?: Array<{ index_name: string }> }; - const connectorIndices = response.results?.map((result) => result.index_name); - - // preserve backwards compatibility with 8.14 (may not be needed in the future) - if (isEmpty(connectorIndices)) { - return ['search-*']; - } - - return connectorIndices; - } - - private async recallFromConnectors({ - queries, - asCurrentUser, - uiSettingsClient, - modelId, - }: { - queries: Array<{ text: string; boost?: number }>; - asCurrentUser: ElasticsearchClient; - uiSettingsClient: IUiSettingsClient; - modelId: string; - }): Promise { - const ML_INFERENCE_PREFIX = 'ml.inference.'; - - const connectorIndices = await this.getConnectorIndices(asCurrentUser, uiSettingsClient); - - const fieldCaps = await asCurrentUser.fieldCaps({ - index: connectorIndices, - fields: `${ML_INFERENCE_PREFIX}*`, - allow_no_indices: true, - types: ['sparse_vector'], - filters: '-metadata,-parent', - }); - - const fieldsWithVectors = Object.keys(fieldCaps.fields).map((field) => - field.replace('_expanded.predicted_value', '').replace(ML_INFERENCE_PREFIX, '') - ); - - if (!fieldsWithVectors.length) { - return []; - } - - const esQueries = fieldsWithVectors.flatMap((field) => { - const vectorField = `${ML_INFERENCE_PREFIX}${field}_expanded.predicted_value`; - const modelField = `${ML_INFERENCE_PREFIX}${field}_expanded.model_id`; - - return queries.map(({ text, boost = 1 }) => { - return { - bool: { - should: [ - { - text_expansion: { - [vectorField]: { - model_text: text, - model_id: modelId, - boost, - }, - }, - }, - ], - filter: [ - { - term: { - [modelField]: modelId, - }, - }, - ], - }, - }; - }); - }); - - const response = await asCurrentUser.search({ - index: connectorIndices, - query: { - bool: { - should: esQueries, - }, - }, - size: 20, - _source: { - exclude: ['_*', 'ml*'], - }, - }); - - const results = response.hits.hits.map((hit) => ({ - text: JSON.stringify(hit._source), - score: hit._score!, - is_correction: false, - id: hit._id, - })); - - return results; - } - recall = async ({ user, queries, categories, namespace, - asCurrentUser, + esClient, uiSettingsClient, }: { queries: Array<{ text: string; boost?: number }>; categories?: string[]; user?: { name: string }; namespace: string; - asCurrentUser: ElasticsearchClient; + esClient: { asCurrentUser: ElasticsearchClient }; uiSettingsClient: IUiSettingsClient; }): Promise<{ entries: RecalledEntry[]; @@ -499,8 +383,8 @@ export class KnowledgeBaseService { } throw error; }), - this.recallFromConnectors({ - asCurrentUser, + recallFromConnectors({ + esClient, uiSettingsClient, queries, modelId, @@ -546,7 +430,7 @@ export class KnowledgeBaseService { user?: { name: string } ): Promise => { try { - const response = await this.dependencies.esClient.search({ + const response = await this.dependencies.esClient.asInternalUser.search({ index: this.dependencies.resources.aliases.kb, query: { bool: { @@ -590,7 +474,7 @@ export class KnowledgeBaseService { sortDirection?: 'asc' | 'desc'; }): Promise<{ entries: KnowledgeBaseEntry[] }> => { try { - const response = await this.dependencies.esClient.search({ + const response = await this.dependencies.esClient.asInternalUser.search({ index: this.dependencies.resources.aliases.kb, ...(query ? { @@ -631,7 +515,7 @@ export class KnowledgeBaseService { ...hit._source!, role: hit._source!.role ?? KnowledgeBaseEntryRole.UserEntry, score: hit._score, - id: hit._id, + id: hit._id!, })), }; } catch (error) { @@ -652,7 +536,7 @@ export class KnowledgeBaseService { namespace?: string; }): Promise => { try { - await this.dependencies.esClient.index({ + await this.dependencies.esClient.asInternalUser.index({ index: this.dependencies.resources.aliases.kb, id, document: { @@ -694,7 +578,7 @@ export class KnowledgeBaseService { deleteEntry = async ({ id }: { id: string }): Promise => { try { - await this.dependencies.esClient.delete({ + await this.dependencies.esClient.asInternalUser.delete({ index: this.dependencies.resources.aliases.kb, id, refresh: 'wait_for', diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/recall_from_connectors.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/recall_from_connectors.ts new file mode 100644 index 0000000000000..34c8a6208d655 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/knowledge_base_service/recall_from_connectors.ts @@ -0,0 +1,128 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; +import { IUiSettingsClient } from '@kbn/core-ui-settings-server'; +import { isEmpty } from 'lodash'; +import { RecalledEntry } from '.'; +import { aiAssistantSearchConnectorIndexPattern } from '../../../common'; + +export async function recallFromConnectors({ + queries, + esClient, + uiSettingsClient, + modelId, +}: { + queries: Array<{ text: string; boost?: number }>; + esClient: { asCurrentUser: ElasticsearchClient }; + uiSettingsClient: IUiSettingsClient; + modelId: string; +}): Promise { + const ML_INFERENCE_PREFIX = 'ml.inference.'; + + const connectorIndices = await getConnectorIndices(esClient, uiSettingsClient); + + const fieldCaps = await esClient.asCurrentUser.fieldCaps({ + index: connectorIndices, + fields: `${ML_INFERENCE_PREFIX}*`, + allow_no_indices: true, + types: ['sparse_vector'], + filters: '-metadata,-parent', + }); + + const fieldsWithVectors = Object.keys(fieldCaps.fields).map((field) => + field.replace('_expanded.predicted_value', '').replace(ML_INFERENCE_PREFIX, '') + ); + + if (!fieldsWithVectors.length) { + return []; + } + + const esQueries = fieldsWithVectors.flatMap((field) => { + const vectorField = `${ML_INFERENCE_PREFIX}${field}_expanded.predicted_value`; + const modelField = `${ML_INFERENCE_PREFIX}${field}_expanded.model_id`; + + return queries.map(({ text, boost = 1 }) => { + return { + bool: { + should: [ + { + text_expansion: { + [vectorField]: { + model_text: text, + model_id: modelId, + boost, + }, + }, + }, + ], + filter: [ + { + term: { + [modelField]: modelId, + }, + }, + ], + }, + }; + }); + }); + + const response = await esClient.asCurrentUser.search({ + index: connectorIndices, + query: { + bool: { + should: esQueries, + }, + }, + size: 20, + _source: { + exclude: ['_*', 'ml*'], + }, + }); + + const results = response.hits.hits.map((hit) => ({ + text: JSON.stringify(hit._source), + score: hit._score!, + is_correction: false, + id: hit._id!, + })); + + return results; +} + +async function getConnectorIndices( + esClient: { asCurrentUser: ElasticsearchClient }, + uiSettingsClient: IUiSettingsClient +) { + // improve performance by running this in parallel with the `uiSettingsClient` request + const responsePromise = esClient.asCurrentUser.transport.request({ + method: 'GET', + path: '_connector', + querystring: { + filter_path: 'results.index_name', + }, + }); + + const customSearchConnectorIndex = await uiSettingsClient.get( + aiAssistantSearchConnectorIndexPattern + ); + + if (customSearchConnectorIndex) { + return customSearchConnectorIndex.split(','); + } + + const response = (await responsePromise) as { results?: Array<{ index_name: string }> }; + const connectorIndices = response.results?.map((result) => result.index_name); + + // preserve backwards compatibility with 8.14 (may not be needed in the future) + if (isEmpty(connectorIndices)) { + return ['search-*']; + } + + return connectorIndices; +} diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/create_server_side_function_response_error.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/create_server_side_function_response_error.ts index 820aee7d6c137..3c11e91769cd8 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/create_server_side_function_response_error.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/create_server_side_function_response_error.ts @@ -6,6 +6,7 @@ */ import { errors } from '@elastic/elasticsearch'; +import { isAxiosError } from 'axios'; import { createFunctionResponseMessage } from '../../../common/utils/create_function_response_message'; export function createServerSideFunctionResponseError({ @@ -19,15 +20,18 @@ export function createServerSideFunctionResponseError({ }) { const isElasticsearchError = error instanceof errors.ElasticsearchClientError; - const sanitizedError: Record = JSON.parse( - 'toJSON' in error && typeof error.toJSON === 'function' ? error.toJSON() : JSON.stringify(error) - ); + const sanitizedError: Record = JSON.parse(JSON.stringify(error)); if (isElasticsearchError) { // remove meta key which is huge and noisy delete sanitizedError.meta; + } else if (isAxiosError(error)) { + sanitizedError.response = { message: error.response?.data?.message }; + delete sanitizedError.config; } + delete sanitizedError.stack; + return createFunctionResponseMessage({ name, content: { diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/flush_buffer.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/flush_buffer.ts index eb494ec80bb50..a9826a180c969 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/flush_buffer.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/util/flush_buffer.ts @@ -6,7 +6,7 @@ */ import { repeat } from 'lodash'; -import { identity, Observable, OperatorFunction } from 'rxjs'; +import { Observable, OperatorFunction } from 'rxjs'; import { BufferFlushEvent, StreamingChatResponseEventType, @@ -22,10 +22,6 @@ import { export function flushBuffer( isCloud: boolean ): OperatorFunction { - if (!isCloud) { - return identity; - } - return (source: Observable) => new Observable((subscriber) => { const cloudProxyBufferSize = 4096; @@ -41,7 +37,15 @@ export function flushBuffer { + subscriber.next({ + data: '0', + type: StreamingChatResponseEventType.BufferFlush, + }); + }; + + const flushIntervalId = isCloud ? setInterval(flushBufferIfNeeded, 250) : undefined; + const keepAliveIntervalId = setInterval(keepAlive, 30_000); source.subscribe({ next: (value) => { @@ -52,11 +56,13 @@ export function flushBuffer { - clearInterval(intervalId); + clearInterval(flushIntervalId); + clearInterval(keepAliveIntervalId); subscriber.error(error); }, complete: () => { - clearInterval(intervalId); + clearInterval(flushIntervalId); + clearInterval(keepAliveIntervalId); subscriber.complete(); }, }); diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json b/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json index aa26acbb6154a..4626a3716759a 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/tsconfig.json @@ -38,6 +38,8 @@ "@kbn/features-plugin", "@kbn/cloud-plugin", "@kbn/serverless", + "@kbn/core-elasticsearch-server", + "@kbn/core-ui-settings-server", ], "exclude": ["target/**/*"] } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/scenarios/esql/index.spec.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/scenarios/esql/index.spec.ts index 4aabd3566b994..37699876f6165 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/scenarios/esql/index.spec.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/scenarios/esql/index.spec.ts @@ -184,8 +184,7 @@ describe('ES|QL query generation', () => { 'Assume my metrics data is in `metrics-*`. I want to see what a query would look like that gets the average CPU per service, limit it to the top 10 results, in 1m buckets, and only include the last 15m.', expected: `FROM .ds-metrics-apm* | WHERE @timestamp >= NOW() - 15 minutes - | EVAL bucket = DATE_TRUNC(1 minute, @timestamp) - | STATS avg_cpu = AVG(system.cpu.total.norm.pct) BY bucket, service.name + | STATS avg_cpu = AVG(system.cpu.total.norm.pct) BY BUCKET(@timestamp, 1m), service.name | SORT avg_cpu DESC | LIMIT 10`, execute: false, @@ -310,9 +309,8 @@ describe('ES|QL query generation', () => { question: `i have logs in logs-apm*. Using ESQL, show me the error rate as a percetage of the error logs (identified as processor.event containing the value error) vs the total logs per day for the last 7 days `, expected: `FROM logs-apm* | WHERE @timestamp >= NOW() - 7 days - | EVAL day = DATE_TRUNC(1 day, @timestamp) | EVAL error = CASE(processor.event == "error", 1, 0) - | STATS total_logs = COUNT(*), total_errors = SUM(is_error) BY day + | STATS total_logs = COUNT(*), total_errors = SUM(is_error) BY BUCKET(@timestamp, 1 day) | EVAL error_rate = total_errors / total_logs * 100 | SORT day ASC`, execute: true, diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.test.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.test.ts index ad8e0f6cfd664..13c5855d67cac 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.test.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.test.ts @@ -94,6 +94,11 @@ describe('correctCommonEsqlMistakes', () => { 'FROM logs-*\n| KEEP date, whatever, @timestamp\n| EVAL my_truncated_date_field = DATE_TRUNC(1 year, date)\n| SORT @timestamp, my_truncated_date_field DESC' ); + expectQuery( + `FROM logs-*\n| STATS COUNT(*) BY BUCKET(@timestamp, 1m)\n| SORT \`BUCKET(@timestamp, 1m)\` DESC`, + `FROM logs-*\n| STATS COUNT(*) BY BUCKET(@timestamp, 1m)\n| SORT \`BUCKET(@timestamp, 1m)\` DESC` + ); + expectQuery( `FROM logs-* | KEEP date, whatever | RENAME whatever AS forever | SORT forever DESC`, `FROM logs-*\n| KEEP date, whatever\n| RENAME whatever AS forever\n| SORT forever DESC` diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.ts index 73f2d31b4b35b..b4d365ad11084 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/correct_common_esql_mistakes.ts @@ -191,7 +191,7 @@ function escapeExpressionsInSort(sortCommand: string) { if (sortOrder) sortOrder = ` ${sortOrder}`; - if (!column.match(/^`?[a-zA-Z0-9_\.@]+`?$/)) { + if (!column.match(/^`.*?`$/) && !column.match(/^[a-zA-Z0-9_\.@]+$/)) { column = `\`${column}\``; } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-case.txt b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-case.txt index 66fed29cea823..010975157a7b4 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-case.txt +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-case.txt @@ -33,7 +33,6 @@ FROM sample_data ```esql FROM sample_data | EVAL error = CASE(message LIKE "*error*", 1, 0) -| EVAL hour = DATE_TRUNC(1 hour, @timestamp) -| STATS error_rate = AVG(error) BY hour +| STATS error_rate = AVG(error) BY BUCKET(@timestamp, 1 hour) | SORT hour -``` \ No newline at end of file +``` diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-syntax.txt b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-syntax.txt index e76b78c7e1cb4..dac9e93b7ea14 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-syntax.txt +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/server/functions/query/esql_docs/esql-syntax.txt @@ -92,7 +92,7 @@ FROM logs ```esql FROM logs -| STATS COUNT(*) BY timestamp = DATE_TRUNC(1h, @timestamp) +| STATS COUNT(*) BY timestamp = BUCKET(@timestamp, 1h) | WHERE timestamp >= NOW() - 24h ``` @@ -100,7 +100,7 @@ FROM logs ```esql FROM logs -| STATS AVG(response_time) BY minute = DATE_TRUNC(1m, @timestamp) +| STATS AVG(response_time) BY minute = BUCKET(@timestamp, 1m) | WHERE @timestamp >= NOW() - 1h ``` @@ -108,7 +108,7 @@ FROM logs ```esql FROM logs -| STATS COUNT(*) BY week = DATE_TRUNC(1w, @timestamp) +| STATS COUNT(*) BY week = BUCKET(@timestamp, 1w) | WHERE @timestamp >= NOW() - 1y ``` @@ -116,6 +116,6 @@ FROM logs ```esql FROM logs -| STATS MAX(response_time) BY second = DATE_TRUNC(1s, @timestamp) +| STATS MAX(response_time) BY second = BUCKET(@timestamp, 1s) | WHERE @timestamp >= NOW() - 1m ``` diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/custom_logs/install_elastic_agent.cy.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/custom_logs/install_elastic_agent.cy.ts index 7e0b829e67305..b4707350948f0 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/custom_logs/install_elastic_agent.cy.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/custom_logs/install_elastic_agent.cy.ts @@ -261,7 +261,9 @@ describe('[Logs onboarding] Custom logs - install elastic agent', () => { }); it('shows a success callout when elastic agent status is healthy', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete'); + cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { + agentId: 'test-agent-id', + }); cy.getByTestSubj('obltOnboardingStepStatus-complete') .contains('Connected to the Elastic Agent') .should('exist'); @@ -299,7 +301,9 @@ describe('[Logs onboarding] Custom logs - install elastic agent', () => { cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete'); + cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { + agentId: 'test-agent-id', + }); }); it('shows loading callout when config is being downloaded to the host', () => { @@ -340,7 +344,9 @@ describe('[Logs onboarding] Custom logs - install elastic agent', () => { cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete'); + cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { + agentId: 'test-agent-id', + }); }); it('shows loading callout when config is being downloaded to the host', () => { @@ -424,7 +430,9 @@ describe('[Logs onboarding] Custom logs - install elastic agent', () => { cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete'); + cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { + agentId: 'test-agent-id', + }); cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'complete'); }); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts index 811d073855350..bd0af6f595b34 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/e2e/logs/system_logs.cy.ts @@ -291,7 +291,9 @@ describe('[Logs onboarding] System logs', () => { }); it('shows a success callout when elastic agent status is healthy', () => { - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete'); + cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { + agentId: 'test-agent-id', + }); cy.getByTestSubj('obltOnboardingStepStatus-complete') .contains('Connected to the Elastic Agent') .should('exist'); @@ -330,7 +332,9 @@ describe('[Logs onboarding] System logs', () => { cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete'); + cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { + agentId: 'test-agent-id', + }); }); it('shows loading callout when config is being downloaded to the host', () => { @@ -371,7 +375,9 @@ describe('[Logs onboarding] System logs', () => { cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete'); + cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { + agentId: 'test-agent-id', + }); }); it('shows loading callout when config is being downloaded to the host', () => { @@ -456,7 +462,9 @@ describe('[Logs onboarding] System logs', () => { cy.updateInstallationStepStatus(onboardingId, 'ea-download', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-extract', 'complete'); cy.updateInstallationStepStatus(onboardingId, 'ea-install', 'complete'); - cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete'); + cy.updateInstallationStepStatus(onboardingId, 'ea-status', 'complete', { + agentId: 'test-agent-id', + }); cy.updateInstallationStepStatus(onboardingId, 'ea-config', 'complete'); }); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/commands.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/commands.ts index ebf44ed802b39..4b63eaf207d72 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/commands.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/commands.ts @@ -24,6 +24,10 @@ export type InstallationStepStatus = | 'danger' | 'current'; +export interface ElasticAgentStepPayload { + agentId: string; +} + Cypress.Commands.add('loginAsViewerUser', () => { return cy.loginAs({ username: ObservabilityOnboardingUsername.viewerUser, @@ -151,7 +155,12 @@ Cypress.Commands.add('deleteIntegration', (integrationName: string) => { Cypress.Commands.add( 'updateInstallationStepStatus', - (onboardingId: string, step: InstallationStep, status: InstallationStepStatus) => { + ( + onboardingId: string, + step: InstallationStep, + status: InstallationStepStatus, + payload: ElasticAgentStepPayload | undefined + ) => { const kibanaUrl = Cypress.env('KIBANA_URL'); cy.log(onboardingId, step, status); @@ -166,6 +175,7 @@ Cypress.Commands.add( auth: { user: 'editor', pass: 'changeme' }, body: { status, + payload, }, }); } diff --git a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/types.d.ts b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/types.d.ts index dbc28bb442bb9..7bb3549a60e7c 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/types.d.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/e2e/cypress/support/types.d.ts @@ -22,7 +22,8 @@ declare namespace Cypress { updateInstallationStepStatus( onboardingId: string, step: InstallationStep, - status: InstallationStepStatus + status: InstallationStepStatus, + payload?: ElasticAgentStepPayload ): void; } } diff --git a/x-pack/plugins/observability_solution/observability_onboarding/kibana.jsonc b/x-pack/plugins/observability_solution/observability_onboarding/kibana.jsonc index 35d206123943b..79eb387c2486c 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/kibana.jsonc +++ b/x-pack/plugins/observability_solution/observability_onboarding/kibana.jsonc @@ -1,22 +1,37 @@ { "type": "plugin", "id": "@kbn/observability-onboarding-plugin", - "owner": ["@elastic/obs-ux-logs-team", "@elastic/obs-ux-onboarding-team"], + "owner": [ + "@elastic/obs-ux-logs-team", + "@elastic/obs-ux-onboarding-team" + ], "plugin": { "id": "observabilityOnboarding", "server": true, "browser": true, - "configPath": ["xpack", "observability_onboarding"], + "configPath": [ + "xpack", + "observability_onboarding" + ], "requiredPlugins": [ "data", "observability", "observabilityShared", "discover", "share", - "fleet" + "fleet", + "security" + ], + "optionalPlugins": [ + "cloud", + "cloudExperiments", + "usageCollection" + ], + "requiredBundles": [ + "kibanaReact" ], - "optionalPlugins": ["cloud", "cloudExperiments", "usageCollection"], - "requiredBundles": ["kibanaReact"], - "extraPublicDirs": ["common"] + "extraPublicDirs": [ + "common" + ] } -} +} \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx index 2b928b37f471b..835233b424c6f 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/app.tsx @@ -22,6 +22,7 @@ import { ObservabilityOnboardingHeaderActionMenu } from './shared/header_action_ import { ObservabilityOnboardingPluginSetupDeps, ObservabilityOnboardingPluginStartDeps, + ObservabilityOnboardingContextValue, } from '../plugin'; import { ObservabilityOnboardingFlow } from './observability_onboarding_flow'; @@ -40,14 +41,13 @@ export const breadcrumbsApp = { export function ObservabilityOnboardingAppRoot({ appMountParameters, core, - deps, - corePlugins: { observability, data }, + corePlugins, config, }: { appMountParameters: AppMountParameters; } & RenderAppProps) { const { history, setHeaderActionMenu, theme$ } = appMountParameters; - const plugins = { ...deps }; + const services: ObservabilityOnboardingContextValue = { ...core, ...corePlugins, config }; const renderFeedbackLinkAsPortal = !config.serverless.enabled; @@ -63,15 +63,7 @@ export function ObservabilityOnboardingAppRoot({ application: core.application, }} > - + + + + + diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/auto_detect_panel.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/auto_detect_panel.tsx new file mode 100644 index 0000000000000..f9d1c7c4df608 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/auto_detect_panel.tsx @@ -0,0 +1,239 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { type FunctionComponent } from 'react'; +import { i18n } from '@kbn/i18n'; +import { + EuiPanel, + EuiSteps, + EuiCodeBlock, + EuiSpacer, + EuiSkeletonText, + EuiBadge, + EuiFlexGroup, + EuiFlexItem, + EuiText, + EuiImage, + EuiSkeletonRectangle, + useGeneratedHtmlId, +} from '@elastic/eui'; +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { + type SingleDatasetLocatorParams, + SINGLE_DATASET_LOCATOR_ID, +} from '@kbn/deeplinks-observability/locators'; +import { type DashboardLocatorParams } from '@kbn/dashboard-plugin/public'; +import { DASHBOARD_APP_LOCATOR } from '@kbn/deeplinks-analytics'; +import { getAutoDetectCommand } from './get_auto_detect_command'; +import { useOnboardingFlow } from './use_onboarding_flow'; +import { ProgressIndicator } from '../shared/progress_indicator'; +import { AccordionWithIcon } from '../shared/accordion_with_icon'; +import { type ObservabilityOnboardingContextValue } from '../../../plugin'; +import { EmptyPrompt } from '../shared/empty_prompt'; +import { CopyToClipboardButton } from '../shared/copy_to_clipboard_button'; +import { LocatorButtonEmpty } from '../shared/locator_button_empty'; + +export const AutoDetectPanel: FunctionComponent = () => { + const { + services: { http }, + } = useKibana(); + const { status, data, error, refetch, installedIntegrations } = useOnboardingFlow(); + const command = data ? getAutoDetectCommand(data) : undefined; + const accordionId = useGeneratedHtmlId({ prefix: 'accordion' }); + + if (error) { + return ; + } + + const registryIntegrations = installedIntegrations.filter( + (integration) => integration.installSource === 'registry' + ); + const customIntegrations = installedIntegrations.filter( + (integration) => integration.installSource === 'custom' + ); + + return ( + + + +

+ {i18n.translate( + 'xpack.observability_onboarding.autoDetectPanel.p.wellScanYourHostLabel', + { + defaultMessage: "We'll scan your host for logs and metrics, including:", + } + )} +

+ + + + {['Apache', 'Docker', 'Nginx', 'System', 'Custom .log files'].map((item) => ( + + {item} + + ))} + + + {/* Bash syntax highlighting only highlights a few random numbers (badly) so it looks less messy to go with plain text */} + + {command} + + + + + ) : ( + + ), + }, + { + title: i18n.translate( + 'xpack.observability_onboarding.autoDetectPanel.visualizeYourDataLabel', + { defaultMessage: 'Visualize your data' } + ), + status: + status === 'dataReceived' + ? 'complete' + : status === 'awaitingData' || status === 'inProgress' + ? 'current' + : 'incomplete', + children: ( + <> + {status === 'dataReceived' ? ( + + ) : status === 'awaitingData' ? ( + + ) : status === 'inProgress' ? ( + + ) : null} + {(status === 'awaitingData' || status === 'dataReceived') && + installedIntegrations.length > 0 ? ( + <> + + {registryIntegrations.map((integration) => ( + + + + {status === 'dataReceived' ? ( + + ) : ( + + )} + + +
    + {integration.kibanaAssets + .filter((asset) => asset.type === 'dashboard') + .map((dashboard) => ( +
  • + + locator={DASHBOARD_APP_LOCATOR} + params={{ dashboardId: dashboard.id }} + target="_blank" + iconType="dashboardApp" + isDisabled={status !== 'dataReceived'} + flush="left" + size="s" + > + {dashboard.attributes.title} + +
    • + ))} +
+ + + + ))} + {customIntegrations.length > 0 && ( + +
    + {customIntegrations.map((integration) => + integration.dataStreams.map((datastream) => ( +
  • + + locator={SINGLE_DATASET_LOCATOR_ID} + params={{ + integration: integration.pkgName, + dataset: datastream.dataset, + }} + target="_blank" + iconType="document" + isDisabled={status !== 'dataReceived'} + flush="left" + size="s" + > + {integration.pkgName} + +
    • + )) + )} +
+ + )} + + ) : null} + + ), + }, + ]} + /> + + ); +}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_auto_detect_command.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_auto_detect_command.tsx new file mode 100644 index 0000000000000..d9e695b8c10f0 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_auto_detect_command.tsx @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { flatten, zip } from 'lodash'; +import { useOnboardingFlow } from './use_onboarding_flow'; + +export function getAutoDetectCommand( + options: NonNullable['data']> +) { + const scriptName = 'auto_detect.sh'; + return oneLine` + curl ${options.scriptDownloadUrl} -so ${scriptName} && + sudo bash ${scriptName} + --id=${options.onboardingFlow.id} + --kibana-url=${options.kibanaUrl} + --install-key=${options.installApiKey} + --ingest-key=${options.ingestApiKey} + --ea-version=${options.elasticAgentVersion} + `; +} +function oneLine(parts: TemplateStringsArray, ...args: string[]) { + const str = flatten(zip(parts, args)).join(''); + return str.replace(/\s+/g, ' ').trim(); +} diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_installed_integrations.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_installed_integrations.tsx new file mode 100644 index 0000000000000..aa2ab268f33ad --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_installed_integrations.tsx @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { InstallIntegrationsStepPayload } from '../../../../server/routes/types'; +import type { ObservabilityOnboardingFlow } from '../../../../server/saved_objects/observability_onboarding_status'; +import type { InstalledIntegration } from '../../../../server/routes/types'; + +export function getInstalledIntegrations( + data: Pick | undefined +): InstalledIntegration[] { + return (data?.progress['install-integrations']?.payload as InstallIntegrationsStepPayload) ?? []; +} diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_onboarding_status.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_onboarding_status.tsx new file mode 100644 index 0000000000000..bb6e58143e7dd --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/get_onboarding_status.tsx @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ObservabilityOnboardingFlow } from '../../../../server/saved_objects/observability_onboarding_status'; + +export type ObservabilityOnboardingFlowStatus = + | 'notStarted' + | 'inProgress' + | 'awaitingData' + | 'dataReceived'; + +/** + * Returns the current status of the onboarding flow: + * + * - `notStarted`: No progress has been made. + * - `inProgress`: The user is running the installation command on the host. + * - `awaitingData`: The installation has completed and we are waiting for data to be ingested. + * - `dataReceived`: Data has been ingested - The Agent is up and running. + */ +export function getOnboardingStatus( + data: Pick | undefined +): ObservabilityOnboardingFlowStatus { + if (!data) { + return 'notStarted'; + } + return data.progress['logs-ingest']?.status === 'complete' + ? 'dataReceived' + : data.progress['logs-ingest']?.status === 'loading' + ? 'awaitingData' + : Object.values(data.progress).some((step) => step.status !== 'incomplete') + ? 'inProgress' + : 'notStarted'; +} diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/index.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/index.tsx new file mode 100644 index 0000000000000..16dab0dabdfea --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/index.tsx @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { AutoDetectPanel } from './auto_detect_panel'; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/use_onboarding_flow.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/use_onboarding_flow.tsx new file mode 100644 index 0000000000000..50f5636dd84b5 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/auto_detect/use_onboarding_flow.tsx @@ -0,0 +1,97 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import useInterval from 'react-use/lib/useInterval'; +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import useAsync from 'react-use/lib/useAsync'; +import { type AssetSOObject, type GetBulkAssetsResponse } from '@kbn/fleet-plugin/common'; +import { FETCH_STATUS, useFetcher } from '../../../hooks/use_fetcher'; +import { getOnboardingStatus } from './get_onboarding_status'; +import { getInstalledIntegrations } from './get_installed_integrations'; +import { type ObservabilityOnboardingContextValue } from '../../../plugin'; + +export function useOnboardingFlow() { + const { + services: { fleet }, + } = useKibana(); + + // Create onboarding session + const { data, error, refetch } = useFetcher( + (callApi) => + callApi('POST /internal/observability_onboarding/flow', { + params: { + body: { + name: 'auto-detect', + }, + }, + }), + [], + { showToastOnError: false } + ); + + const onboardingId = data?.onboardingFlow.id; + + // Fetch onboarding progress + const { + data: progressData, + status: progressStatus, + refetch: refetchProgress, + } = useFetcher( + (callApi) => { + if (onboardingId) { + return callApi('GET /internal/observability_onboarding/flow/{onboardingId}/progress', { + params: { path: { onboardingId } }, + }); + } + }, + [onboardingId] + ); + + const status = getOnboardingStatus(progressData); + const installedIntegrations = getInstalledIntegrations(progressData); + + // Fetch metadata for installed Kibana assets + const assetsState = useAsync(async () => { + if (installedIntegrations.length === 0) { + return []; + } + const assetsMetadata = await fleet.hooks.epm.getBulkAssets({ + assetIds: installedIntegrations + .map((integration) => integration.kibanaAssets) + .flat() as AssetSOObject[], + }); + return installedIntegrations.map((integration) => { + return { + ...integration, + // Enrich installed Kibana assets with metadata from Fleet API (e.g. title, description, etc.) + kibanaAssets: integration.kibanaAssets.reduce( + (acc, asset) => { + const assetWithMetadata = assetsMetadata.data?.items.find(({ id }) => id === asset.id); + if (assetWithMetadata) { + acc.push(assetWithMetadata); + } + return acc; + }, + [] + ), + }; + }); + }, [installedIntegrations.length]); // eslint-disable-line react-hooks/exhaustive-deps + + useInterval( + refetchProgress, + progressStatus === FETCH_STATUS.SUCCESS && status !== 'dataReceived' ? 3000 : null + ); + + return { + data, + error, + refetch, + status, + installedIntegrations: assetsState.value ?? [], + }; +} diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/accordion_with_icon.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/accordion_with_icon.tsx new file mode 100644 index 0000000000000..9301ddb9a78a4 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/accordion_with_icon.tsx @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { type FunctionComponent } from 'react'; +import { + EuiAccordion, + EuiIcon, + EuiTitle, + EuiFlexGroup, + EuiFlexItem, + type EuiAccordionProps, +} from '@elastic/eui'; + +interface AccordionWithIconProps + extends Omit { + title: string; + iconType: string; +} +export const AccordionWithIcon: FunctionComponent = ({ + title, + iconType, + children, + ...rest +}) => { + return ( + + + + + + +

{title}

+ + + + } + buttonProps={{ paddingSize: 'l' }} + borders="horizontal" + paddingSize="none" + > +
{children}
+ + ); +}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/copy_to_clipboard_button.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/copy_to_clipboard_button.tsx new file mode 100644 index 0000000000000..770efa96b0fcc --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/copy_to_clipboard_button.tsx @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { type FunctionComponent } from 'react'; +import { i18n } from '@kbn/i18n'; +import { EuiCopy, EuiButton, type EuiButtonProps } from '@elastic/eui'; + +interface CopyToClipboardButtonProps extends Omit { + textToCopy: string; +} + +export const CopyToClipboardButton: FunctionComponent = ({ + textToCopy, + children, + ...rest +}) => { + return ( + + {(copyToClipboard) => ( + + {children ?? + i18n.translate( + 'xpack.observability_onboarding.copyToClipboardButton.copyToClipboardButtonLabel', + { defaultMessage: 'Copy to clipboard' } + )} + + )} + + ); +}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/empty_prompt.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/empty_prompt.tsx new file mode 100644 index 0000000000000..75d72e1ff0e5d --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/empty_prompt.tsx @@ -0,0 +1,85 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { type FunctionComponent } from 'react'; +import { i18n } from '@kbn/i18n'; +import { EuiButton, EuiEmptyPrompt } from '@elastic/eui'; +import type { IHttpFetchError, ResponseErrorBody } from '@kbn/core-http-browser'; + +interface EmptyPromptProps { + error: IHttpFetchError; + onRetryClick(): void; +} +export const EmptyPrompt: FunctionComponent = ({ error, onRetryClick }) => { + if (error.response?.status === 403) { + return ( + + {i18n.translate( + 'xpack.observability_onboarding.autoDetectPanel.h2.contactYourAdministratorForLabel', + { defaultMessage: 'Contact your administrator for access' } + )} + + } + body={ +

+ {i18n.translate( + 'xpack.observability_onboarding.autoDetectPanel.p.toInstallIntegrationsAndLabel', + { + defaultMessage: + 'To install integrations and ingest data, you need additional privileges.', + } + )} +

+ } + /> + ); + } + + return ( + + {i18n.translate( + 'xpack.observability_onboarding.autoDetectPanel.h2.unableToInitiateDataLabel', + { defaultMessage: 'Unable to load content' } + )} + + } + body={ +

+ {i18n.translate( + 'xpack.observability_onboarding.autoDetectPanel.p.thereWasAProblemLabel', + { + defaultMessage: + 'There was a problem loading the application. Retry or contact your administrator for help.', + } + )} +

+ } + actions={ + + {i18n.translate( + 'xpack.observability_onboarding.autoDetectPanel.backToSelectionButtonLabel', + { defaultMessage: 'Retry' } + )} + + } + /> + ); +}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/locator_button_empty.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/locator_button_empty.tsx new file mode 100644 index 0000000000000..73fe406c46e6e --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/locator_button_empty.tsx @@ -0,0 +1,78 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { type AnchorHTMLAttributes } from 'react'; +import { EuiButtonEmpty, type EuiButtonEmptyProps } from '@elastic/eui'; +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import type { SerializableRecord } from '@kbn/utility-types'; +import { type LocatorPublic } from '@kbn/share-plugin/common'; +import { type ObservabilityOnboardingContextValue } from '../../../plugin'; + +type EuiButtonEmptyPropsForAnchor = Extract< + EuiButtonEmptyProps, + AnchorHTMLAttributes +>; + +export interface LocatorButtonEmptyProps + extends Omit { + locator: string | LocatorPublic; + params: Params; +} + +/** + * Same as `EuiButtonEmpty` but uses locators to navigate instead of URLs. + * + * Accepts the following props instead of an `href`: + * - `locator`: Either the URL locator public contract or the ID of the locator if previously registered. + * - `params`: The params to pass to the locator. + * + * Get type safety for `params` by passing the correct type to the generic component. + * + * Example 1: + * + * ```ts + * + * View dashboard + * + * ``` + * + * Example 2: + * + * ```ts + * import { type SingleDatasetLocatorParams, SINGLE_DATASET_LOCATOR_ID } from '@kbn/deeplinks-observability/locators'; + * + * + * locator={SINGLE_DATASET_LOCATOR_ID} + * params={{ + * integration: 'system', + * dataset: 'system.syslog', + * }} + * > + * View in Logs Explorer + * + * ``` + */ +export const LocatorButtonEmpty = ({ + locator, + params, + ...rest +}: LocatorButtonEmptyProps) => { + const { + services: { share }, + } = useKibana(); + + const locatorObj = + typeof locator === 'string' ? share.url.locators.get(locator) : locator; + + return ( + + ); +}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/progress_indicator.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/progress_indicator.tsx new file mode 100644 index 0000000000000..337ab8172e971 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/shared/progress_indicator.tsx @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { type FunctionComponent } from 'react'; +import { + EuiIcon, + EuiFlexGroup, + EuiFlexItem, + type EuiCallOutProps, + EuiCallOut, + EuiLoadingSpinner, +} from '@elastic/eui'; + +interface ProgressIndicatorProps extends EuiCallOutProps { + iconType?: string; + isLoading?: boolean; +} +export const ProgressIndicator: FunctionComponent = ({ + iconType, + isLoading = true, + title, + color = isLoading ? 'primary' : 'success', + ...rest +}) => { + return ( + + {isLoading ? ( + + + + ) : iconType ? ( + + + + ) : null} + {title} + + } + color={color} + {...rest} + /> + ); +}; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh index 718107050335f..e946fb6653542 100755 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/auto_detect.sh @@ -87,9 +87,9 @@ selected_unknown_log_file_pattern_array=() excluded_options_string="" selected_unknown_log_file_pattern_tsv_string="" custom_log_file_path_list_tsv_string="" -install_integrations_api_body_string="" elastic_agent_artifact_name="" elastic_agent_config_path="/opt/Elastic/Agent/elastic-agent.yml" +elastic_agent_tmp_config_path="/tmp/elastic-agent-config-template.yml" OS="$(uname)" ARCH="$(uname -m)" @@ -130,14 +130,16 @@ update_step_progress() { --header "x-elastic-internal-origin: Kibana" \ --data "$data" \ --output /dev/null \ - --no-progress-meter + --no-progress-meter \ + --fail } download_elastic_agent() { local download_url="https://artifacts.elastic.co/downloads/beats/elastic-agent/${elastic_agent_artifact_name}.tar.gz" - curl -L -O $download_url --fail + curl -L -O $download_url --silent --fail if [ "$?" -eq 0 ]; then + printf "\e[1;32m✓\e[0m %s\n" "Elastic Agent downloaded to $(pwd)/$elastic_agent_artifact_name.tar.gz" update_step_progress "ea-download" "complete" else update_step_progress "ea-download" "danger" "Failed to download Elastic Agent, see script output for error." @@ -149,6 +151,7 @@ extract_elastic_agent() { tar -xzf "${elastic_agent_artifact_name}.tar.gz" if [ "$?" -eq 0 ]; then + printf "\e[1;32m✓\e[0m %s\n" "Archive extracted" update_step_progress "ea-extract" "complete" else update_step_progress "ea-extract" "danger" "Failed to extract Elastic Agent, see script output for error." @@ -157,9 +160,10 @@ extract_elastic_agent() { } install_elastic_agent() { - "./${elastic_agent_artifact_name}/elastic-agent" install -f + "./${elastic_agent_artifact_name}/elastic-agent" install -f -n > /dev/null if [ "$?" -eq 0 ]; then + printf "\e[1;32m✓\e[0m %s\n" "Elastic Agent installed to $(dirname $elastic_agent_config_path)" update_step_progress "ea-install" "complete" else update_step_progress "ea-install" "danger" "Failed to install Elastic Agent, see script output for error." @@ -170,17 +174,14 @@ install_elastic_agent() { wait_for_elastic_agent_status() { local MAX_RETRIES=10 local i=0 - echo -n "." elastic-agent status > /dev/null 2>&1 local ELASTIC_AGENT_STATUS_EXIT_CODE="$?" while [ "$ELASTIC_AGENT_STATUS_EXIT_CODE" -ne 0 ] && [ $i -le $MAX_RETRIES ]; do sleep 1 - echo -n "." elastic-agent status > /dev/null 2>&1 ELASTIC_AGENT_STATUS_EXIT_CODE="$?" ((i++)) done - echo "" if [ "$ELASTIC_AGENT_STATUS_EXIT_CODE" -ne 0 ]; then update_step_progress "ea-status" "warning" "Unable to determine agent status" @@ -214,11 +215,11 @@ backup_elastic_agent_config() { confirmation_reply="${confirmation_reply:-Y}" if [[ "$confirmation_reply" =~ ^[Yy](es)?$ ]]; then - local backup_path="${elastic_agent_config_path%.yml}.$(date +%s).yml" # e.g. /opt/Elastic/Agent/elastic-agent.1712267614.yml + local backup_path="$(pwd)/$(basename "${elastic_agent_config_path%.yml}.$(date +%s).yml")" # e.g. /opt/Elastic/Agent/elastic-agent.1712267614.yml cp $elastic_agent_config_path $backup_path if [ "$?" -eq 0 ]; then - printf "\n\e[1;32m✓\e[0m \e[1m%s\e[0m\n" "Backup saved to $backup_path" + printf "\n\e[1;32m✓\e[0m %s\n" "Backup saved to $backup_path" else update_step_progress "ea-config" "warning" "Failed to backup existing configuration" fail "Failed to backup existing config file - Try manually creating a backup or delete your existing config file before re-running this script" @@ -229,31 +230,56 @@ backup_elastic_agent_config() { fi } -download_elastic_agent_config() { - local decoded_ingest_api_key=$(echo "$ingest_api_key_encoded" | base64 -d) - local tmp_path="/tmp/elastic-agent-config-template.yml" +install_integrations() { + local install_integrations_api_body_string="" + + for item in "${selected_known_integrations_array[@]}"; do + install_integrations_api_body_string+="$item\tregistry\n" + done + + for item in "${selected_unknown_log_file_pattern_array[@]}" "${custom_log_file_path_list_array[@]}"; do + local integration_name=$(generate_custom_integration_name "$item") - update_step_progress "ea-config" "loading" + install_integrations_api_body_string+="$integration_name\tcustom\t$item\n" + done curl --request POST \ - -o $tmp_path \ + -o $elastic_agent_tmp_config_path \ --url "$kibana_api_endpoint/internal/observability_onboarding/flow/$onboarding_flow_id/integrations/install" \ --header "Authorization: ApiKey $install_api_key_encoded" \ --header "Content-Type: text/tab-separated-values" \ + --header "kbn-xsrf: true" \ + --header "x-elastic-internal-origin: Kibana" \ --data "$(echo -e "$install_integrations_api_body_string")" \ - --no-progress-meter + --no-progress-meter \ + --fail - if [ "$?" -ne 0 ]; then - update_step_progress "ea-config" "warning" "Failed to install integrations." - fail "Failed to install integrations." + if [ "$?" -eq 0 ]; then + printf "\n\e[1;32m✓\e[0m %s\n" "Integrations installed" + else + update_step_progress "ea-config" "warning" "Failed to install integrations" + fail "Failed to install integrations" fi +} - sed "s/'\${API_KEY}'/$decoded_ingest_api_key/g" $tmp_path > $elastic_agent_config_path +apply_elastic_agent_config() { + local decoded_ingest_api_key=$(echo "$ingest_api_key_encoded" | base64 -d) + + sed "s/'\${API_KEY}'/$decoded_ingest_api_key/g" $elastic_agent_tmp_config_path > $elastic_agent_config_path + if [ "$?" -eq 0 ]; then + printf "\e[1;32m✓\e[0m %s\n" "Config written to $elastic_agent_config_path" + update_step_progress "ea-config" "complete" + else + update_step_progress "ea-config" "warning" "Failed to configure Elastic Agent" + fail "Failed to configure Elastic Agent" + fi } read_open_log_file_list() { local exclude_patterns=( "^\/Users\/.+?\/Library\/Application Support" + "^\/Users\/.+?\/Library\/Group Containers" + "^\/Users\/.+?\/Library\/Containers" "^\/Users\/.+?\/Library\/Caches" "^\/private" # Excluding all patterns that correspond to known integrations @@ -269,7 +295,7 @@ read_open_log_file_list() { "^\/var\/log\/secure" ) - local list=$(lsof -Fn | grep "\.log$" | awk '/^n/ {print substr($0, 2)}' | sort | uniq) + local list=$(lsof -Fn / | grep "^n.*\.log$" | cut -c2- | sort -u) # Filtering by the exclude patterns while IFS= read -r line; do @@ -385,12 +411,12 @@ function select_list() { fi done - printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Ingest all detected logs?" "[Y/n] (default: Yes): " + printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Continue installation with detected logs?" "[Y/n] (default: Yes): " read confirmation_reply confirmation_reply="${confirmation_reply:-Y}" if [[ ! "$confirmation_reply" =~ ^[Yy](es)?$ ]]; then - printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Exclude logs by listing their index numbers" "(e.g. 1, 2, 3): " + printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m\n" "Exclude logs by listing their index numbers" "(e.g. 1, 2, 3). Press Enter to skip." read exclude_index_list_string IFS=', ' read -r -a exclude_index_list_array <<< "$exclude_index_list_string" @@ -417,6 +443,33 @@ function select_list() { fi fi done + + if [[ -n "$excluded_options_string" ]]; then + echo -e "\nThese logs will not be ingested:" + echo -e "$excluded_options_string" + fi + + printf "\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m\n" "List any additional logs you'd like to ingest" "(e.g. /path1/*.log, /path2/*.log). Press Enter to skip." + read custom_log_file_path_list_string + + IFS=', ' read -r -a custom_log_file_path_list_array <<< "$custom_log_file_path_list_string" + + echo -e "\nYou've selected these logs for ingestion:" + for item in "${selected_known_integrations_array[@]}"; do + printf "\e[32m•\e[0m %s\n" "$(known_integration_title "${item}")" + done + for item in "${selected_unknown_log_file_pattern_array[@]}" "${custom_log_file_path_list_array[@]}"; do + printf "\e[32m•\e[0m %s\n" "$item" + done + + printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Continue installation with selected logs?" "[Y/n] (default: Yes): " + read confirmation_reply + confirmation_reply="${confirmation_reply:-Y}" + + if [[ ! "$confirmation_reply" =~ ^[Yy](es)?$ ]]; then + echo -e "Rerun the script again to select different logs." + exit 1 + fi else selected_known_integrations_array=("${known_integrations_options[@]}") selected_unknown_log_file_pattern_array=("${unknown_logs_options[@]}") @@ -450,70 +503,26 @@ generate_custom_integration_name() { echo "$name" } -build_install_integrations_api_body_string() { - for item in "${selected_known_integrations_array[@]}"; do - install_integrations_api_body_string+="$item\tregistry\n" - done - - for item in "${selected_unknown_log_file_pattern_array[@]}" "${custom_log_file_path_list_array[@]}"; do - local integration_name=$(generate_custom_integration_name "$item") - - install_integrations_api_body_string+="$integration_name\tcustom\t$item\n" - done -} - -echo "Looking for log files..." +printf "\e[1m%s\e[0m\n" "Looking for log files..." +update_step_progress "logs-detect" "loading" detect_known_integrations read_open_log_file_list build_unknown_log_file_patterns - +update_step_progress "logs-detect" "complete" echo -e "\nWe found these logs on your system:" select_list -if [[ -n "$excluded_options_string" ]]; then - echo -e "\nThese logs will not be ingested:" - echo -e "$excluded_options_string" -fi - - -printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m\n" "Add paths to any custom logs we've missed" "(e.g. /path1/*.log, /path2/*.log). Press Enter to skip." -read custom_log_file_path_list_string - -IFS=', ' read -r -a custom_log_file_path_list_array <<< "$custom_log_file_path_list_string" - -echo -e "\nYou've selected these logs to ingest:" -for item in "${selected_known_integrations_array[@]}"; do - printf "• %s\n" "$(known_integration_title "${item}")" -done -for item in "${selected_unknown_log_file_pattern_array[@]}" "${custom_log_file_path_list_array[@]}"; do - printf "• %s\n" "$item" -done - - -printf "\n\e[1;36m?\e[0m \e[1m%s\e[0m \e[2m%s\e[0m" "Continue installation with selected logs?" "[Y/n] (default: Yes): " -read confirmation_reply -confirmation_reply="${confirmation_reply:-Y}" - -if [[ ! "$confirmation_reply" =~ ^[Yy](es)?$ ]]; then - echo -e "Rerun the script again to select different logs." - exit 1 -fi - -build_install_integrations_api_body_string - backup_elastic_agent_config -echo -e "\nDownloading Elastic Agent...\n" +printf "\n\e[1m%s\e[0m\n" "Installing Elastic Agent..." +install_integrations download_elastic_agent extract_elastic_agent - -echo -e "\nInstalling Elastic Agent...\n" install_elastic_agent +apply_elastic_agent_config + +printf "\n\e[1m%s\e[0m\n" "Waiting for healthy status..." wait_for_elastic_agent_status ensure_elastic_agent_healthy -echo -e "\nInstalling integrations...\n" -download_elastic_agent_config - -update_step_progress "ea-config" "complete" printf "\n\e[32m%s\e[0m\n" "🎉 Elastic Agent is configured and running. You can now go back to Kibana and check for incoming logs." diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/charts_screen.svg b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/charts_screen.svg new file mode 100644 index 0000000000000..925d71c174061 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/charts_screen.svg @@ -0,0 +1,128 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/assets/waterfall_screen.svg b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/waterfall_screen.svg new file mode 100644 index 0000000000000..7501d44620a94 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/assets/waterfall_screen.svg @@ -0,0 +1,116 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/plugin.ts b/x-pack/plugins/observability_solution/observability_onboarding/public/plugin.ts index 8afe3b29c30e0..be73b77bd336e 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/plugin.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/plugin.ts @@ -10,7 +10,10 @@ import { ObservabilityPublicStart, } from '@kbn/observability-plugin/public'; import { - HttpStart, + ObservabilitySharedPluginSetup, + ObservabilitySharedPluginStart, +} from '@kbn/observability-shared-plugin/public'; +import { AppMountParameters, CoreSetup, CoreStart, @@ -20,7 +23,12 @@ import { } from '@kbn/core/public'; import type { CloudExperimentsPluginStart } from '@kbn/cloud-experiments-plugin/common'; import { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public'; -import { SharePluginSetup } from '@kbn/share-plugin/public'; +import { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/public'; +import { SharePluginSetup, SharePluginStart } from '@kbn/share-plugin/public'; +import { DiscoverSetup, DiscoverStart } from '@kbn/discover-plugin/public'; +import { FleetSetup, FleetStart } from '@kbn/fleet-plugin/public'; +import { CloudSetup, CloudStart } from '@kbn/cloud-plugin/public'; +import { UsageCollectionSetup, UsageCollectionStart } from '@kbn/usage-collection-plugin/public'; import type { ObservabilityOnboardingConfig } from '../server'; import { PLUGIN_ID } from '../common'; import { ObservabilityOnboardingLocatorDefinition } from './locators/onboarding_locator/locator_definition'; @@ -34,23 +42,30 @@ export type ObservabilityOnboardingPluginStart = void; export interface ObservabilityOnboardingPluginSetupDeps { data: DataPublicPluginSetup; observability: ObservabilityPublicSetup; + observabilityShared: ObservabilitySharedPluginSetup; + discover: DiscoverSetup; share: SharePluginSetup; + fleet: FleetSetup; + security: SecurityPluginSetup; + cloud?: CloudSetup; + usageCollection?: UsageCollectionSetup; } export interface ObservabilityOnboardingPluginStartDeps { - cloudExperiments?: CloudExperimentsPluginStart; - http: HttpStart; data: DataPublicPluginStart; observability: ObservabilityPublicStart; + observabilityShared: ObservabilitySharedPluginStart; + discover: DiscoverStart; + share: SharePluginStart; + fleet: FleetStart; + security: SecurityPluginStart; + cloud?: CloudStart; + usageCollection?: UsageCollectionStart; + cloudExperiments?: CloudExperimentsPluginStart; } -export interface ObservabilityOnboardingPluginContextValue { - core: CoreStart; - plugins: ObservabilityOnboardingPluginSetupDeps; - data: DataPublicPluginStart; - observability: ObservabilityPublicStart; - config: ConfigSchema; -} +export type ObservabilityOnboardingContextValue = CoreStart & + ObservabilityOnboardingPluginStartDeps & { config: ConfigSchema }; export class ObservabilityOnboardingPlugin implements Plugin diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_agent_version.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_agent_version.ts new file mode 100644 index 0000000000000..c9dd959e6bb75 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_agent_version.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FleetStartContract } from '@kbn/fleet-plugin/server'; + +export function getAgentVersion(fleetStart: FleetStartContract, kibanaVersion: string) { + // If undefined, we will follow fleet's strategy to select latest available version: + // for serverless we will use the latest published version, for statefull we will use + // current Kibana version. If false, irrespective of fleet flags and logic, we are + // explicitly deciding to not append the current version. + const includeCurrentVersion = kibanaVersion.endsWith('-SNAPSHOT') ? false : undefined; + + const agentClient = fleetStart.agentService.asInternalUser; + return agentClient.getLatestAgentAvailableVersion(includeCurrentVersion); +} diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_fallback_urls.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_fallback_urls.ts index fc79d7e37cebb..15185521563a1 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_fallback_urls.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/lib/get_fallback_urls.ts @@ -5,10 +5,19 @@ * 2.0. */ -import { CoreStart } from '@kbn/core/server'; +import { CoreSetup } from '@kbn/core/server'; +import { CloudSetup } from '@kbn/cloud-plugin/server'; import { EsLegacyConfigService } from '../services/es_legacy_config_service'; -export function getFallbackKibanaUrl({ http }: CoreStart) { +export function getKibanaUrl(coreSetup: CoreSetup, cloudSetup?: CloudSetup) { + return ( + coreSetup.http.basePath.publicBaseUrl ?? // priority given to server.publicBaseUrl + cloudSetup?.kibanaUrl ?? // then cloud id + getFallbackKibanaUrl(coreSetup) // falls back to local network binding + ); +} + +export function getFallbackKibanaUrl({ http }: CoreSetup) { const basePath = http.basePath; const { protocol, hostname, port } = http.getServerInfo(); return `${protocol}://${hostname}:${port}${basePath diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/get_has_logs.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/get_has_logs.ts index bedd1de0a80da..7816843bca3dc 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/get_has_logs.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/get_has_logs.ts @@ -7,52 +7,24 @@ import { ElasticsearchClient } from '@kbn/core/server'; import { termQuery } from '@kbn/observability-plugin/server'; +import type { estypes } from '@elastic/elasticsearch'; import { AGENT_ID } from '../../../common/es_fields'; -import { - LogFilesState, - ObservabilityOnboardingType, - SystemLogsState, -} from '../../saved_objects/observability_onboarding_status'; -import { ElasticAgentStepPayload } from '../types'; - -export async function getHasLogs({ - type, - state, - esClient, - payload, -}: { - type: ObservabilityOnboardingType; - state?: LogFilesState | SystemLogsState; - esClient: ElasticsearchClient; - payload?: ElasticAgentStepPayload; -}) { - if (!state) { - return false; - } +export async function getHasLogs(esClient: ElasticsearchClient, agentId: string) { try { - const { namespace } = state; - const index = - type === 'logFiles' - ? `logs-${(state as LogFilesState).datasetName}-${namespace}` - : [`logs-system.syslog-${namespace}`, `logs-system.auth-${namespace}`]; - - const agentId = payload?.agentId; - - const { hits } = await esClient.search({ - index, + const result = await esClient.search({ + index: ['logs-*', 'metrics-*'], ignore_unavailable: true, + size: 0, terminate_after: 1, - body: { - query: { - bool: { - filter: [...termQuery(AGENT_ID, agentId)], - }, + query: { + bool: { + filter: termQuery(AGENT_ID, agentId), }, }, }); - const total = hits.total as { value: number }; - return total.value > 0; + const { value } = result.hits.total as estypes.SearchTotalHits; + return value > 0; } catch (error) { if (error.statusCode === 404) { return false; diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts index b43edf76ce0a5..c58a5ef257fbb 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/flow/route.ts @@ -12,15 +12,20 @@ import { FleetUnauthorizedError, type PackageClient, } from '@kbn/fleet-plugin/server'; -import type { TemplateAgentPolicyInput } from '@kbn/fleet-plugin/common'; import { dump } from 'js-yaml'; +import { PackageDataStreamTypes } from '@kbn/fleet-plugin/common/types'; import { getObservabilityOnboardingFlow, saveObservabilityOnboardingFlow } from '../../lib/state'; +import type { SavedObservabilityOnboardingFlow } from '../../saved_objects/observability_onboarding_status'; import { ObservabilityOnboardingFlow } from '../../saved_objects/observability_onboarding_status'; import { createObservabilityOnboardingServerRoute } from '../create_observability_onboarding_server_route'; import { getHasLogs } from './get_has_logs'; - +import { getKibanaUrl } from '../../lib/get_fallback_urls'; +import { hasLogMonitoringPrivileges } from '../logs/api_key/has_log_monitoring_privileges'; +import { createShipperApiKey } from '../logs/api_key/create_shipper_api_key'; +import { createInstallApiKey } from '../logs/api_key/create_install_api_key'; +import { getAgentVersion } from '../../lib/get_agent_version'; import { getFallbackESUrl } from '../../lib/get_fallback_urls'; -import { ElasticAgentStepPayload, Integration, StepProgressPayloadRT } from '../types'; +import { ElasticAgentStepPayload, InstalledIntegration, StepProgressPayloadRT } from '../types'; const updateOnboardingFlowRoute = createObservabilityOnboardingServerRoute({ endpoint: 'PUT /internal/observability_onboarding/flow/{onboardingId}', @@ -129,9 +134,7 @@ const getProgressRoute = createObservabilityOnboardingServerRoute({ onboardingId: t.string, }), }), - async handler(resources): Promise<{ - progress: Record; - }> { + async handler(resources): Promise> { const { params: { path: { onboardingId }, @@ -154,21 +157,11 @@ const getProgressRoute = createObservabilityOnboardingServerRoute({ const esClient = coreStart.elasticsearch.client.asScoped(request).asCurrentUser; - const type = savedObservabilityOnboardingState.type; - if (progress['ea-status']?.status === 'complete') { + const { agentId } = progress['ea-status']?.payload as ElasticAgentStepPayload; try { - const hasLogs = await getHasLogs({ - type, - state: savedObservabilityOnboardingState.state, - esClient, - payload: progress['ea-status']?.payload as ElasticAgentStepPayload, - }); - if (hasLogs) { - progress['logs-ingest'] = { status: 'complete' }; - } else { - progress['logs-ingest'] = { status: 'loading' }; - } + const hasLogs = await getHasLogs(esClient, agentId); + progress['logs-ingest'] = { status: hasLogs ? 'complete' : 'loading' }; } catch (error) { progress['logs-ingest'] = { status: 'warning', message: error.message }; } @@ -180,6 +173,88 @@ const getProgressRoute = createObservabilityOnboardingServerRoute({ }, }); +/** + * This endpoint starts a new onboarding flow and creates two API keys: + * 1. A short-lived API key with privileges to install integrations. + * 2. An API key with privileges to ingest log and metric data used to configure Elastic Agent. + * + * It also returns all required information to download the onboarding script and install the + * Elastic agent. + * + * If the user does not have all necessary privileges a 403 Forbidden response is returned. + * + * This endpoint differs from the existing `POST /internal/observability_onboarding/logs/flow` + * endpoint in that it caters for the auto-detect flow where integrations are detected and installed + * on the host system, rather than in the Kiabana UI. + */ +const createFlowRoute = createObservabilityOnboardingServerRoute({ + endpoint: 'POST /internal/observability_onboarding/flow', + options: { tags: [] }, + params: t.type({ + body: t.type({ + name: t.string, + }), + }), + async handler(resources) { + const { + context, + params: { + body: { name }, + }, + core, + request, + plugins, + kibanaVersion, + } = resources; + const coreStart = await core.start(); + const { + elasticsearch: { client }, + } = await context.core; + const savedObjectsClient = coreStart.savedObjects.getScopedClient(request); + + const hasPrivileges = await hasLogMonitoringPrivileges(client.asCurrentUser); + if (!hasPrivileges) { + throw Boom.forbidden('Unauthorized to create log indices'); + } + + const fleetPluginStart = await plugins.fleet.start(); + const securityPluginStart = await plugins.security.start(); + + const [onboardingFlow, ingestApiKey, installApiKey, elasticAgentVersion] = await Promise.all([ + saveObservabilityOnboardingFlow({ + savedObjectsClient, + observabilityOnboardingState: { + type: 'autoDetect', + state: undefined, + progress: {}, + }, + }), + createShipperApiKey(client.asCurrentUser, name), + securityPluginStart.authc.apiKeys.create(request, createInstallApiKey(name)), + getAgentVersion(fleetPluginStart, kibanaVersion), + ]); + + if (!installApiKey) { + throw Boom.notFound('License does not allow API key creation.'); + } + + const kibanaUrl = getKibanaUrl(core.setup, plugins.cloud?.setup); + const scriptDownloadUrl = new URL( + core.setup.http.staticAssets.getPluginAssetHref('auto_detect.sh'), + kibanaUrl + ).toString(); + + return { + onboardingFlow, + ingestApiKey: ingestApiKey.encoded, + installApiKey: installApiKey.encoded, + elasticAgentVersion, + kibanaUrl, + scriptDownloadUrl, + }; + }, +}); + /** * This endpoints installs the requested integrations and returns the corresponding config file for Elastic Agent. * @@ -239,9 +314,12 @@ const integrationsInstallRoute = createObservabilityOnboardingServerRoute({ }); } - let agentPolicyInputs: TemplateAgentPolicyInput[] = []; + let installedIntegrations: InstalledIntegration[] = []; try { - agentPolicyInputs = await ensureInstalledIntegrations(integrationsToInstall, packageClient); + installedIntegrations = await ensureInstalledIntegrations( + integrationsToInstall, + packageClient + ); } catch (error) { if (error instanceof FleetUnauthorizedError) { return response.forbidden({ @@ -262,10 +340,10 @@ const integrationsInstallRoute = createObservabilityOnboardingServerRoute({ ...savedObservabilityOnboardingState.progress, 'install-integrations': { status: 'complete', - payload: integrationsToInstall, + payload: installedIntegrations, }, }, - } as ObservabilityOnboardingFlow, + }, }); const elasticsearchUrl = plugins.cloud?.setup?.elasticsearchUrl @@ -278,55 +356,89 @@ const integrationsInstallRoute = createObservabilityOnboardingServerRoute({ }, body: generateAgentConfig({ esHost: elasticsearchUrl, - inputs: agentPolicyInputs, + inputs: installedIntegrations.map(({ inputs }) => inputs).flat(), }), }); }, }); +export interface RegistryIntegrationToInstall { + pkgName: string; + installSource: 'registry'; +} +export interface CustomIntegrationToInstall { + pkgName: string; + installSource: 'custom'; + logFilePaths: string[]; +} +export type IntegrationToInstall = RegistryIntegrationToInstall | CustomIntegrationToInstall; + async function ensureInstalledIntegrations( - integrationsToInstall: Integration[], + integrationsToInstall: IntegrationToInstall[], packageClient: PackageClient -) { - const agentPolicyInputs: TemplateAgentPolicyInput[] = []; - for (const integration of integrationsToInstall) { - const { pkgName, installSource } = integration; - if (installSource === 'registry') { - const pkg = await packageClient.ensureInstalledPackage({ pkgName }); - const inputs = await packageClient.getAgentPolicyInputs(pkg.name, pkg.version); - agentPolicyInputs.push(...inputs.filter((input) => input.type !== 'httpjson')); - } else if (installSource === 'custom') { - const input: TemplateAgentPolicyInput = { - id: `filestream-${pkgName}`, - type: 'filestream', - streams: [ +): Promise { + return Promise.all( + integrationsToInstall.map(async (integration) => { + const { pkgName, installSource } = integration; + + if (installSource === 'registry') { + const pkg = await packageClient.ensureInstalledPackage({ pkgName }); + const inputs = await packageClient.getAgentPolicyInputs(pkg.name, pkg.version); + const { packageInfo } = await packageClient.getPackage(pkg.name, pkg.version); + + return { + installSource, + pkgName: pkg.name, + pkgVersion: pkg.version, + title: packageInfo.title, + inputs: inputs.filter((input) => input.type !== 'httpjson'), + dataStreams: + packageInfo.data_streams?.map(({ type, dataset }) => ({ type, dataset })) ?? [], + kibanaAssets: pkg.installed_kibana, + }; + } + + const dataStream = { + type: 'logs', + dataset: pkgName, + }; + const installed: InstalledIntegration = { + installSource, + pkgName, + pkgVersion: '1.0.0', // Custom integrations are always installed as version `1.0.0` + title: pkgName, + inputs: [ { id: `filestream-${pkgName}`, - data_stream: { - type: 'logs', - dataset: pkgName, - }, - paths: integration.logFilePaths, + type: 'filestream', + streams: [ + { + id: `filestream-${pkgName}`, + data_stream: dataStream, + paths: integration.logFilePaths, + }, + ], }, ], + dataStreams: [dataStream], + kibanaAssets: [], }; try { await packageClient.installCustomIntegration({ pkgName, - datasets: [{ name: pkgName, type: 'logs' }], + datasets: [{ name: dataStream.dataset, type: dataStream.type as PackageDataStreamTypes }], }); - agentPolicyInputs.push(input); + return installed; } catch (error) { // If the error is a naming collision, we can assume the integration is already installed and treat this step as successful if (error instanceof NamingCollisionError) { - agentPolicyInputs.push(input); + return installed; } else { throw error; } } - } - } - return agentPolicyInputs; + }) + ); } /** @@ -347,48 +459,46 @@ async function ensureInstalledIntegrations( function parseIntegrationsTSV(tsv: string) { return Object.values( tsv + .trim() .split('\n') .map((line) => line.split('\t', 3)) - .reduce>((acc, [pkgName, installSource, logFilePath]) => { - const key = `${pkgName}-${installSource}`; - if (installSource === 'registry') { - if (logFilePath) { - throw new Error(`Integration '${pkgName}' does not support a file path`); - } - acc[key] = { - pkgName, - installSource, - }; - return acc; - } else if (installSource === 'custom') { - if (!logFilePath) { - throw new Error(`Missing file path for integration: ${pkgName}`); - } - // Append file path if integration is already in the list - const existing = acc[key]; - if (existing && existing.installSource === 'custom') { - existing.logFilePaths.push(logFilePath); + .reduce>( + (acc, [pkgName, installSource, logFilePath]) => { + const key = `${pkgName}-${installSource}`; + if (installSource === 'registry') { + if (logFilePath) { + throw new Error(`Integration '${pkgName}' does not support a file path`); + } + acc[key] = { + pkgName, + installSource, + }; + return acc; + } else if (installSource === 'custom') { + if (!logFilePath) { + throw new Error(`Missing file path for integration: ${pkgName}`); + } + // Append file path if integration is already in the list + const existing = acc[key]; + if (existing && existing.installSource === 'custom') { + existing.logFilePaths.push(logFilePath); + return acc; + } + acc[key] = { + pkgName, + installSource, + logFilePaths: [logFilePath], + }; return acc; } - acc[key] = { - pkgName, - installSource, - logFilePaths: [logFilePath], - }; - return acc; - } - throw new Error(`Invalid install source: ${installSource}`); - }, {}) + throw new Error(`Invalid install source: ${installSource}`); + }, + {} + ) ); } -const generateAgentConfig = ({ - esHost, - inputs = [], -}: { - esHost: string[]; - inputs: TemplateAgentPolicyInput[]; -}) => { +const generateAgentConfig = ({ esHost, inputs = [] }: { esHost: string[]; inputs: unknown[] }) => { return dump({ outputs: { default: { @@ -402,6 +512,7 @@ const generateAgentConfig = ({ }; export const flowRouteRepository = { + ...createFlowRoute, ...updateOnboardingFlowRoute, ...stepProgressUpdateRoute, ...getProgressRoute, diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_install_api_key.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_install_api_key.ts new file mode 100644 index 0000000000000..d97dd6ac6580c --- /dev/null +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_install_api_key.ts @@ -0,0 +1,40 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ALL_SPACES_ID } from '@kbn/spaces-plugin/common/constants'; +import type { CreateAPIKeyParams } from '@kbn/security-plugin/server'; + +/** + * Creates a short lived API key with the necessary permissions to install integrations + */ +export function createInstallApiKey(name: string): CreateAPIKeyParams { + return { + name: `onboarding_install_${name}`, + expiration: '1h', // This API key is only used for initial setup and should be short lived + metadata: { + managed: true, + application: 'logs', + }, + kibana_role_descriptors: { + can_install_integrations: { + elasticsearch: { + cluster: [], + indices: [], + }, + kibana: [ + { + feature: { + fleet: ['all'], + fleetv2: ['all'], // TODO: Remove this once #183020 is resolved + }, + spaces: [ALL_SPACES_ID], + }, + ], + }, + }, + }; +} diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_shipper_api_key.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_shipper_api_key.ts index 80814aa308abc..70a3bf344fee6 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_shipper_api_key.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/api_key/create_shipper_api_key.ts @@ -13,7 +13,10 @@ export function createShipperApiKey(esClient: ElasticsearchClient, name: string) return esClient.security.createApiKey({ body: { name: `standalone_agent_logs_onboarding_${name}`, - metadata: { application: 'logs' }, + metadata: { + managed: true, + application: 'logs', + }, role_descriptors: { standalone_agent: { cluster, diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts index b46b1508ed21b..4f7c1360dc082 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/logs/route.ts @@ -7,7 +7,8 @@ import * as t from 'io-ts'; import { createObservabilityOnboardingServerRoute } from '../create_observability_onboarding_server_route'; -import { getFallbackKibanaUrl } from '../../lib/get_fallback_urls'; +import { getKibanaUrl } from '../../lib/get_fallback_urls'; +import { getAgentVersion } from '../../lib/get_agent_version'; import { hasLogMonitoringPrivileges } from './api_key/has_log_monitoring_privileges'; import { saveObservabilityOnboardingFlow } from '../../lib/state'; import { createShipperApiKey } from './api_key/create_shipper_api_key'; @@ -39,27 +40,12 @@ const installShipperSetupRoute = createObservabilityOnboardingServerRoute({ elasticAgentVersion: string; }> { const { core, plugins, kibanaVersion } = resources; - const coreStart = await core.start(); const fleetPluginStart = await plugins.fleet.start(); - const agentClient = fleetPluginStart.agentService.asInternalUser; - - // If undefined, we will follow fleet's strategy to select latest available version: - // for serverless we will use the latest published version, for statefull we will use - // current Kibana version. If false, irrespective of fleet flags and logic, we are - // explicitly deciding to not append the current version. - const includeCurrentVersion = kibanaVersion.endsWith('-SNAPSHOT') ? false : undefined; - - const elasticAgentVersion = await agentClient.getLatestAgentAvailableVersion( - includeCurrentVersion - ); - - const kibanaUrl = - core.setup.http.basePath.publicBaseUrl ?? // priority given to server.publicBaseUrl - plugins.cloud?.setup?.kibanaUrl ?? // then cloud id - getFallbackKibanaUrl(coreStart); // falls back to local network binding + const elasticAgentVersion = await getAgentVersion(fleetPluginStart, kibanaVersion); + const kibanaUrl = getKibanaUrl(core.setup, plugins.cloud?.setup); const scriptDownloadUrl = new URL( - coreStart.http.staticAssets.getPluginAssetHref('standalone_agent_setup.sh'), + core.setup.http.staticAssets.getPluginAssetHref('standalone_agent_setup.sh'), kibanaUrl ).toString(); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts index e9ab6b14dab54..de2e7ce65fd2d 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/routes/types.ts @@ -52,19 +52,27 @@ export interface ObservabilityOnboardingRouteCreateOptions { }; } -export const IntegrationRT = t.union([ - t.type({ - pkgName: t.string, - installSource: t.literal('registry'), - }), - t.type({ - pkgName: t.string, - installSource: t.literal('custom'), - logFilePaths: t.array(t.string), - }), -]); +export const IntegrationRT = t.type({ + installSource: t.union([t.literal('registry'), t.literal('custom')]), + pkgName: t.string, + pkgVersion: t.string, + title: t.string, + inputs: t.array(t.unknown), + dataStreams: t.array( + t.type({ + type: t.string, + dataset: t.string, + }) + ), + kibanaAssets: t.array( + t.type({ + type: t.string, + id: t.string, + }) + ), +}); -export type Integration = t.TypeOf; +export type InstalledIntegration = t.TypeOf; export const ElasticAgentStepPayloadRT = t.type({ agentId: t.string, diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts index 297f7f33a9d64..a7ef942d7ea0a 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/saved_objects/observability_onboarding_status.ts @@ -23,7 +23,7 @@ export interface SystemLogsState { namespace: string; } -export type ObservabilityOnboardingType = 'logFiles' | 'systemLogs'; +export type ObservabilityOnboardingType = 'logFiles' | 'systemLogs' | 'autoDetect'; type ObservabilityOnboardingFlowState = LogFilesState | SystemLogsState | undefined; @@ -64,8 +64,21 @@ const ElasticAgentStepPayloadSchema = schema.object({ export const InstallIntegrationsStepPayloadSchema = schema.arrayOf( schema.object({ pkgName: schema.string(), - installSource: schema.string(), - logFilePaths: schema.maybe(schema.arrayOf(schema.string())), + pkgVersion: schema.string(), + installSource: schema.oneOf([schema.literal('registry'), schema.literal('custom')]), + inputs: schema.arrayOf(schema.any()), + dataStreams: schema.arrayOf( + schema.object({ + type: schema.string(), + dataset: schema.string(), + }) + ), + kibanaAssets: schema.arrayOf( + schema.object({ + type: schema.string(), + id: schema.string(), + }) + ), }) ); diff --git a/x-pack/plugins/observability_solution/observability_onboarding/server/types.ts b/x-pack/plugins/observability_solution/observability_onboarding/server/types.ts index 1c3cbbf26937c..8eee0943d3590 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/server/types.ts +++ b/x-pack/plugins/observability_solution/observability_onboarding/server/types.ts @@ -12,6 +12,7 @@ import { PluginStart as DataPluginStart, } from '@kbn/data-plugin/server'; import { FleetSetupContract, FleetStartContract } from '@kbn/fleet-plugin/server'; +import { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/server'; import { ObservabilityPluginSetup } from '@kbn/observability-plugin/server'; import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server'; @@ -21,6 +22,7 @@ export interface ObservabilityOnboardingPluginSetupDependencies { cloud: CloudSetup; usageCollection: UsageCollectionSetup; fleet: FleetSetupContract; + security: SecurityPluginSetup; } export interface ObservabilityOnboardingPluginStartDependencies { @@ -29,6 +31,7 @@ export interface ObservabilityOnboardingPluginStartDependencies { cloud: CloudStart; usageCollection: undefined; fleet: FleetStartContract; + security: SecurityPluginStart; } // eslint-disable-next-line @typescript-eslint/no-empty-interface diff --git a/x-pack/plugins/observability_solution/observability_onboarding/tsconfig.json b/x-pack/plugins/observability_solution/observability_onboarding/tsconfig.json index 947a1230afd16..5833bba22a6e4 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/tsconfig.json +++ b/x-pack/plugins/observability_solution/observability_onboarding/tsconfig.json @@ -38,7 +38,14 @@ "@kbn/home-sample-data-tab", "@kbn/react-kibana-context-render", "@kbn/react-kibana-context-theme", - "@kbn/ebt" + "@kbn/discover-plugin", + "@kbn/utility-types", + "@kbn/spaces-plugin", + "@kbn/ebt", + "@kbn/dashboard-plugin", + "@kbn/deeplinks-analytics" ], - "exclude": ["target/**/*"] + "exclude": [ + "target/**/*" + ] } diff --git a/x-pack/plugins/observability_solution/slo/common/constants.ts b/x-pack/plugins/observability_solution/slo/common/constants.ts index a70a5fe082730..37558bda23732 100644 --- a/x-pack/plugins/observability_solution/slo/common/constants.ts +++ b/x-pack/plugins/observability_solution/slo/common/constants.ts @@ -15,6 +15,7 @@ export const ALERT_ACTION = { name: i18n.translate('xpack.slo.alerting.burnRate.alertAction', { defaultMessage: 'Critical', }), + severity: { level: 3 }, }; export const HIGH_PRIORITY_ACTION_ID = 'slo.burnRate.high'; @@ -23,6 +24,7 @@ export const HIGH_PRIORITY_ACTION = { name: i18n.translate('xpack.slo.alerting.burnRate.highPriorityAction', { defaultMessage: 'High', }), + severity: { level: 2 }, }; export const MEDIUM_PRIORITY_ACTION_ID = 'slo.burnRate.medium'; @@ -31,6 +33,7 @@ export const MEDIUM_PRIORITY_ACTION = { name: i18n.translate('xpack.slo.alerting.burnRate.mediumPriorityAction', { defaultMessage: 'Medium', }), + severity: { level: 1 }, }; export const LOW_PRIORITY_ACTION_ID = 'slo.burnRate.low'; @@ -39,6 +42,7 @@ export const LOW_PRIORITY_ACTION = { name: i18n.translate('xpack.slo.alerting.burnRate.lowPriorityAction', { defaultMessage: 'Low', }), + severity: { level: 0 }, }; export const SUPPRESSED_PRIORITY_ACTION_ID = 'slo.burnRate.suppressed'; diff --git a/x-pack/plugins/observability_solution/observability/common/utils/parse_kuery.ts b/x-pack/plugins/observability_solution/slo/common/parse_kuery.ts similarity index 100% rename from x-pack/plugins/observability_solution/observability/common/utils/parse_kuery.ts rename to x-pack/plugins/observability_solution/slo/common/parse_kuery.ts diff --git a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/constants.ts b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/constants.ts index 94cf6dd80fa5e..b263c043d7acf 100644 --- a/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/constants.ts +++ b/x-pack/plugins/observability_solution/slo/public/embeddable/slo/common/constants.ts @@ -8,7 +8,7 @@ export const COMMON_SLO_GROUPING = [ { id: 'slos', - getDisplayName: () => 'SLOs', + getDisplayName: () => 'Observability', getIconType: () => { return 'visGauge'; }, diff --git a/x-pack/plugins/observability_solution/observability/public/hooks/use_create_rule.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_rule.ts similarity index 82% rename from x-pack/plugins/observability_solution/observability/public/hooks/use_create_rule.ts rename to x-pack/plugins/observability_solution/slo/public/hooks/use_create_rule.ts index 7c30544105aaa..04376e5299be3 100644 --- a/x-pack/plugins/observability_solution/observability/public/hooks/use_create_rule.ts +++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_create_rule.ts @@ -9,7 +9,7 @@ import { useMutation } from '@tanstack/react-query'; import { i18n } from '@kbn/i18n'; import { BASE_ALERTING_API_PATH, RuleTypeParams } from '@kbn/alerting-plugin/common'; import { v4 } from 'uuid'; -import { +import type { CreateRuleRequestBody, CreateRuleResponse, } from '@kbn/alerting-plugin/common/routes/rule/apis/create'; @@ -41,7 +41,7 @@ export function useCreateRule() { { onError: (_err) => { toasts.addDanger( - i18n.translate('xpack.observability.rules.createRule.errorNotification.descriptionText', { + i18n.translate('xpack.slo.rules.createRule.errorNotification.descriptionText', { defaultMessage: 'Failed to create rule', }) ); @@ -49,12 +49,9 @@ export function useCreateRule() { onSuccess: () => { toasts.addSuccess( - i18n.translate( - 'xpack.observability.rules.createRule.successNotification.descriptionText', - { - defaultMessage: 'Rule created', - } - ) + i18n.translate('xpack.slo.rules.createRule.successNotification.descriptionText', { + defaultMessage: 'Rule created', + }) ); }, } diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts index a5a193db672fb..6be95e67c0d89 100644 --- a/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts +++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_fetch_group_by_cardinality.ts @@ -9,7 +9,7 @@ import { debounce } from 'lodash'; import { ALL_VALUE, QuerySchema } from '@kbn/slo-schema'; import { useQuery } from '@tanstack/react-query'; import { lastValueFrom } from 'rxjs'; -import { getElasticsearchQueryOrThrow } from '@kbn/observability-plugin/public'; +import { getElasticsearchQueryOrThrow } from '../../common/parse_kuery'; import { useKibana } from '../utils/kibana_react'; export interface UseFetchGroupByCardinalityResponse { diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_table_docs.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_table_docs.tsx index d1b17b6747fa1..dc58571f58685 100644 --- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_table_docs.tsx +++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/use_table_docs.tsx @@ -10,7 +10,7 @@ import { FieldPath, useFormContext } from 'react-hook-form'; import { DataView } from '@kbn/data-views-plugin/common'; import { TimeRange } from '@kbn/es-query'; import { QuerySchema } from '@kbn/slo-schema'; -import { getElasticsearchQueryOrThrow } from '@kbn/observability-plugin/public'; +import { getElasticsearchQueryOrThrow } from '../../../../../common/parse_kuery'; import { CreateSLOForm } from '../../types'; export const useTableDocs = ({ diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx index 267fd7f6d9851..f3f18c7f0b332 100644 --- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx +++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/slo_edit_form_footer.tsx @@ -11,7 +11,7 @@ import type { GetSLOResponse } from '@kbn/slo-schema'; import React, { useCallback, useMemo } from 'react'; import { useFormContext } from 'react-hook-form'; import { InPortal } from 'react-reverse-portal'; -import { useCreateRule } from '@kbn/observability-plugin/public'; +import { useCreateRule } from '../../../hooks/use_create_rule'; import { useKibana } from '../../../utils/kibana_react'; import { sloEditFormFooterPortal } from '../shared_flyout/slo_add_form_flyout'; import { paths } from '../../../../common/locators/paths'; diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx index 03838225d1618..cd20c06c9d491 100644 --- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx +++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/slo_edit.test.tsx @@ -8,7 +8,7 @@ import { ILicense } from '@kbn/licensing-plugin/common/types'; import { licensingMock } from '@kbn/licensing-plugin/public/mocks'; import { observabilityAIAssistantPluginMock } from '@kbn/observability-ai-assistant-plugin/public/mock'; -import { useCreateRule, useFetchDataViews } from '@kbn/observability-plugin/public'; +import { useFetchDataViews } from '@kbn/observability-plugin/public'; import { HeaderMenuPortal } from '@kbn/observability-shared-plugin/public'; import { cleanup, fireEvent, waitFor } from '@testing-library/react'; import { createBrowserHistory } from 'history'; @@ -23,6 +23,7 @@ import { useFetchApmSuggestions } from '../../hooks/use_fetch_apm_suggestions'; import { useFetchIndices } from '../../hooks/use_fetch_indices'; import { useFetchSloDetails } from '../../hooks/use_fetch_slo_details'; import { usePermissions } from '../../hooks/use_permissions'; +import { useCreateRule } from '../../hooks/use_create_rule'; import { useUpdateSlo } from '../../hooks/use_update_slo'; import { useKibana } from '../../utils/kibana_react'; import { kibanaStartMock } from '../../utils/kibana_react.mock'; @@ -44,6 +45,7 @@ jest.mock('../../hooks/use_create_slo'); jest.mock('../../hooks/use_update_slo'); jest.mock('../../hooks/use_fetch_apm_suggestions'); jest.mock('../../hooks/use_permissions'); +jest.mock('../../hooks/use_create_rule'); const mockUseKibanaReturnValue = kibanaStartMock.startContract(); diff --git a/x-pack/plugins/observability_solution/slo/public/plugin.ts b/x-pack/plugins/observability_solution/slo/public/plugin.ts index 5bdd830830fd6..5748a55c21489 100644 --- a/x-pack/plugins/observability_solution/slo/public/plugin.ts +++ b/x-pack/plugins/observability_solution/slo/public/plugin.ts @@ -138,7 +138,8 @@ export class SloPlugin const registerAsyncSloUiActions = async () => { if (pluginsSetup.uiActions) { const { registerSloUiActions } = await import('./ui_actions'); - registerSloUiActions(pluginsSetup.uiActions, coreSetup); + + registerSloUiActions(coreSetup, pluginsSetup, pluginsStart); } }; registerAsyncSloUiActions(); diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx index b365881bf915a..63926aa24cd82 100644 --- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx +++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_alerts_panel_action.tsx @@ -26,6 +26,7 @@ export function createAddAlertsPanelAction( id: ADD_SLO_ALERTS_ACTION_ID, grouping: COMMON_SLO_GROUPING, getIconType: () => 'alert', + order: 20, isCompatible: async ({ embeddable }) => { return apiIsPresentationContainer(embeddable); }, diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx index c619252bc6eb8..8d311bfdce70b 100644 --- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx +++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_error_budget_action.tsx @@ -24,6 +24,7 @@ export function createAddErrorBudgetPanelAction( return { id: ADD_SLO_ERROR_BUDGET_ACTION_ID, grouping: COMMON_SLO_GROUPING, + order: 10, getIconType: () => 'visLine', isCompatible: async ({ embeddable }) => { return apiIsPresentationContainer(embeddable); diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx index edb7b129927b0..49d2d269d4cdd 100644 --- a/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx +++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/create_overview_panel_action.tsx @@ -25,6 +25,7 @@ export function createOverviewPanelAction( return { id: ADD_SLO_OVERVIEW_ACTION_ID, grouping: COMMON_SLO_GROUPING, + order: 30, getIconType: () => 'visGauge', isCompatible: async ({ embeddable }) => { return apiIsPresentationContainer(embeddable); diff --git a/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts b/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts index 61c1569f1a9d7..95c1f19a8842a 100644 --- a/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts +++ b/x-pack/plugins/observability_solution/slo/public/ui_actions/index.ts @@ -5,24 +5,31 @@ * 2.0. */ -import type { UiActionsSetup } from '@kbn/ui-actions-plugin/public'; +import { ADD_PANEL_TRIGGER } from '@kbn/ui-actions-plugin/public'; import type { CoreSetup } from '@kbn/core/public'; import { createOverviewPanelAction } from './create_overview_panel_action'; import { createAddErrorBudgetPanelAction } from './create_error_budget_action'; import { createAddAlertsPanelAction } from './create_alerts_panel_action'; -import { SloPublicPluginsStart, SloPublicStart } from '..'; +import { SloPublicPluginsStart, SloPublicStart, SloPublicPluginsSetup } from '..'; export function registerSloUiActions( - uiActions: UiActionsSetup, - core: CoreSetup + core: CoreSetup, + pluginsSetup: SloPublicPluginsSetup, + pluginsStart: SloPublicPluginsStart ) { + const { uiActions } = pluginsSetup; + const { serverless, cloud } = pluginsStart; + // Initialize actions const addOverviewPanelAction = createOverviewPanelAction(core.getStartServices); const addErrorBudgetPanelAction = createAddErrorBudgetPanelAction(core.getStartServices); const addAlertsPanelAction = createAddAlertsPanelAction(core.getStartServices); // Assign triggers - uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addOverviewPanelAction); - uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addErrorBudgetPanelAction); - uiActions.addTriggerAction('ADD_PANEL_TRIGGER', addAlertsPanelAction); + // Only register these actions in stateful kibana, and the serverless observability project + if (Boolean((serverless && cloud?.serverless.projectType === 'observability') || !serverless)) { + uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addOverviewPanelAction); + uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addErrorBudgetPanelAction); + uiActions.addTriggerAction(ADD_PANEL_TRIGGER, addAlertsPanelAction); + } } diff --git a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/hooks/use_simple_run_once_monitors.ts b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/hooks/use_simple_run_once_monitors.ts index cfa986a6426a3..4cc61d61688f4 100644 --- a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/hooks/use_simple_run_once_monitors.ts +++ b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/hooks/use_simple_run_once_monitors.ts @@ -70,7 +70,7 @@ export const useSimpleRunOnceMonitors = ({ // Whenever a new found document is fetched, update lastUpdated const docsChecksum = docs - .map(({ _id }: { _id: string }) => _id) + .map(({ _id }: { _id?: string }) => _id!) .reduce((acc, cur) => acc + cur, ''); if (docsChecksum !== lastUpdated.current.checksum) { // Mutating lastUpdated diff --git a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/simple/simple_test_results.tsx b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/simple/simple_test_results.tsx index a3f07d6cfbc14..9ebcc12af8192 100644 --- a/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/simple/simple_test_results.tsx +++ b/x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/test_now_mode/simple/simple_test_results.tsx @@ -31,7 +31,7 @@ export function SimpleTestResults({ testRunId, expectPings, onDone }: Props) { ); return summaryDocs.map((updatedDoc) => ({ ...updatedDoc, - ...(prevById[updatedDoc.docId] ?? {}), + ...(prevById[updatedDoc.docId!] ?? {}), })); }); diff --git a/x-pack/plugins/observability_solution/synthetics/server/legacy_uptime/lib/requests/get_last_successful_check.ts b/x-pack/plugins/observability_solution/synthetics/server/legacy_uptime/lib/requests/get_last_successful_check.ts index d90f694315015..d3f94a11cf2fa 100644 --- a/x-pack/plugins/observability_solution/synthetics/server/legacy_uptime/lib/requests/get_last_successful_check.ts +++ b/x-pack/plugins/observability_solution/synthetics/server/legacy_uptime/lib/requests/get_last_successful_check.ts @@ -105,6 +105,6 @@ export const getLastSuccessfulCheck = async ({ return { ...check, timestamp: check['@timestamp'], - docId: result.hits.hits[0]._id, + docId: result.hits.hits[0]._id!, }; }; diff --git a/x-pack/plugins/observability_solution/synthetics/server/queries/get_journey_details.ts b/x-pack/plugins/observability_solution/synthetics/server/queries/get_journey_details.ts index bc60f32046ed1..a5288a20dad74 100644 --- a/x-pack/plugins/observability_solution/synthetics/server/queries/get_journey_details.ts +++ b/x-pack/plugins/observability_solution/synthetics/server/queries/get_journey_details.ts @@ -165,7 +165,7 @@ export const getJourneyDetails = async ({ return { timestamp: journeySource['@timestamp'], - journey: { ...journeySource, _id: foundJourney._id }, + journey: { ...journeySource, _id: foundJourney._id! }, ...(summaryPing && 'state' in summaryPing && summaryPing.state ? { summary: { diff --git a/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/common/charts/__snapshots__/donut_chart.test.tsx.snap b/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/common/charts/__snapshots__/donut_chart.test.tsx.snap index 2569e62ad20ca..639557a2b9e1a 100644 --- a/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/common/charts/__snapshots__/donut_chart.test.tsx.snap +++ b/x-pack/plugins/observability_solution/uptime/public/legacy_uptime/components/common/charts/__snapshots__/donut_chart.test.tsx.snap @@ -51,6 +51,7 @@ exports[`DonutChart component passes correct props without errors for valid prop }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, @@ -440,6 +441,7 @@ exports[`DonutChart component passes correct props without errors for valid prop }, }, "isolatedPoint": Object { + "enabled": true, "fill": "white", "opacity": 1, "radius": 2, diff --git a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/requests/get_last_successful_check.ts b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/requests/get_last_successful_check.ts index 99a75c28bf566..2b11d46bca3fb 100644 --- a/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/requests/get_last_successful_check.ts +++ b/x-pack/plugins/observability_solution/uptime/server/legacy_uptime/lib/requests/get_last_successful_check.ts @@ -101,6 +101,6 @@ export const getLastSuccessfulCheck: UMElasticsearchQueryFn< return { ...check, timestamp: check['@timestamp'], - docId: result.hits.hits[0]._id, + docId: result.hits.hits[0]._id!, }; }; diff --git a/x-pack/plugins/osquery/cypress/e2e/all/packs_integration.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/packs_integration.cy.ts index ff23c462afd02..07ed4b815361e 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/packs_integration.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/packs_integration.cy.ts @@ -40,7 +40,8 @@ import { cleanupPack, cleanupAgentPolicy } from '../../tasks/api_fixtures'; import { request } from '../../tasks/common'; import { ServerlessRoleName } from '../../support/roles'; -describe('ALL - Packs', { tags: ['@ess', '@serverless'] }, () => { +// Failing: See https://github.com/elastic/kibana/issues/176543 +describe.skip('ALL - Packs', { tags: ['@ess', '@serverless'] }, () => { const integration = 'Osquery Manager'; describe( diff --git a/x-pack/plugins/osquery/public/results/results_table.tsx b/x-pack/plugins/osquery/public/results/results_table.tsx index 48a3e7f355a18..dfb0d5dad88a4 100644 --- a/x-pack/plugins/osquery/public/results/results_table.tsx +++ b/x-pack/plugins/osquery/public/results/results_table.tsx @@ -342,7 +342,8 @@ const ResultsTableComponent: React.FC = ({ }; const eventId = data[visibleRowIndex]?._id; - return ; + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + return ; }, }, ]; diff --git a/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts b/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts index 50fb15ef32829..1023ceb6b2b75 100644 --- a/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts +++ b/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts @@ -17,7 +17,7 @@ import { licensePreRoutingFactory } from '../../lib/license_pre_routing_factory' import { RouteDependencies } from '../../types'; const bodyValidation = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), skipUnavailable: schema.boolean(), mode: schema.oneOf([schema.literal(PROXY_MODE), schema.literal(SNIFF_MODE)]), seeds: schema.nullable(schema.arrayOf(schema.string())), diff --git a/x-pack/plugins/reporting/server/lib/tasks/execute_report.ts b/x-pack/plugins/reporting/server/lib/tasks/execute_report.ts index 598055cb175d1..46dea6d8b1190 100644 --- a/x-pack/plugins/reporting/server/lib/tasks/execute_report.ts +++ b/x-pack/plugins/reporting/server/lib/tasks/execute_report.ts @@ -241,8 +241,8 @@ export class ExecuteReportTask implements ReportingTask { eventTracker?.claimJob({ timeSinceCreation }); const resp = await store.setReportClaimed(claimedReport, doc); - claimedReport._seq_no = resp._seq_no; - claimedReport._primary_term = resp._primary_term; + claimedReport._seq_no = resp._seq_no!; + claimedReport._primary_term = resp._primary_term!; return claimedReport; } @@ -366,8 +366,8 @@ export class ExecuteReportTask implements ReportingTask { const resp = await store.setReportCompleted(report, doc); this.logger.info(`Saved ${report.jobtype} job ${docId}`); - report._seq_no = resp._seq_no; - report._primary_term = resp._primary_term; + report._seq_no = resp._seq_no!; + report._primary_term = resp._primary_term!; // event tracking of completed job const eventTracker = this.getEventTracker(report); diff --git a/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts b/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts index 21c0681f8458c..0585526117f3e 100644 --- a/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts +++ b/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts @@ -21,7 +21,7 @@ export const registerCreateRoute = ({ body: schema.object({ job: schema.object( { - id: schema.string(), + id: schema.string({ maxLength: 1000 }), }, { unknowns: 'allow' } ), diff --git a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts index 528354eed3d05..1b4b897664b84 100644 --- a/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts +++ b/x-pack/plugins/rule_registry/common/assets/field_maps/technical_rule_field_map.test.ts @@ -82,6 +82,11 @@ it('matches snapshot', () => { "required": false, "type": "keyword", }, + "kibana.alert.previous_action_group": Object { + "array": false, + "required": false, + "type": "keyword", + }, "kibana.alert.reason": Object { "array": false, "multi_fields": Array [ @@ -245,6 +250,11 @@ it('matches snapshot', () => { "required": false, "type": "keyword", }, + "kibana.alert.severity_improving": Object { + "array": false, + "required": false, + "type": "boolean", + }, "kibana.alert.start": Object { "array": false, "required": false, diff --git a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts index 0c449d4f4126a..e45bbecf93cec 100644 --- a/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts +++ b/x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts @@ -344,7 +344,8 @@ export class AlertsClient { throw Boom.badData(errorMessage); } - if (result?.hits?.hits != null && result?.hits.hits.length > 0) { + if (result?.hits.hits.length > 0) { + // @ts-expect-error type mismatch: SearchHit._id is optional await this.ensureAllAuthorized(result.hits.hits, operation); result?.hits.hits.map((item) => diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts index f2cbe8ef5aeb7..335ab73dd8fe6 100644 --- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts +++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/resource_installer.test.ts @@ -567,6 +567,7 @@ describe('resourceInstaller', () => { it('gracefully fails on empty mappings', async () => { const mockClusterClient = elasticsearchServiceMock.createElasticsearchClient(); + // @ts-expect-error wrong response type mockClusterClient.indices.simulateIndexTemplate.mockImplementation(async () => ({})); const { installer, indexInfo, logger } = setup(mockClusterClient); diff --git a/x-pack/plugins/search_playground/__mocks__/fetch_query_source_fields.mock.ts b/x-pack/plugins/search_playground/__mocks__/fetch_query_source_fields.mock.ts index d421ad6c8c9b7..7ab5f261989a4 100644 --- a/x-pack/plugins/search_playground/__mocks__/fetch_query_source_fields.mock.ts +++ b/x-pack/plugins/search_playground/__mocks__/fetch_query_source_fields.mock.ts @@ -206,6 +206,27 @@ export const DENSE_SPARSE_SAME_FIELD_NAME_CAPS = { }, }; +export const DENSE_OLD_PIPELINE_DOCS = [ + { + took: 1, + timed_out: false, + _shards: { total: 1, successful: 1, skipped: 0, failed: 0 }, + hits: { total: { value: 1, relation: 'eq' }, max_score: null, hits: [] }, + aggregations: { + 'ml.inference.body_content.model_id': { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 0, + buckets: [ + { + key: '.multilingual-e5-small_linux-x86_64', + doc_count: 1, + }, + ], + }, + }, + } as SearchResponse, +]; + export const DENSE_SPARSE_SAME_FIELD_NAME_DOCS = [ { took: 1, @@ -959,6 +980,572 @@ export const ELSER_PASSAGE_CHUNKED_TWO_INDICES = { }, }; +export const DENSE_PIPELINE_FIELD_CAPS = { + indices: ['search-test-e5'], + fields: { + additional_urls: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + 'title.stem': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.pipeline.stem': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'headings.delimiter': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'ml.inference.body_content.model_id.prefix': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'headings.enum': { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors': { + object: { + type: 'object', + metadata_field: false, + searchable: false, + aggregatable: false, + }, + }, + '_ingest.processors.types.joined': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'body_content.enum': { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + links: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + id: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + 'ml.inference.body_content.model_id.joined': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + ml: { + object: { + type: 'object', + metadata_field: false, + searchable: false, + aggregatable: false, + }, + }, + 'ml.inference.body_content.model_id': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'ml.inference': { + object: { + type: 'object', + metadata_field: false, + searchable: false, + aggregatable: false, + }, + }, + body_content: { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.pipeline.joined': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + domains: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.model_version.enum': { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + 'body_content.joined': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + url_scheme: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + meta_description: { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'ml.inference.body_content': { + object: { + type: 'object', + metadata_field: false, + searchable: false, + aggregatable: false, + }, + }, + headings: { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.types.enum': { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + last_crawled_at: { + date: { + type: 'date', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.model_version.joined': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'title.delimiter': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'headings.prefix': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'title.enum': { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.pipeline.enum': { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.pipeline.prefix': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'meta_description.prefix': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.types.delimiter': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'title.joined': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'body_content.stem': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.types.stem': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'ml.inference.body_content.model_id.enum': { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + title: { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + meta_keywords: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.processed_timestamp': { + date: { + type: 'date', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + 'ml.inference.body_content.model_id.delimiter': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'meta_description.enum': { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + 'meta_description.delimiter': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'title.prefix': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.pipeline': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + _ingest: { + object: { + type: 'object', + metadata_field: false, + searchable: false, + aggregatable: false, + }, + }, + 'ml.inference.body_content.is_truncated': { + boolean: { + type: 'boolean', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.model_version.prefix': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.model_version.delimiter': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + url_host: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + url_path: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.model_version': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + url_path_dir3: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.pipeline.delimiter': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'headings.joined': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.types': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'meta_description.joined': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'ml.inference.body_content.predicted_value': { + dense_vector: { + type: 'dense_vector', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + url: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + 'meta_description.stem': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'ml.inference.body_content.model_id.stem': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + url_port: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + 'body_content.delimiter': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + '_ingest.processors.model_version.stem': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + url_path_dir2: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + url_path_dir1: { + keyword: { + type: 'keyword', + metadata_field: false, + searchable: true, + aggregatable: true, + }, + }, + '_ingest.processors.types.prefix': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'headings.stem': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + 'body_content.prefix': { + text: { + type: 'text', + metadata_field: false, + searchable: true, + aggregatable: false, + }, + }, + }, +}; + export const ELSER_PASSAGE_CHUNKED = { indices: ['search-nethys'], fields: { diff --git a/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.test.ts b/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.test.ts index 8991cb9924480..e41eb0d1e4445 100644 --- a/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.test.ts +++ b/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.test.ts @@ -26,6 +26,8 @@ import { DENSE_SEMANTIC_FIELD_MAPPINGS, DENSE_SEMANTIC_FIELD_FIELD_CAPS, DENSE_SEMANTIC_FIELD_MAPPINGS_MISSING_TASK_TYPE, + DENSE_PIPELINE_FIELD_CAPS, + DENSE_OLD_PIPELINE_DOCS, } from '../../__mocks__/fetch_query_source_fields.mock'; import { fetchFields, @@ -506,6 +508,54 @@ describe('fetch_query_source_fields', () => { }); }); + it('should perform a search request with the correct modelid for old style inference', async () => { + const client = { + asCurrentUser: { + fieldCaps: jest.fn().mockResolvedValue(DENSE_PIPELINE_FIELD_CAPS), + search: jest.fn().mockResolvedValue(DENSE_OLD_PIPELINE_DOCS[0]), + indices: { + getMapping: jest.fn().mockResolvedValue({ + 'search-test-e5': { + mappings: {}, + }, + }), + }, + }, + } as any; + const indices = ['search-test-e5']; + const response = await fetchFields(client, indices); + expect(client.asCurrentUser.search).toHaveBeenCalledWith({ + index: 'search-test-e5', + body: { + size: 0, + aggs: { + 'ml.inference.body_content.model_id': { + terms: { + field: 'ml.inference.body_content.model_id.enum', + size: 1, + }, + }, + }, + }, + }); + expect(response).toEqual({ + 'search-test-e5': { + bm25_query_fields: expect.any(Array), + dense_vector_query_fields: [ + { + field: 'ml.inference.body_content.predicted_value', + indices: ['search-test-e5'], + model_id: '.multilingual-e5-small_linux-x86_64', + }, + ], + elser_query_fields: [], + semantic_fields: [], + source_fields: expect.any(Array), + skipped_fields: 30, + }, + }); + }); + it('should perform a search request with the correct parameters with top level model id', async () => { const client = { asCurrentUser: { diff --git a/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.ts b/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.ts index 15e1ead0bf037..9dfd5c9b2b95e 100644 --- a/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.ts +++ b/x-pack/plugins/search_playground/server/lib/fetch_query_source_fields.ts @@ -53,25 +53,15 @@ const EMBEDDING_TYPE: Record = { export const getModelIdFields = (fieldCapsResponse: FieldCapsResponse) => { const { fields } = fieldCapsResponse; return Object.keys(fields).reduce>((acc, fieldKey) => { - const field = fields[fieldKey]; if (fieldKey.endsWith('model_id')) { - if ('keyword' in field && field.keyword.aggregatable) { - acc.push({ - path: fieldKey, - aggField: fieldKey, - }); - return acc; - } - const keywordModelIdField = fields[fieldKey + '.keyword']; + const multiField = Object.keys(fields) + .filter((key) => key.startsWith(fieldKey)) + .find((key) => fields[key].keyword && fields[key].keyword.aggregatable); - if ( - keywordModelIdField && - `keyword` in keywordModelIdField && - keywordModelIdField.keyword.aggregatable - ) { + if (multiField) { acc.push({ path: fieldKey, - aggField: fieldKey + '.keyword', + aggField: multiField, }); return acc; } diff --git a/x-pack/plugins/security/common/index.ts b/x-pack/plugins/security/common/index.ts index 1a767f778fb7a..1f5767fc56b64 100644 --- a/x-pack/plugins/security/common/index.ts +++ b/x-pack/plugins/security/common/index.ts @@ -7,8 +7,6 @@ export type { GetUserProfileResponse, - ApiKey, - RestApiKey, GetUserDisplayNameParams, EditUser, BuiltinESPrivileges, @@ -19,6 +17,7 @@ export type { InvalidRoleTemplate, InlineRoleTemplate, } from './model'; + export { getUserDisplayName, isRoleReserved, isRoleWithWildcardBasePrivilege } from './model'; // Re-export types from the plugin directly to enhance the developer experience for consumers of the Security plugin. diff --git a/x-pack/plugins/security/common/model/index.ts b/x-pack/plugins/security/common/model/index.ts index 4afc921007d4b..4ad46b29212d8 100644 --- a/x-pack/plugins/security/common/model/index.ts +++ b/x-pack/plugins/security/common/model/index.ts @@ -5,17 +5,6 @@ * 2.0. */ -export type { - ApiKey, - RestApiKey, - BaseApiKey, - CrossClusterApiKey, - ApiKeyToInvalidate, - ApiKeyRoleDescriptors, - CrossClusterApiKeyAccess, - ApiKeyAggregations, - QueryApiKeyResult, -} from './api_key'; export type { EditUser, GetUserDisplayNameParams } from './user'; export type { GetUserProfileResponse } from './user_profile'; export { diff --git a/x-pack/plugins/security/public/account_management/user_profile/user_profile.tsx b/x-pack/plugins/security/public/account_management/user_profile/user_profile.tsx index af3b22901d12e..8e2f27c2db817 100644 --- a/x-pack/plugins/security/public/account_management/user_profile/user_profile.tsx +++ b/x-pack/plugins/security/public/account_management/user_profile/user_profile.tsx @@ -39,6 +39,15 @@ import type { CoreStart, IUiSettingsClient, ThemeServiceStart } from '@kbn/core/ import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { + FormChangesProvider, + FormField, + FormLabel, + FormRow, + OptionalText, + useFormChanges, + useFormChangesContext, +} from '@kbn/security-form-components'; import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template'; import type { DarkModeValue, UserProfileData } from '@kbn/user-profile-components'; import { UserAvatar, useUpdateUserProfile } from '@kbn/user-profile-components'; @@ -54,14 +63,6 @@ import { } from '../../../common/model'; import { useSecurityApiClients } from '../../components'; import { Breadcrumb } from '../../components/breadcrumb'; -import { - FormChangesProvider, - useFormChanges, - useFormChangesContext, -} from '../../components/form_changes'; -import { FormField } from '../../components/form_field'; -import { FormLabel } from '../../components/form_label'; -import { FormRow, OptionalText } from '../../components/form_row'; import { ChangePasswordModal } from '../../management/users/edit_user/change_password_modal'; import { isUserReserved } from '../../management/users/user_utils'; diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.mock.ts b/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.mock.ts index 7700ec76a8462..5e207ac8f366f 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.mock.ts +++ b/x-pack/plugins/security/public/management/api_keys/api_keys_api_client.mock.ts @@ -5,10 +5,9 @@ * 2.0. */ +import type { APIKeysAPIClient } from '@kbn/security-api-key-management'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { APIKeysAPIClient } from './api_keys_api_client'; - export const apiKeysAPIClientMock = { create: (): jest.Mocked> => ({ invalidateApiKeys: jest.fn(), diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx index d3ba26eae9ea6..68c3ef426f77c 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx +++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_grid_page.tsx @@ -17,20 +17,23 @@ import { SectionLoading } from '@kbn/es-ui-shared-plugin/public'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { reactRouterNavigate, useKibana } from '@kbn/kibana-react-plugin/public'; +import type { CreateAPIKeyResult, QueryApiKeySortOptions } from '@kbn/security-api-key-management'; +import { + ApiKeyCreatedCallout, + ApiKeyFlyout, + APIKeysAPIClient, +} from '@kbn/security-api-key-management'; +import type { CategorizedApiKey } from '@kbn/security-plugin-types-common'; import { KibanaPageTemplate } from '@kbn/shared-ux-page-kibana-template'; import { Route } from '@kbn/shared-ux-router'; -import { ApiKeyFlyout } from './api_key_flyout'; import { ApiKeysEmptyPrompt } from './api_keys_empty_prompt'; import { ApiKeysTable, MAX_PAGINATED_ITEMS } from './api_keys_table'; -import type { CategorizedApiKey, QueryFilters } from './api_keys_table'; +import type { QueryFilters } from './api_keys_table'; import { InvalidateProvider } from './invalidate_provider'; import { Breadcrumb } from '../../../components/breadcrumb'; -import { SelectableTokenField } from '../../../components/token_field'; import { useCapabilities } from '../../../components/use_capabilities'; import { useAuthentication } from '../../../components/use_current_user'; -import type { CreateAPIKeyResult, QueryApiKeySortOptions } from '../api_keys_api_client'; -import { APIKeysAPIClient } from '../api_keys_api_client'; interface ApiKeysTableState { query: Query; @@ -187,6 +190,9 @@ export const APIKeysGridPage: FunctionComponent = () => { }} onCancel={() => history.push({ pathname: '/' })} canManageCrossClusterApiKeys={canManageCrossClusterApiKeys} + currentUser={currentUser} + isLoadingCurrentUser={state.loading} + readOnly={readOnly} /> @@ -208,6 +214,9 @@ export const APIKeysGridPage: FunctionComponent = () => { onCancel={() => setOpenedApiKey(undefined)} apiKey={openedApiKey} readOnly={readOnly} + canManageCrossClusterApiKeys={canManageCrossClusterApiKeys} + currentUser={currentUser} + isLoadingCurrentUser={state.loading} /> )} {totalKeys === 0 ? ( @@ -324,67 +333,3 @@ export const APIKeysGridPage: FunctionComponent = () => { ); }; - -export interface ApiKeyCreatedCalloutProps { - createdApiKey: CreateAPIKeyResult; -} - -export const ApiKeyCreatedCallout: FunctionComponent = ({ - createdApiKey, -}) => { - const concatenated = `${createdApiKey.id}:${createdApiKey.api_key}`; - return ( - -

- -

- - - ); -}; diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_table.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_table.tsx index 00703df03ef42..63124b4db2d44 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_table.tsx +++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_keys_table.tsx @@ -19,26 +19,24 @@ import { EuiFilterButton, EuiFlexGroup, EuiFlexItem, - EuiHealth, EuiLink, EuiSearchBar, EuiSpacer, EuiText, - EuiToolTip, } from '@elastic/eui'; import type { CustomComponentProps } from '@elastic/eui/src/components/search_bar/filters/custom_component_filter'; -import moment from 'moment-timezone'; import type { FunctionComponent } from 'react'; import React, { createContext, useContext, useState } from 'react'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import type { CreateAPIKeyResult, QueryApiKeySortOptions } from '@kbn/security-api-key-management'; +import { ApiKeyBadge, ApiKeyStatus, TimeToolTip } from '@kbn/security-api-key-management'; +import type { ApiKeyAggregations, CategorizedApiKey } from '@kbn/security-plugin-types-common'; import { UserAvatar, UserProfilesPopover } from '@kbn/user-profile-components'; import { ApiKeysEmptyPrompt, doesErrorIndicateBadQuery } from './api_keys_empty_prompt'; import type { AuthenticatedUser } from '../../../../common'; -import type { ApiKey, ApiKeyAggregations, BaseApiKey } from '../../../../common/model'; -import type { CreateAPIKeyResult, QueryApiKeySortOptions } from '../api_keys_api_client'; export interface TablePagination { pageIndex: number; @@ -574,129 +572,6 @@ export const UsernameWithIcon: FunctionComponent = ({ use ); -export interface TimeToolTipProps { - timestamp: number; -} - -export const TimeToolTip: FunctionComponent = ({ timestamp, children }) => { - return ( - - {children ?? moment(timestamp).fromNow()} - - ); -}; - -export type ApiKeyStatusProps = Pick; - -export const ApiKeyStatus: FunctionComponent = ({ expiration }) => { - if (!expiration) { - return ( - - - - ); - } - - if (Date.now() > expiration) { - return ( - - - - ); - } - - return ( - - - - - - ); -}; - -export interface ApiKeyBadgeProps { - type: 'rest' | 'cross_cluster' | 'managed'; -} - -export const ApiKeyBadge: FunctionComponent = ({ type }) => { - return type === 'cross_cluster' ? ( - - } - > - - - - - ) : type === 'managed' ? ( - - } - > - - - - - ) : ( - - } - > - - - - - ); -}; - -/** - * Interface representing a REST API key that is managed by Kibana. - */ -export interface ManagedApiKey extends BaseApiKey { - type: 'managed'; -} - -/** - * Interface representing an API key the way it is presented in the Kibana UI (with Kibana system - * API keys given its own dedicated `managed` type). - */ -export type CategorizedApiKey = (ApiKey | ManagedApiKey) & { - expired: boolean; -}; - export const categorizeAggregations = (aggregationResponse?: ApiKeyAggregations) => { const typeFilters: Array = []; const usernameFilters: Array = []; diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/invalidate_provider/invalidate_provider.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/invalidate_provider/invalidate_provider.tsx index 98c4764bc754e..0e968031d47b8 100644 --- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/invalidate_provider/invalidate_provider.tsx +++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/invalidate_provider/invalidate_provider.tsx @@ -10,11 +10,10 @@ import React, { Fragment, useRef, useState } from 'react'; import type { NotificationsStart } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; +import type { APIKeysAPIClient } from '@kbn/security-api-key-management'; +import type { ApiKeyToInvalidate } from '@kbn/security-plugin-types-common'; import type { PublicMethodsOf } from '@kbn/utility-types'; -import type { ApiKeyToInvalidate } from '../../../../../common/model'; -import type { APIKeysAPIClient } from '../../api_keys_api_client'; - interface Props { isAdmin: boolean; children: (invalidateApiKeys: InvalidateApiKeys) => React.ReactElement; diff --git a/x-pack/plugins/security/server/routes/api_keys/index.ts b/x-pack/plugins/security/server/routes/api_keys/index.ts index 542611bfd0a23..26ff43230f582 100644 --- a/x-pack/plugins/security/server/routes/api_keys/index.ts +++ b/x-pack/plugins/security/server/routes/api_keys/index.ts @@ -19,7 +19,7 @@ export type { UpdateRestAPIKeyParams, UpdateCrossClusterAPIKeyParams, UpdateRestAPIKeyWithKibanaPrivilegesParams, -} from './update'; +} from '@kbn/security-plugin-types-server'; export function defineApiKeysRoutes(params: RouteDefinitionParams) { defineEnabledApiKeysRoutes(params); diff --git a/x-pack/plugins/security/server/routes/api_keys/invalidate.ts b/x-pack/plugins/security/server/routes/api_keys/invalidate.ts index 58f25bbf80b4f..1983dbf2344e0 100644 --- a/x-pack/plugins/security/server/routes/api_keys/invalidate.ts +++ b/x-pack/plugins/security/server/routes/api_keys/invalidate.ts @@ -6,9 +6,9 @@ */ import { schema } from '@kbn/config-schema'; +import type { ApiKey } from '@kbn/security-plugin-types-common'; import type { RouteDefinitionParams } from '..'; -import type { ApiKey } from '../../../common/model'; import { wrapError, wrapIntoCustomErrorResponse } from '../../errors'; import { createLicensedRouteHandler } from '../licensed_route_handler'; diff --git a/x-pack/plugins/security/server/routes/api_keys/query.ts b/x-pack/plugins/security/server/routes/api_keys/query.ts index 9657deb3db300..9fe8fdbdc734b 100644 --- a/x-pack/plugins/security/server/routes/api_keys/query.ts +++ b/x-pack/plugins/security/server/routes/api_keys/query.ts @@ -6,9 +6,9 @@ */ import { schema } from '@kbn/config-schema'; +import type { QueryApiKeyResult } from '@kbn/security-plugin-types-common'; import type { RouteDefinitionParams } from '..'; -import type { QueryApiKeyResult } from '../../../common/model'; import { wrapIntoCustomErrorResponse } from '../../errors'; import { createLicensedRouteHandler } from '../licensed_route_handler'; diff --git a/x-pack/plugins/security/server/routes/api_keys/update.ts b/x-pack/plugins/security/server/routes/api_keys/update.ts index 076e0448be11d..a7fe43c46e206 100644 --- a/x-pack/plugins/security/server/routes/api_keys/update.ts +++ b/x-pack/plugins/security/server/routes/api_keys/update.ts @@ -5,15 +5,12 @@ * 2.0. */ -import type { estypes } from '@elastic/elasticsearch'; - import { schema } from '@kbn/config-schema'; -import type { TypeOf } from '@kbn/config-schema'; +import type { UpdateAPIKeyResult } from '@kbn/security-plugin-types-server'; import { - crossClusterApiKeySchema, - elasticsearchRoleSchema, - getKibanaRoleSchema, - restApiKeySchema, + getUpdateRestApiKeyWithKibanaPrivilegesSchema, + updateCrossClusterApiKeySchema, + updateRestApiKeySchema, } from '@kbn/security-plugin-types-server'; import type { RouteDefinitionParams } from '..'; @@ -21,57 +18,12 @@ import { UpdateApiKeyValidationError } from '../../authentication/api_keys/api_k import { wrapIntoCustomErrorResponse } from '../../errors'; import { createLicensedRouteHandler } from '../licensed_route_handler'; -/** - * Response of Kibana Update API key endpoint. - */ -export type UpdateAPIKeyResult = estypes.SecurityUpdateApiKeyResponse; - -/** - * Request body of Kibana Update API key endpoint. - */ -export type UpdateAPIKeyParams = - | UpdateRestAPIKeyParams - | UpdateCrossClusterAPIKeyParams - | UpdateRestAPIKeyWithKibanaPrivilegesParams; - -const updateRestApiKeySchema = restApiKeySchema.extends({ - name: null, - id: schema.string(), -}); - -const updateCrossClusterApiKeySchema = crossClusterApiKeySchema.extends({ - name: null, - id: schema.string(), -}); - -export type UpdateRestAPIKeyParams = TypeOf; -export type UpdateCrossClusterAPIKeyParams = TypeOf; -export type UpdateRestAPIKeyWithKibanaPrivilegesParams = TypeOf< - ReturnType ->; - -const getRestApiKeyWithKibanaPrivilegesSchema = ( - getBasePrivilegeNames: Parameters[0] -) => - restApiKeySchema.extends({ - role_descriptors: null, - name: null, - id: schema.string(), - kibana_role_descriptors: schema.recordOf( - schema.string(), - schema.object({ - elasticsearch: elasticsearchRoleSchema.extends({}, { unknowns: 'allow' }), - kibana: getKibanaRoleSchema(getBasePrivilegeNames), - }) - ), - }); - export function defineUpdateApiKeyRoutes({ router, authz, getAuthenticationService, }: RouteDefinitionParams) { - const bodySchemaWithKibanaPrivileges = getRestApiKeyWithKibanaPrivilegesSchema(() => { + const bodySchemaWithKibanaPrivileges = getUpdateRestApiKeyWithKibanaPrivilegesSchema(() => { const privileges = authz.privileges.get(); return { global: Object.keys(privileges.global), diff --git a/x-pack/plugins/security/server/routes/deprecations/kibana_user_role.ts b/x-pack/plugins/security/server/routes/deprecations/kibana_user_role.ts index 2df81edf2d75b..e7c2e06abbb8e 100644 --- a/x-pack/plugins/security/server/routes/deprecations/kibana_user_role.ts +++ b/x-pack/plugins/security/server/routes/deprecations/kibana_user_role.ts @@ -114,7 +114,7 @@ export function defineKibanaUserRoleDeprecationRoutes({ router, logger }: RouteD } for (const [mappingNameToUpdate, mappingToUpdate] of roleMappingsWithKibanaUserRole) { - const roles = mappingToUpdate.roles.filter((role) => role !== KIBANA_USER_ROLE_NAME); + const roles = mappingToUpdate.roles?.filter((role) => role !== KIBANA_USER_ROLE_NAME) ?? []; if (!roles.includes(KIBANA_ADMIN_ROLE_NAME)) { roles.push(KIBANA_ADMIN_ROLE_NAME); } diff --git a/x-pack/plugins/security/server/session_management/session_index.ts b/x-pack/plugins/security/server/session_management/session_index.ts index 32c5206c6eeb9..9f11e9224243c 100644 --- a/x-pack/plugins/security/server/session_management/session_index.ts +++ b/x-pack/plugins/security/server/session_management/session_index.ts @@ -487,7 +487,7 @@ export class SessionIndex { for await (const sessionValues of this.getSessionValuesInBatches()) { const operations = sessionValues.map(({ _id, _source }) => { const { usernameHash, provider } = _source!; - auditLogger.log(sessionCleanupEvent({ sessionId: _id, usernameHash, provider })); + auditLogger.log(sessionCleanupEvent({ sessionId: _id!, usernameHash, provider })); return { delete: { _id } }; }); @@ -1029,7 +1029,9 @@ export class SessionIndex { return []; } - return response.hits?.hits?.map((hit) => ({ sid: hit._id, ...sessionGroups[index] })) ?? []; + return ( + response.hits?.hits?.map((hit) => ({ sid: hit._id!, ...sessionGroups[index] })) ?? [] + ); } ); diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index a555c58c5804e..728fcec8d911a 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -7,7 +7,7 @@ "common/**/*", "public/**/*", "server/**/*", - "__mocks__/**/*" + "__mocks__/**/*", ], "kbn_references": [ "@kbn/cloud-plugin", @@ -68,7 +68,6 @@ "@kbn/security-plugin-types-common", "@kbn/security-plugin-types-public", "@kbn/security-plugin-types-server", - "@kbn/kibana-utils-plugin", "@kbn/code-editor", "@kbn/code-editor-mock", "@kbn/core-security-browser", @@ -81,7 +80,9 @@ "@kbn/core-theme-browser-mocks", "@kbn/core-analytics-browser-mocks", "@kbn/core-user-profile-server", - "@kbn/core-user-profile-browser" + "@kbn/core-user-profile-browser", + "@kbn/security-api-key-management", + "@kbn/security-form-components" ], "exclude": [ "target/**/*", diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/index.ts b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/index.ts index 5bb393c1fd419..4645be2d5e9dd 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/index.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/index.ts @@ -7,6 +7,7 @@ export * from './common_attributes.gen'; export * from './rule_schemas.gen'; +export * from './utils'; export * from './specific_attributes/eql_attributes.gen'; export * from './specific_attributes/ml_attributes.gen'; diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/utils.ts b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/utils.ts new file mode 100644 index 0000000000000..d7e51d5b7d091 --- /dev/null +++ b/x-pack/plugins/security_solution/common/api/detection_engine/model/rule_schema/utils.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { RuleResponse } from './rule_schemas.gen'; + +export function isCustomizedPrebuiltRule(rule: RuleResponse): boolean { + return rule.rule_source?.type === 'external' && rule.rule_source.is_customized; +} diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.gen.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.gen.ts index dfec5ee92c360..2abe745e97f4a 100644 --- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.gen.ts @@ -10,52 +10,13 @@ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. * * info: - * title: Risk Scoring API + * title: RiskScoresCalculation types * version: 1 */ import { z } from 'zod'; -import { - AfterKeys, - DataViewId, - Filter, - PageSize, - IdentifierType, - DateRange, - RiskScoreWeights, - EntityRiskScoreRecord, -} from '../common/common.gen'; - -export type RiskScoresCalculationRequest = z.infer; -export const RiskScoresCalculationRequest = z.object({ - /** - * Used to calculate a specific "page" of risk scores. If unspecified, the first "page" of scores is returned. See also the `after_keys` key in a risk scores response. - */ - after_keys: AfterKeys.optional(), - /** - * The identifier of the Kibana data view to be used when generating risk scores. If a data view is not found, the provided ID will be used as the query's index pattern instead. - */ - data_view_id: DataViewId, - /** - * If set to `true`, the internal ES requests/responses will be logged in Kibana. - */ - debug: z.boolean().optional(), - /** - * An elasticsearch DSL filter object. Used to filter the data being scored, which implicitly filters the risk scores calculated. - */ - filter: Filter.optional(), - page_size: PageSize.optional(), - /** - * Used to restrict the type of risk scores calculated. - */ - identifier_type: IdentifierType, - /** - * Defines the time period over which scores will be evaluated. If unspecified, a range of `[now, now-30d]` will be used. - */ - range: DateRange, - weights: RiskScoreWeights.optional(), -}); +import { AfterKeys, EntityRiskScoreRecord } from '../common/common.gen'; export type RiskScoresCalculationResponse = z.infer; export const RiskScoresCalculationResponse = z.object({ diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.schema.yaml index 5a290ce7930af..857971ddbf555 100644 --- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/calculation_route.schema.yaml @@ -1,75 +1,12 @@ openapi: 3.0.0 info: + title: RiskScoresCalculation types version: '1' - title: Risk Scoring API - description: These APIs allow the consumer to manage Entity Risk Scores within Entity Analytics. - -servers: - - url: 'http://{kibana_host}:{port}' - variables: - kibana_host: - default: localhost - port: - default: '5601' - -paths: - /api/risk_scores/calculation: - post: - x-labels: [ess, serverless] - x-internal: true - summary: Trigger calculation of Risk Scores - description: Calculates and persists a segment of Risk Scores, returning details about the calculation. - requestBody: - description: Details about the Risk Scores being calculated - content: - application/json: - schema: - $ref: '#/components/schemas/RiskScoresCalculationRequest' - required: true - responses: - '200': - description: Successful response - content: - application/json: - schema: - $ref: '#/components/schemas/RiskScoresCalculationResponse' - '400': - description: Invalid request +paths: {} components: schemas: - RiskScoresCalculationRequest: - type: object - required: - - data_view_id - - identifier_type - - range - properties: - after_keys: - description: Used to calculate a specific "page" of risk scores. If unspecified, the first "page" of scores is returned. See also the `after_keys` key in a risk scores response. - $ref: '../common/common.schema.yaml#/components/schemas/AfterKeys' - data_view_id: - $ref: '../common/common.schema.yaml#/components/schemas/DataViewId' - description: The identifier of the Kibana data view to be used when generating risk scores. If a data view is not found, the provided ID will be used as the query's index pattern instead. - debug: - description: If set to `true`, the internal ES requests/responses will be logged in Kibana. - type: boolean - filter: - $ref: '../common/common.schema.yaml#/components/schemas/Filter' - description: An elasticsearch DSL filter object. Used to filter the data being scored, which implicitly filters the risk scores calculated. - page_size: - $ref: '../common/common.schema.yaml#/components/schemas/PageSize' - identifier_type: - description: Used to restrict the type of risk scores calculated. - allOf: - - $ref: '../common/common.schema.yaml#/components/schemas/IdentifierType' - range: - $ref: '../common/common.schema.yaml#/components/schemas/DateRange' - description: Defines the time period over which scores will be evaluated. If unspecified, a range of `[now, now-30d]` will be used. - weights: - $ref: '../common/common.schema.yaml#/components/schemas/RiskScoreWeights' - RiskScoresCalculationResponse: type: object required: diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml index 328c67184e0f9..bb94305254885 100644 --- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/entity_calculation_route.schema.yaml @@ -14,10 +14,33 @@ servers: default: '5601' paths: + # TODO delete on a future serverless release /api/risk_scores/calculation/entity: post: x-labels: [ess, serverless] x-internal: true + summary: Deprecated Trigger calculation of Risk Scores for an entity. Moved to /internal/risk_score/calculation/entity + description: Calculates and persists Risk Scores for an entity, returning the calculated risk score. + requestBody: + description: The entity type and identifier + content: + application/json: + schema: + $ref: '#/components/schemas/RiskScoresEntityCalculationRequest' + required: true + responses: + '200': + description: Successful response + content: + application/json: + schema: + $ref: '#/components/schemas/RiskScoresEntityCalculationResponse' + '400': + description: Invalid request + + /internal/risk_score/calculation/entity: + post: + x-labels: [ess, serverless] summary: Trigger calculation of Risk Scores for an entity description: Calculates and persists Risk Scores for an entity, returning the calculated risk score. requestBody: diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts index 18282d6fceed5..87a3aee66a884 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/endpoint_action_generator.ts @@ -27,7 +27,7 @@ import { type ResponseActionGetFileParameters, type ResponseActionScanOutputContent, type ResponseActionsExecuteParameters, - type ResponseActionsScanParameters, + type ResponseActionScanParameters, type ResponseActionUploadOutputContent, type ResponseActionUploadParameters, type WithAllKeys, @@ -231,7 +231,7 @@ export class EndpointActionGenerator extends BaseDataGenerator { comment: 'thisisacomment', createdBy: 'auserid', parameters: undefined, - outputs: {}, + outputs: undefined, agentState: { 'agent-a': { errors: undefined, @@ -265,8 +265,13 @@ export class EndpointActionGenerator extends BaseDataGenerator { ResponseActionGetFileOutputContent, ResponseActionGetFileParameters > - ).outputs = { - [details.agents[0]]: { + ).outputs = details.agents.reduce< + ActionDetails< + ResponseActionGetFileOutputContent, + ResponseActionGetFileParameters + >['outputs'] + >((acc = {}, agentId) => { + acc[agentId] = { type: 'json', content: { code: 'ra_get-file_success', @@ -281,8 +286,9 @@ export class EndpointActionGenerator extends BaseDataGenerator { }, ], }, - }, - }; + }; + return acc; + }, {}); } } @@ -291,7 +297,7 @@ export class EndpointActionGenerator extends BaseDataGenerator { ( details as unknown as ActionDetails< ResponseActionScanOutputContent, - ResponseActionsScanParameters + ResponseActionScanParameters > ).parameters = { path: '/some/folder/to/scan', @@ -302,16 +308,20 @@ export class EndpointActionGenerator extends BaseDataGenerator { ( details as unknown as ActionDetails< ResponseActionScanOutputContent, - ResponseActionsScanParameters + ResponseActionScanParameters > - ).outputs = { - [details.agents[0]]: { + ).outputs = details.agents.reduce< + ActionDetails['outputs'] + >((acc = {}, agentId) => { + acc[agentId] = { type: 'json', content: { - code: 'ra_scan_success_done', + code: 'ra_scan_success', }, - }, - }; + }; + + return acc; + }, {}); } } @@ -336,14 +346,20 @@ export class EndpointActionGenerator extends BaseDataGenerator { ResponseActionExecuteOutputContent, ResponseActionsExecuteParameters > - ).outputs = { - [details.agents[0]]: this.generateExecuteActionResponseOutput({ + ).outputs = details.agents.reduce< + ActionDetails< + ResponseActionExecuteOutputContent, + ResponseActionsExecuteParameters + >['outputs'] + >((acc = {}, agentId) => { + acc[agentId] = this.generateExecuteActionResponseOutput({ content: { output_file_id: getFileDownloadId(details, details.agents[0]), ...(overrides.outputs?.[details.agents[0]]?.content ?? {}), }, - }), - }; + }); + return acc; + }, {}); } } @@ -360,16 +376,19 @@ export class EndpointActionGenerator extends BaseDataGenerator { file_sha256: 'file-hash-sha-256', }; - uploadActionDetails.outputs = { - 'agent-a': { + uploadActionDetails.outputs = details.agents.reduce< + ActionDetails['outputs'] + >((acc = {}, agentId) => { + acc[agentId] = { type: 'json', content: { code: 'ra_upload_file-success', path: '/path/to/uploaded/file', disk_free_space: 1234567, }, - }, - }; + }; + return acc; + }, {}); } return merge(details, overrides as ActionDetails) as unknown as ActionDetails< diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_agent_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_agent_generator.ts index 62fa05d794725..43463b0336b58 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_agent_generator.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/fleet_agent_generator.ts @@ -65,7 +65,8 @@ export class FleetAgentGenerator extends BaseDataGenerator { // Casting here is needed because several of the attributes in `FleetServerAgent` are // defined as optional, but required in `Agent` type. ...(hit._source as Agent), - id: hit._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + id: hit._id!, policy_revision: hit._source?.policy_revision_idx, access_api_key: undefined, status: this.randomAgentStatus(), diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts index 552dc6e0efc27..10a3af979a125 100644 --- a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts +++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts @@ -19,6 +19,18 @@ export interface DeletedEndpointHeartbeats { data: estypes.BulkResponse; } +interface EndpointHeartbeat { + '@timestamp': string; + agent: { + id: string; + }; + event: { + agent_id_status: string; + ingested: string; + }; + billable?: boolean; +} + export const indexEndpointHeartbeats = async ( esClient: Client, log: ToolingLog, @@ -27,10 +39,10 @@ export const indexEndpointHeartbeats = async ( log.debug(`Indexing ${count} endpoint heartbeats`); const startTime = new Date(); - const docs = Array.from({ length: count }).map((_, i) => { + const docs: EndpointHeartbeat[] = Array.from({ length: count }).map((_, i) => { const ingested = new Date(startTime.getTime() + i).toISOString(); - return { + const heartbeatDoc: EndpointHeartbeat = { '@timestamp': '2024-06-11T13:03:37Z', agent: { id: `agent-${i}`, @@ -40,9 +52,29 @@ export const indexEndpointHeartbeats = async ( ingested, }, }; + // billable: true and missing billable are billed + if (i % 2) { + heartbeatDoc.billable = true; + } + return heartbeatDoc; }); - const operations = docs.flatMap((doc) => [ + // billable: false are not billed + const invalidDocs: EndpointHeartbeat[] = [ + { + '@timestamp': '2024-06-11T13:03:37Z', + agent: { + id: 'agent-billable-false', + }, + event: { + agent_id_status: 'auth_metadata_missing', + ingested: new Date().toISOString(), + }, + billable: false, + }, + ]; + + const operations = docs.concat(invalidDocs).flatMap((doc) => [ { index: { _index: ENDPOINT_HEARTBEAT_INDEX, diff --git a/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts b/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts index 4ca15c05ee1c1..9ed0d20aee883 100644 --- a/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts +++ b/x-pack/plugins/security_solution/common/endpoint/models/policy_config.ts @@ -6,7 +6,7 @@ */ import type { PolicyConfig } from '../types'; -import { ProtectionModes, AntivirusRegistrationModes } from '../types'; +import { AntivirusRegistrationModes, ProtectionModes } from '../types'; import { isBillablePolicy } from './policy_config_helpers'; @@ -82,8 +82,8 @@ export const policyFactory = ( file: 'info', }, antivirus_registration: { - mode: AntivirusRegistrationModes.disabled, - enabled: false, + mode: AntivirusRegistrationModes.sync, + enabled: true, // Defaults to true since Malware protection is set to prevent and mode is set to sync }, attack_surface_reduction: { credential_hardening: { diff --git a/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.ts b/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.ts index 23ad015fc3b07..3f046e6ec15de 100644 --- a/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.ts +++ b/x-pack/plugins/security_solution/common/endpoint/models/policy_config_helpers.ts @@ -143,6 +143,11 @@ const getDisabledWindowsSpecificProtections = (policy: PolicyConfig) => ({ ...policy.windows.ransomware, mode: ProtectionModes.off, }, + antivirus_registration: { + ...policy.windows.antivirus_registration, + mode: AntivirusRegistrationModes.disabled, + enabled: false, + }, attack_surface_reduction: { ...policy.windows.attack_surface_reduction, credential_hardening: { diff --git a/x-pack/plugins/security_solution/common/endpoint/service/response_actions/mocks/agent_status.mocks.ts b/x-pack/plugins/security_solution/common/endpoint/service/response_actions/mocks/agent_status.mocks.ts new file mode 100644 index 0000000000000..9bd73637d667a --- /dev/null +++ b/x-pack/plugins/security_solution/common/endpoint/service/response_actions/mocks/agent_status.mocks.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { merge } from 'lodash'; +import type { DeepPartial } from 'utility-types'; +import type { AgentStatusRecords, AgentStatusApiResponse, AgentStatusInfo } from '../../../types'; +import { HostStatus } from '../../../types'; + +const generateAgentStatusMock = (overrides: DeepPartial = {}): AgentStatusInfo => { + return merge( + { + agentId: 'abfe4a35-d5b4-42a0-a539-bd054c791769', + agentType: 'endpoint', + found: true, + isolated: false, + lastSeen: new Date().toISOString(), + pendingActions: {}, + status: HostStatus.HEALTHY, + }, + overrides + ) as AgentStatusInfo; +}; + +const generateAgentStatusRecordsMock = ( + overrides: DeepPartial = {} +): AgentStatusRecords => { + return merge( + { 'abfe4a35-d5b4-42a0-a539-bd054c791769': generateAgentStatusMock() }, + overrides + ) as AgentStatusRecords; +}; + +const generateAgentStatusApiResponseMock = ( + overrides: DeepPartial = {} +): AgentStatusApiResponse => { + return merge({ data: generateAgentStatusRecordsMock() }, overrides); +}; + +export const agentStatusMocks = Object.freeze({ + generateAgentStatus: generateAgentStatusMock, + generateAgentStatusRecords: generateAgentStatusRecordsMock, + generateAgentStatusApiResponse: generateAgentStatusApiResponseMock, +}); diff --git a/x-pack/plugins/security_solution/common/endpoint/types/actions.ts b/x-pack/plugins/security_solution/common/endpoint/types/actions.ts index 8727dff1b2f50..28be6f8d3d139 100644 --- a/x-pack/plugins/security_solution/common/endpoint/types/actions.ts +++ b/x-pack/plugins/security_solution/common/endpoint/types/actions.ts @@ -201,7 +201,7 @@ export interface ResponseActionsExecuteParameters { timeout?: number; } -export interface ResponseActionsScanParameters { +export interface ResponseActionScanParameters { path: string; } @@ -211,7 +211,7 @@ export type EndpointActionDataParameterTypes = | ResponseActionsExecuteParameters | ResponseActionGetFileParameters | ResponseActionUploadParameters - | ResponseActionsScanParameters; + | ResponseActionScanParameters; /** Output content of the different response actions */ export type EndpointActionResponseDataOutput = diff --git a/x-pack/plugins/security_solution/common/endpoint/types/agents.ts b/x-pack/plugins/security_solution/common/endpoint/types/agents.ts index 646bb944fce19..67e267f2f3d55 100644 --- a/x-pack/plugins/security_solution/common/endpoint/types/agents.ts +++ b/x-pack/plugins/security_solution/common/endpoint/types/agents.ts @@ -11,22 +11,20 @@ import type { ResponseActionsApiCommandNames, } from '../service/response_actions/constants'; +export interface AgentStatusInfo { + agentId: string; + agentType: ResponseActionAgentType; + found: boolean; + isolated: boolean; + lastSeen: string; // ISO date + pendingActions: Record; + status: HostStatus; +} + export interface AgentStatusRecords { - [agentId: string]: { - agentId: string; - agentType: ResponseActionAgentType; - found: boolean; - isolated: boolean; - lastSeen: string; // ISO date - pendingActions: Record; - status: HostStatus; - }; + [agentId: string]: AgentStatusInfo; } -// TODO: 8.15 remove when `agentStatusClientEnabled` is enabled/removed -export interface AgentStatusInfo { - [agentId: string]: AgentStatusRecords[string] & { - isPendingUninstall: boolean; - isUninstalled: boolean; - }; +export interface AgentStatusApiResponse { + data: AgentStatusRecords; } diff --git a/x-pack/plugins/security_solution/common/entity_analytics/risk_score/constants.ts b/x-pack/plugins/security_solution/common/entity_analytics/risk_score/constants.ts index 808a68871e96d..ff31aa502fd25 100644 --- a/x-pack/plugins/security_solution/common/entity_analytics/risk_score/constants.ts +++ b/x-pack/plugins/security_solution/common/entity_analytics/risk_score/constants.ts @@ -5,14 +5,6 @@ * 2.0. */ -/** - * Public Risk Score routes - */ -export const RISK_ENGINE_PUBLIC_PREFIX = '/api/risk_scores' as const; -export const RISK_SCORE_CALCULATION_URL = `${RISK_ENGINE_PUBLIC_PREFIX}/calculation` as const; -export const RISK_SCORE_ENTITY_CALCULATION_URL = - `${RISK_ENGINE_PUBLIC_PREFIX}/calculation/entity` as const; - /** * Internal Risk Score routes */ @@ -36,3 +28,5 @@ export const RISK_SCORE_CREATE_STORED_SCRIPT = export const RISK_SCORE_DELETE_STORED_SCRIPT = `${INTERNAL_RISK_SCORE_URL}/stored_scripts/delete` as const; export const RISK_SCORE_PREVIEW_URL = `${INTERNAL_RISK_SCORE_URL}/preview` as const; +export const RISK_SCORE_ENTITY_CALCULATION_URL = + `${INTERNAL_RISK_SCORE_URL}/calculation/entity` as const; diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts index 761ec8d26035f..d6ef574ec0501 100644 --- a/x-pack/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/plugins/security_solution/common/experimental_features.ts @@ -79,14 +79,7 @@ export const allowedExperimentalValues = Object.freeze({ responseActionsSentinelOneV2Enabled: true, /** Enables the `get-file` response action for SentinelOne */ - responseActionsSentinelOneGetFileEnabled: false, - - /** - * 8.15 - * Enables use of agent status service to get agent status information - * for endpoint and third-party agents. - */ - agentStatusClientEnabled: false, + responseActionsSentinelOneGetFileEnabled: true, /** * Enables the ability to send Response actions to Crowdstrike and persist the results @@ -117,7 +110,7 @@ export const allowedExperimentalValues = Object.freeze({ /** * Enables new notes */ - notesEnabled: false, + securitySolutionNotesEnabled: false, /** * Enables the Assistant Model Evaluation advanced setting and API endpoint, introduced in `8.11.0`. @@ -233,6 +226,17 @@ export const allowedExperimentalValues = Object.freeze({ */ perFieldPrebuiltRulesDiffingEnabled: true, + /** + * Enables an ability to customize Elastic prebuilt rules. + * + * Ticket: https://github.com/elastic/kibana/issues/174168 + * Owners: https://github.com/orgs/elastic/teams/security-detection-rule-management + * Added: on Jun 24, 2024 in https://github.com/elastic/kibana/pull/186823 + * Turned: TBD + * Expires: TBD + */ + prebuiltRulesCustomizationEnabled: false, + /** * Makes Elastic Defend integration's Malware On-Write Scan option available to edit. */ diff --git a/x-pack/plugins/security_solution/common/types/index.ts b/x-pack/plugins/security_solution/common/types/index.ts index 877c7c4f0247f..42a3c10fc48e4 100644 --- a/x-pack/plugins/security_solution/common/types/index.ts +++ b/x-pack/plugins/security_solution/common/types/index.ts @@ -12,7 +12,6 @@ export * from './detail_panel'; export * from './header_actions'; export * from './session_view'; export * from './bulk_actions'; -export * from './third_party_agent'; export const FILTER_OPEN: Status = 'open'; export const FILTER_CLOSED: Status = 'closed'; diff --git a/x-pack/plugins/security_solution/common/types/third_party_agent/index.ts b/x-pack/plugins/security_solution/common/types/third_party_agent/index.ts deleted file mode 100644 index a7f3315be04e5..0000000000000 --- a/x-pack/plugins/security_solution/common/types/third_party_agent/index.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ResponseActionAgentType } from '../../endpoint/service/response_actions/constants'; - -export interface ThirdPartyAgentInfo { - agent: { - id: string; - type: ResponseActionAgentType; - }; - host: { - name: string; - os: { - name: string; - family: string; - version: string; - }; - }; - lastCheckin: string; -} diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/axis_tick/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/axis_tick/index.test.tsx new file mode 100644 index 0000000000000..4dcd772d783bd --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/axis_tick/index.test.tsx @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render } from '@testing-library/react'; +import React from 'react'; + +import { AxisTick } from '.'; + +describe('AxisTick', () => { + it('renders the top cell', async () => { + const { getByTestId } = render(); + + const topCell = getByTestId('topCell'); + + expect(topCell).toBeInTheDocument(); + }); + + it('renders the bottom cell', async () => { + const { getByTestId } = render(); + + const bottomCell = getByTestId('bottomCell'); + + expect(bottomCell).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.test.tsx new file mode 100644 index 0000000000000..195a5fe49dd19 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.test.tsx @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { getTacticMetadata } from '../../helpers'; +import { AttackChain } from '.'; + +import { mockAttackDiscovery } from '../../mock/mock_attack_discovery'; + +describe('AttackChain', () => { + it('renders the expected tactics', () => { + // get detected tactics from the attack discovery: + const tacticMetadata = getTacticMetadata(mockAttackDiscovery).filter( + (tactic) => tactic.detected + ); + expect(tacticMetadata.length).toBeGreaterThan(0); // test pre-condition + + render(); + + tacticMetadata?.forEach((tactic) => { + expect(screen.getByText(tactic.name)).toBeInTheDocument(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.tsx index 18df24e442072..8f2d2dede419e 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/index.tsx @@ -9,9 +9,9 @@ import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui'; import { css } from '@emotion/react'; import React, { useMemo } from 'react'; +import type { AttackDiscovery } from '@kbn/elastic-assistant-common'; import { Tactic } from './tactic'; import { getTacticMetadata } from '../../helpers'; -import type { AttackDiscovery } from '../../types'; interface Props { attackDiscovery: AttackDiscovery; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/tactic/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/tactic/index.test.tsx new file mode 100644 index 0000000000000..9c4166a43d620 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/attack_chain/tactic/index.test.tsx @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Tactic } from '.'; + +describe('Tactic', () => { + const tactic = 'Privilege Escalation'; + + it('renders the tactic name', () => { + render(); + + const tacticText = screen.getByTestId('tacticText'); + + expect(tacticText).toHaveTextContent(tactic); + }); + + const detectedTestCases: boolean[] = [true, false]; + + detectedTestCases.forEach((detected) => { + it(`renders the inner circle when detected is ${detected}`, () => { + render(); + + const innerCircle = screen.getByTestId('innerCircle'); + + expect(innerCircle).toBeInTheDocument(); + }); + + it(`renders the outerCircle circle when detected is ${detected}`, () => { + render(); + + const outerCircle = screen.getByTestId('outerCircle'); + + expect(outerCircle).toBeInTheDocument(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.test.tsx new file mode 100644 index 0000000000000..c9923754d25da --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.test.tsx @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import type { TacticMetadata } from '../../helpers'; +import { getTacticMetadata } from '../../helpers'; +import { mockAttackDiscovery } from '../../mock/mock_attack_discovery'; +import { MiniAttackChain } from '.'; + +describe('MiniAttackChain', () => { + it('displays the expected number of circles', () => { + // get detected tactics from the attack discovery: + const tacticMetadata: TacticMetadata[] = getTacticMetadata(mockAttackDiscovery); + expect(tacticMetadata.length).toBeGreaterThan(0); // test pre-condition + + render(); + + const circles = screen.getAllByTestId('circle'); + + expect(circles.length).toEqual(tacticMetadata.length); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.tsx index 0764ca7fae644..ab41885563954 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack/mini_attack_chain/index.tsx @@ -9,9 +9,9 @@ import { css } from '@emotion/react'; import { EuiFlexGroup, EuiFlexItem, EuiText, EuiToolTip, useEuiTheme } from '@elastic/eui'; import React, { useMemo } from 'react'; +import type { AttackDiscovery } from '@kbn/elastic-assistant-common'; import { getTacticMetadata } from '../../helpers'; import { ATTACK_CHAIN_TOOLTIP } from './translations'; -import type { AttackDiscovery } from '../../types'; interface Props { attackDiscovery: AttackDiscovery; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/helpers.test.ts new file mode 100644 index 0000000000000..fd3ada8f6bdd9 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/helpers.test.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getIconFromFieldName } from './helpers'; + +describe('helpers', () => { + describe('getIconFromFieldName', () => { + it('returns the expected icon for a known field name', () => { + const fieldName = 'host.name'; + const expectedIcon = 'desktop'; + + const icon = getIconFromFieldName(fieldName); + + expect(icon).toEqual(expectedIcon); + }); + + it('returns an empty string for an unknown field name', () => { + const fieldName = 'unknown.field'; + const emptyIcon = ''; + + const icon = getIconFromFieldName(fieldName); + + expect(icon).toEqual(emptyIcon); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/index.test.tsx new file mode 100644 index 0000000000000..5772272673b67 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/attack_discovery_markdown_parser/index.test.tsx @@ -0,0 +1,102 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + EuiMarkdownFormat, + getDefaultEuiMarkdownParsingPlugins, + getDefaultEuiMarkdownProcessingPlugins, +} from '@elastic/eui'; +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { TestProviders } from '../../../common/mock'; +import { getFieldMarkdownRenderer } from '../field_markdown_renderer'; +import { AttackDiscoveryMarkdownParser } from '.'; + +describe('AttackDiscoveryMarkdownParser', () => { + it('parsees markdown with valid fields', () => { + const attackDiscoveryParsingPluginList = [ + ...getDefaultEuiMarkdownParsingPlugins(), + AttackDiscoveryMarkdownParser, + ]; + + const markdownWithValidFields = ` + The following attack chain was detected involving Microsoft Office documents on multiple hosts: + +- On {{ host.name 39054a91-67f9-46fa-b9d1-85f928d4cd1b }}, a malicious Microsoft Office document was opened by {{ user.name 2c13d131-8fab-41b9-841e-669c66315a23 }}. +- This document launched a child process to write and execute a malicious script file named "AppPool.vbs". +- The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". +- On {{ host.name 5149b291-72d0-4373-93ec-c117477932fe }}, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. + +This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls. + `; + + const processingPluginList = getDefaultEuiMarkdownProcessingPlugins(); + processingPluginList[1][1].components.fieldPlugin = getFieldMarkdownRenderer(false); + + render( + + + {markdownWithValidFields} + + + ); + + const result = screen.getByTestId('attackDiscoveryMarkdownFormatter'); + + expect(result).toHaveTextContent( + 'The following attack chain was detected involving Microsoft Office documents on multiple hosts: On 39054a91-67f9-46fa-b9d1-85f928d4cd1b, a malicious Microsoft Office document was opened by 2c13d131-8fab-41b9-841e-669c66315a23. This document launched a child process to write and execute a malicious script file named "AppPool.vbs". The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". On 5149b291-72d0-4373-93ec-c117477932fe, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls.' + ); + }); + + it('parsees markdown with invalid fields', () => { + const attackDiscoveryParsingPluginList = [ + ...getDefaultEuiMarkdownParsingPlugins(), + AttackDiscoveryMarkdownParser, + ]; + + const markdownWithInvalidFields = ` + The following attack chain was detected involving Microsoft Office documents on multiple hosts: + +- On {{ host.name 39054a91-67f9-46fa-b9d1-85f928d4cd1b }}, a malicious Microsoft Office document was opened by {{ user.name }}. +- This document launched a child process to write and execute a malicious script file named "AppPool.vbs". +- The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". +- On {{ 5149b291-72d0-4373-93ec-c117477932fe }}, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. + +This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls. {{ foo.bar baz }} + `; + + const processingPluginList = getDefaultEuiMarkdownProcessingPlugins(); + processingPluginList[1][1].components.fieldPlugin = getFieldMarkdownRenderer(false); + + render( + + + {markdownWithInvalidFields} + + + ); + + const result = screen.getByTestId('attackDiscoveryMarkdownFormatter'); + + expect(result).toHaveTextContent( + 'The following attack chain was detected involving Microsoft Office documents on multiple hosts: On 39054a91-67f9-46fa-b9d1-85f928d4cd1b, a malicious Microsoft Office document was opened by . This document launched a child process to write and execute a malicious script file named "AppPool.vbs". The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". On (Empty string), a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls. baz' + ); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_host_flyout_panel_props.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_host_flyout_panel_props.test.ts new file mode 100644 index 0000000000000..ea42a7ec1b045 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_host_flyout_panel_props.test.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getHostFlyoutPanelProps, isHostName } from './get_host_flyout_panel_props'; + +describe('getHostFlyoutPanelProps', () => { + describe('isHostName', () => { + it('returns true for "host.name"', () => { + const result = isHostName('host.name'); + + expect(result).toBe(true); + }); + + it('returns true for "host.hostname"', () => { + const result = isHostName('host.hostname'); + + expect(result).toBe(true); + }); + + it('returns false for other field names', () => { + const result = isHostName('some.other.field'); + + expect(result).toBe(false); + }); + }); + + describe('getHostFlyoutPanelProps', () => { + it('returns the correct FlyoutPanelProps', () => { + const contextId = 'contextId'; + const hostName = 'foo'; + + const result = getHostFlyoutPanelProps({ contextId, hostName }); + + expect(result).toEqual({ + id: 'host-panel', + params: { contextID: contextId, hostName, scopeId: 'alerts-page' }, + }); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_user_flyout_panel_props.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_user_flyout_panel_props.test.ts new file mode 100644 index 0000000000000..92cb21e1f5dee --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/get_user_flyout_panel_props.test.ts @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { isUserName } from './get_user_flyout_panel_props'; + +describe('getUserFlyoutPanelProps', () => { + describe('isUserName', () => { + it('returns true when fieldName is "user.name"', () => { + const fieldName = 'user.name'; + const result = isUserName(fieldName); + + expect(result).toBe(true); + }); + + it('returns false when fieldName is NOT "user.name"', () => { + const fieldName = 'other.field'; + const result = isUserName(fieldName); + + expect(result).toBe(false); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/helpers.test.ts new file mode 100644 index 0000000000000..e6e001d290afe --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/helpers.test.ts @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getFlyoutPanelProps } from './helpers'; + +describe('helpers', () => { + describe('getFlyoutPanelProps', () => { + it('returns FlyoutPanelProps for a valid host name', () => { + const contextId = 'contextId'; + const fieldName = 'host.name'; + const value = 'example.com'; + + const flyoutPanelProps = getFlyoutPanelProps({ contextId, fieldName, value }); + + expect(flyoutPanelProps).toEqual({ + id: 'host-panel', + params: { contextID: contextId, hostName: value, scopeId: 'alerts-page' }, + }); + }); + + it('returns FlyoutPanelProps for a valid user name', () => { + const contextId = 'contextId'; + const fieldName = 'user.name'; + const value = 'administator'; + + const flyoutPanelProps = getFlyoutPanelProps({ contextId, fieldName, value }); + + expect(flyoutPanelProps).toEqual({ + id: 'user-panel', + params: { contextID: contextId, userName: value, scopeId: 'alerts-page' }, + }); + }); + + it('returns null for an unknown field name', () => { + const contextId = 'contextId'; + const fieldName = 'unknown.field'; + const value = 'example'; + + const flyoutPanelProps = getFlyoutPanelProps({ contextId, fieldName, value }); + + expect(flyoutPanelProps).toBeNull(); + }); + + it('returns null when value is not a string', () => { + const contextId = 'contextId'; + const fieldName = 'host.name'; + const value = 123; + + const flyoutPanelProps = getFlyoutPanelProps({ contextId, fieldName, value }); + + expect(flyoutPanelProps).toBeNull(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/index.test.tsx new file mode 100644 index 0000000000000..8f647d02a626f --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/field_markdown_renderer/index.test.tsx @@ -0,0 +1,110 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; +import { fireEvent, render, screen } from '@testing-library/react'; +import React from 'react'; + +import { TestProviders } from '../../../common/mock'; +import { getFieldMarkdownRenderer } from '.'; + +jest.mock('@kbn/expandable-flyout', () => ({ + useExpandableFlyoutApi: jest.fn(), +})); + +describe('getFieldMarkdownRenderer', () => { + const mockOpenRightPanel = jest.fn(); + const mockUseExpandableFlyoutApi = useExpandableFlyoutApi as jest.MockedFunction< + typeof useExpandableFlyoutApi + >; + + beforeEach(() => { + jest.clearAllMocks(); + + mockUseExpandableFlyoutApi.mockReturnValue({ + closeFlyout: jest.fn(), + closeLeftPanel: jest.fn(), + closePreviewPanel: jest.fn(), + closeRightPanel: jest.fn(), + previousPreviewPanel: jest.fn(), + openFlyout: jest.fn(), + openLeftPanel: jest.fn(), + openPreviewPanel: jest.fn(), + openRightPanel: mockOpenRightPanel, + }); + }); + + it('renders the field value', () => { + const FieldMarkdownRenderer = getFieldMarkdownRenderer(false); + const icon = ''; + const name = 'some.field'; + const value = 'some.value'; + + render( + + + + ); + + const fieldValue = screen.getByText(value); + + expect(fieldValue).toBeInTheDocument(); + }); + + it('opens the right panel when the entity button is clicked', () => { + const FieldMarkdownRenderer = getFieldMarkdownRenderer(false); + const icon = 'user'; + const name = 'user.name'; + const value = 'some.user'; + + render( + + + + ); + + const entityButton = screen.getByTestId('entityButton'); + + fireEvent.click(entityButton); + + expect(mockOpenRightPanel).toHaveBeenCalledTimes(1); + }); + + it('does NOT render the entity button when flyoutPanelProps is null', () => { + const FieldMarkdownRenderer = getFieldMarkdownRenderer(false); + const icon = ''; + const name = 'some.field'; + const value = 'some.value'; + + render( + + + + ); + + const entityButton = screen.queryByTestId('entityButton'); + + expect(entityButton).not.toBeInTheDocument(); + }); + + it('renders disabled actions badge when disableActions is true', () => { + const FieldMarkdownRenderer = getFieldMarkdownRenderer(true); // disable actions + const icon = 'user'; + const name = 'user.name'; + const value = 'some.user'; + + render( + + + + ); + + const disabledActionsBadge = screen.getByTestId('disabledActionsBadge'); + + expect(disabledActionsBadge).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/index.test.tsx new file mode 100644 index 0000000000000..5013ce646fe28 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_markdown_formatter/index.test.tsx @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { TestProviders } from '../../common/mock'; +import { AttackDiscoveryMarkdownFormatter } from '.'; + +describe('AttackDiscoveryMarkdownFormatter', () => { + const markdown = ` + The following attack chain was detected involving Microsoft Office documents on multiple hosts: + +- On {{ host.name 39054a91-67f9-46fa-b9d1-85f928d4cd1b }}, a malicious Microsoft Office document was opened by {{ user.name 2c13d131-8fab-41b9-841e-669c66315a23 }}. +- This document launched a child process to write and execute a malicious script file named "AppPool.vbs". +- The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". +- On {{ host.name 5149b291-72d0-4373-93ec-c117477932fe }}, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. + +This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls. + `; + + it('renders the expected markdown', () => { + render( + + + + ); + + const result = screen.getByTestId('attackDiscoveryMarkdownFormatter'); + + expect(result).toHaveTextContent( + 'The following attack chain was detected involving Microsoft Office documents on multiple hosts: On 39054a91-67f9-46fa-b9d1-85f928d4cd1b, a malicious Microsoft Office document was opened by 2c13d131-8fab-41b9-841e-669c66315a23. This document launched a child process to write and execute a malicious script file named "AppPool.vbs". The "AppPool.vbs" script then spawned PowerShell to execute an obfuscated script payload from "AppPool.ps1". On 5149b291-72d0-4373-93ec-c117477932fe, a similar attack involving a malicious Office document and the creation of "AppPool.vbs" was detected and prevented. This appears to be a malware attack delivered via spearphishing, likely exploiting a vulnerability in Microsoft Office to gain initial access and then using PowerShell for execution and obfuscation. The attacker employed defense evasion techniques like script obfuscation and system binary proxies like "wscript.exe" and "mshta.exe". Mitigations should focus on patching Office vulnerabilities, restricting script execution, and enhancing email security controls.' + ); + }); + + it('renders interactive host entities', () => { + render( + + + + ); + + const entities = screen.getAllByTestId('entityButton'); + + expect(entities.length).toEqual(3); + }); + + it('renders NON-interactive host entities when disableActions is true', () => { + render( + + + + ); + + const entities = screen.queryAllByTestId('entityButton'); + + expect(entities.length).toEqual(0); // <-- no interactive buttons + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.test.tsx new file mode 100644 index 0000000000000..55d636bf35270 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.test.tsx @@ -0,0 +1,109 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { ActionableSummary } from '.'; +import { TestProviders } from '../../../common/mock'; +import { mockAttackDiscovery } from '../../mock/mock_attack_discovery'; + +describe('ActionableSummary', () => { + const mockReplacements = { + '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname', + '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username', + }; + + describe('when entities with replacements are provided', () => { + beforeEach(() => { + render( + + + + ); + }); + + it('renders a hostname with the expected value from replacements', () => { + expect(screen.getAllByTestId('entityButton')[0]).toHaveTextContent('foo.hostname'); + }); + + it('renders a username with the expected value from replacements', () => { + expect(screen.getAllByTestId('entityButton')[1]).toHaveTextContent('bar.username'); + }); + }); + + describe('when entities that do NOT have replacements are provided', () => { + beforeEach(() => { + render( + + + + ); + }); + + it('renders a hostname with with the original hostname value', () => { + expect(screen.getAllByTestId('entityButton')[0]).toHaveTextContent( + '5e454c38-439c-4096-8478-0a55511c76e3' + ); + }); + + it('renders a username with the original username value', () => { + expect(screen.getAllByTestId('entityButton')[1]).toHaveTextContent( + '3bdc7952-a334-4d95-8092-cd176546e18a' + ); + }); + }); + + describe('when showAnonymized is true', () => { + beforeEach(() => { + render( + + + + ); + }); + + it('renders a disabled badge with the original hostname value', () => { + expect(screen.getAllByTestId('disabledActionsBadge')[0]).toHaveTextContent( + '5e454c38-439c-4096-8478-0a55511c76e3' + ); + }); + + it('renders a disabled badge with the original username value', () => { + expect(screen.getAllByTestId('disabledActionsBadge')[1]).toHaveTextContent( + '3bdc7952-a334-4d95-8092-cd176546e18a' + ); + }); + }); + + describe('View in AI assistant', () => { + beforeEach(() => { + render( + + + + ); + }); + + it('renders the View in AI assistant button', () => { + expect(screen.getByTestId('viewInAiAssistantCompact')).toBeInTheDocument(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.tsx index 7f1dbe7be3b2e..885ab18c879a7 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actionable_summary/index.tsx @@ -6,11 +6,10 @@ */ import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui'; -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import React, { useMemo } from 'react'; import { AttackDiscoveryMarkdownFormatter } from '../../attack_discovery_markdown_formatter'; -import type { AttackDiscovery } from '../../types'; import { ViewInAiAssistant } from '../view_in_ai_assistant'; interface Props { diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/actions_placeholder/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/actions_placeholder/index.test.tsx new file mode 100644 index 0000000000000..ac2494f050d88 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/actions_placeholder/index.test.tsx @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { ActionsPlaceholder } from '.'; + +describe('ActionsPlaceholder', () => { + beforeEach(() => render()); + + const expectedSkeletonTitles = ['skeletonTitle1', 'skeletonTitle2', 'skeletonTitle3']; + + expectedSkeletonTitles.forEach((expectedSkeletonTitle) => { + it(`renders the ${expectedSkeletonTitle} skeleton title`, () => { + expect(screen.getByTestId(expectedSkeletonTitle)).toBeInTheDocument(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/alerts_badge/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/alerts_badge/index.test.tsx new file mode 100644 index 0000000000000..bc45d195aacfa --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/alerts_badge/index.test.tsx @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { render } from '@testing-library/react'; +import React from 'react'; + +import { AlertsBadge } from '.'; + +describe('AlertsBadge', () => { + it('render the expected alerts count', () => { + const alertsCount = 5; + + const { getByTestId } = render(); + const badgeElement = getByTestId('alertsBadge'); + + expect(badgeElement.textContent).toBe(`${alertsCount}`); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.test.tsx new file mode 100644 index 0000000000000..30096f33dde90 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.test.tsx @@ -0,0 +1,46 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Actions } from '.'; +import { TestProviders } from '../../../common/mock'; +import { mockAttackDiscovery } from '../../mock/mock_attack_discovery'; +import { ATTACK_CHAIN, ALERTS } from './translations'; + +describe('Actions', () => { + beforeEach(() => + render( + + + + ) + ); + + it('renders the attack chain label', () => { + expect(screen.getByTestId('attackChainLabel')).toHaveTextContent(ATTACK_CHAIN); + }); + + it('renders the mini attack chain component', () => { + expect(screen.getByTestId('miniAttackChain')).toBeInTheDocument(); + }); + + it('renders the alerts label', () => { + expect(screen.getByTestId('alertsLabel')).toHaveTextContent(ALERTS); + }); + + it('renders the alerts badge with the expected count', () => { + expect(screen.getByTestId('alertsBadge')).toHaveTextContent( + `${mockAttackDiscovery.alertIds.length}` + ); + }); + + it('renders the take action dropdown', () => { + expect(screen.getByTestId('takeAction')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.tsx index 3aeba84bee02f..9dc81821917f7 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/index.tsx @@ -7,14 +7,13 @@ import { EuiFlexGroup, EuiFlexItem, EuiText, useEuiTheme } from '@elastic/eui'; import { css } from '@emotion/react'; -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import React from 'react'; import { AlertsBadge } from './alerts_badge'; import { MiniAttackChain } from '../../attack/mini_attack_chain'; import { TakeAction } from './take_action'; import * as i18n from './translations'; -import type { AttackDiscovery } from '../../types'; interface Props { attackDiscovery: AttackDiscovery; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/helpers.test.ts new file mode 100644 index 0000000000000..9d58a1487d0ca --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/helpers.test.ts @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getOriginalAlertIds } from './helpers'; + +describe('helpers', () => { + describe('getOriginalAlertIds', () => { + const alertIds = ['alert1', 'alert2', 'alert3']; + + it('returns the original alertIds when no replacements are provided', () => { + const result = getOriginalAlertIds({ alertIds }); + + expect(result).toEqual(alertIds); + }); + + it('returns the replaced alertIds when replacements are provided', () => { + const replacements = { + alert1: 'replaced1', + alert3: 'replaced3', + }; + const expected = ['replaced1', 'alert2', 'replaced3']; + + const result = getOriginalAlertIds({ alertIds, replacements }); + + expect(result).toEqual(expected); + }); + + it('returns the original alertIds when replacements are provided but no replacement is found', () => { + const replacements = { + alert4: 'replaced4', + alert5: 'replaced5', + }; + + const result = getOriginalAlertIds({ alertIds, replacements }); + + expect(result).toEqual(alertIds); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.test.tsx new file mode 100644 index 0000000000000..2772aa6e0c7a2 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.test.tsx @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render, screen } from '@testing-library/react'; +import React from 'react'; + +import { TestProviders } from '../../../../common/mock'; +import { mockAttackDiscovery } from '../../../mock/mock_attack_discovery'; +import { TakeAction } from '.'; + +describe('TakeAction', () => { + beforeEach(() => { + jest.clearAllMocks(); + + render( + + + + ); + + const takeActionButtons = screen.getAllByTestId('takeActionPopoverButton'); + + fireEvent.click(takeActionButtons[0]); // open the popover + }); + + it('renders the Add to new case action', () => { + const addToCase = screen.getByTestId('addToCase'); + + expect(addToCase).toBeInTheDocument(); + }); + + it('renders the Add to existing case action', () => { + const addToCase = screen.getByTestId('addToExistingCase'); + + expect(addToCase).toBeInTheDocument(); + }); + + it('renders the View in AI Assistant action', () => { + const addToCase = screen.getByTestId('viewInAiAssistant'); + + expect(addToCase).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.tsx index 5e019f6af6653..d94a177d52fdc 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/take_action/index.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import { EuiButtonEmpty, EuiContextMenuItem, @@ -19,7 +19,6 @@ import { useKibana } from '../../../../common/lib/kibana'; import { APP_ID } from '../../../../../common'; import { getAttackDiscoveryMarkdown } from '../../../get_attack_discovery_markdown/get_attack_discovery_markdown'; import * as i18n from './translations'; -import type { AttackDiscovery } from '../../../types'; import { useAddToNewCase } from '../use_add_to_case'; import { useAddToExistingCase } from '../use_add_to_existing_case'; import { useViewInAiAssistant } from '../../view_in_ai_assistant/use_view_in_ai_assistant'; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_case/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_case/index.test.tsx new file mode 100644 index 0000000000000..d1c2e84049e9a --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_case/index.test.tsx @@ -0,0 +1,87 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { act, renderHook } from '@testing-library/react-hooks'; + +import { useAddToNewCase } from '.'; +import { TestProviders } from '../../../../common/mock'; + +jest.mock('../../../../common/lib/kibana', () => ({ + useKibana: jest.fn().mockReturnValue({ + services: { + cases: { + hooks: { + useCasesAddToNewCaseFlyout: jest.fn().mockReturnValue({ + open: jest.fn(), + }), + }, + }, + }, + }), +})); + +describe('useAddToNewCase', () => { + it('disables the action when a user can NOT create and read cases', () => { + const canUserCreateAndReadCases = jest.fn().mockReturnValue(false); + + const { result } = renderHook( + () => + useAddToNewCase({ + canUserCreateAndReadCases, + title: 'Persistent Execution of Malicious Application', + }), + { + wrapper: TestProviders, + } + ); + + expect(result.current.disabled).toBe(true); + }); + + it('enables the action when a user can create and read cases', () => { + const canUserCreateAndReadCases = jest.fn().mockReturnValue(true); + + const { result } = renderHook( + () => + useAddToNewCase({ + canUserCreateAndReadCases, + title: 'Persistent Execution of Malicious Application', + }), + { + wrapper: TestProviders, + } + ); + + expect(result.current.disabled).toBe(false); + }); + + it('calls the onClick callback when provided', () => { + const onClick = jest.fn(); + const canUserCreateAndReadCases = jest.fn().mockReturnValue(true); + + const { result } = renderHook( + () => + useAddToNewCase({ + canUserCreateAndReadCases, + title: 'Persistent Execution of Malicious Application', + onClick, + }), + { + wrapper: TestProviders, + } + ); + + act(() => { + result.current.onAddToNewCase({ + alertIds: ['alert1', 'alert2'], + markdownComments: ['Comment 1', 'Comment 2'], + }); + }); + + expect(onClick).toHaveBeenCalled(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_existing_case/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_existing_case/index.test.tsx new file mode 100644 index 0000000000000..80245d371f412 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/actions/use_add_to_existing_case/index.test.tsx @@ -0,0 +1,142 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { act, renderHook } from '@testing-library/react-hooks'; + +import { useAddToExistingCase } from '.'; +import { useKibana } from '../../../../common/lib/kibana'; +import { TestProviders } from '../../../../common/mock'; + +jest.mock('../../../../common/lib/kibana', () => ({ + useKibana: jest.fn().mockReturnValue({ + services: { + cases: { + hooks: { + useCasesAddToExistingCaseModal: jest.fn().mockReturnValue({ + open: jest.fn(), + }), + }, + }, + }, + }), +})); + +describe('useAddToExistingCase', () => { + const mockCanUserCreateAndReadCases = jest.fn(); + const mockOnClick = jest.fn(); + const mockAlertIds = ['alert1', 'alert2']; + const mockMarkdownComments = ['Comment 1', 'Comment 2']; + const mockReplacements = { alert1: 'replacement1', alert2: 'replacement2' }; + + beforeEach(() => { + jest.clearAllMocks(); + }); + + it('disables the action when a user can NOT create and read cases', () => { + mockCanUserCreateAndReadCases.mockReturnValue(false); + + const { result } = renderHook( + () => + useAddToExistingCase({ + canUserCreateAndReadCases: mockCanUserCreateAndReadCases, + onClick: mockOnClick, + }), + { + wrapper: TestProviders, + } + ); + + expect(result.current.disabled).toBe(true); + }); + + it('enables the action when a user can create and read cases', () => { + mockCanUserCreateAndReadCases.mockReturnValue(true); + + const { result } = renderHook( + () => + useAddToExistingCase({ + canUserCreateAndReadCases: mockCanUserCreateAndReadCases, + onClick: mockOnClick, + }), + { + wrapper: TestProviders, + } + ); + + expect(result.current.disabled).toBe(false); + }); + + it('calls the openSelectCaseModal function with the expected attachments', () => { + mockCanUserCreateAndReadCases.mockReturnValue(true); + const mockOpenSelectCaseModal = jest.fn(); + (useKibana as jest.Mock).mockReturnValue({ + services: { + cases: { + hooks: { + useCasesAddToExistingCaseModal: jest.fn().mockReturnValue({ + open: mockOpenSelectCaseModal, + }), + }, + }, + }, + }); + + const { result } = renderHook( + () => + useAddToExistingCase({ + canUserCreateAndReadCases: mockCanUserCreateAndReadCases, + onClick: mockOnClick, + }), + { + wrapper: TestProviders, + } + ); + + act(() => { + result.current.onAddToExistingCase({ + alertIds: mockAlertIds, + markdownComments: mockMarkdownComments, + replacements: mockReplacements, + }); + }); + + expect(mockOpenSelectCaseModal).toHaveBeenCalledWith({ + getAttachments: expect.any(Function), + }); + + const getAttachments = mockOpenSelectCaseModal.mock.calls[0][0].getAttachments; + const attachments = getAttachments(); + + expect(attachments).toHaveLength(4); + expect(attachments[0]).toEqual({ + comment: 'Comment 1', + type: 'user', + }); + expect(attachments[1]).toEqual({ + comment: 'Comment 2', + type: 'user', + }); + expect(attachments[2]).toEqual({ + alertId: 'replacement1', // <-- case attachment uses the replacement values + index: '', + rule: { + id: null, + name: null, + }, + type: 'alert', + }); + expect(attachments[3]).toEqual({ + alertId: 'replacement2', + index: '', + rule: { + id: null, + name: null, + }, + type: 'alert', + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.test.tsx new file mode 100644 index 0000000000000..d65dd87117ca3 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.test.tsx @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { AttackDiscoveryPanel } from '.'; +import { TestProviders } from '../../common/mock'; +import { mockAttackDiscovery } from '../mock/mock_attack_discovery'; + +describe('AttackDiscoveryPanel', () => { + it('renders the attack discovery accordion', () => { + render( + + + + ); + + const attackDiscoveryAccordion = screen.getByTestId('attackDiscoveryAccordion'); + + expect(attackDiscoveryAccordion).toBeInTheDocument(); + }); + + it('renders empty accordion content', () => { + render( + + + + ); + + const emptyAccordionContent = screen.getByTestId('emptyAccordionContent'); + + expect(emptyAccordionContent).toBeInTheDocument(); + }); + + it('renders the attack discovery summary', () => { + render( + + + + ); + + const actionableSummary = screen.getByTestId('actionableSummary'); + + expect(actionableSummary).toBeInTheDocument(); + }); + + it('renders the attack discovery tabs panel when accordion is open', () => { + render( + + + + ); + + const attackDiscoveryTabsPanel = screen.getByTestId('attackDiscoveryTabsPanel'); + + expect(attackDiscoveryTabsPanel).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx index daa5abd264598..2aaac0449886a 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/index.tsx @@ -7,14 +7,13 @@ import { css } from '@emotion/react'; import { EuiAccordion, EuiPanel, EuiSpacer, useEuiTheme, useGeneratedHtmlId } from '@elastic/eui'; -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import React, { useCallback, useMemo, useState } from 'react'; import { ActionableSummary } from './actionable_summary'; import { Actions } from './actions'; import { Tabs } from './tabs'; import { Title } from './title'; -import type { AttackDiscovery } from '../types'; interface Props { attackDiscovery: AttackDiscovery; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/interval/helpers.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/interval/helpers.ts deleted file mode 100644 index 934be01172e24..0000000000000 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/interval/helpers.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { GenerationInterval } from '../../types'; - -export const encodeIntervals = ( - intervalByConnectorId: Record -): string | null => { - try { - return JSON.stringify(intervalByConnectorId, null, 2); - } catch { - return null; - } -}; - -export const decodeIntervals = ( - intervalByConnectorId: string -): Record | null => { - try { - return JSON.parse(intervalByConnectorId); - } catch { - return null; - } -}; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.test.tsx new file mode 100644 index 0000000000000..c505aafa6631b --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.test.tsx @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { TestProviders } from '../../../../common/mock'; +import { mockAttackDiscovery } from '../../../mock/mock_attack_discovery'; +import { AlertsTab } from '.'; + +describe('AlertsTab', () => { + it('renders the alerts tab', () => { + render( + + + + ); + + const alertsTab = screen.getByTestId('alertsTab'); + + expect(alertsTab).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.tsx index d7caf0a7528c9..fc1838dad055d 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/alerts_tab/index.tsx @@ -5,13 +5,12 @@ * 2.0. */ -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import { AlertConsumers } from '@kbn/rule-registry-plugin/common/technical_rule_data_field_names'; import React, { useMemo } from 'react'; import { ALERTS_TABLE_REGISTRY_CONFIG_IDS } from '../../../../../common/constants'; import { useKibana } from '../../../../common/lib/kibana'; -import type { AttackDiscovery } from '../../../types'; interface Props { attackDiscovery: AttackDiscovery; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx new file mode 100644 index 0000000000000..3c05a10a6eb06 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx @@ -0,0 +1,139 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { AttackDiscoveryTab } from '.'; +import type { Replacements } from '@kbn/elastic-assistant-common'; +import { TestProviders } from '../../../../common/mock'; +import { mockAttackDiscovery } from '../../../mock/mock_attack_discovery'; +import { ATTACK_CHAIN, DETAILS, SUMMARY } from './translations'; + +describe('AttackDiscoveryTab', () => { + const mockReplacements: Replacements = { + '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname', + '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username', + }; + + describe('when showAnonymized is false', () => { + const showAnonymized = false; + + beforeEach(() => + render( + + + + ) + ); + + it('renders the summary using the real host and username', () => { + const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter'); + const summaryMarkdown = markdownFormatters[0]; + + expect(summaryMarkdown).toHaveTextContent( + 'A multi-stage malware attack was detected on foo.hostname involving bar.username. A suspicious application delivered malware, attempted credential theft, and established persistence.' + ); + }); + + it('renders the details using the real host and username', () => { + const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter'); + const detailsMarkdown = markdownFormatters[1]; + + expect(detailsMarkdown).toHaveTextContent( + `The following attack progression appears to have occurred on the host foo.hostname involving the user bar.username: A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation. This application spawned child processes to copy a malicious file named "unix1" to the user's home directory and make it executable. The malicious "unix1" file was then executed, attempting to access the user's login keychain and potentially exfiltrate credentials. The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing. This appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection.` + ); + }); + }); + + describe('when showAnonymized is true', () => { + const showAnonymized = true; + + beforeEach(() => + render( + + + + ) + ); + + it('renders the summary using the anonymized host and username', () => { + const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter'); + const summaryMarkdown = markdownFormatters[0]; + + expect(summaryMarkdown).toHaveTextContent( + 'A multi-stage malware attack was detected on 5e454c38-439c-4096-8478-0a55511c76e3 involving 3bdc7952-a334-4d95-8092-cd176546e18a. A suspicious application delivered malware, attempted credential theft, and established persistence.' + ); + }); + + it('renders the details using the anonymized host and username', () => { + const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter'); + const detailsMarkdown = markdownFormatters[1]; + + expect(detailsMarkdown).toHaveTextContent( + `The following attack progression appears to have occurred on the host 5e454c38-439c-4096-8478-0a55511c76e3 involving the user 3bdc7952-a334-4d95-8092-cd176546e18a: A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation. This application spawned child processes to copy a malicious file named "unix1" to the user's home directory and make it executable. The malicious "unix1" file was then executed, attempting to access the user's login keychain and potentially exfiltrate credentials. The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing. This appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection.` + ); + }); + }); + + describe('common cases', () => { + beforeEach(() => + render( + + + + ) + ); + + it('renders the expected summary title', () => { + const summaryTitle = screen.getByTestId('summaryTitle'); + + expect(summaryTitle).toHaveTextContent(SUMMARY); + }); + + it('renders the expected details title', () => { + const detailsTitle = screen.getByTestId('detailsTitle'); + + expect(detailsTitle).toHaveTextContent(DETAILS); + }); + + it('renders the expected attack chain title', () => { + const attackChainTitle = screen.getByTestId('attackChainTitle'); + + expect(attackChainTitle).toHaveTextContent(ATTACK_CHAIN); + }); + + it('renders the attack chain', () => { + const attackChain = screen.getByTestId('attackChain'); + + expect(attackChain).toBeInTheDocument(); + }); + + it('renders the "View in AI Assistant" button', () => { + const viewInAiAssistantButton = screen.getByTestId('viewInAiAssistant'); + + expect(viewInAiAssistantButton).toBeInTheDocument(); + }); + + it('renders the "Investigate in Timeline" button', () => { + const investigateInTimelineButton = screen.getByTestId('investigateInTimelineButton'); + + expect(investigateInTimelineButton).toBeInTheDocument(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx index e80be849de08e..23a63d0503db3 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiSpacer, EuiTitle, useEuiTheme } from '@elastic/eui'; import { css } from '@emotion/react'; import React, { useMemo } from 'react'; @@ -16,7 +16,6 @@ import { buildAlertsKqlFilter } from '../../../../detections/components/alerts_t import { getTacticMetadata } from '../../../helpers'; import { AttackDiscoveryMarkdownFormatter } from '../../../attack_discovery_markdown_formatter'; import * as i18n from './translations'; -import type { AttackDiscovery } from '../../../types'; import { ViewInAiAssistant } from '../../view_in_ai_assistant'; interface Props { @@ -86,7 +85,7 @@ const AttackDiscoveryTabComponent: React.FC = ({ {tacticMetadata.length > 0 && ( <> - +

{i18n.ATTACK_CHAIN}

 diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.test.tsx new file mode 100644 index 0000000000000..d002c0bde5324 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.test.tsx @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { Replacements } from '@kbn/elastic-assistant-common'; +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { getTabs } from './get_tabs'; +import { TestProviders } from '../../../common/mock'; +import { mockAttackDiscovery } from '../../mock/mock_attack_discovery'; +import { ALERTS, ATTACK_DISCOVERY } from './translations'; + +describe('getTabs', () => { + const mockReplacements: Replacements = { + '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname', + '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username', + }; + + const tabs = getTabs({ + attackDiscovery: mockAttackDiscovery, + replacements: mockReplacements, + }); + + describe('Attack discovery tab', () => { + const attackDiscoveryTab = tabs.find((tab) => tab.id === 'attackDiscovery--id'); + + it('includes the Attack discovery tab', () => { + expect(attackDiscoveryTab).not.toBeUndefined(); + }); + + it('has the expected tab name', () => { + expect(attackDiscoveryTab?.name).toEqual(ATTACK_DISCOVERY); + }); + + it('renders the expected content', () => { + render({attackDiscoveryTab?.content}); + + expect(screen.getByTestId('attackDiscoveryTab')).toBeInTheDocument(); + }); + }); + + describe('Alerts tab', () => { + const alertsTab = tabs.find((tab) => tab.id === 'alerts--id'); + + it('includes the Alerts tab', () => { + expect(alertsTab).not.toBeUndefined(); + }); + + it('has the expected tab name', () => { + expect(alertsTab?.name).toEqual(ALERTS); + }); + + it('renders the expected content', () => { + render({alertsTab?.content}); + + expect(screen.getByTestId('alertsTab')).toBeInTheDocument(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.tsx index 8f74a52bdb650..09708d0880c8a 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/get_tabs.tsx @@ -6,15 +6,14 @@ */ import { EuiSpacer } from '@elastic/eui'; -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import React from 'react'; import { AttackDiscoveryTab } from './attack_discovery_tab'; import { AlertsTab } from './alerts_tab'; import * as i18n from './translations'; -import type { AttackDiscovery } from '../../types'; -interface TabInfo { +export interface TabInfo { content: JSX.Element; id: string; name: string; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.test.tsx new file mode 100644 index 0000000000000..3b155d704708c --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.test.tsx @@ -0,0 +1,38 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Tabs } from '.'; +import { TestProviders } from '../../../common/mock'; +import { mockAttackDiscovery } from '../../mock/mock_attack_discovery'; + +describe('Tabs', () => { + beforeEach(() => { + render( + + + + ); + }); + + it('renders the attack discovery tab', () => { + const attackDiscoveryTab = screen.getByTestId('attackDiscoveryTab'); + + expect(attackDiscoveryTab).toBeInTheDocument(); + }); + + it("renders the alerts tab when it's selected", () => { + const alertsTabButton = screen.getByText('Alerts'); + + fireEvent.click(alertsTabButton); + const alertsTab = screen.getByTestId('alertsTab'); + + expect(alertsTab).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.tsx index a11d63acb83bb..c11851fd15778 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/index.tsx @@ -5,12 +5,11 @@ * 2.0. */ -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import { EuiTabs, EuiTab } from '@elastic/eui'; import React, { useCallback, useMemo, useState } from 'react'; import { getTabs } from './get_tabs'; -import type { AttackDiscovery } from '../../types'; interface Props { attackDiscovery: AttackDiscovery; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/title/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/title/index.test.tsx new file mode 100644 index 0000000000000..8648d861b0352 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/title/index.test.tsx @@ -0,0 +1,36 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Title } from '.'; + +describe('Title', () => { + const title = 'Malware Delivery and Credentials Access on macOS'; + + it('renders the assistant avatar', () => { + render(); + const assistantAvatar = screen.getByTestId('assistantAvatar'); + + expect(assistantAvatar).toBeInTheDocument(); + }); + + it('renders the expected title', () => { + render(<Title isLoading={false} title={title} />); + const titleText = screen.getByTestId('titleText'); + + expect(titleText).toHaveTextContent(title); + }); + + it('renders the skeleton title when isLoading is true', () => { + render(<Title isLoading={true} title={title} />); + const skeletonTitle = screen.getByTestId('skeletonTitle'); + + expect(skeletonTitle).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.test.tsx new file mode 100644 index 0000000000000..322e26cb4df48 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.test.tsx @@ -0,0 +1,66 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { ViewInAiAssistant } from '.'; +import { TestProviders } from '../../../common/mock'; +import { mockAttackDiscovery } from '../../mock/mock_attack_discovery'; +import { VIEW_IN_AI_ASSISTANT } from './translations'; + +describe('ViewInAiAssistant', () => { + it('renders the assistant avatar', () => { + render( + <TestProviders> + <ViewInAiAssistant attackDiscovery={mockAttackDiscovery} /> + </TestProviders> + ); + + const assistantAvatar = screen.getByTestId('assistantAvatar'); + + expect(assistantAvatar).toBeInTheDocument(); + }); + + it('renders the expected button label', () => { + render( + <TestProviders> + <ViewInAiAssistant attackDiscovery={mockAttackDiscovery} /> + </TestProviders> + ); + + const viewInAiAssistantLabel = screen.getByTestId('viewInAiAssistantLabel'); + + expect(viewInAiAssistantLabel).toHaveTextContent(VIEW_IN_AI_ASSISTANT); + }); + + describe('compact mode', () => { + it('does NOT render the assistant avatar', () => { + render( + <TestProviders> + <ViewInAiAssistant attackDiscovery={mockAttackDiscovery} compact={true} /> + </TestProviders> + ); + + const assistantAvatar = screen.queryByTestId('assistantAvatar'); + + expect(assistantAvatar).not.toBeInTheDocument(); + }); + + it('renders the expected button text', () => { + render( + <TestProviders> + <ViewInAiAssistant attackDiscovery={mockAttackDiscovery} compact={true} /> + </TestProviders> + ); + + const viewInAiAssistantCompact = screen.getByTestId('viewInAiAssistantCompact'); + + expect(viewInAiAssistantCompact).toHaveTextContent(VIEW_IN_AI_ASSISTANT); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.tsx index b3ad4590f0363..e254ce5d334b8 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/index.tsx @@ -6,12 +6,11 @@ */ import { AssistantAvatar } from '@kbn/elastic-assistant'; -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import { EuiButton, EuiButtonEmpty, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import React from 'react'; import * as i18n from './translations'; -import type { AttackDiscovery } from '../../types'; import { useViewInAiAssistant } from './use_view_in_ai_assistant'; interface Props { diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.test.ts new file mode 100644 index 0000000000000..cc7058c8f3fe6 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.test.ts @@ -0,0 +1,86 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { renderHook } from '@testing-library/react-hooks'; +import { useAssistantOverlay } from '@kbn/elastic-assistant'; + +import { useAssistantAvailability } from '../../../assistant/use_assistant_availability'; +import { getAttackDiscoveryMarkdown } from '../../get_attack_discovery_markdown/get_attack_discovery_markdown'; +import { mockAttackDiscovery } from '../../mock/mock_attack_discovery'; +import { useViewInAiAssistant } from './use_view_in_ai_assistant'; + +jest.mock('@kbn/elastic-assistant'); +jest.mock('../../../assistant/use_assistant_availability'); +jest.mock('../../get_attack_discovery_markdown/get_attack_discovery_markdown'); + +describe('useViewInAiAssistant', () => { + beforeEach(() => { + jest.clearAllMocks(); + + (useAssistantOverlay as jest.Mock).mockReturnValue({ + promptContextId: 'prompt-context-id', + showAssistantOverlay: jest.fn(), + }); + + (useAssistantAvailability as jest.Mock).mockReturnValue({ + hasAssistantPrivilege: true, + isAssistantEnabled: true, + }); + + (getAttackDiscoveryMarkdown as jest.Mock).mockResolvedValue('Test markdown'); + }); + + it('returns the expected promptContextId', () => { + const { result } = renderHook(() => + useViewInAiAssistant({ + attackDiscovery: mockAttackDiscovery, + }) + ); + + expect(result.current.promptContextId).toBe('prompt-context-id'); + }); + + it('returns disabled: false when the user has assistant privileges and promptContextId is provided', () => { + const { result } = renderHook(() => + useViewInAiAssistant({ + attackDiscovery: mockAttackDiscovery, + }) + ); + + expect(result.current.disabled).toBe(false); + }); + + it('returns disabled: true when the user does NOT have assistant privileges', () => { + (useAssistantAvailability as jest.Mock).mockReturnValue({ + hasAssistantPrivilege: false, // <-- the user does NOT have assistant privileges + isAssistantEnabled: true, + }); + + const { result } = renderHook(() => + useViewInAiAssistant({ + attackDiscovery: mockAttackDiscovery, + }) + ); + + expect(result.current.disabled).toBe(true); + }); + + it('returns disabled: true when promptContextId is null', () => { + (useAssistantOverlay as jest.Mock).mockReturnValue({ + promptContextId: null, // <-- promptContextId is null + showAssistantOverlay: jest.fn(), + }); + + const { result } = renderHook(() => + useViewInAiAssistant({ + attackDiscovery: mockAttackDiscovery, + }) + ); + + expect(result.current.disabled).toBe(true); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts index 58f66b1b2a0dd..8016e1b45b408 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/view_in_ai_assistant/use_view_in_ai_assistant.ts @@ -7,10 +7,9 @@ import { useMemo, useCallback } from 'react'; import { useAssistantOverlay } from '@kbn/elastic-assistant'; -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import { useAssistantAvailability } from '../../../assistant/use_assistant_availability'; import { getAttackDiscoveryMarkdown } from '../../get_attack_discovery_markdown/get_attack_discovery_markdown'; -import type { AttackDiscovery } from '../../types'; /** * This category is provided in the prompt context for the assistant @@ -39,7 +38,7 @@ export const useViewInAiAssistant = ({ attackDiscovery.title, // conversation title attackDiscovery.title, // description used in context pill getPromptContext, - attackDiscovery.id, // accept the UUID default for this prompt context + attackDiscovery.id ?? null, // accept the UUID default for this prompt context null, // suggestedUserPrompt null, // tooltip isAssistantEnabled, diff --git a/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.test.tsx new file mode 100644 index 0000000000000..4af83edba69aa --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.test.tsx @@ -0,0 +1,188 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + getAttackChainMarkdown, + getAttackDiscoveryMarkdown, + getMarkdownFields, + getMarkdownWithOriginalValues, +} from './get_attack_discovery_markdown'; +import { mockAttackDiscovery } from '../mock/mock_attack_discovery'; + +describe('getAttackDiscoveryMarkdown', () => { + describe('getMarkdownFields', () => { + it('replaces markdown fields with formatted values', () => { + const markdown = 'This is a {{ field1 value1 }} and {{ field2 value2 }}.'; + const expected = 'This is a `value1` and `value2`.'; + + const result = getMarkdownFields(markdown); + + expect(result).toBe(expected); + }); + + it('handles multiple occurrences of markdown fields', () => { + const markdown = + 'This is a {{ field1 value1 }} and {{ field2 value2 }}. Also, {{ field1 value3 }}.'; + const expected = 'This is a `value1` and `value2`. Also, `value3`.'; + + const result = getMarkdownFields(markdown); + + expect(result).toBe(expected); + }); + + it('handles markdown fields with no spaces around them', () => { + const markdown = 'This is a {{field1 value1}} and {{field2 value2}}.'; + const expected = 'This is a `value1` and `value2`.'; + + const result = getMarkdownFields(markdown); + + expect(result).toBe(expected); + }); + + it('handles empty markdown', () => { + const markdown = ''; + const expected = ''; + + const result = getMarkdownFields(markdown); + + expect(result).toBe(expected); + }); + }); + + describe('getAttackChainMarkdown', () => { + it('returns an empty string when no tactics are detected', () => { + const noTactics = { + ...mockAttackDiscovery, + mitreAttackTactics: [], + }; + + const result = getAttackChainMarkdown(noTactics); + + expect(result).toBe(''); + }); + + it('returns the expected attack chain markdown when tactics are detected', () => { + const result = getAttackChainMarkdown(mockAttackDiscovery); + + expect(result).toBe(`### Attack Chain +- Initial Access +- Execution +- Persistence +- Privilege Escalation +`); + }); + }); + + describe('getMarkdownWithOriginalValues', () => { + const markdown = mockAttackDiscovery.summaryMarkdown; + + it('returns the same markdown when no replacements are provided', () => { + const result = getMarkdownWithOriginalValues({ markdown }); + + expect(result).toBe(markdown); + }); + + it('replaces the UUIDs with the original values when replacements are provided ', () => { + const replacements = { + '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname', + '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username', + }; + const expected = + 'A multi-stage malware attack was detected on {{ host.name foo.hostname }} involving {{ user.name bar.username }}. A suspicious application delivered malware, attempted credential theft, and established persistence.'; + + const result = getMarkdownWithOriginalValues({ markdown, replacements }); + + expect(result).toBe(expected); + }); + + it('only replaces values when there are corresponding entries in the replacements', () => { + // The UUID '3bdc7952-a334-4d95-8092-cd176546e18a' is not in the replacements: + const replacements = { + '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname', + }; + + const expected = + 'A multi-stage malware attack was detected on {{ host.name foo.hostname }} involving {{ user.name 3bdc7952-a334-4d95-8092-cd176546e18a }}. A suspicious application delivered malware, attempted credential theft, and established persistence.'; + + const result = getMarkdownWithOriginalValues({ markdown, replacements }); + + expect(result).toBe(expected); + }); + }); + + describe('getAttackDiscoveryMarkdown', () => { + it('returns the expected markdown when replacements are NOT provided', () => { + const expectedMarkdown = `## Malware Attack With Credential Theft Attempt + +Suspicious activity involving the host \`5e454c38-439c-4096-8478-0a55511c76e3\` and user \`3bdc7952-a334-4d95-8092-cd176546e18a\`. + +### Summary +A multi-stage malware attack was detected on \`5e454c38-439c-4096-8478-0a55511c76e3\` involving \`3bdc7952-a334-4d95-8092-cd176546e18a\`. A suspicious application delivered malware, attempted credential theft, and established persistence. + +### Details +The following attack progression appears to have occurred on the host \`5e454c38-439c-4096-8478-0a55511c76e3\` involving the user \`3bdc7952-a334-4d95-8092-cd176546e18a\`: + +- A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation. +- This application spawned child processes to copy a malicious file named "unix1" to the user's home directory and make it executable. +- The malicious "unix1" file was then executed, attempting to access the user's login keychain and potentially exfiltrate credentials. +- The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing. + +This appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection. + +### Attack Chain +- Initial Access +- Execution +- Persistence +- Privilege Escalation + +`; + + const markdown = getAttackDiscoveryMarkdown({ attackDiscovery: mockAttackDiscovery }); + + expect(markdown).toBe(expectedMarkdown); + }); + + it('returns the expected markdown when replacements are provided', () => { + const replacements = { + '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname', + '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username', + }; + + const expectedMarkdown = `## Malware Attack With Credential Theft Attempt + +Suspicious activity involving the host \`foo.hostname\` and user \`bar.username\`. + +### Summary +A multi-stage malware attack was detected on \`foo.hostname\` involving \`bar.username\`. A suspicious application delivered malware, attempted credential theft, and established persistence. + +### Details +The following attack progression appears to have occurred on the host \`foo.hostname\` involving the user \`bar.username\`: + +- A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation. +- This application spawned child processes to copy a malicious file named "unix1" to the user's home directory and make it executable. +- The malicious "unix1" file was then executed, attempting to access the user's login keychain and potentially exfiltrate credentials. +- The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing. + +This appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection. + +### Attack Chain +- Initial Access +- Execution +- Persistence +- Privilege Escalation + +`; + + const markdown = getAttackDiscoveryMarkdown({ + attackDiscovery: mockAttackDiscovery, + replacements, + }); + + expect(markdown).toBe(expectedMarkdown); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.ts b/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.ts index e79470f670d8d..5309ef1de6bb2 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.ts +++ b/x-pack/plugins/security_solution/public/attack_discovery/get_attack_discovery_markdown/get_attack_discovery_markdown.ts @@ -5,10 +5,9 @@ * 2.0. */ -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscovery, Replacements } from '@kbn/elastic-assistant-common'; import { getTacticLabel, getTacticMetadata } from '../helpers'; -import type { AttackDiscovery } from '../types'; export const getMarkdownFields = (markdown: string): string => { const regex = new RegExp('{{\\s*(\\S+)\\s+(\\S+)\\s*}}', 'gm'); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/helpers.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/helpers.test.tsx new file mode 100644 index 0000000000000..4f5e43323333f --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/helpers.test.tsx @@ -0,0 +1,96 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + COMMAND_AND_CONTROL, + DISCOVERY, + EXECUTION, + EXFILTRATION, + getTacticLabel, + getTacticMetadata, + INITIAL_ACCESS, + LATERAL_MOVEMENT, + PERSISTENCE, + PRIVILEGE_ESCALATION, + RECONNAISSANCE, + replaceNewlineLiterals, +} from './helpers'; +import { mockAttackDiscovery } from './mock/mock_attack_discovery'; +import * as i18n from './translations'; + +const expectedTactics = { + [RECONNAISSANCE]: i18n.RECONNAISSANCE, + [INITIAL_ACCESS]: i18n.INITIAL_ACCESS, + [EXECUTION]: i18n.EXECUTION, + [PERSISTENCE]: i18n.PERSISTENCE, + [PRIVILEGE_ESCALATION]: i18n.PRIVILEGE_ESCALATION, + [DISCOVERY]: i18n.DISCOVERY, + [LATERAL_MOVEMENT]: i18n.LATERAL_MOVEMENT, + [COMMAND_AND_CONTROL]: i18n.COMMAND_AND_CONTROL, + [EXFILTRATION]: i18n.EXFILTRATION, + unknown: 'unknown', +}; + +describe('helpers', () => { + describe('getTacticLabel', () => { + Object.entries(expectedTactics).forEach(([tactic, expectedLabel]) => { + it(`returns the expected label for ${tactic}`, () => { + const label = getTacticLabel(tactic); + + expect(label).toBe(expectedLabel); + }); + }); + }); + + describe('getTacticMetadata', () => { + const expectedDetected = ['Initial Access', 'Execution', 'Persistence', 'Privilege Escalation']; + + expectedDetected.forEach((tactic) => { + it(`sets the detected property to true for the '${tactic}' tactic`, () => { + const result = getTacticMetadata(mockAttackDiscovery); + const metadata = result.find(({ name }) => name === tactic); + + expect(metadata?.detected).toBe(true); + }); + }); + + it('sets the detected property to false for all tactics that were not detected', () => { + const result = getTacticMetadata(mockAttackDiscovery); + const filtered = result.filter(({ name }) => !expectedDetected.includes(name)); + + filtered.forEach((metadata) => { + expect(metadata.detected).toBe(false); + }); + }); + + it('sets the expected "index" property for each tactic', () => { + const result = getTacticMetadata(mockAttackDiscovery); + + result.forEach((metadata, i) => { + expect(metadata.index).toBe(i); + }); + }); + }); + + describe('replaceNewlineLiterals', () => { + it('replaces multiple newline literals with actual newlines', () => { + const input = 'Multiple\\nnewline\\nliterals'; + const expected = 'Multiple\nnewline\nliterals'; + + const result = replaceNewlineLiterals(input); + + expect(result).toEqual(expected); + }); + + it('does NOT replace anything if there are no newline literals', () => { + const input = 'This is a string without newlines'; + const result = replaceNewlineLiterals(input); + + expect(result).toEqual(input); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/helpers.ts b/x-pack/plugins/security_solution/public/attack_discovery/helpers.ts index 2cdd1354c9b6d..aa56835d5a1ed 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/helpers.ts +++ b/x-pack/plugins/security_solution/public/attack_discovery/helpers.ts @@ -5,8 +5,8 @@ * 2.0. */ +import type { AttackDiscovery } from '@kbn/elastic-assistant-common'; import * as i18n from './translations'; -import type { AttackDiscovery } from './types'; export const RECONNAISSANCE = 'Reconnaissance'; export const INITIAL_ACCESS = 'Initial Access'; @@ -56,7 +56,7 @@ export const getTacticLabel = (tactic: string): string => { } }; -interface TacticMetadata { +export interface TacticMetadata { detected: boolean; index: number; name: string; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.test.tsx deleted file mode 100644 index 3c8d5c40ec515..0000000000000 --- a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.test.tsx +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { renderHook } from '@testing-library/react-hooks'; -import { useAttackDiscoveryTelemetry } from '.'; -import { createTelemetryServiceMock } from '../../../common/lib/telemetry/telemetry_service.mock'; - -const reportAttackDiscoveriesGenerated = jest.fn(); -const mockedTelemetry = { - ...createTelemetryServiceMock(), - reportAttackDiscoveriesGenerated, -}; - -jest.mock('../../../common/lib/kibana', () => { - const original = jest.requireActual('../../../common/lib/kibana'); - - return { - ...original, - useKibana: () => ({ - services: { - telemetry: mockedTelemetry, - }, - }), - }; -}); - -describe('useAttackDiscoveryTelemetry', () => { - beforeEach(() => { - jest.clearAllMocks(); - }); - it('should return the expected telemetry object with tracking functions', () => { - const { result } = renderHook(() => useAttackDiscoveryTelemetry()); - expect(result.current).toHaveProperty('reportAttackDiscoveriesGenerated'); - }); - - it('Should call reportAttackDiscoveriesGenerated with appropriate actionTypeId when tracking is called', async () => { - const { result } = renderHook(() => useAttackDiscoveryTelemetry()); - await result.current.reportAttackDiscoveriesGenerated({ - actionTypeId: '.gen-ai', - model: 'gpt-4', - durationMs: 8000, - alertsCount: 20, - alertsContextCount: 25, - configuredAlertsCount: 30, - }); - expect(reportAttackDiscoveriesGenerated).toHaveBeenCalledWith({ - actionTypeId: '.gen-ai', - model: 'gpt-4', - durationMs: 8000, - alertsCount: 20, - alertsContextCount: 25, - configuredAlertsCount: 30, - }); - }); -}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.tsx deleted file mode 100644 index a0cc331e88017..0000000000000 --- a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_attack_discovery_telemetry/index.tsx +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ReportAttackDiscoveriesGeneratedParams } from '../../../common/lib/telemetry/events/attack_discovery/types'; -import { useKibana } from '../../../common/lib/kibana'; - -interface AttackDiscoveryTelemetry { - reportAttackDiscoveriesGenerated: (params: ReportAttackDiscoveriesGeneratedParams) => void; -} - -export const useAttackDiscoveryTelemetry = (): AttackDiscoveryTelemetry => { - const { - services: { telemetry }, - } = useKibana(); - - return { - reportAttackDiscoveriesGenerated: telemetry.reportAttackDiscoveriesGenerated, - }; -}; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.test.tsx new file mode 100644 index 0000000000000..e599bc8073425 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.test.tsx @@ -0,0 +1,197 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { HttpSetupMock } from '@kbn/core-http-browser-mocks'; +import { coreMock } from '@kbn/core/public/mocks'; +import { act, renderHook } from '@testing-library/react-hooks'; +import { attackDiscoveryStatus, usePollApi } from './use_poll_api'; +import moment from 'moment/moment'; +import { kibanaMock } from '../../common/mock'; + +const http: HttpSetupMock = coreMock.createSetup().http; +const setApproximateFutureTime = jest.fn(); +const defaultProps = { http, setApproximateFutureTime, connectorId: 'my-gpt4o-ai' }; + +const mockResponse = { + timestamp: '2024-06-07T18:56:17.357Z', + createdAt: '2024-06-07T18:56:17.357Z', + users: [ + { + id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0', + name: 'elastic', + }, + ], + status: 'succeeded', + apiConfig: { + actionTypeId: '.gen-ai', + connectorId: 'my-gpt4o-ai', + }, + attackDiscoveries: [ + { + summaryMarkdown: + 'A critical malware incident involving {{ host.name c1f9889f-1f6b-4abc-8e65-02de89fe1054 }} and {{ user.name 71ca47cf-082e-4d35-a8e7-6e4fa4e175da }} has been detected. The malware, identified as AppPool.vbs, was executed with high privileges and attempted to evade detection.', + id: '2204421f-bb42-4b96-a200-016a5388a029', + title: 'Critical Malware Incident on Windows Host', + mitreAttackTactics: ['Initial Access', 'Execution', 'Defense Evasion'], + alertIds: [ + '43cf228ce034aeeb89a1ef41cd7fcdef1a3db574fa5237badf1fa9eaa3425c21', + '44ae9696784b3baeee75935f889e55ce77da338241230b5c488f90a8bace43e2', + '2479b1b1007952d3b6dc26344c89f44c1bb396de56f1655eca408135b3d05af8', + ], + detailsMarkdown: 'details', + entitySummaryMarkdown: + '{{ host.name c1f9889f-1f6b-4abc-8e65-02de89fe1054 }} and {{ user.name 71ca47cf-082e-4d35-a8e7-6e4fa4e175da }} are involved in a critical malware incident.', + timestamp: '2024-06-07T20:04:35.715Z', + }, + ], + backingIndex: '1234', + updatedAt: '2024-06-07T20:04:35.715Z', + replacements: { + 'c1f9889f-1f6b-4abc-8e65-02de89fe1054': 'root', + '71ca47cf-082e-4d35-a8e7-6e4fa4e175da': 'james', + }, + namespace: 'default', + generationIntervals: [ + { + date: '2024-06-07T20:04:35.715Z', + durationMs: 104593, + }, + { + date: '2024-06-07T18:58:27.880Z', + durationMs: 130526, + }, + ], + alertsContextCount: 20, + averageIntervalMs: 117559, + id: '8e215edc-6318-4760-9566-d32f1844f9cb', +}; + +describe('usePollApi', () => { + beforeAll(() => { + jest.useFakeTimers({ legacyFakeTimers: true }); + }); + + afterAll(() => { + jest.useRealTimers(); + }); + beforeEach(() => { + jest.clearAllMocks(); + }); + test('should render initial state with null status and data', () => { + const { result } = renderHook(() => usePollApi(defaultProps)); + expect(result.current.status).toBeNull(); + expect(result.current.data).toBeNull(); + }); + + test('should call http.fetch on pollApi call', async () => { + const { result } = renderHook(() => usePollApi(defaultProps)); + + await result.current.pollApi(); + + expect(http.fetch).toHaveBeenCalledTimes(1); + expect(http.fetch).toHaveBeenCalledWith( + '/internal/elastic_assistant/attack_discovery/my-gpt4o-ai', + { method: 'GET', version: '1' } + ); + }); + + test('should update didInitialFetch on connector change', async () => { + http.fetch.mockResolvedValue({ + entryExists: true, + data: mockResponse, + }); + const { result, rerender } = renderHook((props) => usePollApi(props), { + initialProps: defaultProps, + }); + + expect(result.current.didInitialFetch).toEqual(false); + + await act(async () => { + await result.current.pollApi(); + }); + + expect(result.current.didInitialFetch).toEqual(true); + + rerender({ ...defaultProps, connectorId: 'new-connector-id' }); + + expect(result.current.didInitialFetch).toEqual(false); + + await act(async () => { + await result.current.pollApi(); + }); + + expect(result.current.didInitialFetch).toEqual(true); + }); + + test('should update status and data on successful response', async () => { + http.fetch.mockResolvedValue({ + entryExists: true, + data: mockResponse, + }); + const { result } = renderHook(() => usePollApi(defaultProps)); + + await act(async () => { + await result.current.pollApi(); + }); + + expect(result.current.status).toBe(attackDiscoveryStatus.succeeded); + expect(result.current.data).toEqual({ ...mockResponse, connectorId: defaultProps.connectorId }); + expect(setApproximateFutureTime).toHaveBeenCalledWith( + moment(mockResponse.updatedAt).add(mockResponse.averageIntervalMs, 'milliseconds').toDate() + ); + }); + + test('should update status and data on running status and schedule next poll', async () => { + // @ts-ignore + jest.spyOn(global, 'setTimeout').mockImplementation((cb) => cb()); + http.fetch + .mockResolvedValueOnce({ + entryExists: true, + data: { ...mockResponse, attackDiscoveries: [], status: 'running' }, + }) + .mockResolvedValueOnce({ + entryExists: true, + data: { ...mockResponse, attackDiscoveries: [], status: 'running' }, + }) + .mockResolvedValueOnce({ + entryExists: true, + data: { ...mockResponse, attackDiscoveries: [], status: 'running' }, + }) + .mockResolvedValue({ + entryExists: true, + data: mockResponse, + }); + + const { result } = renderHook(() => usePollApi(defaultProps)); + + await act(async () => { + await result.current.pollApi(); + }); + // 3 from the mockResolvedValueOnce above + expect(setTimeout).toHaveBeenCalledTimes(3); + }); + test('When no connectorId and pollApi is called, should update status and data to null on error and show toast', async () => { + const addDangerMock = jest.spyOn(kibanaMock.notifications.toasts, 'addDanger'); + const { result } = renderHook(() => + usePollApi({ + http, + setApproximateFutureTime: () => {}, + toasts: kibanaMock.notifications.toasts, + }) + ); + + await result.current.pollApi(); + + expect(result.current.status).toBeNull(); + expect(result.current.data).toBeNull(); + expect(addDangerMock).toHaveBeenCalledTimes(1); + expect(addDangerMock).toHaveBeenCalledWith(new Error('Invalid connector id'), { + text: 'Invalid connector id', + title: 'Error generating attack discoveries', + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.tsx b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.tsx new file mode 100644 index 0000000000000..d3821ab57f29b --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/hooks/use_poll_api.tsx @@ -0,0 +1,180 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { useCallback, useEffect, useRef, useState } from 'react'; +import * as uuid from 'uuid'; +import type { AttackDiscoveryStatus, AttackDiscoveryResponse } from '@kbn/elastic-assistant-common'; +import { + AttackDiscoveryCancelResponse, + AttackDiscoveryGetResponse, + ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, +} from '@kbn/elastic-assistant-common'; +import type { HttpSetup } from '@kbn/core-http-browser'; +import moment from 'moment'; +import type { IToasts } from '@kbn/core-notifications-browser'; +import { + ERROR_CANCELING_ATTACK_DISCOVERIES, + ERROR_GENERATING_ATTACK_DISCOVERIES, +} from '../pages/translations'; +import { getErrorToastText } from '../pages/helpers'; +import { replaceNewlineLiterals } from '../helpers'; + +export interface Props { + http: HttpSetup; + setApproximateFutureTime: (date: Date | null) => void; + toasts?: IToasts; + connectorId?: string; +} + +export interface AttackDiscoveryData extends AttackDiscoveryResponse { + connectorId: string; +} + +interface UsePollApi { + cancelAttackDiscovery: () => Promise<void>; + didInitialFetch: boolean; + status: AttackDiscoveryStatus | null; + data: AttackDiscoveryData | null; + pollApi: () => void; +} + +export const usePollApi = ({ + http, + setApproximateFutureTime, + toasts, + connectorId, +}: Props): UsePollApi => { + const [status, setStatus] = useState<AttackDiscoveryStatus | null>(null); + const [data, setData] = useState<AttackDiscoveryData | null>(null); + const timeoutIdRef = useRef<ReturnType<typeof setTimeout> | null>(null); + + const [didInitialFetch, setDidInitialFetch] = useState(false); + + useEffect(() => { + setDidInitialFetch(false); + return () => { + // when a connectorId changes, clear timeout + if (timeoutIdRef.current) clearTimeout(timeoutIdRef.current); + }; + }, [connectorId]); + + const handleResponse = useCallback( + (responseData: AttackDiscoveryResponse | null) => { + if (connectorId == null || connectorId === '') { + throw new Error('Invalid connector id'); + } + setDidInitialFetch(true); + if (responseData == null) { + setStatus(null); + setData(null); + return; + } + setData((prevData) => { + if ( + responseData.updatedAt === prevData?.updatedAt && + responseData.status === prevData?.status && + responseData.id === prevData?.id + ) { + // do not update if the data is the same + // prevents unnecessary re-renders + return prevData; + } + setStatus(responseData.status); + setApproximateFutureTime( + moment(responseData.updatedAt) + .add(responseData.averageIntervalMs, 'milliseconds') + .toDate() + ); + return { + ...responseData, + connectorId, + attackDiscoveries: responseData.attackDiscoveries.map((attackDiscovery) => ({ + ...attackDiscovery, + id: attackDiscovery.id ?? uuid.v4(), + detailsMarkdown: replaceNewlineLiterals(attackDiscovery.detailsMarkdown), + entitySummaryMarkdown: replaceNewlineLiterals(attackDiscovery.entitySummaryMarkdown), + summaryMarkdown: replaceNewlineLiterals(attackDiscovery.summaryMarkdown), + })), + }; + }); + }, + [connectorId, setApproximateFutureTime] + ); + + const cancelAttackDiscovery = useCallback(async () => { + try { + if (connectorId == null || connectorId === '') { + throw new Error('Invalid connector id'); + } + if (timeoutIdRef.current) clearTimeout(timeoutIdRef.current); + const rawResponse = await http.fetch( + `/internal/elastic_assistant/attack_discovery/cancel/${connectorId}`, + { + method: 'PUT', + version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, + } + ); + const parsedResponse = AttackDiscoveryCancelResponse.safeParse(rawResponse); + if (!parsedResponse.success) { + throw new Error('Failed to parse the attack discovery cancel response'); + } + handleResponse(parsedResponse.data); + } catch (error) { + setStatus(null); + + toasts?.addDanger(error, { + title: ERROR_CANCELING_ATTACK_DISCOVERIES, + text: getErrorToastText(error), + }); + } + }, [connectorId, handleResponse, http, toasts]); + + const pollApi = useCallback(async () => { + try { + if (connectorId == null || connectorId === '') { + throw new Error('Invalid connector id'); + } + // call the internal API to generate attack discoveries: + const rawResponse = await http.fetch( + `/internal/elastic_assistant/attack_discovery/${connectorId}`, + { + method: 'GET', + version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, + } + ); + + const parsedResponse = AttackDiscoveryGetResponse.safeParse(rawResponse); + if (!parsedResponse.success) { + throw new Error('Failed to parse the attack discovery GET response'); + } + handleResponse(parsedResponse.data.data ?? null); + if (parsedResponse?.data?.data?.status === attackDiscoveryStatus.running) { + // poll every 3 seconds if attack discovery is running + timeoutIdRef.current = setTimeout(() => { + pollApi(); + }, 3000); + } + } catch (error) { + setStatus(null); + setData(null); + + toasts?.addDanger(error, { + title: ERROR_GENERATING_ATTACK_DISCOVERIES, + text: getErrorToastText(error), + }); + } + }, [connectorId, handleResponse, http, toasts]); + + return { cancelAttackDiscovery, didInitialFetch, status, data, pollApi }; +}; + +export const attackDiscoveryStatus: { [k: string]: AttackDiscoveryStatus } = { + canceled: 'canceled', + failed: 'failed', + running: 'running', + succeeded: 'succeeded', +}; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_attack_discovery.ts b/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_attack_discovery.ts new file mode 100644 index 0000000000000..d5de6e8d7cc06 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_attack_discovery.ts @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { AttackDiscovery } from '@kbn/elastic-assistant-common'; + +export const mockAttackDiscovery: AttackDiscovery = { + alertIds: [ + '639801cdb10a93610be4a91fe0eac94cd3d4d292cf0c2a6d7b3674d7f7390357', + 'bdcf649846dc3ed0ca66537e1c1dc62035a35a208ba4d9853a93e9be4b0dbea3', + 'cdbd13134bbd371cd045e5f89970b21ab866a9c3817b2aaba8d8e247ca88b823', + '58571e1653b4201c4f35d49b6eb4023fc0219d5885ff7c385a9253a692a77104', + '06fcb3563de7dad14137c0bb4e5bae17948c808b8a3b8c60d9ec209a865b20ed', + '8bd3fcaeca5698ee26df402c8bc40df0404d34a278bc0bd9355910c8c92a4aee', + '59ff4efa1a03b0d1cb5c0640f5702555faf5c88d273616c1b6e22dcfc47ac46c', + 'f352f8ca14a12062cde77ff2b099202bf74f4a7d757c2ac75ac63690b2f2f91a', + ], + detailsMarkdown: + 'The following attack progression appears to have occurred on the host {{ host.name 5e454c38-439c-4096-8478-0a55511c76e3 }} involving the user {{ user.name 3bdc7952-a334-4d95-8092-cd176546e18a }}:\n\n- A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation.\n- This application spawned child processes to copy a malicious file named "unix1" to the user\'s home directory and make it executable.\n- The malicious "unix1" file was then executed, attempting to access the user\'s login keychain and potentially exfiltrate credentials.\n- The suspicious application also launched the "osascript" utility to display a fake system dialog prompting the user for their password, a technique known as credentials phishing.\n\nThis appears to be a multi-stage attack involving malware delivery, privilege escalation, credential access, and potentially data exfiltration. The attacker may have used social engineering techniques like phishing to initially compromise the system. The suspicious "My Go Application.app" exhibits behavior characteristic of malware families that attempt to steal user credentials and maintain persistence. Mitigations should focus on removing the malicious files, resetting credentials, and enhancing security controls around application whitelisting, user training, and data protection.', + entitySummaryMarkdown: + 'Suspicious activity involving the host {{ host.name 5e454c38-439c-4096-8478-0a55511c76e3 }} and user {{ user.name 3bdc7952-a334-4d95-8092-cd176546e18a }}.', + id: 'e6d1f8ef-7c1d-42d6-ba6a-11610bab72b1', + mitreAttackTactics: [ + 'Initial Access', + 'Execution', + 'Persistence', + 'Privilege Escalation', + 'Credential Access', + ], + summaryMarkdown: + 'A multi-stage malware attack was detected on {{ host.name 5e454c38-439c-4096-8478-0a55511c76e3 }} involving {{ user.name 3bdc7952-a334-4d95-8092-cd176546e18a }}. A suspicious application delivered malware, attempted credential theft, and established persistence.', + timestamp: '2024-06-25T21:14:40.098Z', + title: 'Malware Attack With Credential Theft Attempt', +}; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_use_attack_discovery.ts b/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_use_attack_discovery.ts index e165fb2d83562..4f8be970f40a1 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_use_attack_discovery.ts +++ b/x-pack/plugins/security_solution/public/attack_discovery/mock/mock_use_attack_discovery.ts @@ -12,365 +12,36 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = ( ): UseAttackDiscovery => ({ alertsContextCount: 20, approximateFutureTime: null, - cachedAttackDiscoveries: { - claudeV3SonnetUsEast1: { - connectorId: 'claudeV3SonnetUsEast1', - attackDiscoveries: [ - { - alertIds: [ - 'e770a817-0e87-4e4b-8e26-1bf504a209d2', - 'f0ab5b5d-55c5-4d05-8f4f-12f0e62ecd96', - '8cfde870-cd3b-40b8-9999-901c0b97fb5a', - 'da8fa0b1-1f51-4c63-b5d0-2e35c9fa3b84', - '597fd583-4036-4631-a71a-7a8a7dd17848', - '550691a2-edac-4cc5-a453-6a36d5351c76', - 'df97c2d9-9e28-43e0-a461-3bacf91a262f', - 'f6558144-630c-49ec-8aa2-fe96364883c7', - '113819ec-cfd0-4867-bfbd-cb9ca8e1e69f', - 'c6cbd80f-9602-4748-b951-56c0745f3e1f', - ], - detailsMarkdown: - '- {{ host.name 001cc415-42ad-4b21-a92c-e4193b283b78 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential ransomware attack progression:\n\n - A suspicious executable {{ file.name d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe }} was created and executed from {{ file.path 4053a825-9628-470a-8c83-c733e941bece }} by the parent process {{ process.parent.executable C:\\Windows\\Explorer.EXE }}.\n - The suspicious executable then created another file {{ file.name 604300eb-3711-4e38-8500-0a395d3cc1e5 }} at {{ file.path 8e2853aa-f0b9-4c95-9895-d71a7aa8b4a4 }} and loaded it.\n - Multiple shellcode injection alerts were triggered by the loaded file, indicating potential malicious activity.\n - A ransomware detection alert was also triggered, suggesting the presence of ransomware behavior.\n\n- The suspicious executable {{ file.name d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe }} had an expired code signature from "TRANSPORT", which is not a trusted source.\n- The loaded file {{ file.name 604300eb-3711-4e38-8500-0a395d3cc1e5 }} was identified as potentially malicious by Elastic Endpoint Security.', - entitySummaryMarkdown: - 'Potential ransomware attack involving {{ host.name 001cc415-42ad-4b21-a92c-e4193b283b78 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}.', - id: '9f6d4a18-7483-4103-92e7-24e2ebab77bb', - mitreAttackTactics: [ - 'Execution', - 'Persistence', - 'Privilege Escalation', - 'Defense Evasion', - ], - summaryMarkdown: - 'A potential ransomware attack progression was detected on {{ host.name 001cc415-42ad-4b21-a92c-e4193b283b78 }} involving {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}. A suspicious executable with an untrusted code signature was executed, leading to the creation and loading of a malicious file that triggered shellcode injection and ransomware detection alerts.', - title: 'Potential Ransomware Attack Progression Detected', - }, - { - alertIds: [ - '4691c8da-ccba-40f2-b540-0ec5656ad8ef', - '53b3ee1a-1594-447d-94a0-338af2a22844', - '2e744d88-3040-4ab8-90a3-1d5011ab1a6b', - '452ed87e-2e64-486b-ad6a-b368010f570a', - 'd2ce2be7-1d86-4fbe-851a-05883e575a0b', - '7d0ae0fc-7c24-4760-8543-dc4d44f17126', - ], - detailsMarkdown: - '- {{ host.name 4d31c85a-f08b-4461-a67e-ca1991427e6d }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware attack progression:\n\n - A Microsoft Office process ({{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }}) launched a suspicious child process ({{ process.name certutil.exe }}) with unusual arguments to decode a file ({{ file.name B1Z8U2N9.txt }}) into another executable ({{ file.name Q3C7N1V8.exe }}).\n - The decoded executable {{ file.name Q3C7N1V8.exe }} was then executed and created another file {{ file.name 2ddee627-fbe2-45a8-8b2b-eba7542b4e3d }} at {{ file.path ae8aacc8-bfe3-4735-8075-a135fcf60722 }}, which was loaded.\n - Multiple alerts were triggered, including malware detection, suspicious Microsoft Office child process, uncommon persistence via registry modification, and rundll32 with unusual arguments.\n\n- The decoded executable {{ file.name Q3C7N1V8.exe }} exhibited persistence behavior by modifying the registry.\n- The rundll32.exe process was launched with unusual arguments to load the decoded file, which is a common malware technique.', - entitySummaryMarkdown: - 'Potential malware attack involving {{ host.name 4d31c85a-f08b-4461-a67e-ca1991427e6d }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}.', - id: 'fd82a3bf-45e4-43ba-bb8f-795584923474', - mitreAttackTactics: ['Execution', 'Persistence', 'Defense Evasion'], - summaryMarkdown: - 'A potential malware attack progression was detected on {{ host.name 4d31c85a-f08b-4461-a67e-ca1991427e6d }} involving {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}. A Microsoft Office process launched a suspicious child process that decoded and executed a malicious executable, which exhibited persistence behavior and triggered multiple security alerts.', - title: 'Potential Malware Attack Progression Detected', - }, - { - alertIds: ['9896f807-4e57-4da8-b1ea-d62645045428'], - detailsMarkdown: - '- {{ host.name c7697774-7350-4153-9061-64a484500241 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware attack:\n\n - A Microsoft Office process ({{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }}) launched a suspicious child process ({{ process.name certutil.exe }}) with unusual arguments to decode a file ({{ file.name K2G8Q8Z9.txt }}) into another executable ({{ file.name Z5K7J6H8.exe }}).\n - This behavior triggered a "Malicious Behavior Prevention Alert: Suspicious Microsoft Office Child Process" alert.\n\n- The certutil.exe process is commonly abused by malware to decode and execute malicious payloads.', - entitySummaryMarkdown: - 'Potential malware attack involving {{ host.name c7697774-7350-4153-9061-64a484500241 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}.', - id: '79a97cec-4126-479a-8fa1-706aec736bc5', - mitreAttackTactics: ['Execution', 'Defense Evasion'], - summaryMarkdown: - 'A potential malware attack was detected on {{ host.name c7697774-7350-4153-9061-64a484500241 }} involving {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}. A Microsoft Office process launched a suspicious child process that attempted to decode and execute a malicious payload, triggering a security alert.', - title: 'Potential Malware Attack Detected', - }, - { - alertIds: ['53157916-4437-4a92-a7fd-f792c4aa1aae'], - detailsMarkdown: - '- {{ host.name 6d4355b3-3d1a-4673-b0c7-51c1c698bcc5 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware incident:\n\n - The explorer.exe process ({{ process.executable C:\\Windows\\explorer.exe }}) attempted to create a file ({{ file.name 25a994dc-c605-425c-b139-c273001dc816 }}) at {{ file.path 9693f967-2b96-4281-893e-79adbdcf1066 }}.\n - This file creation attempt was blocked, and a "Malware Prevention Alert" was triggered.\n\n- The file {{ file.name 25a994dc-c605-425c-b139-c273001dc816 }} was likely identified as malicious by Elastic Endpoint Security, leading to the prevention of its creation.', - entitySummaryMarkdown: - 'Potential malware incident involving {{ host.name 6d4355b3-3d1a-4673-b0c7-51c1c698bcc5 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}.', - id: '13c4a00d-88a8-408c-9ed5-b2518df0eae3', - mitreAttackTactics: ['Defense Evasion'], - summaryMarkdown: - 'A potential malware incident was detected on {{ host.name 6d4355b3-3d1a-4673-b0c7-51c1c698bcc5 }} involving {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }}. The explorer.exe process attempted to create a file that was identified as malicious by Elastic Endpoint Security, triggering a malware prevention alert and blocking the file creation.', - title: 'Potential Malware Incident Detected', - }, - ], - replacements: { - '8e2853aa-f0b9-4c95-9895-d71a7aa8b4a4': 'C:\\Windows\\mpsvc.dll', - '73f9a91c-3268-4229-8bb9-7c1fe2f667bc': 'Administrator', - '001cc415-42ad-4b21-a92c-e4193b283b78': 'SRVWIN02', - 'b0fd402c-9752-4d43-b0f7-9750cce247e7': 'OMM-WIN-DETECT', - '604300eb-3711-4e38-8500-0a395d3cc1e5': 'mpsvc.dll', - 'e770a817-0e87-4e4b-8e26-1bf504a209d2': - '13c8569b2bfd65ecfa75b264b6d7f31a1b50c530101bcaeb8569b3a0190e93b4', - 'f0ab5b5d-55c5-4d05-8f4f-12f0e62ecd96': - '250d812f9623d0916bba521d4221757163f199d64ffab92f888581a00ca499be', - '4053a825-9628-470a-8c83-c733e941bece': - 'C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe', - '2acbc31d-a0ec-4f99-a544-b23fcdd37b70': - 'd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe', - '8cfde870-cd3b-40b8-9999-901c0b97fb5a': - '138876c616a2f403aadb6a1c3da316d97f15669fc90187a27d7f94a55674d19a', - 'da8fa0b1-1f51-4c63-b5d0-2e35c9fa3b84': - '2bc20691da4ec37cc1f967d6f5b79e95c7f07f6e473724479dcf4402a192969c', - '9693f967-2b96-4281-893e-79adbdcf1066': - 'C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e', - '25a994dc-c605-425c-b139-c273001dc816': - 'd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e', - '597fd583-4036-4631-a71a-7a8a7dd17848': - '6cea6124aa27adf2f782db267c5173742b675331107cdb7372a46ae469366210', - '550691a2-edac-4cc5-a453-6a36d5351c76': - '26a9788ca7189baa31dcbb509779c1ac5d2e72297cb02e4b4ee8c1f9e371666f', - 'df97c2d9-9e28-43e0-a461-3bacf91a262f': - 'c107e4e903724f2a1e0ea8e0135032d1d75624bf7de8b99c17ba9a9f178c2d6a', - 'f6558144-630c-49ec-8aa2-fe96364883c7': - 'afb8ed160ae9f78990980d92fb3213ffff74a12ec75034384b4f53a3edf74400', - 'c6cbd80f-9602-4748-b951-56c0745f3e1f': - '137aa729928d2a0df1d5e35f47f0ad2bd525012409a889358476dca8e06ba804', - '113819ec-cfd0-4867-bfbd-cb9ca8e1e69f': - '5bec676e7faa4b6329027c9798e70e6d5e7a4d6d08696597dc8a3b31490bdfe5', - 'ae8aacc8-bfe3-4735-8075-a135fcf60722': - 'C:\\Users\\Administrator\\AppData\\Local\\cdnver.dll', - '4d31c85a-f08b-4461-a67e-ca1991427e6d': 'SRVWIN01', - '2ddee627-fbe2-45a8-8b2b-eba7542b4e3d': 'cdnver.dll', - '8e8e2e05-521d-4988-b7ce-4763fea1faf0': - 'f5d9e2d82dad1ff40161b92c097340ee07ae43715f6c9270705fb0db7a9eeca4', - '4691c8da-ccba-40f2-b540-0ec5656ad8ef': - 'b4bf1d7b993141f813008dccab0182af3c810de0c10e43a92ac0d9d5f1dbf42e', - '53b3ee1a-1594-447d-94a0-338af2a22844': - '4ab871ec3d41d3271c2a1fc3861fabcbc06f7f4534a1b6f741816417bc73927c', - '2e744d88-3040-4ab8-90a3-1d5011ab1a6b': - '1f492a1b66f6c633a81a4c6318345b07f6d05624714da0b0cb7dd6d8e374e249', - '9e44ac92-1d88-4cfc-9f38-781c3457b395': - 'e6fba60799acc5bf85ca34ec634482b95ac941c71e9822dfa34d9d774dd1e2bd', - '5164c2f3-9f96-4867-a263-cc7041b06ece': 'C:\\ProgramData\\Q3C7N1V8.exe', - '0aaff15a-a311-46b8-b20b-0db550e5005e': 'Q3C7N1V8.exe', - '452ed87e-2e64-486b-ad6a-b368010f570a': - '4be1be7b4351f2e94fa706ea1ab7f9dd7c3267a77832e94794ebb2b0a6d8493a', - '84e2000b-3c0a-4775-9903-89ebe953f247': 'C:\\Programdata\\Q3C7N1V8.exe', - 'd2ce2be7-1d86-4fbe-851a-05883e575a0b': - '5ed1aa94157bd6b949bf1527320caf0e6f5f61d86518e5f13912314d0f024e88', - '7d0ae0fc-7c24-4760-8543-dc4d44f17126': - 'a786f965902ed5490656f48adc79b46676dc2518a052759625f6108bbe2d864d', - 'c7697774-7350-4153-9061-64a484500241': 'SRVWIN01-PRIV', - 'b26da819-a141-4efd-84b0-6d2876f8800d': 'OMM-WIN-PREVENT', - '9896f807-4e57-4da8-b1ea-d62645045428': - '2a33e2c6150dfc6f0d49022fc0b5aefc90db76b6e237371992ebdee909d3c194', - '6d4355b3-3d1a-4673-b0c7-51c1c698bcc5': 'SRVWIN02-PRIV', - '53157916-4437-4a92-a7fd-f792c4aa1aae': - '605ebf550ae0ffc4aec2088b97cbf99853113b0db81879500547c4277ca1981a', - }, - updated: new Date('2024-04-15T13:48:44.393Z'), + isLoadingPost: false, + didInitialFetch: true, + failureReason: null, + generationIntervals: [ + { + date: new Date('2024-04-15T13:48:44.397Z').toISOString(), + durationMs: 85807, }, - claudeV3SonnetUsWest2: { - connectorId: 'claudeV3SonnetUsWest2', - attackDiscoveries: [ - { - alertIds: [ - 'e6b49cac-a5d0-4d22-a7e2-868881aa9d20', - '648d8ad4-6f4e-4c06-99f7-cdbce20f4480', - 'bbfc0fd4-fbad-4ac4-b1b4-a9acd91ac504', - 'c1252ff5-113a-4fe8-b341-9726c5011402', - 'a3544119-12a0-4dd2-97b8-ed211233393b', - '3575d826-2350-4a4d-bb26-c92c324f38ca', - '778fd5cf-13b9-40fe-863d-abac2a6fe3c7', - '2ed82499-db91-4197-ad8d-5f03f59c6616', - '280e1e76-3a10-470c-8adc-094094badb1d', - '61ae312a-82c7-4bae-8014-f3790628b82f', - ], - detailsMarkdown: - '- {{ host.name fb5608fd-5bf4-4b28-8ea8-a51160df847f }} was compromised by a malicious executable {{ file.name d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe }} launched from {{ process.parent.executable C:\\Windows\\Explorer.EXE }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}\n\n- The malicious executable created a suspicious file {{ file.name d2aeb0e2-e327-4979-aa31-d46454d5b1a5 }} and loaded it into memory via {{ process.executable C:\\Windows\\MsMpEng.exe }}\n\n- This behavior triggered multiple alerts for shellcode injection, ransomware activity, and other malicious behaviors\n\n- The malware appears to be a variant of ransomware', - entitySummaryMarkdown: - 'Malicious activity detected on {{ host.name fb5608fd-5bf4-4b28-8ea8-a51160df847f }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}', - id: 'e536ae7a-4ae8-4e47-9f20-0e40ac675d56', - mitreAttackTactics: [ - 'Initial Access', - 'Execution', - 'Persistence', - 'Privilege Escalation', - 'Defense Evasion', - 'Discovery', - 'Lateral Movement', - 'Collection', - 'Exfiltration', - 'Impact', - ], - summaryMarkdown: - 'Multiple critical alerts indicate a ransomware attack on {{ host.name fb5608fd-5bf4-4b28-8ea8-a51160df847f }}, likely initiated by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}', - title: 'Ransomware Attack', - }, - { - alertIds: [ - 'b544dd2a-e208-4dac-afba-b60f799ab623', - '7d3a4bae-3bd7-41a7-aee2-f68088aef1d5', - 'd1716ee3-e12e-4b03-8057-b9320f3ce825', - 'ca31a2b6-cb77-4ca2-ada0-14bb39ec1a2e', - 'a0b56cd3-1f7f-4221-bc88-6efb4082e781', - '2ab6a581-e2ab-4a54-a0e1-7b23bf8299cb', - '1d1040c3-9e30-47fb-b2cf-f9e8ab647547', - ], - detailsMarkdown: - '- {{ host.name b6fb7e37-e3d6-47aa-b176-83d800984be8 }} was compromised by a malicious executable {{ file.name 94b3c78d-c647-4ee1-9eba-8101b806a7af }} launched from {{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}\n\n- The malicious executable was decoded from a file {{ file.name 30820807-30f3-4b43-bb1d-c523d6375f49 }} using certutil.exe, which is a common malware technique\n\n- It established persistence by modifying registry keys and loading a malicious DLL {{ file.name 30820807-30f3-4b43-bb1d-c523d6375f49 }} via rundll32.exe\n\n- This behavior triggered alerts for malware, suspicious Microsoft Office child processes, and uncommon persistence mechanisms', - entitySummaryMarkdown: - 'Malicious activity detected on {{ host.name b6fb7e37-e3d6-47aa-b176-83d800984be8 }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}', - id: '36d3daf0-93f0-4887-8d2c-a935863091a0', - mitreAttackTactics: [ - 'Initial Access', - 'Execution', - 'Persistence', - 'Privilege Escalation', - 'Defense Evasion', - 'Discovery', - ], - summaryMarkdown: - 'Multiple critical alerts indicate a malware infection on {{ host.name b6fb7e37-e3d6-47aa-b176-83d800984be8 }} likely initiated by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }} via a malicious Microsoft Office document', - title: 'Malware Infection via Malicious Office Document', - }, - { - alertIds: ['67a27f31-f18f-4256-b64f-63e718eb688e'], - detailsMarkdown: - '- {{ host.name b8639719-38c4-401e-8582-6e8ea098feef }} was targeted by a malicious executable that attempted to be decoded from a file using certutil.exe, which is a common malware technique\n\n- The malicious activity was initiated from {{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}, likely via a malicious Microsoft Office document\n\n- This behavior triggered an alert for a suspicious Microsoft Office child process', - entitySummaryMarkdown: - 'Suspected malicious activity detected on {{ host.name b8639719-38c4-401e-8582-6e8ea098feef }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}', - id: 'bbf6f5fc-f739-4598-945b-463dea90ea50', - mitreAttackTactics: ['Initial Access', 'Execution', 'Defense Evasion'], - summaryMarkdown: - 'A suspicious Microsoft Office child process was detected on {{ host.name b8639719-38c4-401e-8582-6e8ea098feef }}, potentially initiated by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }} via a malicious document', - title: 'Suspected Malicious Activity via Office Document', - }, - { - alertIds: ['2242a749-7d59-4f24-8b33-b8772ab4f8df'], - detailsMarkdown: - '- A suspicious file creation attempt {{ file.name efcf53ac-3943-4d7d-96b5-d84eefd2c478 }} with the same hash as a known malicious executable was blocked on {{ host.name 6bcc5c79-2171-4c71-9bea-fe0c116d3803 }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}\n\n- The file was likely being staged for later malicious activity\n\n- This triggered a malware prevention alert, indicating the threat was detected and mitigated', - entitySummaryMarkdown: - 'Suspected malicious file blocked on {{ host.name 6bcc5c79-2171-4c71-9bea-fe0c116d3803 }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}', - id: '069a5b43-1458-4e87-8dc6-97459a020ef8', - mitreAttackTactics: ['Initial Access', 'Execution'], - summaryMarkdown: - 'A suspected malicious file creation was blocked on {{ host.name 6bcc5c79-2171-4c71-9bea-fe0c116d3803 }} by {{ user.name 4f7ff689-3079-4811-8fec-8c2bc2646cc2 }}', - title: 'Suspected Malicious File Creation Blocked', - }, - ], - replacements: { - '6fcdf365-367a-4695-b08e-519c31345fec': 'C:\\Windows\\mpsvc.dll', - '4f7ff689-3079-4811-8fec-8c2bc2646cc2': 'Administrator', - 'fb5608fd-5bf4-4b28-8ea8-a51160df847f': 'SRVWIN02', - 'a141c5f0-5c06-41b8-8399-27c03a459398': 'OMM-WIN-DETECT', - 'd2aeb0e2-e327-4979-aa31-d46454d5b1a5': 'mpsvc.dll', - 'e6b49cac-a5d0-4d22-a7e2-868881aa9d20': - '13c8569b2bfd65ecfa75b264b6d7f31a1b50c530101bcaeb8569b3a0190e93b4', - '648d8ad4-6f4e-4c06-99f7-cdbce20f4480': - '250d812f9623d0916bba521d4221757163f199d64ffab92f888581a00ca499be', - 'fca45966-448c-4652-9e02-2600dfa02a35': - 'C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe', - '5b9f846a-c497-4631-8a2f-7de265bfc864': - 'd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e.exe', - 'bbfc0fd4-fbad-4ac4-b1b4-a9acd91ac504': - '138876c616a2f403aadb6a1c3da316d97f15669fc90187a27d7f94a55674d19a', - '61ae312a-82c7-4bae-8014-f3790628b82f': - '2bc20691da4ec37cc1f967d6f5b79e95c7f07f6e473724479dcf4402a192969c', - 'f1bbf0b8-d417-438f-ad09-dd8a854e0abb': - 'C:\\Users\\Administrator\\Desktop\\8813719803\\d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e', - 'efcf53ac-3943-4d7d-96b5-d84eefd2c478': - 'd55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1e', - 'c1252ff5-113a-4fe8-b341-9726c5011402': - '6cea6124aa27adf2f782db267c5173742b675331107cdb7372a46ae469366210', - 'a3544119-12a0-4dd2-97b8-ed211233393b': - '26a9788ca7189baa31dcbb509779c1ac5d2e72297cb02e4b4ee8c1f9e371666f', - '3575d826-2350-4a4d-bb26-c92c324f38ca': - 'c107e4e903724f2a1e0ea8e0135032d1d75624bf7de8b99c17ba9a9f178c2d6a', - '778fd5cf-13b9-40fe-863d-abac2a6fe3c7': - 'afb8ed160ae9f78990980d92fb3213ffff74a12ec75034384b4f53a3edf74400', - '2ed82499-db91-4197-ad8d-5f03f59c6616': - '137aa729928d2a0df1d5e35f47f0ad2bd525012409a889358476dca8e06ba804', - '280e1e76-3a10-470c-8adc-094094badb1d': - '5bec676e7faa4b6329027c9798e70e6d5e7a4d6d08696597dc8a3b31490bdfe5', - '6fad79d9-1ed4-4c1d-8b30-43023b7a5552': - 'C:\\Users\\Administrator\\AppData\\Local\\cdnver.dll', - 'b6fb7e37-e3d6-47aa-b176-83d800984be8': 'SRVWIN01', - '30820807-30f3-4b43-bb1d-c523d6375f49': 'cdnver.dll', - '1d1040c3-9e30-47fb-b2cf-f9e8ab647547': - 'f5d9e2d82dad1ff40161b92c097340ee07ae43715f6c9270705fb0db7a9eeca4', - 'b544dd2a-e208-4dac-afba-b60f799ab623': - 'b4bf1d7b993141f813008dccab0182af3c810de0c10e43a92ac0d9d5f1dbf42e', - '7d3a4bae-3bd7-41a7-aee2-f68088aef1d5': - '4ab871ec3d41d3271c2a1fc3861fabcbc06f7f4534a1b6f741816417bc73927c', - 'd1716ee3-e12e-4b03-8057-b9320f3ce825': - '1f492a1b66f6c633a81a4c6318345b07f6d05624714da0b0cb7dd6d8e374e249', - 'ca31a2b6-cb77-4ca2-ada0-14bb39ec1a2e': - 'e6fba60799acc5bf85ca34ec634482b95ac941c71e9822dfa34d9d774dd1e2bd', - '03bcdffb-54d1-457e-9599-f10b93e10ed3': 'C:\\ProgramData\\Q3C7N1V8.exe', - '94b3c78d-c647-4ee1-9eba-8101b806a7af': 'Q3C7N1V8.exe', - '8fd14f7c-6b89-43b2-b58e-09502a007e21': - '4be1be7b4351f2e94fa706ea1ab7f9dd7c3267a77832e94794ebb2b0a6d8493a', - '2342b541-1c6b-4d59-bbd4-d897637573e1': 'C:\\Programdata\\Q3C7N1V8.exe', - 'a0b56cd3-1f7f-4221-bc88-6efb4082e781': - '5ed1aa94157bd6b949bf1527320caf0e6f5f61d86518e5f13912314d0f024e88', - '2ab6a581-e2ab-4a54-a0e1-7b23bf8299cb': - 'a786f965902ed5490656f48adc79b46676dc2518a052759625f6108bbe2d864d', - 'b8639719-38c4-401e-8582-6e8ea098feef': 'SRVWIN01-PRIV', - '0549244b-3878-4ff8-a327-1758b8e88c10': 'OMM-WIN-PREVENT', - '67a27f31-f18f-4256-b64f-63e718eb688e': - '2a33e2c6150dfc6f0d49022fc0b5aefc90db76b6e237371992ebdee909d3c194', - '6bcc5c79-2171-4c71-9bea-fe0c116d3803': 'SRVWIN02-PRIV', - '2242a749-7d59-4f24-8b33-b8772ab4f8df': - '605ebf550ae0ffc4aec2088b97cbf99853113b0db81879500547c4277ca1981a', - }, - updated: new Date('2024-04-15T15:11:24.903Z'), + { + date: new Date('2024-04-15T12:41:15.255Z').toISOString(), + durationMs: 12751, }, - }, - generationIntervals: { - claudeV3SonnetUsEast1: [ - { - connectorId: 'claudeV3SonnetUsEast1', - date: new Date('2024-04-15T13:48:44.397Z'), - durationMs: 85807, - }, - { - connectorId: 'claudeV3SonnetUsEast1', - date: new Date('2024-04-15T12:41:15.255Z'), - durationMs: 12751, - }, - { - connectorId: 'claudeV3SonnetUsEast1', - date: new Date('2024-04-12T20:59:13.238Z'), - durationMs: 46169, - }, - { - connectorId: 'claudeV3SonnetUsEast1', - date: new Date('2024-04-12T19:34:56.701Z'), - durationMs: 86674, - }, - { - connectorId: 'claudeV3SonnetUsEast1', - date: new Date('2024-04-12T19:17:21.697Z'), - durationMs: 78486, - }, - ], - claudeV3SonnetUsWest2: [ - { - connectorId: 'claudeV3SonnetUsWest2', - date: new Date('2024-04-15T15:11:24.906Z'), - durationMs: 71715, - }, - { - connectorId: 'claudeV3SonnetUsWest2', - date: new Date('2024-04-12T13:13:35.335Z'), - durationMs: 66176, - }, - { - connectorId: 'claudeV3SonnetUsWest2', - date: new Date('2024-04-11T18:30:36.360Z'), - durationMs: 88079, - }, - { - connectorId: 'claudeV3SonnetUsWest2', - date: new Date('2024-04-11T18:12:50.350Z'), - durationMs: 77704, - }, - { - connectorId: 'claudeV3SonnetUsWest2', - date: new Date('2024-04-11T17:57:21.902Z'), - durationMs: 77016, - }, - ], - }, + { + date: new Date('2024-04-12T20:59:13.238Z').toISOString(), + durationMs: 46169, + }, + { + date: new Date('2024-04-12T19:34:56.701Z').toISOString(), + durationMs: 86674, + }, + { + date: new Date('2024-04-12T19:17:21.697Z').toISOString(), + durationMs: 78486, + }, + ], fetchAttackDiscoveries, + onCancel: jest.fn(), attackDiscoveries: [ { + timestamp: new Date('2024-04-15T15:11:24.906Z').toISOString(), alertIds: [ 'e770a817-0e87-4e4b-8e26-1bf504a209d2', 'f0ab5b5d-55c5-4d05-8f4f-12f0e62ecd96', @@ -394,6 +65,7 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = ( title: 'Potential Ransomware Attack Progression Detected', }, { + timestamp: new Date('2024-04-15T15:11:24.906Z').toISOString(), alertIds: [ '4691c8da-ccba-40f2-b540-0ec5656ad8ef', '53b3ee1a-1594-447d-94a0-338af2a22844', @@ -413,6 +85,7 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = ( title: 'Potential Malware Attack Progression Detected', }, { + timestamp: new Date('2024-04-15T15:11:24.906Z').toISOString(), alertIds: ['9896f807-4e57-4da8-b1ea-d62645045428'], detailsMarkdown: '- {{ host.name c7697774-7350-4153-9061-64a484500241 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware attack:\n\n - A Microsoft Office process ({{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\EXCEL.EXE }}) launched a suspicious child process ({{ process.name certutil.exe }}) with unusual arguments to decode a file ({{ file.name K2G8Q8Z9.txt }}) into another executable ({{ file.name Z5K7J6H8.exe }}).\n - This behavior triggered a "Malicious Behavior Prevention Alert: Suspicious Microsoft Office Child Process" alert.\n\n- The certutil.exe process is commonly abused by malware to decode and execute malicious payloads.', @@ -425,6 +98,7 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = ( title: 'Potential Malware Attack Detected', }, { + timestamp: new Date('2024-04-15T15:11:24.906Z').toISOString(), alertIds: ['53157916-4437-4a92-a7fd-f792c4aa1aae'], detailsMarkdown: '- {{ host.name 6d4355b3-3d1a-4673-b0c7-51c1c698bcc5 }} and {{ user.name 73f9a91c-3268-4229-8bb9-7c1fe2f667bc }} were involved in a potential malware incident:\n\n - The explorer.exe process ({{ process.executable C:\\Windows\\explorer.exe }}) attempted to create a file ({{ file.name 25a994dc-c605-425c-b139-c273001dc816 }}) at {{ file.path 9693f967-2b96-4281-893e-79adbdcf1066 }}.\n - This file creation attempt was blocked, and a "Malware Prevention Alert" was triggered.\n\n- The file {{ file.name 25a994dc-c605-425c-b139-c273001dc816 }} was likely identified as malicious by Elastic Endpoint Security, leading to the prevention of its creation.', @@ -505,30 +179,103 @@ export const getMockUseAttackDiscoveriesWithCachedAttackDiscoveries = ( isLoading: false, }); -export const getMockUseAttackDiscoveriesWithNoAttackDiscoveries = ( - fetchAttackDiscoveries: () => Promise<void> -): UseAttackDiscovery => ({ - alertsContextCount: null, - approximateFutureTime: null, - cachedAttackDiscoveries: {}, - fetchAttackDiscoveries, - generationIntervals: undefined, - attackDiscoveries: [], - lastUpdated: null, - replacements: {}, - isLoading: false, -}); - export const getMockUseAttackDiscoveriesWithNoAttackDiscoveriesLoading = ( fetchAttackDiscoveries: () => Promise<void> ): UseAttackDiscovery => ({ alertsContextCount: null, approximateFutureTime: new Date('2024-04-15T17:13:29.470Z'), // <-- estimated generation completion time - cachedAttackDiscoveries: {}, fetchAttackDiscoveries, + onCancel: jest.fn(), generationIntervals: undefined, attackDiscoveries: [], + isLoadingPost: false, + didInitialFetch: true, + failureReason: null, lastUpdated: null, replacements: {}, isLoading: true, // <-- attack discoveries are being generated }); + +export const getRawAttackDiscoveryResponse = () => ({ + alertsContextCount: 20, + attackDiscoveries: [ + { + alertIds: [ + '382d546a7ba5ab35c050f106bece236e87e3d51076a479f0beae8b2015b8fb26', + 'ca9da6b3b77b7038d958b9e144f0a406c223a862c0c991ce9782b98e03a98c87', + '5301f4fb014538df7ce1eb9929227dde3adc0bf5b4f28aa15c8aa4e4fda95f35', + '1459af4af8b92e1710c0ee075b1c444eaa927583dfd71b42e9a10de37c8b9cf0', + '468457e9c5132aadae501b75ec5b766e1465ab865ad8d79e03f66593a76fccdf', + 'fb92e7fa5679db3e91d84d998faddb7ed269f1c8cdc40443f35e67c930383d34', + '03e0f8f1598018da8143bba6b60e6ddea30551a2286ba76d717568eed3d17a66', + '28021a7aca7de03018d820182c9784f8d5f2e1b99e0159177509a69bee1c3ac0', + ], + detailsMarkdown: + 'The following attack progression appears to have occurred on the host {{ host.name 05207978-1585-4e46-9b36-69c4bb85a768 }} involving the user {{ user.name ddc8db29-46eb-44fe-80b6-1ea642c338ac }}:\\n\\n- A suspicious application named "My Go Application.app" was launched, likely through a malicious download or installation\\n- This application attempted to run various malicious scripts and commands, including:\\n - Spawning a child process to run the "osascript" utility to display a fake system dialog prompting for user credentials ({{ process.command_line osascript -e display dialog "MacOS wants to access System Preferences\\n\\t\\t\\nPlease enter your password." with title "System Preferences" with icon file "System:Library:CoreServices:CoreTypes.bundle:Contents:Resources:ToolbarAdvanced.icns" default answer "" giving up after 30 with hidden answer ¬ }})\\n - Modifying permissions on a suspicious file named "unix1" ({{ process.command_line chmod 777 /Users/james/unix1 }})\\n - Executing the suspicious "unix1" file and passing it the user\'s login keychain file and a hardcoded password ({{ process.command_line /Users/james/unix1 /Users/james/library/Keychains/login.keychain-db TempTemp1234!! }})\\n\\nThis appears to be a multi-stage malware attack, potentially aimed at credential theft and further malicious execution on the compromised host. The tactics used align with Credential Access ({{ threat.tactic.name Credential Access }}) and Execution ({{ threat.tactic.name Execution }}) based on MITRE ATT&CK.', + entitySummaryMarkdown: + 'Suspicious activity detected on {{ host.name 05207978-1585-4e46-9b36-69c4bb85a768 }} involving {{ user.name ddc8db29-46eb-44fe-80b6-1ea642c338ac }}.', + mitreAttackTactics: ['Credential Access', 'Execution'], + summaryMarkdown: + 'A multi-stage malware attack was detected on a macOS host, likely initiated through a malicious application download. The attack involved credential phishing attempts, suspicious file modifications, and the execution of untrusted binaries potentially aimed at credential theft. {{ host.name 05207978-1585-4e46-9b36-69c4bb85a768 }} and {{ user.name ddc8db29-46eb-44fe-80b6-1ea642c338ac }} were involved.', + title: 'Credential Theft Malware Attack on macOS', + }, + { + alertIds: [ + '8772effc4970e371a26d556556f68cb8c73f9d9d9482b7f20ee1b1710e642a23', + '63c761718211fa51ea797669d845c3d4f23b1a28c77a101536905e6fd0b4aaa6', + '55f4641a9604e1088deae4897e346e63108bde9167256c7cb236164233899dcc', + 'eaf9991c83feef7798983dc7cacda86717d77136a3a72c9122178a03ce2f15d1', + 'f7044f707ac119256e5a0ccd41d451b51bca00bdc6899c7e5e8e1edddfeb6774', + 'fad83b4223f3c159646ad22df9877b9c400f9472655e49781e2a5951b641088e', + ], + detailsMarkdown: + 'The following attack progression appears to have occurred on the host {{ host.name b775910b-4b71-494d-bfb1-4be3fe88c2b0 }} involving the user {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }}:\\n\\n- A malicious Microsoft Office document was opened, spawning a child process to write a suspicious VBScript file named "AppPool.vbs" ({{ file.path C:\\ProgramData\\WindowsAppPool\\AppPool.vbs }})\\n- The VBScript launched PowerShell and executed an obfuscated script from "AppPool.ps1"\\n- Additional malicious activities were performed, including:\\n - Creating a scheduled task to periodically execute the VBScript\\n - Spawning a cmd.exe process to create the scheduled task\\n - Executing the VBScript directly\\n\\nThis appears to be a multi-stage malware attack initiated through malicious Office documents, employing script obfuscation, scheduled task persistence, and defense evasion tactics. The activities map to Initial Access ({{ threat.tactic.name Initial Access }}), Execution ({{ threat.tactic.name Execution }}), and Defense Evasion ({{ threat.tactic.name Defense Evasion }}) based on MITRE ATT&CK.', + entitySummaryMarkdown: + 'Suspicious activity detected on {{ host.name b775910b-4b71-494d-bfb1-4be3fe88c2b0 }} involving {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }}.', + mitreAttackTactics: ['Initial Access', 'Execution', 'Defense Evasion'], + summaryMarkdown: + 'A multi-stage malware attack was detected on a Windows host, likely initiated through a malicious Microsoft Office document. The attack involved script obfuscation, scheduled task persistence, and other defense evasion tactics. {{ host.name b775910b-4b71-494d-bfb1-4be3fe88c2b0 }} and {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }} were involved.', + title: 'Malicious Office Document Initiates Malware Attack', + }, + { + alertIds: [ + 'd1b8b1c6f891fd181af236d0a81b8769c4569016d5b341cdf6a3fefb7cf9cbfd', + '005f2dfb7efb08b34865b308876ecad188fc9a3eebf35b5e3af3c3780a3fb239', + '7e41ddd221831544c5ff805e0ec31fc3c1f22c04257de1366112cfef14df9f63', + ], + detailsMarkdown: + 'The following attack progression appears to have occurred on the host {{ host.name c1e00157-c636-4222-b3a2-5d9ea667a3a8 }} involving the user {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }}:\\n\\n- A suspicious process launched by msiexec.exe spawned a PowerShell session\\n- The PowerShell process exhibited the following malicious behaviors:\\n - Shellcode injection detected, indicating the presence of the "Windows.Trojan.Bumblebee" malware\\n - Establishing network connections, suggesting command and control or data exfiltration\\n\\nThis appears to be a case of malware delivery and execution via an MSI package, potentially initiated through a software supply chain compromise or social engineering attack. The tactics employed align with Defense Evasion ({{ threat.tactic.name Defense Evasion }}) through system binary proxy execution, as well as potential Command and Control ({{ threat.tactic.name Command and Control }}) based on MITRE ATT&CK.', + entitySummaryMarkdown: + 'Suspicious activity detected on {{ host.name c1e00157-c636-4222-b3a2-5d9ea667a3a8 }} involving {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }}.', + mitreAttackTactics: ['Defense Evasion', 'Command and Control'], + summaryMarkdown: + 'A malware attack was detected on a Windows host, likely delivered through a compromised MSI package. The attack involved shellcode injection, network connections, and the use of system binaries for defense evasion. {{ host.name c1e00157-c636-4222-b3a2-5d9ea667a3a8 }} and {{ user.name e411fe2e-aeea-44b5-b09a-4336dabb3969 }} were involved.', + title: 'Malware Delivery via Compromised MSI Package', + }, + { + alertIds: [ + '12057d82e79068080f6acf268ca45c777d3f80946b466b59954320ec5f86f24a', + '81c7c57a360bee531b1398b0773e7c4a2332fbdda4e66f135e01fc98ec7f4e3d', + ], + detailsMarkdown: + 'The following attack progression appears to have occurred on the host {{ host.name d4c92b0d-b82f-4702-892d-dd06ad8418e8 }} involving the user {{ user.name 7245f867-9a09-48d7-9165-84a69fa0727d }}:\\n\\n- A malicious file named "kdmtmpflush" with the SHA256 hash {{ file.hash.sha256 74ef6cc38f5a1a80148752b63c117e6846984debd2af806c65887195a8eccc56 }} was copied to the /dev/shm directory\\n- Permissions were modified to make the file executable\\n- The file was then executed with the "--init" argument, likely to initialize malicious components\\n\\nThis appears to be a case of the "Linux.Trojan.BPFDoor" malware being deployed on the Linux host. The tactics employed align with Execution ({{ threat.tactic.name Execution }}) based on MITRE ATT&CK.', + entitySummaryMarkdown: + 'Suspicious activity detected on {{ host.name d4c92b0d-b82f-4702-892d-dd06ad8418e8 }} involving {{ user.name 7245f867-9a09-48d7-9165-84a69fa0727d }}.', + mitreAttackTactics: ['Execution'], + summaryMarkdown: + 'The "Linux.Trojan.BPFDoor" malware was detected being deployed on a Linux host. A malicious file was copied, permissions were modified, and the file was executed to likely initialize malicious components. {{ host.name d4c92b0d-b82f-4702-892d-dd06ad8418e8 }} and {{ user.name 7245f867-9a09-48d7-9165-84a69fa0727d }} were involved.', + title: 'Linux.Trojan.BPFDoor Malware Deployment Detected', + }, + ], + connector_id: 'pmeClaudeV3SonnetUsEast1', + replacements: { + 'ddc8db29-46eb-44fe-80b6-1ea642c338ac': 'james', + '05207978-1585-4e46-9b36-69c4bb85a768': 'SRVMAC08', + '7245f867-9a09-48d7-9165-84a69fa0727d': 'root', + 'e411fe2e-aeea-44b5-b09a-4336dabb3969': 'Administrator', + '5a63f6dc-4e40-41fe-a92c-7898e891025e': 'SRVWIN07-PRIV', + 'b775910b-4b71-494d-bfb1-4be3fe88c2b0': 'SRVWIN07', + 'c1e00157-c636-4222-b3a2-5d9ea667a3a8': 'SRVWIN06', + 'd4c92b0d-b82f-4702-892d-dd06ad8418e8': 'SRVNIX05', + }, +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.test.tsx new file mode 100644 index 0000000000000..a70bfaa5c9951 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.test.tsx @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { AnimatedCounter } from '.'; + +describe('AnimatedCounter', () => { + it('renders the expected final count', async () => { + const animationDurationMs = 10; // ms + const count = 20; + + render(<AnimatedCounter animationDurationMs={animationDurationMs} count={count} />); + await new Promise((resolve) => setTimeout(resolve, animationDurationMs + 10)); + + const animatedCounter = screen.getByTestId('animatedCounter'); + + expect(animatedCounter).toHaveTextContent(`${count}`); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.tsx index 2428158aa5b71..5dd4cb8fc4267 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/animated_counter/index.tsx @@ -11,14 +11,14 @@ import * as d3 from 'd3'; import React, { useRef, useEffect } from 'react'; interface Props { + animationDurationMs?: number; count: number; } -const AnimatedCounterComponent: React.FC<Props> = ({ count }) => { +const AnimatedCounterComponent: React.FC<Props> = ({ animationDurationMs = 1000 * 1, count }) => { const { euiTheme } = useEuiTheme(); const d3Ref = useRef(null); const zero = 0; // counter starts at zero - const animationDurationMs = 1000 * 1; useEffect(() => { if (d3Ref.current) { diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/index.test.tsx new file mode 100644 index 0000000000000..70acc1dbb2ca8 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_prompt/index.test.tsx @@ -0,0 +1,150 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render, screen } from '@testing-library/react'; +import React from 'react'; + +import { EmptyPrompt } from '.'; +import { useAssistantAvailability } from '../../../assistant/use_assistant_availability'; +import { TestProviders } from '../../../common/mock'; + +jest.mock('../../../assistant/use_assistant_availability'); + +describe('EmptyPrompt', () => { + const alertsCount = 20; + const onGenerate = jest.fn(); + + beforeEach(() => { + jest.clearAllMocks(); + }); + + describe('when the user has the assistant privilege', () => { + beforeEach(() => { + (useAssistantAvailability as jest.Mock).mockReturnValue({ + hasAssistantPrivilege: true, + isAssistantEnabled: true, + }); + + render( + <TestProviders> + <EmptyPrompt + alertsCount={alertsCount} + isLoading={false} + isDisabled={false} + onGenerate={onGenerate} + /> + </TestProviders> + ); + }); + + it('renders the empty prompt avatar', () => { + const emptyPromptAvatar = screen.getByTestId('emptyPromptAvatar'); + + expect(emptyPromptAvatar).toBeInTheDocument(); + }); + + it('renders the animated counter', () => { + const emptyPromptAnimatedCounter = screen.getByTestId('emptyPromptAnimatedCounter'); + + expect(emptyPromptAnimatedCounter).toBeInTheDocument(); + }); + + it('renders the expected statement', () => { + const emptyPromptAlertsWillBeAnalyzed = screen.getByTestId('emptyPromptAlertsWillBeAnalyzed'); + + expect(emptyPromptAlertsWillBeAnalyzed).toHaveTextContent('alerts will be analyzed'); + }); + + it('calls onGenerate when the generate button is clicked', () => { + const generateButton = screen.getByTestId('generate'); + + fireEvent.click(generateButton); + + expect(onGenerate).toHaveBeenCalled(); + }); + }); + + describe('when the user does NOT have the assistant privilege', () => { + it('disables the generate button when the user does NOT have the assistant privilege', () => { + (useAssistantAvailability as jest.Mock).mockReturnValue({ + hasAssistantPrivilege: false, // <-- the user does NOT have the assistant privilege + isAssistantEnabled: true, + }); + + render( + <TestProviders> + <EmptyPrompt + alertsCount={alertsCount} + isLoading={false} + isDisabled={false} + onGenerate={onGenerate} + /> + </TestProviders> + ); + + const generateButton = screen.getByTestId('generate'); + + expect(generateButton).toBeDisabled(); + }); + }); + + describe('when loading is true', () => { + const isLoading = true; + + beforeEach(() => { + (useAssistantAvailability as jest.Mock).mockReturnValue({ + hasAssistantPrivilege: true, + isAssistantEnabled: true, + }); + + render( + <TestProviders> + <EmptyPrompt + alertsCount={alertsCount} + isLoading={isLoading} + isDisabled={false} + onGenerate={onGenerate} + /> + </TestProviders> + ); + }); + + it('disables the generate button while loading', () => { + const generateButton = screen.getByTestId('generate'); + + expect(generateButton).toBeDisabled(); + }); + }); + + describe('when isDisabled is true', () => { + const isDisabled = true; + + beforeEach(() => { + (useAssistantAvailability as jest.Mock).mockReturnValue({ + hasAssistantPrivilege: true, + isAssistantEnabled: true, + }); + + render( + <TestProviders> + <EmptyPrompt + alertsCount={alertsCount} + isLoading={false} + isDisabled={isDisabled} + onGenerate={onGenerate} + /> + </TestProviders> + ); + }); + + it('disables the generate button when isDisabled is true', () => { + const generateButton = screen.getByTestId('generate'); + + expect(generateButton).toBeDisabled(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.test.tsx index 406b9a4233d7c..460511defbdf9 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.test.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.test.tsx @@ -32,6 +32,7 @@ describe('EmptyStates', () => { alertsCount={alertsCount} attackDiscoveriesCount={attackDiscoveriesCount} connectorId={connectorId} + failureReason={null} isLoading={isLoading} onGenerate={onGenerate} /> @@ -72,6 +73,7 @@ describe('EmptyStates', () => { alertsCount={alertsCount} attackDiscoveriesCount={attackDiscoveriesCount} connectorId={connectorId} + failureReason={null} isLoading={isLoading} onGenerate={onGenerate} /> @@ -83,6 +85,10 @@ describe('EmptyStates', () => { expect(screen.queryByTestId('welcome')).not.toBeInTheDocument(); }); + it('does NOT render the Failure prompt', () => { + expect(screen.queryByTestId('failure')).not.toBeInTheDocument(); + }); + it('renders the No Alerts prompt', () => { expect(screen.getByTestId('noAlerts')).toBeInTheDocument(); }); @@ -92,6 +98,51 @@ describe('EmptyStates', () => { }); }); + describe('when the Failure prompt should be shown', () => { + beforeEach(() => { + jest.clearAllMocks(); + + const aiConnectorsCount = 1; + const alertsContextCount = 10; + const alertsCount = 10; + const attackDiscoveriesCount = 10; + const connectorId = 'test-connector-id'; + const isLoading = false; + const onGenerate = jest.fn(); + + render( + <TestProviders> + <EmptyStates + aiConnectorsCount={aiConnectorsCount} + alertsContextCount={alertsContextCount} + alertsCount={alertsCount} + attackDiscoveriesCount={attackDiscoveriesCount} + connectorId={connectorId} + failureReason={"you're a failure"} + isLoading={isLoading} + onGenerate={onGenerate} + /> + </TestProviders> + ); + }); + + it('does NOT render the Welcome prompt', () => { + expect(screen.queryByTestId('welcome')).not.toBeInTheDocument(); + }); + + it('renders the Failure prompt', () => { + expect(screen.getByTestId('failure')).toBeInTheDocument(); + }); + + it('does NOT render the No Alerts prompt', () => { + expect(screen.queryByTestId('noAlerts')).not.toBeInTheDocument(); + }); + + it('does NOT render the Empty prompt', () => { + expect(screen.queryByTestId('emptyPrompt')).not.toBeInTheDocument(); + }); + }); + describe('when the Empty prompt should be shown', () => { beforeEach(() => { jest.clearAllMocks(); @@ -112,6 +163,7 @@ describe('EmptyStates', () => { alertsCount={alertsCount} attackDiscoveriesCount={attackDiscoveriesCount} connectorId={connectorId} + failureReason={null} isLoading={isLoading} onGenerate={onGenerate} /> @@ -123,6 +175,10 @@ describe('EmptyStates', () => { expect(screen.queryByTestId('welcome')).not.toBeInTheDocument(); }); + it('does NOT render the Failure prompt', () => { + expect(screen.queryByTestId('failure')).not.toBeInTheDocument(); + }); + it('does NOT render the No Alerts prompt', () => { expect(screen.queryByTestId('noAlerts')).not.toBeInTheDocument(); }); @@ -154,6 +210,7 @@ describe('EmptyStates', () => { alertsCount={alertsCount} attackDiscoveriesCount={attackDiscoveriesCount} connectorId={connectorId} + failureReason={null} isLoading={isLoading} onGenerate={onGenerate} /> @@ -165,6 +222,10 @@ describe('EmptyStates', () => { expect(screen.queryByTestId('welcome')).not.toBeInTheDocument(); }); + it('does NOT render the Failure prompt', () => { + expect(screen.queryByTestId('failure')).not.toBeInTheDocument(); + }); + it('does NOT render the No Alerts prompt', () => { expect(screen.queryByTestId('noAlerts')).not.toBeInTheDocument(); }); @@ -200,6 +261,7 @@ describe('EmptyStates', () => { alertsCount={alertsCount} attackDiscoveriesCount={attackDiscoveriesCount} connectorId={connectorId} + failureReason={null} isLoading={isLoading} onGenerate={onGenerate} /> @@ -211,6 +273,10 @@ describe('EmptyStates', () => { expect(screen.queryByTestId('welcome')).not.toBeInTheDocument(); }); + it('does NOT render the Failure prompt', () => { + expect(screen.queryByTestId('failure')).not.toBeInTheDocument(); + }); + it('does NOT render the No Alerts prompt', () => { expect(screen.queryByTestId('noAlerts')).not.toBeInTheDocument(); }); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.tsx index 009db0eb6e326..d38200a4be205 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/empty_states/index.tsx @@ -7,6 +7,7 @@ import React from 'react'; +import { Failure } from '../failure'; import { EmptyPrompt } from '../empty_prompt'; import { showEmptyPrompt, showNoAlertsPrompt, showWelcomePrompt } from '../helpers'; import { NoAlerts } from '../no_alerts'; @@ -18,6 +19,7 @@ interface Props { alertsCount: number; attackDiscoveriesCount: number; connectorId: string | undefined; + failureReason: string | null; isLoading: boolean; onGenerate: () => Promise<void>; } @@ -28,11 +30,14 @@ const EmptyStatesComponent: React.FC<Props> = ({ alertsCount, attackDiscoveriesCount, connectorId, + failureReason, isLoading, onGenerate, }) => { if (showWelcomePrompt({ aiConnectorsCount, isLoading })) { return <Welcome />; + } else if (failureReason !== null) { + return <Failure failureReason={failureReason} />; } else if (showNoAlertsPrompt({ alertsContextCount, isLoading })) { return <NoAlerts />; } else if (showEmptyPrompt({ attackDiscoveriesCount, isLoading })) { diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.test.tsx new file mode 100644 index 0000000000000..74778cb49164f --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.test.tsx @@ -0,0 +1,53 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Failure } from '.'; +import { LEARN_MORE, FAILURE_TITLE } from './translations'; +const failureReason = "You're a failure"; +describe('Failure', () => { + beforeEach(() => { + render(<Failure failureReason={failureReason} />); + }); + + it('renders the expected title', () => { + const title = screen.getByTestId('failureTitle'); + + expect(title).toHaveTextContent(FAILURE_TITLE); + }); + + it('renders the expected body text', () => { + const bodyText = screen.getByTestId('bodyText'); + + expect(bodyText).toHaveTextContent(failureReason); + }); + + describe('link', () => { + let learnMoreLink: HTMLElement; + + beforeEach(() => { + learnMoreLink = screen.getByTestId('learnMoreLink'); + }); + + it('links to the documentation', () => { + expect(learnMoreLink).toHaveAttribute( + 'href', + 'https://www.elastic.co/guide/en/security/current/attack-discovery.html' + ); + }); + + it('opens in a new tab', () => { + expect(learnMoreLink).toHaveAttribute('target', '_blank'); + }); + + it('has the expected text', () => { + expect(learnMoreLink).toHaveTextContent(LEARN_MORE); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.tsx new file mode 100644 index 0000000000000..8de3e0e380c07 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/index.tsx @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem, EuiLink, EuiText } from '@elastic/eui'; +import React from 'react'; + +import * as i18n from './translations'; + +const FailureComponent: React.FC<{ failureReason: string }> = ({ failureReason }) => { + return ( + <EuiFlexGroup alignItems="center" data-test-subj="failure" direction="column"> + <EuiFlexItem data-test-subj="emptyPromptContainer" grow={false}> + <EuiEmptyPrompt + iconType="error" + color="danger" + body={ + <EuiText color="subdued" data-test-subj="bodyText"> + {failureReason} + </EuiText> + } + title={<h2 data-test-subj="failureTitle">{i18n.FAILURE_TITLE}</h2>} + /> + </EuiFlexItem> + + <EuiFlexItem grow={false}> + <EuiLink + external={true} + data-test-subj="learnMoreLink" + href="https://www.elastic.co/guide/en/security/current/attack-discovery.html" + target="_blank" + > + {i18n.LEARN_MORE} + </EuiLink> + </EuiFlexItem> + </EuiFlexGroup> + ); +}; + +export const Failure = React.memo(FailureComponent); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/translations.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/translations.ts new file mode 100644 index 0000000000000..b36104d202ba8 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/failure/translations.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { i18n } from '@kbn/i18n'; + +export const LEARN_MORE = i18n.translate( + 'xpack.securitySolution.attackDiscovery.pages.failure.learnMoreLink', + { + defaultMessage: 'Learn more about Attack discovery', + } +); + +export const FAILURE_TITLE = i18n.translate( + 'xpack.securitySolution.attackDiscovery.pages.failure.title', + { + defaultMessage: 'Attack discovery generation failed', + } +); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.test.tsx new file mode 100644 index 0000000000000..18dddaea3abdc --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.test.tsx @@ -0,0 +1,183 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Header } from '.'; +import { useAssistantAvailability } from '../../../assistant/use_assistant_availability'; +import { TestProviders } from '../../../common/mock'; + +jest.mock('../../../assistant/use_assistant_availability'); + +describe('Header', () => { + beforeEach(() => { + (useAssistantAvailability as jest.Mock).mockReturnValue({ + hasAssistantPrivilege: true, + isAssistantEnabled: true, + }); + }); + + it('renders the connector selector', () => { + render( + <TestProviders> + <Header + connectorId="testConnectorId" + connectorsAreConfigured={true} + isDisabledActions={false} + isLoading={false} + onCancel={jest.fn()} + onGenerate={jest.fn()} + onConnectorIdSelected={jest.fn()} + /> + </TestProviders> + ); + + const connectorSelector = screen.getByTestId('connectorSelectorPlaceholderButton'); + + expect(connectorSelector).toBeInTheDocument(); + }); + + it('does NOT render the connector selector when connectors are NOT configured', () => { + const connectorsAreConfigured = false; + + render( + <TestProviders> + <Header + connectorId="testConnectorId" + connectorsAreConfigured={connectorsAreConfigured} + isDisabledActions={false} + isLoading={false} + onCancel={jest.fn()} + onGenerate={jest.fn()} + onConnectorIdSelected={jest.fn()} + /> + </TestProviders> + ); + + const connectorSelector = screen.queryByTestId('connectorSelectorPlaceholderButton'); + + expect(connectorSelector).not.toBeInTheDocument(); + }); + + it('invokes onGenerate when the generate button is clicked', () => { + const onGenerate = jest.fn(); + + render( + <TestProviders> + <Header + connectorId="testConnectorId" + connectorsAreConfigured={true} + isDisabledActions={false} + isLoading={false} + onCancel={jest.fn()} + onConnectorIdSelected={jest.fn()} + onGenerate={onGenerate} + /> + </TestProviders> + ); + + const generate = screen.getByTestId('generate'); + + fireEvent.click(generate); + + expect(onGenerate).toHaveBeenCalled(); + }); + + it('disables the generate button when the user does NOT have the assistant privilege', () => { + (useAssistantAvailability as jest.Mock).mockReturnValue({ + hasAssistantPrivilege: false, + isAssistantEnabled: true, + }); + + render( + <TestProviders> + <Header + connectorId="testConnectorId" + connectorsAreConfigured={true} + isDisabledActions={false} + isLoading={false} + onCancel={jest.fn()} + onConnectorIdSelected={jest.fn()} + onGenerate={jest.fn()} + /> + </TestProviders> + ); + + const generate = screen.getByTestId('generate'); + + expect(generate).toBeDisabled(); + }); + + it('displays the cancel button when loading', () => { + const isLoading = true; + + render( + <TestProviders> + <Header + connectorId="testConnectorId" + connectorsAreConfigured={true} + isDisabledActions={false} + isLoading={isLoading} + onCancel={jest.fn()} + onConnectorIdSelected={jest.fn()} + onGenerate={jest.fn()} + /> + </TestProviders> + ); + + const cancel = screen.getByTestId('cancel'); + + expect(cancel).toBeInTheDocument(); + }); + + it('invokes onCancel when the cancel button is clicked', () => { + const isLoading = true; + const onCancel = jest.fn(); + + render( + <TestProviders> + <Header + connectorId="testConnectorId" + connectorsAreConfigured={true} + isDisabledActions={false} + isLoading={isLoading} + onCancel={onCancel} + onConnectorIdSelected={jest.fn()} + onGenerate={jest.fn()} + /> + </TestProviders> + ); + + const cancel = screen.getByTestId('cancel'); + fireEvent.click(cancel); + + expect(onCancel).toHaveBeenCalled(); + }); + + it('disables the generate button when connectorId is undefined', () => { + const connectorId = undefined; + + render( + <TestProviders> + <Header + connectorId={connectorId} + connectorsAreConfigured={true} + isDisabledActions={false} + isLoading={false} + onCancel={jest.fn()} + onConnectorIdSelected={jest.fn()} + onGenerate={jest.fn()} + /> + </TestProviders> + ); + + const generate = screen.getByTestId('generate'); + + expect(generate).toBeDisabled(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.tsx index 650eff33fbd93..e62128d3973cf 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/index.tsx @@ -5,11 +5,12 @@ * 2.0. */ +import type { EuiButtonProps } from '@elastic/eui'; import { EuiButton, EuiFlexGroup, EuiFlexItem, EuiToolTip, useEuiTheme } from '@elastic/eui'; import { css } from '@emotion/react'; import { ConnectorSelectorInline } from '@kbn/elastic-assistant'; import { noop } from 'lodash/fp'; -import React from 'react'; +import React, { useCallback, useEffect, useMemo, useState } from 'react'; import { useAssistantAvailability } from '../../../assistant/use_assistant_availability'; import * as i18n from './translations'; @@ -18,7 +19,9 @@ interface Props { connectorId: string | undefined; connectorsAreConfigured: boolean; isLoading: boolean; + isDisabledActions: boolean; onGenerate: () => void; + onCancel: () => void; onConnectorIdSelected: (connectorId: string) => void; } @@ -26,13 +29,44 @@ const HeaderComponent: React.FC<Props> = ({ connectorId, connectorsAreConfigured, isLoading, + isDisabledActions, onGenerate, onConnectorIdSelected, + onCancel, }) => { const isFlyoutMode = false; // always false for attack discovery const { hasAssistantPrivilege } = useAssistantAvailability(); const { euiTheme } = useEuiTheme(); - const disabled = !hasAssistantPrivilege || isLoading || connectorId == null; + const disabled = !hasAssistantPrivilege || connectorId == null; + + const [didCancel, setDidCancel] = useState(false); + + const handleCancel = useCallback(() => { + setDidCancel(true); + onCancel(); + }, [onCancel]); + + useEffect(() => { + if (isLoading === false) setDidCancel(false); + }, [isLoading]); + + const buttonProps = useMemo( + () => + isLoading + ? { + dataTestSubj: 'cancel', + color: 'danger' as EuiButtonProps['color'], + onClick: handleCancel, + text: i18n.CANCEL, + } + : { + dataTestSubj: 'generate', + color: 'primary' as EuiButtonProps['color'], + onClick: onGenerate, + text: i18n.GENERATE, + }, + [isLoading, handleCancel, onGenerate] + ); return ( <EuiFlexGroup @@ -61,13 +95,13 @@ const HeaderComponent: React.FC<Props> = ({ data-test-subj="generateTooltip" > <EuiButton - data-test-subj="generate" + data-test-subj={buttonProps.dataTestSubj} size="s" - disabled={disabled} - isLoading={isLoading} - onClick={onGenerate} + disabled={disabled || didCancel || isDisabledActions} + color={buttonProps.color} + onClick={buttonProps.onClick} > - {isLoading ? i18n.LOADING : i18n.GENERATE} + {buttonProps.text} </EuiButton> </EuiToolTip> </EuiFlexItem> diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/translations.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/translations.ts index f155dda9e234f..97c43dfb173de 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/header/translations.ts +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/header/translations.ts @@ -14,10 +14,10 @@ export const GENERATE = i18n.translate( } ); -export const LOADING = i18n.translate( - 'xpack.securitySolution.attackDiscovery.pages.header.loadingButton', +export const CANCEL = i18n.translate( + 'xpack.securitySolution.attackDiscovery.pages.header.cancelButton', { - defaultMessage: 'Loading...', + defaultMessage: 'Cancel', } ); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/index.test.tsx index 0777406ba66f7..ff4e420e0e360 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/index.test.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/index.test.tsx @@ -63,9 +63,12 @@ jest.mock('../use_attack_discovery', () => ({ approximateFutureTime: null, attackDiscoveries: [], cachedAttackDiscoveries: {}, + didInitialFetch: true, fetchAttackDiscoveries: jest.fn(), + failureReason: null, generationIntervals: undefined, isLoading: false, + isLoadingPost: false, lastUpdated: null, replacements: {}, }), diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx index 809a97c98c03c..f43360ec17666 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui'; +import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem, EuiLoadingLogo, EuiSpacer } from '@elastic/eui'; import { css } from '@emotion/react'; import { ATTACK_DISCOVERY_STORAGE_KEY, @@ -13,7 +13,7 @@ import { useAssistantContext, useLoadConnectors, } from '@kbn/elastic-assistant'; -import type { Replacements } from '@kbn/elastic-assistant-common'; +import type { AttackDiscoveries, Replacements } from '@kbn/elastic-assistant-common'; import { uniq } from 'lodash/fp'; import React, { useCallback, useEffect, useMemo, useState } from 'react'; import { useLocalStorage } from 'react-use'; @@ -37,7 +37,6 @@ import { PageTitle } from './page_title'; import { Summary } from './summary'; import { Upgrade } from './upgrade'; import { useAttackDiscovery } from '../use_attack_discovery'; -import type { AttackDiscovery } from '../types'; const AttackDiscoveryPageComponent: React.FC = () => { const spaceId = useSpaceId() ?? 'default'; @@ -72,31 +71,32 @@ const AttackDiscoveryPageComponent: React.FC = () => { alertsContextCount, approximateFutureTime, attackDiscoveries, - cachedAttackDiscoveries, + didInitialFetch, + failureReason, fetchAttackDiscoveries, generationIntervals, + onCancel, isLoading, + isLoadingPost, lastUpdated, replacements, } = useAttackDiscovery({ connectorId, - setConnectorId, setLoadingConnectorId, }); // get last updated from the cached attack discoveries if it exists: const [selectedConnectorLastUpdated, setSelectedConnectorLastUpdated] = useState<Date | null>( - cachedAttackDiscoveries[connectorId ?? '']?.updated ?? null + lastUpdated ?? null ); // get cached attack discoveries if they exist: - const [selectedConnectorAttackDiscoveries, setSelectedConnectorAttackDiscoveries] = useState< - AttackDiscovery[] - >(cachedAttackDiscoveries[connectorId ?? '']?.attackDiscoveries ?? []); + const [selectedConnectorAttackDiscoveries, setSelectedConnectorAttackDiscoveries] = + useState<AttackDiscoveries>(attackDiscoveries ?? []); // get replacements from the cached attack discoveries if they exist: const [selectedConnectorReplacements, setSelectedConnectorReplacements] = useState<Replacements>( - cachedAttackDiscoveries[connectorId ?? '']?.replacements ?? {} + replacements ?? {} ); // the number of unique alerts in the attack discoveries: @@ -114,27 +114,12 @@ const AttackDiscoveryPageComponent: React.FC = () => { // update the connector ID in local storage: setConnectorId(selectedConnectorId); setLocalStorageAttackDiscoveryConnectorId(selectedConnectorId); - - // get the cached attack discoveries for the selected connector: - const cached = cachedAttackDiscoveries[selectedConnectorId]; - if (cached != null) { - setSelectedConnectorReplacements(cached.replacements ?? {}); - setSelectedConnectorAttackDiscoveries(cached.attackDiscoveries ?? []); - setSelectedConnectorLastUpdated(cached.updated ?? null); - } else { - setSelectedConnectorReplacements({}); - setSelectedConnectorAttackDiscoveries([]); - setSelectedConnectorLastUpdated(null); - } }, - [cachedAttackDiscoveries, setLocalStorageAttackDiscoveryConnectorId] + [setLocalStorageAttackDiscoveryConnectorId] ); // get connector intervals from generation intervals: - const connectorIntervals = useMemo( - () => generationIntervals?.[connectorId ?? ''] ?? [], - [connectorId, generationIntervals] - ); + const connectorIntervals = useMemo(() => generationIntervals ?? [], [generationIntervals]); const pageTitle = useMemo(() => <PageTitle />, []); @@ -182,73 +167,82 @@ const AttackDiscoveryPageComponent: React.FC = () => { connectorId={connectorId} connectorsAreConfigured={aiConnectors != null && aiConnectors.length > 0} isLoading={isLoading} + // disable header actions before post request has completed + isDisabledActions={isLoadingPost} onConnectorIdSelected={onConnectorIdSelected} onGenerate={onGenerate} + onCancel={onCancel} /> <EuiSpacer size="m" /> </HeaderPage> - - {showSummary({ - attackDiscoveriesCount, - connectorId, - loadingConnectorId, - }) && ( - <Summary - alertsCount={alertsCount} - attackDiscoveriesCount={attackDiscoveriesCount} - lastUpdated={selectedConnectorLastUpdated} - onToggleShowAnonymized={onToggleShowAnonymized} - showAnonymized={showAnonymized} - /> - )} - - <> - {showLoading({ - attackDiscoveriesCount, - connectorId, - isLoading, - loadingConnectorId, - }) ? ( - <LoadingCallout - alertsCount={knowledgeBase.latestAlerts} - approximateFutureTime={approximateFutureTime} - connectorIntervals={connectorIntervals} - /> - ) : ( - selectedConnectorAttackDiscoveries.map((attackDiscovery, i) => ( - <React.Fragment key={attackDiscovery.id}> - <AttackDiscoveryPanel - attackDiscovery={attackDiscovery} - initialIsOpen={getInitialIsOpen(i)} - showAnonymized={showAnonymized} - replacements={selectedConnectorReplacements} + {!didInitialFetch ? ( + <EuiEmptyPrompt icon={<EuiLoadingLogo logo="logoSecurity" size="xl" />} /> + ) : ( + <> + {showSummary({ + attackDiscoveriesCount, + connectorId, + loadingConnectorId, + }) && ( + <Summary + alertsCount={alertsCount} + attackDiscoveriesCount={attackDiscoveriesCount} + lastUpdated={selectedConnectorLastUpdated} + onToggleShowAnonymized={onToggleShowAnonymized} + showAnonymized={showAnonymized} + /> + )} + + <> + {showLoading({ + attackDiscoveriesCount, + connectorId, + isLoading: isLoading || isLoadingPost, + loadingConnectorId, + }) ? ( + <LoadingCallout + alertsCount={knowledgeBase.latestAlerts} + approximateFutureTime={approximateFutureTime} + connectorIntervals={connectorIntervals} /> - <EuiSpacer size="l" /> - </React.Fragment> - )) - )} - </> - <EuiFlexGroup - css={css` - max-height: 100%; - min-height: 100%; - `} - direction="column" - gutterSize="none" - > - <EuiSpacer size="xxl" /> - <EuiFlexItem grow={false}> - <EmptyStates - aiConnectorsCount={aiConnectors?.length ?? null} - alertsContextCount={alertsContextCount} - alertsCount={knowledgeBase.latestAlerts} - attackDiscoveriesCount={attackDiscoveriesCount} - connectorId={connectorId} - isLoading={isLoading} - onGenerate={onGenerate} - /> - </EuiFlexItem> - </EuiFlexGroup> + ) : ( + selectedConnectorAttackDiscoveries.map((attackDiscovery, i) => ( + <React.Fragment key={attackDiscovery.id}> + <AttackDiscoveryPanel + attackDiscovery={attackDiscovery} + initialIsOpen={getInitialIsOpen(i)} + showAnonymized={showAnonymized} + replacements={selectedConnectorReplacements} + /> + <EuiSpacer size="l" /> + </React.Fragment> + )) + )} + </> + <EuiFlexGroup + css={css` + max-height: 100%; + min-height: 100%; + `} + direction="column" + gutterSize="none" + > + <EuiSpacer size="xxl" /> + <EuiFlexItem grow={false}> + <EmptyStates + aiConnectorsCount={aiConnectors?.length ?? null} + alertsContextCount={alertsContextCount} + alertsCount={knowledgeBase.latestAlerts} + attackDiscoveriesCount={attackDiscoveriesCount} + failureReason={failureReason} + connectorId={connectorId} + isLoading={isLoading || isLoadingPost} + onGenerate={onGenerate} + /> + </EuiFlexItem> + </EuiFlexGroup> + </> + )} <SpyRoute pageName={SecurityPageName.attackDiscovery} /> </SecurityRoutePageWrapper> </div> diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.test.tsx new file mode 100644 index 0000000000000..14a707958b888 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.test.tsx @@ -0,0 +1,84 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import moment from 'moment'; + +import { act, render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Countdown } from '.'; +import { TestProviders } from '../../../../common/mock'; +import { APPROXIMATE_TIME_REMAINING } from './translations'; +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; + +describe('Countdown', () => { + const connectorIntervals: GenerationInterval[] = [ + { + date: '2024-05-16T14:13:09.838Z', + durationMs: 173648, + }, + { + date: '2024-05-16T13:59:49.620Z', + durationMs: 146605, + }, + { + date: '2024-05-16T13:47:00.629Z', + durationMs: 255163, + }, + ]; + + beforeAll(() => { + jest.useFakeTimers({ legacyFakeTimers: true }); + }); + + beforeEach(() => { + jest.clearAllTimers(); + }); + + afterAll(() => { + jest.useRealTimers(); + }); + + it('returns null when connectorIntervals is empty', () => { + const { container } = render( + <TestProviders> + <Countdown approximateFutureTime={null} connectorIntervals={[]} /> + </TestProviders> + ); + + expect(container.innerHTML).toEqual(''); + }); + + it('renders the expected prefix', () => { + render( + <TestProviders> + <Countdown approximateFutureTime={null} connectorIntervals={connectorIntervals} /> + </TestProviders> + ); + + expect(screen.getByTestId('prefix')).toHaveTextContent(APPROXIMATE_TIME_REMAINING); + }); + + it('renders the expected the timer text', () => { + const approximateFutureTime = moment().add(1, 'minute').toDate(); + + render( + <TestProviders> + <Countdown + approximateFutureTime={approximateFutureTime} + connectorIntervals={connectorIntervals} + /> + </TestProviders> + ); + + act(() => { + jest.runOnlyPendingTimers(); + }); + + expect(screen.getByTestId('timerText')).toHaveTextContent('00:59'); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.tsx index 8a61704ef7361..f691e508a47ff 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/index.tsx @@ -18,10 +18,10 @@ import { css } from '@emotion/react'; import React, { useCallback, useEffect, useMemo, useState } from 'react'; import moment from 'moment'; +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; import { useKibana } from '../../../../common/lib/kibana'; import { getTimerPrefix } from './last_times_popover/helpers'; -import type { GenerationInterval } from '../../../types'; import { InfoPopoverBody } from '../info_popover_body'; const TEXT_COLOR = '#343741'; @@ -48,17 +48,21 @@ const CountdownComponent: React.FC<Props> = ({ approximateFutureTime, connectorI useEffect(() => { // periodically update the formatted date as time passes: + if (approximateFutureTime === null) { + return; + } const intervalId = setInterval(() => { - const now = moment(); - - const duration = moment(approximateFutureTime).isSameOrAfter(now) - ? moment.duration(moment(approximateFutureTime).diff(now)) - : moment.duration(now.diff(approximateFutureTime)); + setPrefix(getTimerPrefix(approximateFutureTime)); + if (approximateFutureTime !== null) { + const now = moment(); - const text = moment.utc(duration.asMilliseconds()).format('mm:ss'); + const duration = moment(approximateFutureTime).isSameOrAfter(now) + ? moment.duration(moment(approximateFutureTime).diff(now)) + : moment.duration(now.diff(approximateFutureTime)); - setPrefix(getTimerPrefix(approximateFutureTime)); - setTimerText(text); + const text = moment.utc(duration.asMilliseconds()).format('mm:ss'); + setTimerText(text); + } }, 1000); return () => clearInterval(intervalId); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.test.tsx new file mode 100644 index 0000000000000..35a72d6455f2b --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.test.tsx @@ -0,0 +1,40 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { TestProviders } from '../../../../../../common/mock'; +import { GenerationTiming } from '.'; + +describe('GenerationTiming', () => { + const interval = { + connectorId: 'claudeV3SonnetUsEast1', + date: '2024-04-15T13:48:44.397Z', + durationMs: 5000, + }; + + beforeEach(() => { + render( + <TestProviders> + <GenerationTiming interval={interval} /> + </TestProviders> + ); + }); + + it('renders the expected duration in seconds', () => { + const durationText = screen.getByTestId('clockBadge').textContent; + + expect(durationText).toEqual('5s'); + }); + + it('displays the expected date', () => { + const date = screen.getByTestId('date').textContent; + + expect(date).toEqual('Apr 15, 2024 @ 13:48:44.397'); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.tsx index 67e1ebe592b11..e05374f7ccee1 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/generation_timing/index.tsx @@ -7,13 +7,14 @@ import { EuiFlexGroup, EuiFlexItem, EuiBadge, EuiText, useEuiTheme } from '@elastic/eui'; import { css } from '@emotion/react'; +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; +import moment from 'moment'; import React, { useMemo } from 'react'; import { PreferenceFormattedDate } from '../../../../../../common/components/formatted_date'; import { useKibana } from '../../../../../../common/lib/kibana'; import { MAX_SECONDS_BADGE_WIDTH } from '../helpers'; import * as i18n from '../translations'; -import type { GenerationInterval } from '../../../../../types'; interface Props { interval: GenerationInterval; @@ -51,7 +52,7 @@ const GenerationTimingComponent: React.FC<Props> = ({ interval }) => { data-test-subj="date" size="xs" > - <PreferenceFormattedDate value={interval.date} /> + <PreferenceFormattedDate value={moment(interval.date).toDate()} /> </EuiText> </EuiFlexItem> </EuiFlexGroup> diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.test.ts new file mode 100644 index 0000000000000..6e7b12f0a51c7 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.test.ts @@ -0,0 +1,74 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import moment from 'moment'; + +import { getAverageIntervalSeconds, getTimerPrefix } from './helpers'; +import { APPROXIMATE_TIME_REMAINING, ABOVE_THE_AVERAGE_TIME } from '../translations'; +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; + +describe('helpers', () => { + describe('getAverageIntervalSeconds', () => { + it('returns 0 when the intervals array is empty', () => { + const intervals: GenerationInterval[] = []; + + const average = getAverageIntervalSeconds(intervals); + + expect(average).toEqual(0); + }); + + it('calculates the average interval in seconds', () => { + const intervals: GenerationInterval[] = [ + { + date: '2024-04-15T13:48:44.397Z', + durationMs: 85807, + }, + { + date: '2024-04-15T12:41:15.255Z', + durationMs: 12751, + }, + { + date: '2024-04-12T20:59:13.238Z', + durationMs: 46169, + }, + { + date: '2024-04-12T19:34:56.701Z', + durationMs: 86674, + }, + ]; + + const average = getAverageIntervalSeconds(intervals); + + expect(average).toEqual(57); + }); + }); + + describe('getTimerPrefix', () => { + it('returns APPROXIMATE_TIME_REMAINING when approximateFutureTime is null', () => { + const approximateFutureTime: Date | null = null; + + const result = getTimerPrefix(approximateFutureTime); + + expect(result).toEqual(APPROXIMATE_TIME_REMAINING); + }); + + it('returns APPROXIMATE_TIME_REMAINING when approximateFutureTime is in the future', () => { + const approximateFutureTime = moment().add(1, 'minute').toDate(); + const result = getTimerPrefix(approximateFutureTime); + + expect(result).toEqual(APPROXIMATE_TIME_REMAINING); + }); + + it('returns ABOVE_THE_AVERAGE_TIME when approximateFutureTime is in the past', () => { + const approximateFutureTime = moment().subtract(1, 'minute').toDate(); + + const result = getTimerPrefix(approximateFutureTime); + + expect(result).toEqual(ABOVE_THE_AVERAGE_TIME); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.ts index 3ce1e1f411641..9d8a0c4792eae 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.ts +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/helpers.ts @@ -5,10 +5,10 @@ * 2.0. */ +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; import moment from 'moment'; import { APPROXIMATE_TIME_REMAINING, ABOVE_THE_AVERAGE_TIME } from '../translations'; -import type { GenerationInterval } from '../../../../types'; export const MAX_SECONDS_BADGE_WIDTH = 64; // px diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.test.tsx new file mode 100644 index 0000000000000..45ea68f2a780c --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.test.tsx @@ -0,0 +1,59 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { LastTimesPopover } from '.'; +import { TestProviders } from '../../../../../common/mock'; + +describe('LastTimesPopover', () => { + const connectorIntervals: GenerationInterval[] = [ + { + date: '2024-05-16T14:13:09.838Z', + durationMs: 173648, + }, + { + date: '2024-05-16T13:59:49.620Z', + durationMs: 146605, + }, + { + date: '2024-05-16T13:47:00.629Z', + durationMs: 255163, + }, + ]; + + beforeEach(() => { + render( + <TestProviders> + <LastTimesPopover connectorIntervals={connectorIntervals} /> + </TestProviders> + ); + }); + + it('renders average time calculated message', () => { + const averageTimeIsCalculated = screen.getByTestId('averageTimeIsCalculated'); + + expect(averageTimeIsCalculated).toHaveTextContent( + 'Remaining time is based on the average speed of the last 3 times the same connector generated results.' + ); + }); + + it('renders generation timing for each connector interval', () => { + const generationTimings = screen.getAllByTestId('generationTiming'); + expect(generationTimings.length).toEqual(connectorIntervals.length); + + const expectedDates = [ + 'May 16, 2024 @ 14:13:09.838', + 'May 16, 2024 @ 13:59:49.620', + 'May 16, 2024 @ 13:47:00.629', + ]; + + generationTimings.forEach((timing, i) => expect(timing).toHaveTextContent(expectedDates[i])); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.tsx index 89925fdd33d4c..b1a24f0a3b079 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/countdown/last_times_popover/index.tsx @@ -8,10 +8,10 @@ import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, useEuiTheme } from '@elastic/eui'; import { css } from '@emotion/react'; import React, { useMemo } from 'react'; +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; import { useKibana } from '../../../../../common/lib/kibana'; import * as i18n from './translations'; -import type { GenerationInterval } from '../../../../types'; import { GenerationTiming } from './generation_timing'; interface Props { diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.test.tsx new file mode 100644 index 0000000000000..af6efafb3c1dd --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.test.tsx @@ -0,0 +1,73 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { LoadingCallout } from '.'; +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; +import { TestProviders } from '../../../common/mock'; + +describe('LoadingCallout', () => { + const connectorIntervals: GenerationInterval[] = [ + { + date: '2024-05-16T14:13:09.838Z', + durationMs: 173648, + }, + { + date: '2024-05-16T13:59:49.620Z', + durationMs: 146605, + }, + { + date: '2024-05-16T13:47:00.629Z', + durationMs: 255163, + }, + ]; + + const defaultProps = { + alertsCount: 30, + approximateFutureTime: new Date(), + connectorIntervals, + }; + + it('renders the animated loading icon', () => { + render( + <TestProviders> + <LoadingCallout {...defaultProps} /> + </TestProviders> + ); + + const loadingElastic = screen.getByTestId('loadingElastic'); + + expect(loadingElastic).toBeInTheDocument(); + }); + + it('renders loading messages with the expected count', () => { + render( + <TestProviders> + <LoadingCallout {...defaultProps} /> + </TestProviders> + ); + + const aisCurrentlyAnalyzing = screen.getByTestId('aisCurrentlyAnalyzing'); + + expect(aisCurrentlyAnalyzing).toHaveTextContent( + 'AI is analyzing up to 30 alerts in the last 24 hours to generate discoveries.' + ); + }); + + it('renders the countdown', () => { + render( + <TestProviders> + <LoadingCallout {...defaultProps} /> + </TestProviders> + ); + const countdown = screen.getByTestId('countdown'); + + expect(countdown).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.tsx index b9d2737db1647..7e392e3165711 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/index.tsx @@ -9,10 +9,10 @@ import { EuiFlexGroup, EuiFlexItem, EuiLoadingElastic, useEuiTheme } from '@elas import { css } from '@emotion/react'; import React, { useMemo } from 'react'; +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; import { useKibana } from '../../../common/lib/kibana'; import { Countdown } from './countdown'; import { LoadingMessages } from './loading_messages'; -import type { GenerationInterval } from '../../types'; const BACKGROUND_COLOR_LIGHT = '#E6F1FA'; const BACKGROUND_COLOR_DARK = '#0B2030'; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.test.tsx new file mode 100644 index 0000000000000..b264af94dcb1b --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.test.tsx @@ -0,0 +1,55 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { InfoPopoverBody } from '.'; +import { TestProviders } from '../../../../common/mock'; +import { AVERAGE_TIME } from '../countdown/translations'; + +describe('InfoPopoverBody', () => { + const connectorIntervals: GenerationInterval[] = [ + { + date: '2024-05-16T14:13:09.838Z', + durationMs: 173648, + }, + { + date: '2024-05-16T13:59:49.620Z', + durationMs: 146605, + }, + { + date: '2024-05-16T13:47:00.629Z', + durationMs: 255163, + }, + ]; + + it('renders the expected average time', () => { + render( + <TestProviders> + <InfoPopoverBody connectorIntervals={connectorIntervals} /> + </TestProviders> + ); + + const averageTimeBadge = screen.getByTestId('averageTimeBadge'); + + expect(averageTimeBadge).toHaveTextContent('191s'); + }); + + it('renders the expected explanation', () => { + render( + <TestProviders> + <InfoPopoverBody connectorIntervals={connectorIntervals} /> + </TestProviders> + ); + + const averageTimeIsCalculated = screen.getAllByTestId('averageTimeIsCalculated'); + + expect(averageTimeIsCalculated[0]).toHaveTextContent(AVERAGE_TIME); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.tsx index 3355a3041c0f2..1c1416acc09ac 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/info_popover_body/index.tsx @@ -7,6 +7,7 @@ import { EuiBadge, EuiFlexGroup, EuiFlexItem, EuiPopoverTitle, EuiText } from '@elastic/eui'; import { css } from '@emotion/react'; +import type { GenerationInterval } from '@kbn/elastic-assistant-common'; import React, { useMemo } from 'react'; import { useKibana } from '../../../../common/lib/kibana'; @@ -17,7 +18,6 @@ import { } from '../countdown/last_times_popover/helpers'; import { SECONDS_ABBREVIATION } from '../countdown/last_times_popover/translations'; import { AVERAGE_TIME } from '../countdown/translations'; -import type { GenerationInterval } from '../../../types'; const TEXT_COLOR = '#343741'; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/index.test.tsx new file mode 100644 index 0000000000000..250a25055791a --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/loading_callout/loading_messages/index.test.tsx @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { LoadingMessages } from '.'; +import { TestProviders } from '../../../../common/mock'; +import { ATTACK_DISCOVERY_GENERATION_IN_PROGRESS } from '../translations'; + +describe('LoadingMessages', () => { + it('renders the expected loading message', () => { + render( + <TestProviders> + <LoadingMessages alertsCount={20} /> + </TestProviders> + ); + const attackDiscoveryGenerationInProgress = screen.getByTestId( + 'attackDiscoveryGenerationInProgress' + ); + + expect(attackDiscoveryGenerationInProgress).toHaveTextContent( + ATTACK_DISCOVERY_GENERATION_IN_PROGRESS + ); + }); + + it('renders the loading message with the expected alerts count', () => { + render( + <TestProviders> + <LoadingMessages alertsCount={20} /> + </TestProviders> + ); + const aiCurrentlyAnalyzing = screen.getByTestId('aisCurrentlyAnalyzing'); + + expect(aiCurrentlyAnalyzing).toHaveTextContent( + 'AI is analyzing up to 20 alerts in the last 24 hours to generate discoveries.' + ); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/page_title/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/page_title/index.test.tsx new file mode 100644 index 0000000000000..0c8ea0501f2d3 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/page_title/index.test.tsx @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { PageTitle } from '.'; +import { ATTACK_DISCOVERY_PAGE_TITLE } from './translations'; + +describe('PageTitle', () => { + it('renders the expected title', () => { + render(<PageTitle />); + + const attackDiscoveryPageTitle = screen.getByTestId('attackDiscoveryPageTitle'); + + expect(attackDiscoveryPageTitle).toHaveTextContent(ATTACK_DISCOVERY_PAGE_TITLE); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.test.ts deleted file mode 100644 index dd5932bbb3dd7..0000000000000 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.test.ts +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { GenerationInterval } from '../../types'; -import { - encodeGenerationIntervals, - decodeGenerationIntervals, - getLocalStorageGenerationIntervals, - setLocalStorageGenerationIntervals, -} from '.'; - -const key = 'elasticAssistantDefault.attackDiscovery.default.generationIntervals'; - -const generationIntervals: Record<string, GenerationInterval[]> = { - 'test-connector-1': [ - { - connectorId: 'test-connector-1', - date: new Date('2024-05-16T14:13:09.838Z'), - durationMs: 173648, - }, - { - connectorId: 'test-connector-1', - date: new Date('2024-05-16T13:59:49.620Z'), - durationMs: 146605, - }, - { - connectorId: 'test-connector-1', - date: new Date('2024-05-16T13:47:00.629Z'), - durationMs: 255163, - }, - ], - testConnector2: [ - { - connectorId: 'testConnector2', - date: new Date('2024-05-16T14:26:25.273Z'), - durationMs: 130447, - }, - ], - testConnector3: [ - { - connectorId: 'testConnector3', - date: new Date('2024-05-16T14:36:53.171Z'), - durationMs: 46614, - }, - { - connectorId: 'testConnector3', - date: new Date('2024-05-16T14:27:17.187Z'), - durationMs: 44129, - }, - ], -}; - -describe('storage', () => { - beforeEach(() => { - jest.clearAllMocks(); - }); - - describe('encodeGenerationIntervals', () => { - it('returns null when generationIntervals is invalid', () => { - const invalidGenerationIntervals: Record<string, GenerationInterval[]> = - 1n as unknown as Record<string, GenerationInterval[]>; // <-- invalid - - const result = encodeGenerationIntervals(invalidGenerationIntervals); - - expect(result).toBeNull(); - }); - - it('returns the expected encoded generationIntervals', () => { - const result = encodeGenerationIntervals(generationIntervals); - - expect(result).toEqual(JSON.stringify(generationIntervals)); - }); - }); - - describe('decodeGenerationIntervals', () => { - it('returns null when generationIntervals is invalid', () => { - const invalidGenerationIntervals = 'invalid generation intervals'; // <-- invalid - - const result = decodeGenerationIntervals(invalidGenerationIntervals); - - expect(result).toBeNull(); - }); - - it('returns the expected decoded generation intervals', () => { - const encoded = encodeGenerationIntervals(generationIntervals) ?? ''; // <-- valid intervals - - const result = decodeGenerationIntervals(encoded); - - expect(result).toEqual(generationIntervals); - }); - - it('parses date strings into Date objects', () => { - const encoded = JSON.stringify({ - 'test-connector-1': [ - { - connectorId: 'test-connector-1', - date: '2024-05-16T14:13:09.838Z', - durationMs: 173648, - }, - ], - }); - - const result = decodeGenerationIntervals(encoded); - - expect(result).toEqual({ - 'test-connector-1': [ - { - connectorId: 'test-connector-1', - date: new Date('2024-05-16T14:13:09.838Z'), - durationMs: 173648, - }, - ], - }); - }); - - it('returns null when date is not a string', () => { - const encoded = JSON.stringify({ - 'test-connector-1': [ - { - connectorId: 'test-connector-1', - date: 1234, // <-- invalid - durationMs: 173648, - }, - ], - }); - - const result = decodeGenerationIntervals(encoded); - - expect(result).toBeNull(); - }); - }); - - describe('getLocalStorageGenerationIntervals', () => { - it('returns null when the key is empty', () => { - const result = getLocalStorageGenerationIntervals(''); // <-- empty key - - expect(result).toBeNull(); - }); - - it('returns null the key is unknown', () => { - const result = getLocalStorageGenerationIntervals('unknown key'); // <-- unknown key - - expect(result).toBeNull(); - }); - - it('returns null when the generation intervals are invalid', () => { - localStorage.setItem(key, 'invalid generation intervals'); // <-- invalid - - const result = getLocalStorageGenerationIntervals(key); - - expect(result).toBeNull(); - }); - - it('returns the expected decoded generation intervals', () => { - const encoded = encodeGenerationIntervals(generationIntervals) ?? ''; // <-- valid intervals - localStorage.setItem(key, encoded); - - const decoded = decodeGenerationIntervals(encoded); - const result = getLocalStorageGenerationIntervals(key); - - expect(result).toEqual(decoded); - }); - }); - - describe('setLocalStorageGenerationIntervals', () => { - const localStorageSetItemSpy = jest.spyOn(Storage.prototype, 'setItem'); - - it('sets the encoded generation intervals in localStorage', () => { - const encoded = encodeGenerationIntervals(generationIntervals) ?? ''; - - setLocalStorageGenerationIntervals({ key, generationIntervals }); - - expect(localStorageSetItemSpy).toHaveBeenCalledWith(key, encoded); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.ts deleted file mode 100644 index 8c8c49b482650..0000000000000 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/session_storage/index.ts +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { Replacements } from '@kbn/elastic-assistant-common'; -import { isEmpty } from 'lodash/fp'; - -import type { AttackDiscovery, GenerationInterval } from '../../types'; - -export interface CachedAttackDiscoveries { - connectorId: string; - updated: Date; - attackDiscoveries: AttackDiscovery[]; - replacements: Replacements; -} - -export const encodeCachedAttackDiscoveries = ( - cachedAttackDiscoveries: Record<string, CachedAttackDiscoveries> -): string | null => { - try { - return JSON.stringify(cachedAttackDiscoveries); - } catch { - return null; - } -}; - -export const decodeCachedAttackDiscoveries = ( - cachedAttackDiscoveries: string -): Record<string, CachedAttackDiscoveries> | null => { - try { - return JSON.parse(cachedAttackDiscoveries); - } catch { - return null; - } -}; - -export const getSessionStorageCachedAttackDiscoveries = ( - key: string -): Record<string, CachedAttackDiscoveries> | null => { - if (!isEmpty(key)) { - return decodeCachedAttackDiscoveries(sessionStorage.getItem(key) ?? ''); - } - - return null; -}; - -export const setSessionStorageCachedAttackDiscoveries = ({ - key, - cachedAttackDiscoveries, -}: { - key: string; - cachedAttackDiscoveries: Record<string, CachedAttackDiscoveries>; -}) => { - if (!isEmpty(key)) { - const encoded = encodeCachedAttackDiscoveries(cachedAttackDiscoveries); - - if (encoded != null) { - sessionStorage.setItem(key, encoded); - } - } -}; - -export const encodeGenerationIntervals = ( - generationIntervals: Record<string, GenerationInterval[]> -): string | null => { - try { - return JSON.stringify(generationIntervals); - } catch { - return null; - } -}; - -export const decodeGenerationIntervals = ( - generationIntervals: string -): Record<string, GenerationInterval[]> | null => { - const parseDate = (key: string, value: unknown) => { - if (key === 'date' && typeof value === 'string') { - return new Date(value); - } else if (key === 'date' && typeof value !== 'string') { - throw new Error('Invalid date'); - } else { - return value; - } - }; - - try { - return JSON.parse(generationIntervals, parseDate); - } catch { - return null; - } -}; - -export const getLocalStorageGenerationIntervals = ( - key: string -): Record<string, GenerationInterval[]> | null => { - if (!isEmpty(key)) { - return decodeGenerationIntervals(localStorage.getItem(key) ?? ''); - } - - return null; -}; - -export const setLocalStorageGenerationIntervals = ({ - key, - generationIntervals, -}: { - key: string; - generationIntervals: Record<string, GenerationInterval[]>; -}) => { - if (!isEmpty(key)) { - const encoded = encodeGenerationIntervals(generationIntervals); - - if (encoded != null) { - localStorage.setItem(key, encoded); - } - } -}; diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/summary/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/summary/index.test.tsx new file mode 100644 index 0000000000000..43134b14f616d --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/summary/index.test.tsx @@ -0,0 +1,56 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Summary } from '.'; + +describe('Summary', () => { + const defaultProps = { + alertsCount: 20, + attackDiscoveriesCount: 5, + lastUpdated: new Date(), + onToggleShowAnonymized: jest.fn(), + showAnonymized: false, + }; + + beforeEach(() => jest.clearAllMocks()); + + it('renders the expected summary counts', () => { + render(<Summary {...defaultProps} />); + + const summaryCount = screen.getByTestId('summaryCount'); + + expect(summaryCount).toHaveTextContent('5 discoveries|20 alerts|Generated: a few seconds ago'); + }); + + it('renders the expected button icon when showAnonymized is false', () => { + render(<Summary {...defaultProps} />); + + const toggleAnonymized = screen.getByTestId('toggleAnonymized').querySelector('span'); + + expect(toggleAnonymized).toHaveAttribute('data-euiicon-type', 'eyeClosed'); + }); + + it('renders the expected button icon when showAnonymized is true', () => { + render(<Summary {...defaultProps} showAnonymized={true} />); + + const toggleAnonymized = screen.getByTestId('toggleAnonymized').querySelector('span'); + + expect(toggleAnonymized).toHaveAttribute('data-euiicon-type', 'eye'); + }); + + it('calls onToggleShowAnonymized when toggle button is clicked', () => { + render(<Summary {...defaultProps} />); + + const toggleAnonymized = screen.getByTestId('toggleAnonymized'); + fireEvent.click(toggleAnonymized); + + expect(defaultProps.onToggleShowAnonymized).toHaveBeenCalled(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/summary_count/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/summary_count/index.test.tsx new file mode 100644 index 0000000000000..b8460eafef87b --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/summary_count/index.test.tsx @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { SummaryCount } from '.'; + +describe('SummaryCount', () => { + const defaultProps = { + alertsCount: 20, + attackDiscoveriesCount: 5, + lastUpdated: new Date(), + }; + + it('renders the expected count of attack discoveries', () => { + render(<SummaryCount {...defaultProps} />); + + const discoveriesCount = screen.getByTestId('discoveriesCount'); + + expect(discoveriesCount).toHaveTextContent('5 discoveries'); + }); + + it('renders the expected alerts count', () => { + render(<SummaryCount {...defaultProps} />); + + const alertsCount = screen.getByTestId('alertsCount'); + + expect(alertsCount).toHaveTextContent('20 alerts'); + }); + + it('renders a humanized last generated when lastUpdated is provided', () => { + render(<SummaryCount {...defaultProps} />); + + const lastGenerated = screen.getByTestId('lastGenerated'); + + expect(lastGenerated).toHaveTextContent('Generated: a few seconds ago'); + }); + + it('should NOT render the last generated date when lastUpdated is null', () => { + render(<SummaryCount {...defaultProps} lastUpdated={null} />); + + const lastGenerated = screen.queryByTestId('lastGenerated'); + + expect(lastGenerated).not.toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/translations.ts b/x-pack/plugins/security_solution/public/attack_discovery/pages/translations.ts index 3f8b87a9058c2..57b6aac6f05ba 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/pages/translations.ts +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/translations.ts @@ -14,6 +14,20 @@ export const ERROR_GENERATING_ATTACK_DISCOVERIES = i18n.translate( } ); +export const ERROR_CANCELING_ATTACK_DISCOVERIES = i18n.translate( + 'xpack.securitySolution.attackDiscovery.errorCancelingAttackDiscoveriesToastTitle', + { + defaultMessage: 'Error canceling attack discoveries', + } +); + +export const CONNECTOR_ERROR = i18n.translate( + 'xpack.securitySolution.attackDiscovery.errorConnector', + { + defaultMessage: 'No connector selected, select a connector to use attack discovery', + } +); + export const SHOW_REAL_VALUES = i18n.translate( 'xpack.securitySolution.attackDiscovery.showRealValuesLabel', { diff --git a/x-pack/plugins/security_solution/public/attack_discovery/pages/upgrade/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/pages/upgrade/index.test.tsx new file mode 100644 index 0000000000000..e72f53e9062d7 --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/pages/upgrade/index.test.tsx @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, screen } from '@testing-library/react'; +import React from 'react'; + +import { Upgrade } from '.'; +import { TestProviders } from '../../../common/mock'; +import { + ATTACK_DISCOVERY_IS_AVAILABLE, + FIND_POTENTIAL_ATTACKS_WITH_AI, + PLEASE_UPGRADE, +} from './translations'; + +describe('Upgrade', () => { + beforeEach(() => { + render( + <TestProviders> + <Upgrade /> + </TestProviders> + ); + }); + + it('renders the assistant avatar', () => { + const assistantAvatar = screen.getByTestId('assistantAvatar'); + + expect(assistantAvatar).toBeInTheDocument(); + }); + + it('renders the expected upgrade title', () => { + const upgradeTitle = screen.getByTestId('upgradeTitle'); + + expect(upgradeTitle).toHaveTextContent(FIND_POTENTIAL_ATTACKS_WITH_AI); + }); + + it('renders the attack discovery availability text', () => { + const attackDiscoveryIsAvailable = screen.getByTestId('attackDiscoveryIsAvailable'); + + expect(attackDiscoveryIsAvailable).toHaveTextContent(ATTACK_DISCOVERY_IS_AVAILABLE); + }); + + it('renders the please upgrade text', () => { + const pleaseUpgrade = screen.getByTestId('pleaseUpgrade'); + + expect(pleaseUpgrade).toHaveTextContent(PLEASE_UPGRADE); + }); + + it('renders the upgrade subscription plans (docs) link', () => { + const upgradeDocs = screen.getByRole('link', { name: 'Subscription plans' }); + + expect(upgradeDocs).toBeInTheDocument(); + }); + + it('renders the upgrade Manage license call to action', () => { + const upgradeCta = screen.getByRole('link', { name: 'Manage license' }); + + expect(upgradeCta).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/types.ts b/x-pack/plugins/security_solution/public/attack_discovery/types.ts deleted file mode 100644 index 5a5c490042d06..0000000000000 --- a/x-pack/plugins/security_solution/public/attack_discovery/types.ts +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export interface AttackDiscovery { - alertIds: string[]; - detailsMarkdown: string; - entitySummaryMarkdown: string; - id: string; - mitreAttackTactics?: string[]; - summaryMarkdown: string; - title: string; -} - -/** Generation intervals measure the time it takes to generate attack discoveries */ -export interface GenerationInterval { - connectorId: string; - date: Date; - durationMs: number; -} diff --git a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.test.ts b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.test.ts new file mode 100644 index 0000000000000..a15cb7090f6cc --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.test.ts @@ -0,0 +1,284 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { OpenAiProviderType } from '@kbn/stack-connectors-plugin/public/common'; +import type { ActionConnector } from '@kbn/triggers-actions-ui-plugin/public'; +import { omit } from 'lodash/fp'; + +import { getGenAiConfig, getRequestBody } from './helpers'; + +const connector: ActionConnector = { + actionTypeId: '.gen-ai', + config: { + apiProvider: 'Azure OpenAI', + apiUrl: + 'https://example.com/openai/deployments/example/chat/completions?api-version=2024-02-15-preview', + }, + id: '15b4f8df-e2ca-4060-81a1-3bd2a2bffc7e', + isDeprecated: false, + isMissingSecrets: false, + isPreconfigured: false, + isSystemAction: false, + name: 'Azure OpenAI GPT-4o', + secrets: { secretTextField: 'a secret' }, +}; + +describe('getGenAiConfig', () => { + it('returns undefined when the connector is preconfigured', () => { + const preconfigured = { + ...connector, + isPreconfigured: true, + }; + + const result = getGenAiConfig(preconfigured); + + expect(result).toBeUndefined(); + }); + + it('returns the expected GenAiConfig when the connector is NOT preconfigured', () => { + const result = getGenAiConfig(connector); + + expect(result).toEqual({ + apiProvider: connector.config.apiProvider, + apiUrl: connector.config.apiUrl, + defaultModel: '2024-02-15-preview', + }); + }); + + it('returns the expected defaultModel for Azure OpenAI', () => { + const result = getGenAiConfig(connector); + + expect(result).toEqual({ + apiProvider: connector.config.apiProvider, + apiUrl: connector.config.apiUrl, + defaultModel: '2024-02-15-preview', + }); + }); + + it('returns the an undefined defaultModel for NON-Azure OpenAI when the config does NOT include a default model', () => { + const apiProvider = 'OpenAI'; // <-- NON-Azure OpenAI + const openAiConnector = { + ...connector, + config: { + ...connector.config, + apiProvider, + // config does NOT have a default model + }, + }; + + const result = getGenAiConfig(openAiConnector); + + expect(result).toEqual({ + apiProvider, + apiUrl: connector.config.apiUrl, + defaultModel: undefined, // <-- because the config does not have a default model + }); + }); + + it('returns the expected defaultModel for NON-Azure OpenAi when the config has a default model', () => { + const apiProvider = 'OpenAI'; // <-- NON-Azure OpenAI + const withDefaultModel = { + ...connector, + config: { + ...connector.config, + apiProvider, + defaultModel: 'aDefaultModel', // <-- default model is specified + }, + }; + + const result = getGenAiConfig(withDefaultModel); + + expect(result).toEqual({ + apiProvider, + apiUrl: connector.config.apiUrl, + defaultModel: 'aDefaultModel', + }); + }); + + it('returns the expected GenAiConfig when the connector config is undefined', () => { + const connectorWithoutConfig = omit('config', connector) as ActionConnector< + Record<string, unknown>, + Record<string, unknown> + >; + + const result = getGenAiConfig(connectorWithoutConfig); + + expect(result).toEqual({ + apiProvider: undefined, + apiUrl: undefined, + defaultModel: undefined, + }); + }); +}); + +describe('getRequestBody', () => { + const alertsIndexPattern = 'test-index-pattern'; + const anonymizationFields = { + page: 1, + perPage: 10, + total: 100, + data: [ + { + id: '1', + field: 'field1', + }, + { + id: '2', + field: 'field2', + }, + ], + }; + const knowledgeBase = { + isEnabledKnowledgeBase: true, + isEnabledRAGAlerts: true, + latestAlerts: 20, + }; + const traceOptions = { + apmUrl: '/app/apm', + langSmithProject: '', + langSmithApiKey: '', + }; + + it('returns the expected AttackDiscoveryPostRequestBody', () => { + const result = getRequestBody({ + alertsIndexPattern, + anonymizationFields, + knowledgeBase, + traceOptions, + }); + + expect(result).toEqual({ + alertsIndexPattern, + anonymizationFields: anonymizationFields.data, + apiConfig: { + actionTypeId: '', + connectorId: '', + model: undefined, + provider: undefined, + }, + langSmithProject: undefined, + langSmithApiKey: undefined, + size: knowledgeBase.latestAlerts, + replacements: {}, + subAction: 'invokeAI', + }); + }); + + it('returns the expected AttackDiscoveryPostRequestBody when alertsIndexPattern is undefined', () => { + const result = getRequestBody({ + alertsIndexPattern: undefined, + anonymizationFields, + knowledgeBase, + traceOptions, + }); + + expect(result).toEqual({ + alertsIndexPattern: '', + anonymizationFields: anonymizationFields.data, + apiConfig: { + actionTypeId: '', + connectorId: '', + model: undefined, + provider: undefined, + }, + langSmithProject: undefined, + langSmithApiKey: undefined, + size: knowledgeBase.latestAlerts, + replacements: {}, + subAction: 'invokeAI', + }); + }); + + it('returns the expected AttackDiscoveryPostRequestBody when LangSmith details are provided', () => { + const withLangSmith = { + alertsIndexPattern, + anonymizationFields, + knowledgeBase, + traceOptions: { + apmUrl: '/app/apm', + langSmithProject: 'A project', + langSmithApiKey: 'an API key', + }, + }; + + const result = getRequestBody(withLangSmith); + + expect(result).toEqual({ + alertsIndexPattern, + anonymizationFields: anonymizationFields.data, + apiConfig: { + actionTypeId: '', + connectorId: '', + model: undefined, + provider: undefined, + }, + langSmithApiKey: withLangSmith.traceOptions.langSmithApiKey, + langSmithProject: withLangSmith.traceOptions.langSmithProject, + size: knowledgeBase.latestAlerts, + replacements: {}, + subAction: 'invokeAI', + }); + }); + + it('returns the expected AttackDiscoveryPostRequestBody with the expected apiConfig when selectedConnector is provided', () => { + const result = getRequestBody({ + alertsIndexPattern, + anonymizationFields, + knowledgeBase, + selectedConnector: connector, // <-- selectedConnector is provided + traceOptions, + }); + + expect(result).toEqual({ + alertsIndexPattern, + anonymizationFields: anonymizationFields.data, + apiConfig: { + actionTypeId: connector.actionTypeId, + connectorId: connector.id, + model: undefined, + provider: undefined, + }, + langSmithProject: undefined, + langSmithApiKey: undefined, + size: knowledgeBase.latestAlerts, + replacements: {}, + subAction: 'invokeAI', + }); + }); + + it('returns the expected AttackDiscoveryPostRequestBody with the expected apiConfig when genAiConfig is provided', () => { + const genAiConfig = { + apiProvider: OpenAiProviderType.AzureAi, + defaultModel: '2024-02-15-preview', + }; + + const result = getRequestBody({ + alertsIndexPattern, + anonymizationFields, + genAiConfig, // <-- genAiConfig is provided + knowledgeBase, + selectedConnector: connector, // <-- selectedConnector is provided + traceOptions, + }); + + expect(result).toEqual({ + alertsIndexPattern, + anonymizationFields: anonymizationFields.data, + apiConfig: { + actionTypeId: connector.actionTypeId, + connectorId: connector.id, + model: genAiConfig.defaultModel, + provider: genAiConfig.apiProvider, + }, + langSmithProject: undefined, + langSmithApiKey: undefined, + size: knowledgeBase.latestAlerts, + replacements: {}, + subAction: 'invokeAI', + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.ts b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.ts index 34b3d9b8a4c20..f800651985217 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.ts +++ b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/helpers.ts @@ -56,14 +56,13 @@ const getAzureApiVersionParameter = (url: string): string | undefined => { }; export const getRequestBody = ({ - actionTypeId, alertsIndexPattern, anonymizationFields, - connectorId, + genAiConfig, knowledgeBase, + selectedConnector, traceOptions, }: { - actionTypeId: string; alertsIndexPattern: string | undefined; anonymizationFields: { page: number; @@ -82,14 +81,13 @@ export const getRequestBody = ({ namespace?: string | undefined; }>; }; - connectorId: string | undefined; + genAiConfig?: GenAiConfig; knowledgeBase: KnowledgeBaseConfig; + selectedConnector?: ActionConnector; traceOptions: TraceOptions; }): AttackDiscoveryPostRequestBody => ({ - actionTypeId, alertsIndexPattern: alertsIndexPattern ?? '', anonymizationFields: anonymizationFields?.data ?? [], - connectorId: connectorId ?? '', langSmithProject: isEmpty(traceOptions?.langSmithProject) ? undefined : traceOptions?.langSmithProject, @@ -99,4 +97,10 @@ export const getRequestBody = ({ size: knowledgeBase.latestAlerts, replacements: {}, // no need to re-use replacements in the current implementation subAction: 'invokeAI', // non-streaming + apiConfig: { + connectorId: selectedConnector?.id ?? '', + actionTypeId: selectedConnector?.actionTypeId ?? '', + provider: genAiConfig?.apiProvider, + model: genAiConfig?.defaultModel, + }, }); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.test.tsx new file mode 100644 index 0000000000000..a6ba1570c61ee --- /dev/null +++ b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.test.tsx @@ -0,0 +1,222 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { renderHook, act } from '@testing-library/react-hooks'; +import { useKibana } from '../../common/lib/kibana'; +import { useFetchAnonymizationFields } from '@kbn/elastic-assistant/impl/assistant/api/anonymization_fields/use_fetch_anonymization_fields'; +import { usePollApi } from '../hooks/use_poll_api'; +import { useAttackDiscovery } from '.'; +import { ERROR_GENERATING_ATTACK_DISCOVERIES } from '../pages/translations'; +import { useKibana as mockUseKibana } from '../../common/lib/kibana/__mocks__'; + +jest.mock( + '@kbn/elastic-assistant/impl/assistant/api/anonymization_fields/use_fetch_anonymization_fields' +); +jest.mock('../hooks/use_poll_api'); +jest.mock('../../common/lib/kibana'); +const mockedUseKibana = mockUseKibana(); + +const mockAssistantAvailability = jest.fn(() => ({ + hasAssistantPrivilege: true, +})); +const mockConnectors: unknown[] = [ + { + id: 'test-id', + name: 'OpenAI connector', + actionTypeId: '.gen-ai', + }, +]; +jest.mock('@kbn/elastic-assistant', () => ({ + AssistantOverlay: () => <div data-test-subj="assistantOverlay" />, + useAssistantContext: () => ({ + alertsIndexPattern: 'alerts-index-pattern', + assistantAvailability: mockAssistantAvailability(), + knowledgeBase: { + isEnabledRAGAlerts: true, + isEnabledKnowledgeBase: true, + latestAlerts: 20, + }, + }), + useLoadConnectors: () => ({ + isFetched: true, + data: mockConnectors, + }), +})); +const mockAttackDiscoveryPost = { + timestamp: '2024-06-13T17:50:59.409Z', + id: 'f48da2ca-b63e-4387-82d7-1423a68500aa', + backingIndex: '.ds-.kibana-elastic-ai-assistant-attack-discovery-default-2024.06.12-000001', + createdAt: '2024-06-13T17:50:59.409Z', + updatedAt: '2024-06-17T15:00:39.680Z', + users: [ + { + id: 'u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0', + name: 'elastic', + }, + ], + namespace: 'default', + status: 'running', + alertsContextCount: 20, + apiConfig: { + connectorId: 'my-gpt4o-ai', + actionTypeId: '.gen-ai', + }, + attackDiscoveries: [], + replacements: { abcd: 'hostname' }, + generationIntervals: [ + { + date: '2024-06-13T17:52:47.619Z', + durationMs: 108214, + }, + ], + averageIntervalMs: 108214, +}; + +const mockAttackDiscoveries = [ + { + summaryMarkdown: + 'A critical malware incident involving {{ host.name c1f9889f-1f6b-4abc-8e65-02de89fe1054 }} and {{ user.name 71ca47cf-082e-4d35-a8e7-6e4fa4e175da }} has been detected. The malware, identified as AppPool.vbs, was executed with high privileges and attempted to evade detection.', + id: '2204421f-bb42-4b96-a200-016a5388a029', + title: 'Critical Malware Incident on Windows Host', + mitreAttackTactics: ['Initial Access', 'Execution', 'Defense Evasion'], + alertIds: [ + '43cf228ce034aeeb89a1ef41cd7fcdef1a3db574fa5237badf1fa9eaa3425c21', + '44ae9696784b3baeee75935f889e55ce77da338241230b5c488f90a8bace43e2', + '2479b1b1007952d3b6dc26344c89f44c1bb396de56f1655eca408135b3d05af8', + ], + detailsMarkdown: 'details', + entitySummaryMarkdown: + '{{ host.name c1f9889f-1f6b-4abc-8e65-02de89fe1054 }} and {{ user.name 71ca47cf-082e-4d35-a8e7-6e4fa4e175da }} are involved in a critical malware incident.', + timestamp: '2024-06-07T20:04:35.715Z', + }, +]; +const setLoadingConnectorId = jest.fn(); + +describe('useAttackDiscovery', () => { + const mockPollApi = { + cancelAttackDiscovery: jest.fn(), + data: null, + pollApi: jest.fn(), + status: 'succeeded', + }; + + beforeEach(() => { + jest.clearAllMocks(); + (useKibana as jest.Mock).mockReturnValue(mockedUseKibana); + (useFetchAnonymizationFields as jest.Mock).mockReturnValue({ data: [] }); + (usePollApi as jest.Mock).mockReturnValue(mockPollApi); + }); + + it('initializes with correct default values', () => { + const { result } = renderHook(() => + useAttackDiscovery({ connectorId: 'test-id', setLoadingConnectorId }) + ); + + expect(result.current.alertsContextCount).toBeNull(); + expect(result.current.approximateFutureTime).toBeNull(); + expect(result.current.attackDiscoveries).toEqual([]); + expect(result.current.failureReason).toBeNull(); + expect(result.current.generationIntervals).toEqual([]); + expect(result.current.isLoading).toBe(false); + expect(result.current.lastUpdated).toBeNull(); + expect(result.current.replacements).toEqual({}); + expect(mockPollApi.pollApi).toHaveBeenCalled(); + expect(setLoadingConnectorId).toHaveBeenCalledWith(null); + }); + + it('fetches attack discoveries and updates state correctly', async () => { + (mockedUseKibana.services.http.fetch as jest.Mock).mockResolvedValue(mockAttackDiscoveryPost); + + const { result } = renderHook(() => useAttackDiscovery({ connectorId: 'test-id' })); + await act(async () => { + await result.current.fetchAttackDiscoveries(); + }); + expect(mockedUseKibana.services.http.fetch).toHaveBeenCalledWith( + '/internal/elastic_assistant/attack_discovery', + { + body: '{"alertsIndexPattern":"alerts-index-pattern","anonymizationFields":[],"size":20,"replacements":{},"subAction":"invokeAI","apiConfig":{"connectorId":"test-id","actionTypeId":".gen-ai"}}', + method: 'POST', + version: '1', + } + ); + // called on mount, and after successful fetch + expect(mockPollApi.pollApi).toHaveBeenCalledTimes(2); + expect(result.current.isLoading).toBe(true); + }); + + it('handles fetch errors correctly', async () => { + const errorMessage = 'Fetch error'; + const error = new Error(errorMessage); + (mockedUseKibana.services.http.fetch as jest.Mock).mockRejectedValue(error); + + const { result } = renderHook(() => useAttackDiscovery({ connectorId: 'test-id' })); + + await act(async () => { + await result.current.fetchAttackDiscoveries(); + }); + + expect(mockedUseKibana.services.notifications.toasts.addDanger).toHaveBeenCalledWith(error, { + title: ERROR_GENERATING_ATTACK_DISCOVERIES, + text: errorMessage, + }); + expect(result.current.isLoading).toBe(false); + }); + + it('sets loading state based on poll status', async () => { + (usePollApi as jest.Mock).mockReturnValue({ ...mockPollApi, status: 'running' }); + const { result } = renderHook(() => + useAttackDiscovery({ connectorId: 'test-id', setLoadingConnectorId }) + ); + + expect(result.current.isLoading).toBe(true); + expect(setLoadingConnectorId).toHaveBeenCalledWith('test-id'); + }); + + it('sets state based off of poll data', () => { + (usePollApi as jest.Mock).mockReturnValue({ + ...mockPollApi, + data: { + ...mockAttackDiscoveryPost, + status: 'succeeded', + attackDiscoveries: mockAttackDiscoveries, + connectorId: 'test-id', + }, + status: 'succeeded', + }); + const { result } = renderHook(() => useAttackDiscovery({ connectorId: 'test-id' })); + + expect(result.current.alertsContextCount).toEqual(20); + // this is set from usePollApi + expect(result.current.approximateFutureTime).toBeNull(); + + expect(result.current.attackDiscoveries).toEqual(mockAttackDiscoveries); + expect(result.current.failureReason).toBeNull(); + expect(result.current.generationIntervals).toEqual(mockAttackDiscoveryPost.generationIntervals); + expect(result.current.isLoading).toBe(false); + expect(result.current.lastUpdated).toEqual(new Date(mockAttackDiscoveries[0].timestamp)); + expect(result.current.replacements).toEqual(mockAttackDiscoveryPost.replacements); + }); + + it('sets state based off of failed poll data', () => { + (usePollApi as jest.Mock).mockReturnValue({ + ...mockPollApi, + data: { + ...mockAttackDiscoveryPost, + status: 'failed', + failureReason: 'something bad', + connectorId: 'test-id', + }, + status: 'failed', + }); + const { result } = renderHook(() => useAttackDiscovery({ connectorId: 'test-id' })); + + expect(result.current.failureReason).toEqual('something bad'); + expect(result.current.isLoading).toBe(false); + expect(result.current.lastUpdated).toEqual(null); + }); +}); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx index 1a768d9d21b72..d517d5d0cd4ab 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/use_attack_discovery/index.tsx @@ -5,71 +5,47 @@ * 2.0. */ -import { - ATTACK_DISCOVERY_STORAGE_KEY, - DEFAULT_ASSISTANT_NAMESPACE, - useAssistantContext, - useLoadConnectors, -} from '@kbn/elastic-assistant'; -import type { Replacements } from '@kbn/elastic-assistant-common'; +import { useAssistantContext, useLoadConnectors } from '@kbn/elastic-assistant'; +import type { + AttackDiscoveries, + Replacements, + GenerationInterval, +} from '@kbn/elastic-assistant-common'; import { AttackDiscoveryPostResponse, ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, } from '@kbn/elastic-assistant-common'; -import { uniq } from 'lodash/fp'; -import moment from 'moment'; import React, { useCallback, useEffect, useMemo, useState } from 'react'; -import * as uuid from 'uuid'; import { useFetchAnonymizationFields } from '@kbn/elastic-assistant/impl/assistant/api/anonymization_fields/use_fetch_anonymization_fields'; -import { useSpaceId } from '../../common/hooks/use_space_id'; +import { usePollApi } from '../hooks/use_poll_api'; import { useKibana } from '../../common/lib/kibana'; -import { replaceNewlineLiterals } from '../helpers'; -import { useAttackDiscoveryTelemetry } from '../hooks/use_attack_discovery_telemetry'; -import { - CACHED_ATTACK_DISCOVERIES_SESSION_STORAGE_KEY, - GENERATION_INTERVALS_LOCAL_STORAGE_KEY, - getErrorToastText, - getFallbackActionTypeId, -} from '../pages/helpers'; -import { getAverageIntervalSeconds } from '../pages/loading_callout/countdown/last_times_popover/helpers'; -import type { CachedAttackDiscoveries } from '../pages/session_storage'; -import { - getLocalStorageGenerationIntervals, - getSessionStorageCachedAttackDiscoveries, - setLocalStorageGenerationIntervals, - setSessionStorageCachedAttackDiscoveries, -} from '../pages/session_storage'; -import { ERROR_GENERATING_ATTACK_DISCOVERIES } from '../pages/translations'; -import type { AttackDiscovery, GenerationInterval } from '../types'; +import { getErrorToastText } from '../pages/helpers'; +import { CONNECTOR_ERROR, ERROR_GENERATING_ATTACK_DISCOVERIES } from '../pages/translations'; import { getGenAiConfig, getRequestBody } from './helpers'; -const MAX_GENERATION_INTERVALS = 5; - export interface UseAttackDiscovery { alertsContextCount: number | null; approximateFutureTime: Date | null; - attackDiscoveries: AttackDiscovery[]; - cachedAttackDiscoveries: Record<string, CachedAttackDiscoveries>; + attackDiscoveries: AttackDiscoveries; + didInitialFetch: boolean; + failureReason: string | null; fetchAttackDiscoveries: () => Promise<void>; - generationIntervals: Record<string, GenerationInterval[]> | undefined; + generationIntervals: GenerationInterval[] | undefined; isLoading: boolean; + isLoadingPost: boolean; lastUpdated: Date | null; + onCancel: () => Promise<void>; replacements: Replacements; } export const useAttackDiscovery = ({ connectorId, - setConnectorId, setLoadingConnectorId, }: { connectorId: string | undefined; - setConnectorId?: (connectorId: string | undefined) => void; setLoadingConnectorId?: (loadingConnectorId: string | null) => void; }): UseAttackDiscovery => { - const { reportAttackDiscoveriesGenerated } = useAttackDiscoveryTelemetry(); - const spaceId: string | undefined = useSpaceId(); - // get Kibana services and connectors const { http, @@ -79,6 +55,18 @@ export const useAttackDiscovery = ({ http, }); + // generation can take a long time, so we calculate an approximate future time: + const [approximateFutureTime, setApproximateFutureTime] = useState<Date | null>(null); + // whether post request is loading (dont show actions) + const [isLoadingPost, setIsLoadingPost] = useState<boolean>(false); + const { + cancelAttackDiscovery, + data: pollData, + pollApi, + status: pollStatus, + didInitialFetch, + } = usePollApi({ http, setApproximateFutureTime, toasts, connectorId }); + // loading boilerplate: const [isLoading, setIsLoading] = useState(false); @@ -87,245 +75,124 @@ export const useAttackDiscovery = ({ const { data: anonymizationFields } = useFetchAnonymizationFields(); - const sessionStorageKey = useMemo( - () => - spaceId != null // spaceId is undefined while the useSpaceId hook is loading - ? `${DEFAULT_ASSISTANT_NAMESPACE}.${ATTACK_DISCOVERY_STORAGE_KEY}.${spaceId}.${CACHED_ATTACK_DISCOVERIES_SESSION_STORAGE_KEY}` - : '', - [spaceId] - ); - - const [cachedAttackDiscoveries, setCachedAttackDiscoveries] = useState< - Record<string, CachedAttackDiscoveries> - >({}); - - useEffect(() => { - const decoded = getSessionStorageCachedAttackDiscoveries(sessionStorageKey); - - if (decoded != null) { - setCachedAttackDiscoveries(decoded); - - const decodedAttackDiscoveries = decoded[connectorId ?? '']?.attackDiscoveries; - if (decodedAttackDiscoveries != null) { - setAttackDiscoveries(decodedAttackDiscoveries); - } - - const decodedReplacements = decoded[connectorId ?? '']?.replacements; - if (decodedReplacements != null) { - setReplacements(decodedReplacements); - } - - const decodedLastUpdated = decoded[connectorId ?? '']?.updated; - if (decodedLastUpdated != null) { - setLastUpdated(decodedLastUpdated); - } - } - }, [connectorId, sessionStorageKey]); - - const localStorageKey = useMemo( - () => - spaceId != null // spaceId is undefined while the useSpaceId hook is loading - ? `${DEFAULT_ASSISTANT_NAMESPACE}.${ATTACK_DISCOVERY_STORAGE_KEY}.${spaceId}.${GENERATION_INTERVALS_LOCAL_STORAGE_KEY}` - : '', - [spaceId] - ); - - const [generationIntervals, setGenerationIntervals] = React.useState< - Record<string, GenerationInterval[]> | undefined - >(undefined); - - useEffect(() => { - const decoded = getLocalStorageGenerationIntervals(localStorageKey); - - if (decoded != null) { - setGenerationIntervals(decoded); - } - }, [localStorageKey]); - - // get connector intervals from generation intervals: - const connectorIntervals = useMemo( - () => generationIntervals?.[connectorId ?? ''] ?? [], - [connectorId, generationIntervals] - ); - - // generation can take a long time, so we calculate an approximate future time: - const [approximateFutureTime, setApproximateFutureTime] = useState<Date | null>(null); - - // get cached attack discoveries if they exist: - const [attackDiscoveries, setAttackDiscoveries] = useState<AttackDiscovery[]>( - cachedAttackDiscoveries[connectorId ?? '']?.attackDiscoveries ?? [] - ); - - // get replacements from the cached attack discoveries if they exist: - const [replacements, setReplacements] = useState<Replacements>( - cachedAttackDiscoveries[connectorId ?? '']?.replacements ?? {} - ); - - // get last updated from the cached attack discoveries if it exists: - const [lastUpdated, setLastUpdated] = useState<Date | null>( - cachedAttackDiscoveries[connectorId ?? '']?.updated ?? null - ); + const [generationIntervals, setGenerationIntervals] = React.useState<GenerationInterval[]>([]); + const [attackDiscoveries, setAttackDiscoveries] = useState<AttackDiscoveries>([]); + const [replacements, setReplacements] = useState<Replacements>({}); + const [lastUpdated, setLastUpdated] = useState<Date | null>(null); + const [failureReason, setFailureReason] = useState<string | null>(null); // number of alerts sent as context to the LLM: const [alertsContextCount, setAlertsContextCount] = useState<number | null>(null); - /** The callback when users click the Generate button */ - const fetchAttackDiscoveries = useCallback(async () => { + const requestBody = useMemo(() => { const selectedConnector = aiConnectors?.find((connector) => connector.id === connectorId); - const actionTypeId = getFallbackActionTypeId(selectedConnector?.actionTypeId); - - const body = getRequestBody({ - actionTypeId, + const genAiConfig = getGenAiConfig(selectedConnector); + return getRequestBody({ alertsIndexPattern, anonymizationFields, - connectorId, + genAiConfig, knowledgeBase, + selectedConnector, traceOptions, }); + }, [ + aiConnectors, + alertsIndexPattern, + anonymizationFields, + connectorId, + knowledgeBase, + traceOptions, + ]); + + useEffect(() => { + if (connectorId != null && connectorId !== '') { + pollApi(); + setLoadingConnectorId?.(connectorId); + setAlertsContextCount(null); + setFailureReason(null); + setLastUpdated(null); + setReplacements({}); + setAttackDiscoveries([]); + setGenerationIntervals([]); + } + }, [pollApi, connectorId, setLoadingConnectorId]); + useEffect(() => { + if (pollStatus === 'running') { + setIsLoading(true); + setLoadingConnectorId?.(connectorId ?? null); + } else { + setIsLoading(false); + setLoadingConnectorId?.(null); + } + }, [pollStatus, connectorId, setLoadingConnectorId]); + + useEffect(() => { + if (pollData !== null && pollData.connectorId === connectorId) { + if (pollData.alertsContextCount != null) setAlertsContextCount(pollData.alertsContextCount); + if (pollData.attackDiscoveries.length) { + // get last updated from timestamp, not from updatedAt since this can indicate the last time the status was updated + setLastUpdated(new Date(pollData.attackDiscoveries[0].timestamp)); + } + if (pollData.replacements) setReplacements(pollData.replacements); + if (pollData.status === 'failed' && pollData.failureReason) { + setFailureReason(pollData.failureReason); + } else { + setFailureReason(null); + } + setAttackDiscoveries(pollData.attackDiscoveries); + setGenerationIntervals(pollData.generationIntervals); + } + }, [connectorId, pollData]); + + /** The callback when users click the Generate button */ + const fetchAttackDiscoveries = useCallback(async () => { try { + if (requestBody.apiConfig.connectorId === '' || requestBody.apiConfig.actionTypeId === '') { + throw new Error(CONNECTOR_ERROR); + } setLoadingConnectorId?.(connectorId ?? null); setIsLoading(true); + setIsLoadingPost(true); setApproximateFutureTime(null); - - const averageIntervalSeconds = getAverageIntervalSeconds(connectorIntervals); - setApproximateFutureTime(moment().add(averageIntervalSeconds, 'seconds').toDate()); - - const startTime = moment(); // start timing the generation - // call the internal API to generate attack discoveries: const rawResponse = await http.fetch('/internal/elastic_assistant/attack_discovery', { - body: JSON.stringify(body), + body: JSON.stringify(requestBody), method: 'POST', version: ELASTIC_AI_ASSISTANT_INTERNAL_API_VERSION, }); - + setIsLoadingPost(false); const parsedResponse = AttackDiscoveryPostResponse.safeParse(rawResponse); + if (!parsedResponse.success) { throw new Error('Failed to parse the response'); } - const endTime = moment(); - const durationMs = endTime.diff(startTime); - - // update the cached attack discoveries with the new discoveries: - const newAttackDiscoveries: AttackDiscovery[] = - parsedResponse.data.attackDiscoveries?.map((attackDiscovery) => ({ - alertIds: [...attackDiscovery.alertIds], - detailsMarkdown: replaceNewlineLiterals(attackDiscovery.detailsMarkdown), - entitySummaryMarkdown: replaceNewlineLiterals(attackDiscovery.entitySummaryMarkdown), - id: uuid.v4(), - mitreAttackTactics: attackDiscovery.mitreAttackTactics, - summaryMarkdown: replaceNewlineLiterals(attackDiscovery.summaryMarkdown), - title: attackDiscovery.title, - })) ?? []; - - const responseReplacements = parsedResponse.data.replacements ?? {}; - const newReplacements = { ...replacements, ...responseReplacements }; - - const newLastUpdated = new Date(); - - const newCachedAttackDiscoveries = { - ...cachedAttackDiscoveries, - [connectorId ?? '']: { - connectorId: connectorId ?? '', - attackDiscoveries: newAttackDiscoveries, - replacements: newReplacements, - updated: newLastUpdated, - }, - }; - - setCachedAttackDiscoveries(newCachedAttackDiscoveries); - setSessionStorageCachedAttackDiscoveries({ - key: sessionStorageKey, - cachedAttackDiscoveries: newCachedAttackDiscoveries, - }); - - // update the generation intervals with the latest timing: - const previousConnectorIntervals: GenerationInterval[] = - generationIntervals != null ? generationIntervals[connectorId ?? ''] ?? [] : []; - const newInterval: GenerationInterval = { - connectorId: connectorId ?? '', - date: new Date(), - durationMs, - }; - - const newConnectorIntervals = [newInterval, ...previousConnectorIntervals].slice( - 0, - MAX_GENERATION_INTERVALS - ); - const newGenerationIntervals: Record<string, GenerationInterval[]> = { - ...generationIntervals, - [connectorId ?? '']: newConnectorIntervals, - }; - - const newAlertsContextCount = parsedResponse.data.alertsContextCount ?? null; - setAlertsContextCount(newAlertsContextCount); - - // only update the generation intervals if alerts were sent as context to the LLM: - if (newAlertsContextCount != null && newAlertsContextCount > 0) { - setGenerationIntervals(newGenerationIntervals); - setLocalStorageGenerationIntervals({ - key: localStorageKey, - generationIntervals: newGenerationIntervals, - }); + if (parsedResponse.data.status === 'running') { + pollApi(); } - - setReplacements(newReplacements); - setAttackDiscoveries(newAttackDiscoveries); - setLastUpdated(newLastUpdated); - setConnectorId?.(connectorId); - const connectorConfig = getGenAiConfig(selectedConnector); - reportAttackDiscoveriesGenerated({ - actionTypeId, - durationMs, - alertsContextCount: newAlertsContextCount ?? 0, - alertsCount: uniq( - newAttackDiscoveries.flatMap((attackDiscovery) => attackDiscovery.alertIds) - ).length, - configuredAlertsCount: knowledgeBase.latestAlerts, - provider: connectorConfig?.apiProvider, - model: connectorConfig?.defaultModel, - }); } catch (error) { + setIsLoadingPost(false); + setIsLoading(false); toasts?.addDanger(error, { title: ERROR_GENERATING_ATTACK_DISCOVERIES, text: getErrorToastText(error), }); - } finally { - setApproximateFutureTime(null); - setLoadingConnectorId?.(null); - setIsLoading(false); } - }, [ - aiConnectors, - alertsIndexPattern, - anonymizationFields, - cachedAttackDiscoveries, - connectorId, - connectorIntervals, - generationIntervals, - http, - knowledgeBase, - localStorageKey, - replacements, - reportAttackDiscoveriesGenerated, - sessionStorageKey, - setConnectorId, - setLoadingConnectorId, - toasts, - traceOptions, - ]); + }, [connectorId, http, pollApi, requestBody, setLoadingConnectorId, toasts]); return { alertsContextCount, approximateFutureTime, attackDiscoveries, - cachedAttackDiscoveries, + didInitialFetch, + failureReason, fetchAttackDiscoveries, generationIntervals, isLoading, + isLoadingPost, lastUpdated, + onCancel: cancelAttackDiscovery, replacements, }; }; diff --git a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap index 3a964febf4c85..87f926e5b2b7f 100644 --- a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/__snapshots__/drag_drop_context_wrapper.test.tsx.snap @@ -8,12 +8,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "agent.ephemeral_id": Object { "aggregatable": true, - "category": "agent", - "description": "Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but \`agent.id\` does not.", "esTypes": Array [ "keyword", ], - "example": "8a4f500f", "format": "", "indexes": Array [ "auditbeat", @@ -26,12 +23,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "agent.hostname": Object { "aggregatable": true, - "category": "agent", - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -44,12 +38,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "agent.id": Object { "aggregatable": true, - "category": "agent", - "description": "Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.", "esTypes": Array [ "keyword", ], - "example": "8a4f500d", "format": "", "indexes": Array [ "auditbeat", @@ -62,12 +53,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "agent.name": Object { "aggregatable": true, - "category": "agent", - "description": "Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.", "esTypes": Array [ "keyword", ], - "example": "foo", "format": "", "indexes": Array [ "auditbeat", @@ -84,12 +72,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "auditd.data.a0": Object { "aggregatable": true, - "category": "auditd", - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -100,12 +85,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "auditd.data.a1": Object { "aggregatable": true, - "category": "auditd", - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -116,12 +98,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "auditd.data.a2": Object { "aggregatable": true, - "category": "auditd", - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -136,12 +115,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "@timestamp": Object { "aggregatable": true, - "category": "base", - "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.", "esTypes": Array [ "date", ], - "example": "2016-05-23T08:05:34.853Z", "format": "", "indexes": Array [ "auditbeat", @@ -155,10 +131,7 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "_id": Object { "aggregatable": false, - "category": "base", - "description": "Each document has an _id that uniquely identifies it", "esTypes": Array [], - "example": "Y-6TfmcB0WOhS6qyMv3s", "indexes": Array [ "auditbeat", "filebeat", @@ -170,12 +143,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "message": Object { "aggregatable": false, - "category": "base", - "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.", "esTypes": Array [ "text", ], - "example": "Hello World", "format": "string", "indexes": Array [ "auditbeat", @@ -192,12 +162,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "client.address": Object { "aggregatable": true, - "category": "client", - "description": "Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -210,12 +177,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "client.bytes": Object { "aggregatable": true, - "category": "client", - "description": "Bytes sent from the client to the server.", "esTypes": Array [ "long", ], - "example": "184", "format": "", "indexes": Array [ "auditbeat", @@ -228,12 +192,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "client.domain": Object { "aggregatable": true, - "category": "client", - "description": "Client domain.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -246,12 +207,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "client.geo.country_iso_code": Object { "aggregatable": true, - "category": "client", - "description": "Country ISO code.", "esTypes": Array [ "keyword", ], - "example": "CA", "format": "", "indexes": Array [ "auditbeat", @@ -268,12 +226,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "cloud.account.id": Object { "aggregatable": true, - "category": "cloud", - "description": "The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.", "esTypes": Array [ "keyword", ], - "example": "666777888999", "format": "", "indexes": Array [ "auditbeat", @@ -286,12 +241,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "cloud.availability_zone": Object { "aggregatable": true, - "category": "cloud", - "description": "Availability zone in which this host is running.", "esTypes": Array [ "keyword", ], - "example": "us-east-1c", "format": "", "indexes": Array [ "auditbeat", @@ -308,12 +260,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "container.id": Object { "aggregatable": true, - "category": "container", - "description": "Unique container id.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -326,12 +275,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "container.image.name": Object { "aggregatable": true, - "category": "container", - "description": "Name of the image the container was built on.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -344,12 +290,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "container.image.tag": Object { "aggregatable": true, - "category": "container", - "description": "Container image tag.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -366,12 +309,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "destination.address": Object { "aggregatable": true, - "category": "destination", - "description": "Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -384,12 +324,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "destination.bytes": Object { "aggregatable": true, - "category": "destination", - "description": "Bytes sent from the destination to the source.", "esTypes": Array [ "long", ], - "example": "184", "format": "", "indexes": Array [ "auditbeat", @@ -402,12 +339,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "destination.domain": Object { "aggregatable": true, - "category": "destination", - "description": "Destination domain.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -420,12 +354,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "destination.ip": Object { "aggregatable": true, - "category": "destination", - "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -438,12 +369,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "destination.port": Object { "aggregatable": true, - "category": "destination", - "description": "Port of the destination.", "esTypes": Array [ "long", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -460,12 +388,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "event.action": Object { "aggregatable": true, - "category": "event", - "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.", "esTypes": Array [ "keyword", ], - "example": "user-password-change", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -484,12 +409,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "event.category": Object { "aggregatable": true, - "category": "event", - "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.", "esTypes": Array [ "keyword", ], - "example": "authentication", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -508,12 +430,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "event.end": Object { "aggregatable": true, - "category": "event", - "description": "event.end contains the date when the event ended or when the activity was last observed.", "esTypes": Array [ "date", ], - "example": null, "format": "", "indexes": Array [ "apm-*-transaction*", @@ -532,12 +451,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "event.kind": Object { "aggregatable": true, - "category": "event", - "description": "This defined the type of event eg. alerts", "esTypes": Array [ "keyword", ], - "example": "signal", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -556,12 +472,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "event.severity": Object { "aggregatable": true, - "category": "event", - "description": "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in \`log.syslog.severity.code\`. \`event.severity\` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the \`log.syslog.severity.code\` to \`event.severity\`.", "esTypes": Array [ "long", ], - "example": 7, "format": "number", "indexes": Array [ "apm-*-transaction*", @@ -584,8 +497,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "host.name": Object { "aggregatable": true, - "category": "host", - "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.", "esTypes": Array [ "keyword", ], @@ -611,9 +522,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "nestedField.firstAttributes": Object { "aggregatable": false, - "category": "nestedField", - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -631,9 +539,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "nestedField.secondAttributes": Object { "aggregatable": false, - "category": "nestedField", - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -651,9 +556,6 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "nestedField.thirdAttributes": Object { "aggregatable": false, - "category": "nestedField", - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -690,12 +592,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "source.ip": Object { "aggregatable": true, - "category": "source", - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -708,12 +607,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = }, "source.port": Object { "aggregatable": true, - "category": "source", - "description": "Port of the source.", "esTypes": Array [ "long", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -730,12 +626,9 @@ exports[`DragDropContextWrapper rendering it renders against the snapshot 1`] = "fields": Object { "user.name": Object { "aggregatable": true, - "category": "user", - "description": "Short name or login of the user.", "esTypes": Array [ "keyword", ], - "example": "albert", "format": "string", "indexes": Array [ "auditbeat", diff --git a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts index ae0a417e5e32a..5b14d7919baf2 100644 --- a/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts +++ b/x-pack/plugins/security_solution/public/common/components/drag_and_drop/helpers.ts @@ -4,7 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { isString, keyBy } from 'lodash/fp'; +import { keyBy } from 'lodash/fp'; import type { DropResult } from '@hello-pangea/dnd'; import type { Dispatch } from 'redux'; import type { ActionCreator } from 'typescript-fsa'; @@ -231,10 +231,7 @@ export const addFieldToColumns = ({ dispatch( scopedActions.upsertColumn({ column: { - category: column.category, columnHeaderType: 'not-filtered', - description: isString(column.description) ? column.description : undefined, - example: isString(column.example) ? column.example : undefined, id: fieldId, linkField: linkFields[fieldId] ?? undefined, type: column.type, diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_response_action_status.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_response_action_status.tsx index 275cc4751e6fe..cda92909a51ac 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_response_action_status.tsx +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_response_action_status.tsx @@ -8,10 +8,10 @@ import React, { memo, useMemo } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; import { EuiBadge, EuiFlexGroup, EuiFlexItem, EuiTextColor, EuiToolTip } from '@elastic/eui'; +import { ISOLATED_LABEL, ISOLATING_LABEL, RELEASING_LABEL } from './translations'; import type { EndpointPendingActions } from '../../../../../../common/endpoint/types'; import type { ResponseActionsApiCommandNames } from '../../../../../../common/endpoint/service/response_actions/constants'; import { RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP } from '../../../../../../common/endpoint/service/response_actions/constants'; -import { ISOLATED_LABEL, ISOLATING_LABEL, RELEASING_LABEL } from './endpoint/endpoint_agent_status'; import { useTestIdGenerator } from '../../../../../management/hooks/use_test_id_generator'; const TOOLTIP_CONTENT_STYLES: React.CSSProperties = Object.freeze({ width: 150 }); diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.test.tsx index b384cf9a542a2..3a347d7d9a7d3 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.test.tsx @@ -7,57 +7,79 @@ import React from 'react'; +import type { AgentStatusProps } from './agent_status'; import { AgentStatus } from './agent_status'; -import { - useAgentStatusHook, - useGetAgentStatus, -} from '../../../../../management/hooks/agents/use_get_agent_status'; +import { useGetAgentStatus as _useGetAgentStatus } from '../../../../../management/hooks/agents/use_get_agent_status'; import { RESPONSE_ACTION_AGENT_TYPE, type ResponseActionAgentType, } from '../../../../../../common/endpoint/service/response_actions/constants'; import type { AppContextTestRender } from '../../../../mock/endpoint'; import { createAppRootMockRenderer } from '../../../../mock/endpoint'; +import type { AgentStatusInfo } from '../../../../../../common/endpoint/types'; import { HostStatus } from '../../../../../../common/endpoint/types'; jest.mock('../../../../hooks/use_experimental_features'); jest.mock('../../../../../management/hooks/agents/use_get_agent_status'); -const getAgentStatusMock = useGetAgentStatus as jest.Mock; -const useAgentStatusHookMock = useAgentStatusHook as jest.Mock; +const useGetAgentStatusMock = _useGetAgentStatus as jest.Mock; describe('AgentStatus component', () => { let render: (agentType?: ResponseActionAgentType) => ReturnType<AppContextTestRender['render']>; let renderResult: ReturnType<typeof render>; let mockedContext: AppContextTestRender; - const agentId = 'agent-id-1234'; - const baseData = { - agentId, - found: true, - isolated: false, - lastSeen: new Date().toISOString(), - pendingActions: {}, - status: HostStatus.HEALTHY, - }; + let baseData: AgentStatusInfo; + let agentId: string; + let statusInfoProp: AgentStatusProps['statusInfo']; beforeEach(() => { mockedContext = createAppRootMockRenderer(); - render = (agentType?: ResponseActionAgentType) => - (renderResult = mockedContext.render( - <AgentStatus agentId={agentId} agentType={agentType || 'endpoint'} data-test-subj="test" /> + render = (agentType: ResponseActionAgentType = 'endpoint') => { + baseData.agentType = agentType; + + return (renderResult = mockedContext.render( + <AgentStatus + agentId={agentId} + agentType={agentType} + statusInfo={statusInfoProp} + data-test-subj="test" + /> )); - - getAgentStatusMock.mockReturnValue({ data: {} }); - useAgentStatusHookMock.mockImplementation(() => useGetAgentStatus); + }; + useGetAgentStatusMock.mockReturnValue({ data: {} }); + baseData = { + agentId, + found: true, + isolated: false, + lastSeen: new Date().toISOString(), + pendingActions: {}, + status: HostStatus.HEALTHY, + agentType: 'endpoint', + }; + agentId = 'agent-id-1234'; + statusInfoProp = undefined; }); afterEach(() => { jest.clearAllMocks(); }); + it('should call the API when `agentId` is provided and no `statusInfo` prop', () => { + render(); + + expect(useGetAgentStatusMock).toHaveBeenCalledWith(agentId, 'endpoint', { enabled: true }); + }); + + it('should NOT call the API when `statusInfo` prop is provided', () => { + statusInfoProp = baseData; + render(); + + expect(useGetAgentStatusMock).toHaveBeenCalledWith(agentId, 'endpoint', { enabled: false }); + }); + describe.each(RESPONSE_ACTION_AGENT_TYPE)('`%s` agentType', (agentType) => { it('should show agent health status info', () => { - getAgentStatusMock.mockReturnValue({ + useGetAgentStatusMock.mockReturnValue({ data: { [agentId]: { ...baseData, agentType, status: HostStatus.OFFLINE }, }, @@ -74,7 +96,7 @@ describe('AgentStatus component', () => { }); it('should show agent health status info and Isolated status', () => { - getAgentStatusMock.mockReturnValue({ + useGetAgentStatusMock.mockReturnValue({ data: { [agentId]: { ...baseData, @@ -95,7 +117,7 @@ describe('AgentStatus component', () => { }); it('should show agent health status info and Releasing status', () => { - getAgentStatusMock.mockReturnValue({ + useGetAgentStatusMock.mockReturnValue({ data: { [agentId]: { ...baseData, @@ -119,7 +141,7 @@ describe('AgentStatus component', () => { }); it('should show agent health status info and Isolating status', () => { - getAgentStatusMock.mockReturnValue({ + useGetAgentStatusMock.mockReturnValue({ data: { [agentId]: { ...baseData, @@ -142,7 +164,7 @@ describe('AgentStatus component', () => { }); it('should show agent health status info and Releasing status also when multiple actions are pending', () => { - getAgentStatusMock.mockReturnValue({ + useGetAgentStatusMock.mockReturnValue({ data: { [agentId]: { ...baseData, @@ -168,7 +190,7 @@ describe('AgentStatus component', () => { }); it('should show agent health status info and Isolating status also when multiple actions are pending', () => { - getAgentStatusMock.mockReturnValue({ + useGetAgentStatusMock.mockReturnValue({ data: { [agentId]: { ...baseData, @@ -193,7 +215,7 @@ describe('AgentStatus component', () => { }); it('should show agent health status info and pending action status when not isolating/releasing', () => { - getAgentStatusMock.mockReturnValue({ + useGetAgentStatusMock.mockReturnValue({ data: { [agentId]: { ...baseData, @@ -217,7 +239,7 @@ describe('AgentStatus component', () => { }); it('should show agent health status info and Isolated when pending actions', () => { - getAgentStatusMock.mockReturnValue({ + useGetAgentStatusMock.mockReturnValue({ data: { [agentId]: { ...baseData, diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.tsx index c4e61103e6a82..19a93978c1b05 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.tsx +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/agent_status.tsx @@ -8,20 +8,14 @@ import { EuiBadge, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import React, { useMemo } from 'react'; import styled from 'styled-components'; +import { getAgentStatusText } from './translations'; +import { getEmptyTagValue } from '../../../empty_value'; import type { ResponseActionAgentType } from '../../../../../../common/endpoint/service/response_actions/constants'; -import type { EndpointPendingActions } from '../../../../../../common/endpoint/types'; -import { useAgentStatusHook } from '../../../../../management/hooks/agents/use_get_agent_status'; +import { useGetAgentStatus } from '../../../../../management/hooks/agents/use_get_agent_status'; import { useTestIdGenerator } from '../../../../../management/hooks/use_test_id_generator'; import { HOST_STATUS_TO_BADGE_COLOR } from '../../../../../management/pages/endpoint_hosts/view/host_constants'; -import { useIsExperimentalFeatureEnabled } from '../../../../hooks/use_experimental_features'; -import { getAgentStatusText } from '../agent_status_text'; import { AgentResponseActionsStatus } from './agent_response_action_status'; -export enum SENTINEL_ONE_NETWORK_STATUS { - CONNECTING = 'connecting', - CONNECTED = 'connected', - DISCONNECTING = 'disconnecting', - DISCONNECTED = 'disconnected', -} +import type { AgentStatusInfo } from '../../../../../../common/endpoint/types'; const EuiFlexGroupStyled = styled(EuiFlexGroup)` .isolation-status { @@ -29,42 +23,61 @@ const EuiFlexGroupStyled = styled(EuiFlexGroup)` } `; +export interface AgentStatusProps { + agentType: ResponseActionAgentType; + /** + * The agent id for which the status will be displayed. An API call will be made to retrieve the + * status. If using this component on a List view, use `statusInfo` prop instead and make API + * call to retrieve all statuses of displayed agents at the view level in order to keep API calls + * to a minimum + * + * NOTE: will be ignored if `statusInfo` prop is defined! + */ + agentId?: string; + /** + * The status info for the agent. When both `agentId` and `agentInfo` are defined, `agentInfo` will + * be used and `agentId` ignored. + */ + statusInfo?: AgentStatusInfo; + 'data-test-subj'?: string; +} + +/** + * Display the agent status of a host that supports response actions. + * + * IMPORTANT: If using this component on a list view, ensure that `statusInfo` prop is used instead + * of `agentId` in order to ensure API calls are kept to a minimum and the list view + * remains more performant. + */ export const AgentStatus = React.memo( - ({ - agentId, - agentType, - 'data-test-subj': dataTestSubj, - }: { - agentId: string; - agentType: ResponseActionAgentType; - 'data-test-subj'?: string; - }) => { + ({ agentId, agentType, statusInfo, 'data-test-subj': dataTestSubj }: AgentStatusProps) => { const getTestId = useTestIdGenerator(dataTestSubj); - const useAgentStatus = useAgentStatusHook(); - - const sentinelOneManualHostActionsEnabled = useIsExperimentalFeatureEnabled( - 'sentinelOneManualHostActionsEnabled' - ); - const responseActionsCrowdstrikeManualHostIsolationEnabled = useIsExperimentalFeatureEnabled( - 'responseActionsCrowdstrikeManualHostIsolationEnabled' - ); - const { data, isLoading, isFetched } = useAgentStatus([agentId], agentType, { - enabled: - sentinelOneManualHostActionsEnabled || responseActionsCrowdstrikeManualHostIsolationEnabled, + const enableApiCall = useMemo(() => { + return !statusInfo || !agentId; + }, [agentId, statusInfo]); + const { data, isLoading, isFetched } = useGetAgentStatus(agentId ?? '', agentType, { + enabled: enableApiCall, }); - const agentStatus = data?.[`${agentId}`]; + const agentStatus: AgentStatusInfo | undefined = useMemo(() => { + if (statusInfo) { + return statusInfo; + } + return data?.[agentId ?? '']; + }, [agentId, data, statusInfo]); + const isCurrentlyIsolated = Boolean(agentStatus?.isolated); - const pendingActions = agentStatus?.pendingActions; const [hasPendingActions, hostPendingActions] = useMemo< - [boolean, EndpointPendingActions['pending_actions']] + [boolean, AgentStatusInfo['pendingActions']] >(() => { + const pendingActions = agentStatus?.pendingActions; + if (!pendingActions) { return [false, {}]; } return [Object.keys(pendingActions).length > 0, pendingActions]; - }, [pendingActions]); + }, [agentStatus?.pendingActions]); return ( <EuiFlexGroupStyled @@ -83,7 +96,7 @@ export const AgentStatus = React.memo( {getAgentStatusText(agentStatus.status)} </EuiBadge> ) : ( - '-' + getEmptyTagValue() )} </EuiFlexItem> {(isCurrentlyIsolated || hasPendingActions) && ( diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.test.tsx deleted file mode 100644 index 40119d452d2c1..0000000000000 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.test.tsx +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { AppContextTestRender } from '../../../../../mock/endpoint'; -import { createAppRootMockRenderer } from '../../../../../mock/endpoint'; -import type { - EndpointAgentStatusByIdProps, - EndpointAgentStatusProps, -} from './endpoint_agent_status'; -import { EndpointAgentStatus, EndpointAgentStatusById } from './endpoint_agent_status'; -import type { - EndpointPendingActions, - HostInfoInterface, -} from '../../../../../../../common/endpoint/types'; -import { HostStatus } from '../../../../../../../common/endpoint/types'; -import React from 'react'; -import { EndpointActionGenerator } from '../../../../../../../common/endpoint/data_generators/endpoint_action_generator'; -import { EndpointDocGenerator } from '../../../../../../../common/endpoint/generate_data'; -import { composeHttpHandlerMocks } from '../../../../../mock/endpoint/http_handler_mock_factory'; -import type { EndpointMetadataHttpMocksInterface } from '../../../../../../management/pages/endpoint_hosts/mocks'; -import { endpointMetadataHttpMocks } from '../../../../../../management/pages/endpoint_hosts/mocks'; -import type { ResponseActionsHttpMocksInterface } from '../../../../../../management/mocks/response_actions_http_mocks'; -import { responseActionsHttpMocks } from '../../../../../../management/mocks/response_actions_http_mocks'; -import { waitFor, within, fireEvent } from '@testing-library/react'; -import { getEmptyValue } from '../../../../empty_value'; -import { clone, set } from 'lodash'; - -type AgentStatusApiMocksInterface = EndpointMetadataHttpMocksInterface & - ResponseActionsHttpMocksInterface; - -// API mocks composed from the endpoint metadata API mock and the response actions API mocks -const agentStatusApiMocks = composeHttpHandlerMocks<AgentStatusApiMocksInterface>([ - endpointMetadataHttpMocks, - responseActionsHttpMocks, -]); - -describe('When showing Endpoint Agent Status', () => { - const ENDPOINT_ISOLATION_OBJ_PATH = 'metadata.Endpoint.state.isolation'; - - let appTestContext: AppContextTestRender; - let render: () => ReturnType<AppContextTestRender['render']>; - let renderResult: ReturnType<AppContextTestRender['render']>; - let endpointDetails: HostInfoInterface; - let actionsSummary: EndpointPendingActions; - let apiMocks: ReturnType<typeof agentStatusApiMocks>; - - const triggerTooltip = () => { - fireEvent.mouseOver(renderResult.getByTestId('test-actionStatuses-tooltipTrigger')); - }; - - beforeEach(() => { - appTestContext = createAppRootMockRenderer(); - apiMocks = agentStatusApiMocks(appTestContext.coreStart.http); - - const actionGenerator = new EndpointActionGenerator('seed'); - - actionsSummary = actionGenerator.generateAgentPendingActionsSummary(); - actionsSummary.pending_actions = {}; - apiMocks.responseProvider.agentPendingActionsSummary.mockImplementation(() => { - return { - data: [actionsSummary], - }; - }); - - const metadataGenerator = new EndpointDocGenerator('seed'); - - endpointDetails = { - metadata: metadataGenerator.generateHostMetadata(), - host_status: HostStatus.HEALTHY, - } as HostInfoInterface; - apiMocks.responseProvider.metadataDetails.mockImplementation(() => endpointDetails); - }); - - describe('and using `EndpointAgentStatus` component', () => { - let renderProps: EndpointAgentStatusProps; - - beforeEach(() => { - renderProps = { - 'data-test-subj': 'test', - endpointHostInfo: endpointDetails, - }; - - render = () => { - renderResult = appTestContext.render(<EndpointAgentStatus {...renderProps} />); - return renderResult; - }; - }); - - it('should display status', () => { - const { getByTestId } = render(); - - expect(getByTestId('test').textContent).toEqual('Healthy'); - }); - - it('should display status and isolated', () => { - set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true); - const { getByTestId } = render(); - - expect(getByTestId('test').textContent).toEqual('HealthyIsolated'); - }); - - it('should display status and isolated and display other pending actions in tooltip', async () => { - set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true); - actionsSummary.pending_actions = { - 'get-file': 2, - execute: 6, - }; - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('HealthyIsolated'); - - triggerTooltip(); - - await waitFor(() => { - expect( - within(renderResult.baseElement).getByTestId('test-actionStatuses-tooltipContent') - .textContent - ).toEqual('Pending actions:execute6get-file2'); - }); - }); - - it('should display status and action count', async () => { - actionsSummary.pending_actions = { - 'get-file': 2, - execute: 6, - }; - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('Healthy8 actions pending'); - }); - - it('should display status and isolating', async () => { - actionsSummary.pending_actions = { - isolate: 1, - }; - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('HealthyIsolating'); - }); - - it('should display status and isolating and have tooltip with other pending actions', async () => { - actionsSummary.pending_actions = { - isolate: 1, - 'kill-process': 1, - }; - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('HealthyIsolating'); - - triggerTooltip(); - - await waitFor(() => { - expect( - within(renderResult.baseElement).getByTestId('test-actionStatuses-tooltipContent') - .textContent - ).toEqual('Pending actions:isolate1kill-process1'); - }); - }); - - it('should display status and releasing', async () => { - actionsSummary.pending_actions = { - unisolate: 1, - }; - set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true); - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('HealthyReleasing'); - }); - - it('should display status and releasing and show other pending actions in tooltip', async () => { - actionsSummary.pending_actions = { - unisolate: 1, - 'kill-process': 1, - }; - set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true); - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('HealthyReleasing'); - - triggerTooltip(); - - await waitFor(() => { - expect( - within(renderResult.baseElement).getByTestId('test-actionStatuses-tooltipContent') - .textContent - ).toEqual('Pending actions:kill-process1release1'); - }); - }); - - it('should show individual action count in tooltip (including unknown actions) sorted asc', async () => { - actionsSummary.pending_actions = { - isolate: 1, - 'get-file': 2, - execute: 6, - 'kill-process': 1, - foo: 2, - }; - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('HealthyIsolating'); - - triggerTooltip(); - - await waitFor(() => { - expect( - within(renderResult.baseElement).getByTestId('test-actionStatuses-tooltipContent') - .textContent - ).toEqual('Pending actions:execute6foo2get-file2isolate1kill-process1'); - }); - }); - - it('should still display status and isolation state if action summary api fails', async () => { - set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true); - apiMocks.responseProvider.agentPendingActionsSummary.mockImplementation(() => { - throw new Error('test error'); - }); - - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('HealthyIsolated'); - }); - - describe('and `autoRefresh` prop is set to true', () => { - beforeEach(() => { - renderProps.autoRefresh = true; - jest.useFakeTimers(); - }); - - afterEach(() => { - jest.useRealTimers(); - }); - - it('should keep actions up to date when autoRefresh is true', async () => { - apiMocks.responseProvider.agentPendingActionsSummary.mockReturnValueOnce({ - data: [actionsSummary], - }); - - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.agentPendingActionsSummary).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual('Healthy'); - - apiMocks.responseProvider.agentPendingActionsSummary.mockReturnValueOnce({ - data: [ - { - ...actionsSummary, - pending_actions: { - 'kill-process': 2, - 'running-processes': 2, - }, - }, - ], - }); - - jest.runOnlyPendingTimers(); - - await waitFor(() => { - expect(getByTestId('test').textContent).toEqual('Healthy4 actions pending'); - }); - }); - }); - }); - - describe('And when using EndpointAgentStatusById', () => { - let renderProps: EndpointAgentStatusByIdProps; - - beforeEach(() => { - jest.useFakeTimers(); - - renderProps = { - 'data-test-subj': 'test', - endpointAgentId: '123', - }; - - render = () => { - renderResult = appTestContext.render(<EndpointAgentStatusById {...renderProps} />); - return renderResult; - }; - }); - - afterEach(() => { - jest.useRealTimers(); - }); - - it('should display status and isolated', async () => { - set(endpointDetails, ENDPOINT_ISOLATION_OBJ_PATH, true); - const { getByTestId } = render(); - - await waitFor(() => { - expect(getByTestId('test').textContent).toEqual('HealthyIsolated'); - }); - }); - - it('should display empty value if API call to host metadata fails', async () => { - apiMocks.responseProvider.metadataDetails.mockImplementation(() => { - throw new Error('test error'); - }); - const { getByTestId } = render(); - - await waitFor(() => { - expect(apiMocks.responseProvider.metadataDetails).toHaveBeenCalled(); - }); - - expect(getByTestId('test').textContent).toEqual(getEmptyValue()); - }); - - it('should keep agent status up to date when autoRefresh is true', async () => { - renderProps.autoRefresh = true; - apiMocks.responseProvider.metadataDetails.mockReturnValueOnce(endpointDetails); - - const { getByTestId } = render(); - - await waitFor(() => { - expect(getByTestId('test').textContent).toEqual('Healthy'); - }); - - apiMocks.responseProvider.metadataDetails.mockReturnValueOnce( - set(clone(endpointDetails), 'metadata.Endpoint.state.isolation', true) - ); - jest.runOnlyPendingTimers(); - - await waitFor(() => { - expect(getByTestId('test').textContent).toEqual('HealthyIsolated'); - }); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.tsx deleted file mode 100644 index a2b6d869f9d2d..0000000000000 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/endpoint/endpoint_agent_status.tsx +++ /dev/null @@ -1,168 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React, { memo, useMemo } from 'react'; -import { EuiBadge, EuiFlexGroup, EuiFlexItem, EuiText } from '@elastic/eui'; -import styled from 'styled-components'; -import { i18n } from '@kbn/i18n'; -import { DEFAULT_POLL_INTERVAL } from '../../../../../../management/common/constants'; -import { HOST_STATUS_TO_BADGE_COLOR } from '../../../../../../management/pages/endpoint_hosts/view/host_constants'; -import { getEmptyValue } from '../../../../empty_value'; - -import { useGetEndpointPendingActionsSummary } from '../../../../../../management/hooks/response_actions/use_get_endpoint_pending_actions_summary'; -import { useTestIdGenerator } from '../../../../../../management/hooks/use_test_id_generator'; -import type { EndpointPendingActions, HostInfo } from '../../../../../../../common/endpoint/types'; -import { useGetEndpointDetails } from '../../../../../../management/hooks'; -import { getAgentStatusText } from '../../agent_status_text'; -import { AgentResponseActionsStatus } from '../agent_response_action_status'; - -export const ISOLATING_LABEL = i18n.translate( - 'xpack.securitySolution.endpoint.agentAndActionsStatus.isIsolating', - { defaultMessage: 'Isolating' } -); -export const RELEASING_LABEL = i18n.translate( - 'xpack.securitySolution.endpoint.agentAndActionsStatus.isUnIsolating', - { defaultMessage: 'Releasing' } -); -export const ISOLATED_LABEL = i18n.translate( - 'xpack.securitySolution.endpoint.agentAndActionsStatus.isolated', - { defaultMessage: 'Isolated' } -); - -const EuiFlexGroupStyled = styled(EuiFlexGroup)` - .isolation-status { - margin-left: ${({ theme }) => theme.eui.euiSizeS}; - } -`; - -export interface EndpointAgentStatusProps { - endpointHostInfo: HostInfo; - /** - * If set to `true` (Default), then the endpoint isolation state and response actions count - * will be kept up to date by querying the API periodically. - * Only used if `pendingActions` is not defined. - */ - autoRefresh?: boolean; - /** - * The pending actions for the host (as return by the pending actions summary api). - * If undefined, then this component will call the API to retrieve that list of pending actions. - * NOTE: if this prop is defined, it will invalidate `autoRefresh` prop. - */ - pendingActions?: EndpointPendingActions['pending_actions']; - 'data-test-subj'?: string; -} - -/** - * Displays the status of an Endpoint agent along with its Isolation state or the number of pending - * response actions against it. - * - * TIP: if you only have the Endpoint's `agent.id`, then consider using `EndpointAgentStatusById`, - * which will call the needed APIs to get the information necessary to display the status. - */ - -// TODO: used by `EndpointAgentStatusById` -// remove usage/code when `agentStatusClientEnabled` FF is enabled and removed -export const EndpointAgentStatus = memo<EndpointAgentStatusProps>( - ({ endpointHostInfo, autoRefresh = true, pendingActions, 'data-test-subj': dataTestSubj }) => { - const getTestId = useTestIdGenerator(dataTestSubj); - const { data: endpointPendingActions } = useGetEndpointPendingActionsSummary( - [endpointHostInfo.metadata.agent.id], - { - refetchInterval: autoRefresh ? DEFAULT_POLL_INTERVAL : false, - enabled: !pendingActions, - } - ); - - const [hasPendingActions, hostPendingActions] = useMemo< - [boolean, EndpointPendingActions['pending_actions']] - >(() => { - if (!endpointPendingActions && !pendingActions) { - return [false, {}]; - } - - const pending = pendingActions - ? pendingActions - : endpointPendingActions?.data[0].pending_actions ?? {}; - - return [Object.keys(pending).length > 0, pending]; - }, [endpointPendingActions, pendingActions]); - - const status = endpointHostInfo.host_status; - const isIsolated = Boolean(endpointHostInfo.metadata.Endpoint.state?.isolation); - - return ( - <EuiFlexGroupStyled - gutterSize="none" - responsive={false} - className="eui-textTruncate" - data-test-subj={dataTestSubj} - > - <EuiFlexItem grow={false}> - <EuiBadge - color={status != null ? HOST_STATUS_TO_BADGE_COLOR[status] : 'warning'} - data-test-subj={getTestId('agentStatus')} - className="eui-textTruncate" - > - {getAgentStatusText(status)} - </EuiBadge> - </EuiFlexItem> - {(isIsolated || hasPendingActions) && ( - <EuiFlexItem grow={false} className="eui-textTruncate isolation-status"> - <AgentResponseActionsStatus - data-test-subj={getTestId('actionStatuses')} - isIsolated={isIsolated} - pendingActions={hostPendingActions} - /> - </EuiFlexItem> - )} - </EuiFlexGroupStyled> - ); - } -); -EndpointAgentStatus.displayName = 'EndpointAgentStatus'; - -export interface EndpointAgentStatusByIdProps { - endpointAgentId: string; - /** - * If set to `true` (Default), then the endpoint status and isolation/action counts will - * be kept up to date by querying the API periodically - */ - autoRefresh?: boolean; - 'data-test-subj'?: string; -} - -/** - * Given an Endpoint Agent Id, it will make the necessary API calls and then display the agent - * status using the `<EndpointAgentStatus />` component. - * - * NOTE: if the `HostInfo` is already available, consider using `<EndpointAgentStatus/>` component - * instead in order to avoid duplicate API calls. - */ -export const EndpointAgentStatusById = memo<EndpointAgentStatusByIdProps>( - ({ endpointAgentId, autoRefresh, 'data-test-subj': dataTestSubj }) => { - const { data } = useGetEndpointDetails(endpointAgentId, { - refetchInterval: autoRefresh ? DEFAULT_POLL_INTERVAL : false, - }); - - if (!data) { - return ( - <EuiText size="xs" data-test-subj={dataTestSubj}> - <p>{getEmptyValue()}</p> - </EuiText> - ); - } - - return ( - <EndpointAgentStatus - endpointHostInfo={data} - data-test-subj={dataTestSubj} - autoRefresh={autoRefresh} - /> - ); - } -); -EndpointAgentStatusById.displayName = 'EndpointAgentStatusById'; diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/index.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/index.ts index f6c67097ef46d..8acabf42608ff 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/index.ts +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/index.ts @@ -5,6 +5,4 @@ * 2.0. */ -export * from './endpoint/endpoint_agent_status'; -export type { EndpointAgentStatusProps } from './endpoint/endpoint_agent_status'; export * from './agent_status'; diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status_text.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/translations.ts similarity index 55% rename from x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status_text.ts rename to x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/translations.ts index ac0987e295283..d3d95e7b4977b 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status_text.ts +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/agents/agent_status/translations.ts @@ -6,7 +6,7 @@ */ import { i18n } from '@kbn/i18n'; -import type { HostStatus } from '../../../../../common/endpoint/types'; +import type { HostStatus } from '../../../../../../common/endpoint/types'; export const getAgentStatusText = (hostStatus: HostStatus) => { return i18n.translate('xpack.securitySolution.endpoint.list.hostStatusValue', { @@ -15,3 +15,15 @@ export const getAgentStatusText = (hostStatus: HostStatus) => { values: { hostStatus }, }); }; +export const ISOLATING_LABEL = i18n.translate( + 'xpack.securitySolution.endpoint.agentAndActionsStatus.isIsolating', + { defaultMessage: 'Isolating' } +); +export const RELEASING_LABEL = i18n.translate( + 'xpack.securitySolution.endpoint.agentAndActionsStatus.isUnIsolating', + { defaultMessage: 'Releasing' } +); +export const ISOLATED_LABEL = i18n.translate( + 'xpack.securitySolution.endpoint.agentAndActionsStatus.isolated', + { defaultMessage: 'Isolated' } +); diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.test.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.test.tsx index 5c459286fe11b..c5bc4a01f5140 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.test.tsx @@ -5,140 +5,188 @@ * 2.0. */ -import type { FC, PropsWithChildren } from 'react'; -import React from 'react'; -import { renderHook } from '@testing-library/react-hooks'; +import type { UseHostIsolationActionProps } from './use_host_isolation_action'; import { useHostIsolationAction } from './use_host_isolation_action'; -import { QueryClient, QueryClientProvider } from '@tanstack/react-query'; +import type { AppContextTestRender, UserPrivilegesMockSetter } from '../../../../mock/endpoint'; +import { createAppRootMockRenderer, endpointAlertDataMock } from '../../../../mock/endpoint'; +import { agentStatusGetHttpMock } from '../../../../../management/mocks'; +import { useUserPrivileges as _useUserPrivileges } from '../../../user_privileges'; +import type { AlertTableContextMenuItem } from '../../../../../detections/components/alerts_table/types'; +import type { ResponseActionsApiCommandNames } from '../../../../../../common/endpoint/service/response_actions/constants'; +import { agentStatusMocks } from '../../../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks'; +import { ISOLATE_HOST, UNISOLATE_HOST } from './translations'; +import type React from 'react'; import { - useAgentStatusHook, - useGetAgentStatus, - useGetSentinelOneAgentStatus, -} from '../../../../../management/hooks/agents/use_get_agent_status'; -import { useIsExperimentalFeatureEnabled } from '../../../../hooks/use_experimental_features'; -import type { ResponseActionAgentType } from '../../../../../../common/endpoint/service/response_actions/constants'; -import { ExperimentalFeaturesService as ExperimentalFeaturesServiceMock } from '../../../../experimental_features_service'; -import { endpointAlertDataMock } from '../../../../mock/endpoint'; - -jest.mock('../../../../../management/hooks/agents/use_get_agent_status'); -jest.mock('../../../../hooks/use_experimental_features'); -jest.mock('../../../../experimental_features_service'); - -const useIsExperimentalFeatureEnabledMock = useIsExperimentalFeatureEnabled as jest.Mock; -const useGetSentinelOneAgentStatusMock = useGetSentinelOneAgentStatus as jest.Mock; -const useGetAgentStatusMock = useGetAgentStatus as jest.Mock; -const useAgentStatusHookMock = useAgentStatusHook as jest.Mock; + HOST_ENDPOINT_UNENROLLED_TOOLTIP, + LOADING_ENDPOINT_DATA_TOOLTIP, + NOT_FROM_ENDPOINT_HOST_TOOLTIP, +} from '../..'; +import { HostStatus } from '../../../../../../common/endpoint/types'; + +jest.mock('../../../user_privileges'); + +const useUserPrivilegesMock = _useUserPrivileges as jest.Mock; describe('useHostIsolationAction', () => { - const setFeatureFlags = (isEnabled: boolean = true): void => { - useIsExperimentalFeatureEnabledMock.mockReturnValue(isEnabled); - (ExperimentalFeaturesServiceMock.get as jest.Mock).mockReturnValue({ - responseActionsSentinelOneV1Enabled: isEnabled, - responseActionsCrowdstrikeManualHostIsolationEnabled: isEnabled, - }); + let appContextMock: AppContextTestRender; + let hookProps: UseHostIsolationActionProps; + let apiMock: ReturnType<typeof agentStatusGetHttpMock>; + let authMockSetter: UserPrivilegesMockSetter; + + const buildExpectedMenuItemResult = ( + overrides: Partial<AlertTableContextMenuItem> = {} + ): AlertTableContextMenuItem => { + return { + 'data-test-subj': 'isolate-host-action-item', + disabled: false, + key: 'isolate-host-action-item', + name: ISOLATE_HOST, + onClick: expect.any(Function), + ...overrides, + }; }; - const createReactQueryWrapper = () => { - const queryClient = new QueryClient(); - const wrapper: FC<PropsWithChildren<unknown>> = ({ children }) => ( - <QueryClientProvider client={queryClient}>{children}</QueryClientProvider> - ); - return wrapper; + const render = () => { + return appContextMock.renderHook(() => useHostIsolationAction(hookProps)); }; - it('should NOT return the menu item for Events', () => { - useAgentStatusHookMock.mockImplementation(() => { - return jest.fn(() => { - return { data: {} }; - }); + beforeEach(() => { + appContextMock = createAppRootMockRenderer(); + authMockSetter = appContextMock.getUserPrivilegesMockSetter(useUserPrivilegesMock); + hookProps = { + closePopover: jest.fn(), + detailsData: endpointAlertDataMock.generateEndpointAlertDetailsItemData(), + isHostIsolationPanelOpen: false, + onAddIsolationStatusClick: jest.fn(), + }; + apiMock = agentStatusGetHttpMock(appContextMock.coreStart.http); + appContextMock.setExperimentalFlag({ + responseActionsSentinelOneV1Enabled: true, + responseActionsCrowdstrikeManualHostIsolationEnabled: true, }); - setFeatureFlags(true); - const { result } = renderHook( - () => { - return useHostIsolationAction({ - closePopover: jest.fn(), - detailsData: endpointAlertDataMock.generateAlertDetailsItemDataForAgentType('foo', { - 'kibana.alert.rule.uuid': undefined, - }), - isHostIsolationPanelOpen: false, - onAddIsolationStatusClick: jest.fn(), - }); - }, - { wrapper: createReactQueryWrapper() } - ); + authMockSetter.set({ + canIsolateHost: true, + canUnIsolateHost: true, + }); + }); - expect(result.current).toHaveLength(0); + afterEach(() => { + authMockSetter.reset(); }); - // FIXME:PT refactor describe below - its not actually testing the component! Tests seem to be for `useAgentStatusHook()` - describe.each([ - ['useGetSentinelOneAgentStatus', useGetSentinelOneAgentStatusMock], - ['useGetAgentStatus', useGetAgentStatusMock], - ])('works with %s hook', (name, hook) => { - const render = (agentTypeAlert: ResponseActionAgentType) => - renderHook( - () => - useHostIsolationAction({ - closePopover: jest.fn(), - detailsData: - endpointAlertDataMock.generateAlertDetailsItemDataForAgentType(agentTypeAlert), - isHostIsolationPanelOpen: false, - onAddIsolationStatusClick: jest.fn(), - }), - { - wrapper: createReactQueryWrapper(), - } - ); - - beforeEach(() => { - useAgentStatusHookMock.mockImplementation(() => hook); - setFeatureFlags(true); - }); + it.each<ResponseActionsApiCommandNames>(['isolate', 'unisolate'])( + 'should return menu item for displaying %s', + async (command) => { + if (command === 'unisolate') { + apiMock.responseProvider.getAgentStatus.mockReturnValue({ + data: { + 'abfe4a35-d5b4-42a0-a539-bd054c791769': agentStatusMocks.generateAgentStatus({ + isolated: true, + }), + }, + }); + } - afterEach(() => { - jest.clearAllMocks(); - (ExperimentalFeaturesServiceMock.get as jest.Mock).mockReset(); - }); + const { result, waitForValueToChange } = render(); + await waitForValueToChange(() => result.current); - it(`${name} is invoked as 'enabled' when SentinelOne alert and FF enabled`, () => { - render('sentinel_one'); + expect(result.current).toEqual([ + buildExpectedMenuItemResult({ + ...(command === 'unisolate' ? { name: UNISOLATE_HOST } : {}), + }), + ]); + } + ); - expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'sentinel_one', { - enabled: true, - }); - }); - it(`${name} is invoked as 'enabled' when Crowdstrike alert and FF enabled`, () => { - render('crowdstrike'); + it('should call `closePopover` callback when menu item `onClick` is called', async () => { + const { result, waitForValueToChange } = render(); + await waitForValueToChange(() => result.current); + result.current[0].onClick!({} as unknown as React.MouseEvent); - expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'crowdstrike', { - enabled: true, - }); + expect(hookProps.closePopover).toHaveBeenCalled(); + }); + + it('should NOT return the menu item for Events', () => { + hookProps.detailsData = endpointAlertDataMock.generateAlertDetailsItemDataForAgentType('foo', { + 'kibana.alert.rule.uuid': undefined, }); + const { result } = render(); - it(`${name} is invoked as 'disabled' when SentinelOne alert and FF disabled`, () => { - setFeatureFlags(false); - render('sentinel_one'); + expect(result.current).toHaveLength(0); + }); - expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'sentinel_one', { - enabled: false, - }); + it('should NOT return menu item if user does not have authz', async () => { + authMockSetter.set({ + canIsolateHost: false, + canUnIsolateHost: false, }); + const { result } = render(); - it(`${name} is invoked as 'disabled' when Crowdstrike alert and FF disabled`, () => { - setFeatureFlags(false); - render('crowdstrike'); + expect(result.current).toHaveLength(0); + }); - expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'crowdstrike', { - enabled: false, - }); - }); + it('should NOT attempt to get Agent status if host does not support response actions', async () => { + hookProps.detailsData = []; + render(); - it(`${name} is invoked as 'disabled' when endpoint alert`, () => { - render('endpoint'); + expect(apiMock.responseProvider.getAgentStatus).not.toHaveBeenCalled(); + }); - expect(hook).toHaveBeenCalledWith(['abfe4a35-d5b4-42a0-a539-bd054c791769'], 'endpoint', { - enabled: false, + it('should return disabled menu item while loading agent status', async () => { + const { result } = render(); + + expect(result.current).toEqual([ + buildExpectedMenuItemResult({ + disabled: true, + toolTipContent: LOADING_ENDPOINT_DATA_TOOLTIP, + }), + ]); + }); + + it.each(['endpoint', 'non-endpoint'])( + 'should return disabled menu item if %s host agent is unenrolled', + async (type) => { + apiMock.responseProvider.getAgentStatus.mockReturnValue({ + data: { + 'abfe4a35-d5b4-42a0-a539-bd054c791769': agentStatusMocks.generateAgentStatus({ + status: HostStatus.UNENROLLED, + }), + }, }); - }); + if (type === 'non-endpoint') { + hookProps.detailsData = endpointAlertDataMock.generateSentinelOneAlertDetailsItemData(); + } + const { result, waitForValueToChange } = render(); + await waitForValueToChange(() => result.current); + + expect(result.current).toEqual([ + buildExpectedMenuItemResult({ + disabled: true, + toolTipContent: + type === 'endpoint' ? HOST_ENDPOINT_UNENROLLED_TOOLTIP : NOT_FROM_ENDPOINT_HOST_TOOLTIP, + }), + ]); + } + ); + + it('should call isolate API when agent is currently NOT isolated', async () => { + const { result, waitForValueToChange } = render(); + await waitForValueToChange(() => result.current); + result.current[0].onClick!({} as unknown as React.MouseEvent); + + expect(hookProps.onAddIsolationStatusClick).toHaveBeenCalledWith('isolateHost'); + }); + + it('should call un-isolate API when agent is currently isolated', async () => { + apiMock.responseProvider.getAgentStatus.mockReturnValue( + agentStatusMocks.generateAgentStatusApiResponse({ + data: { 'abfe4a35-d5b4-42a0-a539-bd054c791769': { isolated: true } }, + }) + ); + const { result, waitForValueToChange } = render(); + await waitForValueToChange(() => result.current); + result.current[0].onClick!({} as unknown as React.MouseEvent); + + expect(hookProps.onAddIsolationStatusClick).toHaveBeenCalledWith('unisolateHost'); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.tsx index 42f31ba946887..91e7cb32ceff8 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.tsx +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/host_isolation/from_alerts/use_host_isolation_action.tsx @@ -12,16 +12,13 @@ import { NOT_FROM_ENDPOINT_HOST_TOOLTIP, } from '../../responder'; import { useAlertResponseActionsSupport } from '../../../../hooks/endpoint/use_alert_response_actions_support'; -import { useIsExperimentalFeatureEnabled } from '../../../../hooks/use_experimental_features'; -import type { AgentStatusInfo } from '../../../../../../common/endpoint/types'; import { HostStatus } from '../../../../../../common/endpoint/types'; -import { useEndpointHostIsolationStatus } from './use_host_isolation_status'; import { ISOLATE_HOST, UNISOLATE_HOST } from './translations'; import { useUserPrivileges } from '../../../user_privileges'; import type { AlertTableContextMenuItem } from '../../../../../detections/components/alerts_table/types'; -import { useAgentStatusHook } from '../../../../../management/hooks/agents/use_get_agent_status'; +import { useGetAgentStatus } from '../../../../../management/hooks/agents/use_get_agent_status'; -interface UseHostIsolationActionProps { +export interface UseHostIsolationActionProps { closePopover: () => void; detailsData: TimelineEventsDetailsItem[] | null; isHostIsolationPanelOpen: boolean; @@ -44,87 +41,39 @@ export const useHostIsolationAction = ({ agentSupport: { isolate: isolationSupported }, }, } = useAlertResponseActionsSupport(detailsData); - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); - const useAgentStatus = useAgentStatusHook(); const { canIsolateHost, canUnIsolateHost } = useUserPrivileges().endpointPrivileges; - - const isEndpointAgent = useMemo(() => { - return agentType === 'endpoint'; - }, [agentType]); - - const { - loading: loadingHostIsolationStatus, - isIsolated, - agentStatus, - capabilities, - } = useEndpointHostIsolationStatus({ - agentId, - agentType, - }); - - const { data: externalAgentData } = useAgentStatus([agentId], agentType, { - enabled: hostSupportsResponseActions && !isEndpointAgent, + const { data, isLoading, isFetched } = useGetAgentStatus(agentId, agentType, { + enabled: hostSupportsResponseActions, }); - - const externalAgentStatus = externalAgentData?.[agentId]; - - const isHostIsolated = useMemo((): boolean => { - if (!isEndpointAgent) { - return Boolean(externalAgentStatus?.isolated); - } - - return isIsolated; - }, [isEndpointAgent, isIsolated, externalAgentStatus?.isolated]); + const agentStatus = data?.[agentId]; const doesHostSupportIsolation = useMemo(() => { - // With Elastic Defend Endpoint, we check that the actual `endpoint` agent on - // this host reported that capability - if (agentType === 'endpoint') { - return capabilities.includes('isolation'); - } + return hostSupportsResponseActions && isolationSupported; + }, [hostSupportsResponseActions, isolationSupported]); - return Boolean(externalAgentStatus?.found && isolationSupported); - }, [agentType, externalAgentStatus?.found, isolationSupported, capabilities]); + const isHostIsolated = useMemo(() => { + return Boolean(agentStatus?.isolated); + }, [agentStatus?.isolated]); const isolateHostHandler = useCallback(() => { closePopover(); - if (!isHostIsolated) { - onAddIsolationStatusClick('isolateHost'); - } else { - onAddIsolationStatusClick('unisolateHost'); - } - }, [closePopover, isHostIsolated, onAddIsolationStatusClick]); - const isHostAgentUnEnrolled = useMemo<boolean>(() => { - if (!hostSupportsResponseActions) { - return true; - } - - if (isEndpointAgent) { - return agentStatus === HostStatus.UNENROLLED; - } - - // NON-Endpoint agent types - // 8.15 use FF for computing if action is enabled - if (agentStatusClientEnabled) { - return externalAgentStatus?.status === HostStatus.UNENROLLED; - } - - // else use the old way - if (!externalAgentStatus) { - return true; + if (doesHostSupportIsolation) { + if (!isHostIsolated) { + onAddIsolationStatusClick('isolateHost'); + } else { + onAddIsolationStatusClick('unisolateHost'); + } } + }, [closePopover, doesHostSupportIsolation, isHostIsolated, onAddIsolationStatusClick]); - const { isUninstalled, isPendingUninstall } = externalAgentStatus as AgentStatusInfo[string]; - - return isUninstalled || isPendingUninstall; - }, [ - hostSupportsResponseActions, - isEndpointAgent, - agentStatusClientEnabled, - externalAgentStatus, - agentStatus, - ]); + const isHostAgentUnEnrolled = useMemo<boolean>(() => { + return ( + !hostSupportsResponseActions || + !agentStatus?.found || + agentStatus.status === HostStatus.UNENROLLED + ); + }, [hostSupportsResponseActions, agentStatus]); return useMemo<AlertTableContextMenuItem[]>(() => { // If not an Alert OR user has no Authz, then don't show the menu item at all @@ -147,14 +96,15 @@ export const useHostIsolationAction = ({ // support response actions, then show that as the tooltip. Else, just show the normal "enroll" message menuItem.toolTipContent = agentType && unsupportedReason ? unsupportedReason : NOT_FROM_ENDPOINT_HOST_TOOLTIP; - } else if (isEndpointAgent && loadingHostIsolationStatus) { + } else if (isLoading || !isFetched) { menuItem.disabled = true; menuItem.toolTipContent = LOADING_ENDPOINT_DATA_TOOLTIP; } else if (isHostAgentUnEnrolled) { menuItem.disabled = true; - menuItem.toolTipContent = isEndpointAgent - ? HOST_ENDPOINT_UNENROLLED_TOOLTIP - : NOT_FROM_ENDPOINT_HOST_TOOLTIP; + menuItem.toolTipContent = + agentType === 'endpoint' + ? HOST_ENDPOINT_UNENROLLED_TOOLTIP + : NOT_FROM_ENDPOINT_HOST_TOOLTIP; } return [menuItem]; @@ -167,8 +117,8 @@ export const useHostIsolationAction = ({ isHostIsolationPanelOpen, isolateHostHandler, doesHostSupportIsolation, - isEndpointAgent, - loadingHostIsolationStatus, + isLoading, + isFetched, agentType, unsupportedReason, ]); diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.test.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.test.ts index 89ad874726d91..88383ecb7eff4 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.test.ts +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.test.ts @@ -107,25 +107,6 @@ describe('use responder action data hooks', () => { expect(onClickMock).not.toHaveBeenCalled(); }); - }); - - describe('and agentType is NOT Endpoint', () => { - beforeEach(() => { - alertDetailItemData = endpointAlertDataMock.generateSentinelOneAlertDetailsItemData(); - }); - - it('should show action when agentType is supported', () => { - expect(renderHook().result.current).toEqual(getExpectedResponderActionData()); - }); - - it('should NOT call the endpoint host metadata api', () => { - renderHook(); - const wasMetadataApiCalled = appContextMock.coreStart.http.get.mock.calls.some(([path]) => { - return (path as unknown as string).includes(HOST_METADATA_LIST_ROUTE); - }); - - expect(wasMetadataApiCalled).toBe(false); - }); it.each([...RESPONSE_ACTION_AGENT_TYPE])( 'should show action disabled with tooltip for %s if agent id field is missing', @@ -150,6 +131,25 @@ describe('use responder action data hooks', () => { ); }); + describe('and agentType is NOT Endpoint', () => { + beforeEach(() => { + alertDetailItemData = endpointAlertDataMock.generateSentinelOneAlertDetailsItemData(); + }); + + it('should show action when agentType is supported', () => { + expect(renderHook().result.current).toEqual(getExpectedResponderActionData()); + }); + + it('should NOT call the endpoint host metadata api', () => { + renderHook(); + const wasMetadataApiCalled = appContextMock.coreStart.http.get.mock.calls.some(([path]) => { + return (path as unknown as string).includes(HOST_METADATA_LIST_ROUTE); + }); + + expect(wasMetadataApiCalled).toBe(false); + }); + }); + describe('and agentType IS Endpoint', () => { let metadataApiMocks: ReturnType<typeof endpointMetadataHttpMocks>; diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.ts b/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.ts index 266425dd452da..7e73d86aa1d06 100644 --- a/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.ts +++ b/x-pack/plugins/security_solution/public/common/components/endpoint/responder/from_alerts/use_responder_action_data.ts @@ -133,8 +133,6 @@ const useResponderDataForEndpointHost = ( endpointAgentId: string, enabled: boolean = true ): ResponderDataForEndpointHost => { - // FIXME:PT is this the correct API to call? or should we call the agent status api instead - const { data: endpointHostInfo, isFetching, diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx index 26d98016c169c..5ec5cf8ce892c 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/columns.tsx @@ -6,10 +6,10 @@ */ import { EuiPanel, EuiText } from '@elastic/eui'; -import { get } from 'lodash'; import memoizeOne from 'memoize-one'; import React from 'react'; import styled from 'styled-components'; +import { getCategory } from '@kbn/triggers-actions-ui-plugin/public'; import { SecurityCellActions, CellActionsMode, SecurityCellActionsTrigger } from '../cell_actions'; import type { BrowserFields } from '../../containers/source'; import * as i18n from './translations'; @@ -35,9 +35,12 @@ const HoverActionsContainer = styled(EuiPanel)` HoverActionsContainer.displayName = 'HoverActionsContainer'; export const getFieldFromBrowserField = memoizeOne( - (keys: string[], browserFields: BrowserFields): BrowserField | undefined => - get(browserFields, keys), - (newArgs, lastArgs) => newArgs[0].join() === lastArgs[0].join() + (field: string, browserFields: BrowserFields): BrowserField | undefined => { + const category = getCategory(field); + + return browserFields[category]?.fields?.[field] as BrowserField; + }, + (newArgs, lastArgs) => newArgs[0] === lastArgs[0] ); export const getColumns: ColumnsProvider = ({ @@ -106,10 +109,7 @@ export const getColumns: ColumnsProvider = ({ sortable: true, truncateText: false, render: (values, data) => { - const fieldFromBrowserField = getFieldFromBrowserField( - [data.category as string, 'fields', data.field], - browserFields - ); + const fieldFromBrowserField = getFieldFromBrowserField(data.field, browserFields); return ( <FieldValueCell contextId={contextId} diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx index 433cf98d8fa97..1ddc73207725a 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/event_fields_browser.test.tsx @@ -204,9 +204,7 @@ describe('EventFieldsBrowser', () => { expect( wrapper.find('[data-test-subj="field-name-cell"]').at(0).find('EuiToolTip').prop('content') - ).toContain( - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events. Example: 2016-05-23T08:05:34.853Z' - ); + ).toContain('Date/time when the event originated.'); }); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx index bcdec78fe0614..6e5f4f7217527 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/helpers.test.tsx @@ -5,29 +5,18 @@ * 2.0. */ -import { mockDetailItemData } from '../../mock/mock_detail_item'; - import { getExampleText, getIconFromType } from './helpers'; -import { mockBrowserFields } from '../../containers/source/mock'; - -const aField = { - ...mockDetailItemData[4], - ...mockBrowserFields.base.fields?.['@timestamp'], -}; describe('helpers', () => { describe('getExampleText', () => { test('it returns the expected example text when the field contains an example', () => { - expect(getExampleText(aField.example)).toEqual('Example: 2016-05-23T08:05:34.853Z'); + expect(getExampleText('2016-05-23T08:05:34.853Z')).toEqual( + 'Example: 2016-05-23T08:05:34.853Z' + ); }); test(`it returns an empty string when the field's example is an empty string`, () => { - const fieldWithEmptyExample = { - ...aField, - example: '', - }; - - expect(getExampleText(fieldWithEmptyExample.example)).toEqual(''); + expect(getExampleText('')).toEqual(''); }); }); diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx index e465bfb37407e..3848bb8a15295 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/summary_view.test.tsx @@ -21,9 +21,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW'; const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::']; const hostIpFieldFromBrowserField: BrowserField = { aggregatable: true, - category: 'host', - description: 'Host ip addresses.', - example: '127.0.0.1', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx index 1304c14f9044a..3ca3ae7a2b0c7 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_name_cell.tsx @@ -10,11 +10,21 @@ import { EuiFlexGroup, EuiFlexItem, EuiBadge, EuiText, EuiToolTip } from '@elast import { isEmpty } from 'lodash'; import { FieldIcon } from '@kbn/react-field'; import type { DataViewField } from '@kbn/data-views-plugin/common'; +import { EcsFlat } from '@elastic/ecs'; import * as i18n from '../translations'; import { getExampleText } from '../helpers'; import type { EventFieldsData } from '../types'; import { getFieldTypeName } from './get_field_type_name'; +const getEcsField = (field: string): { example?: string; description?: string } | undefined => { + return EcsFlat[field as keyof typeof EcsFlat] as + | { + example?: string; + description?: string; + } + | undefined; +}; + export interface FieldNameCellProps { data: EventFieldsData; field: string; @@ -23,13 +33,11 @@ export interface FieldNameCellProps { } export const FieldNameCell = React.memo( ({ data, field, fieldMapping, scripted }: FieldNameCellProps) => { + const ecsField = getEcsField(field); const typeName = getFieldTypeName(data.type); // TODO: We don't have fieldMapping or isMultiField until kibana indexPatterns is implemented. Will default to field for now const displayName = fieldMapping && fieldMapping.displayName ? fieldMapping.displayName : field; const defaultTooltip = displayName !== field ? `${field} (${displayName})` : field; - // TODO: Remove. This is what was used to show the plaintext fieldName vs the tooltip one - // const showPlainTextName = - // (data.isObjectArray && data.type !== 'geo_point') || fieldFromBrowserField == null; const isMultiField = fieldMapping?.isSubtypeMulti(); return ( <> @@ -52,8 +60,8 @@ export const FieldNameCell = React.memo( <EuiToolTip position="top" content={ - !isEmpty(data.description) - ? `${data.description} ${getExampleText(data.example)}` + !isEmpty(ecsField?.description) + ? `${ecsField?.description} ${getExampleText(ecsField?.example)}` : defaultTooltip } delay="long" diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_value_cell.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_value_cell.test.tsx index 6c78e4ba4fa4c..2529122140b07 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/table/field_value_cell.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/field_value_cell.test.tsx @@ -20,9 +20,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW'; const hostIpData: EventFieldsData = { aggregatable: true, ariaRowindex: 35, - category: 'host', - description: 'Host ip addresses.', - example: '127.0.0.1', field: 'host.ip', fields: {}, format: '', @@ -89,10 +86,6 @@ describe('FieldValueCell', () => { const messageData: EventFieldsData = { aggregatable: false, ariaRowindex: 50, - category: 'base', - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', field: 'message', fields: {}, format: '', @@ -109,10 +102,6 @@ describe('FieldValueCell', () => { const messageFieldFromBrowserField: BrowserField = { aggregatable: false, - category: 'base', - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], @@ -150,9 +139,6 @@ describe('FieldValueCell', () => { describe('when `BrowserField` metadata IS available', () => { const hostIpFieldFromBrowserField: BrowserField = { aggregatable: true, - category: 'host', - description: 'Host ip addresses.', - example: '127.0.0.1', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx index 3afe62980628d..d48d7cd0fdaaf 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/prevalence_cell.test.tsx @@ -27,9 +27,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW'; const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::']; const hostIpFieldFromBrowserField: BrowserField = { aggregatable: true, - category: 'host', - description: 'Host ip addresses.', - example: '127.0.0.1', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx index ace35265885f8..859d1b258c796 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/table/summary_value_cell.test.tsx @@ -24,9 +24,6 @@ const eventId = 'TUWyf3wBFCFU0qRJTauW'; const hostIpValues = ['127.0.0.1', '::1', '10.1.2.3', '2001:0DB8:AC10:FE01::']; const hostIpFieldFromBrowserField: BrowserField = { aggregatable: true, - category: 'host', - description: 'Host ip addresses.', - example: '127.0.0.1', fields: {}, format: '', indexes: ['auditbeat-*', 'filebeat-*', 'logs-*', 'winlogbeat-*'], @@ -61,9 +58,6 @@ const enrichedAgentStatusData: AlertSummaryRow['description'] = { format: '', type: '', aggregatable: false, - description: '', - example: '', - category: '', fields: {}, indexes: [], name: AGENT_STATUS_FIELD_NAME, diff --git a/x-pack/plugins/security_solution/public/common/containers/source/mock.ts b/x-pack/plugins/security_solution/public/common/containers/source/mock.ts index c3cd086ea056f..ad0a86d2490df 100644 --- a/x-pack/plugins/security_solution/public/common/containers/source/mock.ts +++ b/x-pack/plugins/security_solution/public/common/containers/source/mock.ts @@ -53,10 +53,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'agent.ephemeral_id': { aggregatable: true, - category: 'agent', - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.ephemeral_id', @@ -66,9 +62,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.hostname': { aggregatable: true, - category: 'agent', - description: null, - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.hostname', @@ -78,10 +71,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.id': { aggregatable: true, - category: 'agent', - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.id', @@ -91,10 +80,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.name': { aggregatable: true, - category: 'agent', - description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', - example: 'foo', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.name', @@ -108,9 +93,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'auditd.data.a0': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a0', @@ -120,9 +102,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a1': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a1', @@ -132,9 +111,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a2': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a2', @@ -148,10 +124,6 @@ export const mockBrowserFields: BrowserFields = { fields: { '@timestamp': { aggregatable: true, - category: 'base', - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', @@ -161,9 +133,6 @@ export const mockBrowserFields: BrowserFields = { readFromDocValues: true, }, _id: { - category: 'base', - description: 'Each document has an _id that uniquely identifies it', - example: 'Y-6TfmcB0WOhS6qyMv3s', name: '_id', type: 'string', esTypes: [], @@ -172,10 +141,6 @@ export const mockBrowserFields: BrowserFields = { indexes: ['auditbeat', 'filebeat', 'packetbeat'], }, message: { - category: 'base', - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', name: 'message', type: 'string', esTypes: ['text'], @@ -190,10 +155,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'client.address': { aggregatable: true, - category: 'client', - description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.address', @@ -203,9 +164,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.bytes': { aggregatable: true, - category: 'client', - description: 'Bytes sent from the client to the server.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.bytes', @@ -215,9 +173,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.domain': { aggregatable: true, - category: 'client', - description: 'Client domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.domain', @@ -227,9 +182,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.geo.country_iso_code': { aggregatable: true, - category: 'client', - description: 'Country ISO code.', - example: 'CA', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.geo.country_iso_code', @@ -243,10 +195,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'cloud.account.id': { aggregatable: true, - category: 'cloud', - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', @@ -256,9 +204,6 @@ export const mockBrowserFields: BrowserFields = { }, 'cloud.availability_zone': { aggregatable: true, - category: 'cloud', - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.availability_zone', @@ -272,9 +217,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'container.id': { aggregatable: true, - category: 'container', - description: 'Unique container id.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.id', @@ -284,9 +226,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.name': { aggregatable: true, - category: 'container', - description: 'Name of the image the container was built on.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.name', @@ -296,9 +235,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.tag': { aggregatable: true, - category: 'container', - description: 'Container image tag.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.tag', @@ -312,10 +248,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'destination.address': { aggregatable: true, - category: 'destination', - description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.address', @@ -325,9 +257,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.bytes': { aggregatable: true, - category: 'destination', - description: 'Bytes sent from the destination to the source.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.bytes', @@ -337,9 +266,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.domain': { aggregatable: true, - category: 'destination', - description: 'Destination domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.domain', @@ -349,10 +275,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.ip': { aggregatable: true, - category: 'destination', - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.ip', @@ -362,9 +284,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.port': { aggregatable: true, - category: 'destination', - description: 'Port of the destination.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.port', @@ -377,10 +296,6 @@ export const mockBrowserFields: BrowserFields = { event: { fields: { 'event.end': { - category: 'event', - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: null, format: '', indexes: DEFAULT_INDEX_PATTERN, name: 'event.end', @@ -390,10 +305,6 @@ export const mockBrowserFields: BrowserFields = { aggregatable: true, }, 'event.action': { - category: 'event', - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', name: 'event.action', type: 'string', esTypes: ['keyword'], @@ -403,10 +314,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.category': { - category: 'event', - description: - 'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.', - example: 'authentication', name: 'event.category', type: 'string', esTypes: ['keyword'], @@ -416,10 +323,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.severity': { - category: 'event', - description: - "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.", - example: 7, name: 'event.severity', type: 'number', esTypes: ['long'], @@ -429,9 +332,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.kind': { - category: 'event', - description: 'This defined the type of event eg. alerts', - example: 'signal', name: 'event.kind', type: 'string', esTypes: ['keyword'], @@ -445,9 +345,6 @@ export const mockBrowserFields: BrowserFields = { host: { fields: { 'host.name': { - category: 'host', - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', name: 'host.name', type: 'string', esTypes: ['keyword'], @@ -462,9 +359,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'source.ip': { aggregatable: true, - category: 'source', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.ip', @@ -474,9 +368,6 @@ export const mockBrowserFields: BrowserFields = { }, 'source.port': { aggregatable: true, - category: 'source', - description: 'Port of the source.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.port', @@ -489,9 +380,6 @@ export const mockBrowserFields: BrowserFields = { user: { fields: { 'user.name': { - category: 'user', - description: 'Short name or login of the user.', - example: 'albert', name: 'user.name', type: 'string', esTypes: ['keyword'], @@ -506,9 +394,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'nestedField.firstAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.firstAttributes', @@ -522,9 +407,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.secondAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.secondAttributes', @@ -538,9 +420,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.thirdAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.thirdAttributes', diff --git a/x-pack/plugins/security_solution/public/common/lib/endpoint/endpoint_pending_actions/endpoint_pending_actions.ts b/x-pack/plugins/security_solution/public/common/lib/endpoint/endpoint_pending_actions/endpoint_pending_actions.ts index 86e3a88cc0d2b..624e5f17592d0 100644 --- a/x-pack/plugins/security_solution/public/common/lib/endpoint/endpoint_pending_actions/endpoint_pending_actions.ts +++ b/x-pack/plugins/security_solution/public/common/lib/endpoint/endpoint_pending_actions/endpoint_pending_actions.ts @@ -21,6 +21,8 @@ import { ACTION_STATUS_ROUTE } from '../../../../../common/endpoint/constants'; export const fetchPendingActionsByAgentId = ( agentIds: PendingActionsRequestQuery['agent_ids'] ): Promise<PendingActionsResponse> => { + // FIXME:PT Delete method now that we are using new internal API (team issue: 9783) + return KibanaServices.get().http.get<PendingActionsResponse>(ACTION_STATUS_ROUTE, { version: '2023-10-31', query: { diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts index b7893592296e9..d16fd182928de 100644 --- a/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts +++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/constants.ts @@ -60,7 +60,6 @@ export enum TelemetryEventTypes { AssetCriticalityCsvPreviewGenerated = 'Asset Criticality Csv Preview Generated', AssetCriticalityFileSelected = 'Asset Criticality File Selected', AssetCriticalityCsvImported = 'Asset Criticality CSV Imported', - AttackDiscoveriesGenerated = 'Attack Discoveries Generated', EntityDetailsClicked = 'Entity Details Clicked', EntityAlertsClicked = 'Entity Alerts Clicked', EntityRiskFiltered = 'Entity Risk Filtered', diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/index.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/index.ts deleted file mode 100644 index 4305556923c99..0000000000000 --- a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/index.ts +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { TelemetryEvent } from '../../types'; -import { TelemetryEventTypes } from '../../constants'; - -export const insightsGeneratedEvent: TelemetryEvent = { - eventType: TelemetryEventTypes.AttackDiscoveriesGenerated, - schema: { - actionTypeId: { - type: 'keyword', - _meta: { - description: 'Kibana connector type', - optional: false, - }, - }, - durationMs: { - type: 'integer', - _meta: { - description: 'Duration of request in ms', - optional: false, - }, - }, - alertsContextCount: { - type: 'integer', - _meta: { - description: 'Number of alerts sent as context to the LLM', - optional: false, - }, - }, - alertsCount: { - type: 'integer', - _meta: { - description: 'Number of unique alerts referenced in the attack discoveries', - optional: false, - }, - }, - configuredAlertsCount: { - type: 'integer', - _meta: { - description: 'Number of alerts configured by the user', - optional: false, - }, - }, - model: { - type: 'keyword', - _meta: { - description: 'LLM model', - optional: true, - }, - }, - provider: { - type: 'keyword', - _meta: { - description: 'OpenAI provider', - optional: true, - }, - }, - }, -}; diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/types.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/types.ts deleted file mode 100644 index dc83083bd38e3..0000000000000 --- a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/attack_discovery/types.ts +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { RootSchema } from '@kbn/core/public'; -import type { TelemetryEventTypes } from '../../constants'; - -export interface ReportAttackDiscoveriesGeneratedParams { - actionTypeId: string; - provider?: string; - model?: string; - durationMs: number; - alertsContextCount: number; - alertsCount: number; - configuredAlertsCount: number; -} - -export type ReportAttackDiscoveryTelemetryEventParams = ReportAttackDiscoveriesGeneratedParams; - -export interface AttackDiscoveryTelemetryEvent { - eventType: TelemetryEventTypes.AttackDiscoveriesGenerated; - schema: RootSchema<ReportAttackDiscoveriesGeneratedParams>; -} diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts index fa9875a027db6..8fe949fc783e7 100644 --- a/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts +++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/events/telemetry_events.ts @@ -28,7 +28,6 @@ import { assistantMessageSentEvent, assistantQuickPrompt, } from './ai_assistant'; -import { insightsGeneratedEvent } from './attack_discovery'; import { dataQualityIndexCheckedEvent, dataQualityCheckAllClickedEvent } from './data_quality'; import { DocumentDetailsFlyoutOpenedEvent, @@ -156,7 +155,6 @@ export const telemetryEvents = [ assistantMessageSentEvent, assistantQuickPrompt, assistantSettingToggledEvent, - insightsGeneratedEvent, entityClickedEvent, entityAlertsClickedEvent, entityRiskFilteredEvent, diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts index e1c4c8d4746cf..747a0a3a57770 100644 --- a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts +++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.mock.ts @@ -35,5 +35,4 @@ export const createTelemetryClientMock = (): jest.Mocked<TelemetryClientStart> = reportAssetCriticalityCsvPreviewGenerated: jest.fn(), reportAssetCriticalityFileSelected: jest.fn(), reportAssetCriticalityCsvImported: jest.fn(), - reportAttackDiscoveriesGenerated: jest.fn(), }); diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts index 3ca55ab75e685..266b3c737eb62 100644 --- a/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts +++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/telemetry_client.ts @@ -24,7 +24,6 @@ import type { ReportAssistantMessageSentParams, ReportAssistantQuickPromptParams, ReportAssistantSettingToggledParams, - ReportAttackDiscoveriesGeneratedParams, ReportRiskInputsExpandedFlyoutOpenedParams, ReportToggleRiskSummaryClickedParams, ReportDetailsFlyoutOpenedParams, @@ -74,10 +73,6 @@ export class TelemetryClient implements TelemetryClientStart { this.analytics.reportEvent(TelemetryEventTypes.AssistantSettingToggled, params); }; - public reportAttackDiscoveriesGenerated = (params: ReportAttackDiscoveriesGeneratedParams) => { - this.analytics.reportEvent(TelemetryEventTypes.AttackDiscoveriesGenerated, params); - }; - public reportEntityDetailsClicked = ({ entity }: ReportEntityDetailsClickedParams) => { this.analytics.reportEvent(TelemetryEventTypes.EntityDetailsClicked, { entity, diff --git a/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts b/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts index 3be54678c0ad8..9e7a49a91497e 100644 --- a/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts +++ b/x-pack/plugins/security_solution/public/common/lib/telemetry/types.ts @@ -6,11 +6,6 @@ */ import type { AnalyticsServiceSetup, RootSchema } from '@kbn/core/public'; -import type { - AttackDiscoveryTelemetryEvent, - ReportAttackDiscoveriesGeneratedParams, - ReportAttackDiscoveryTelemetryEventParams, -} from './events/attack_discovery/types'; import type { SecurityCellActionMetadata } from '../../../app/actions/types'; import type { ML_JOB_TELEMETRY_STATUS, TelemetryEventTypes } from './constants'; import type { @@ -61,7 +56,6 @@ import type { export * from './events/ai_assistant/types'; export * from './events/alerts_grouping/types'; -export * from './events/attack_discovery/types'; export * from './events/data_quality/types'; export * from './events/onboarding/types'; export type { @@ -108,7 +102,6 @@ export interface ReportBreadcrumbClickedParams { export type TelemetryEventParams = | ReportAlertsGroupingTelemetryEventParams | ReportAssistantTelemetryEventParams - | ReportAttackDiscoveryTelemetryEventParams | ReportEntityAnalyticsTelemetryEventParams | ReportMLJobUpdateParams | ReportCellActionClickedParams @@ -132,9 +125,6 @@ export interface TelemetryClientStart { reportAssistantQuickPrompt(params: ReportAssistantQuickPromptParams): void; reportAssistantSettingToggled(params: ReportAssistantSettingToggledParams): void; - // Attack discovery - reportAttackDiscoveriesGenerated(params: ReportAttackDiscoveriesGeneratedParams): void; - // Entity Analytics reportEntityDetailsClicked(params: ReportEntityDetailsClickedParams): void; reportEntityAlertsClicked(params: ReportEntityAlertsClickedParams): void; @@ -173,7 +163,6 @@ export type TelemetryEvent = | EntityAnalyticsTelemetryEvent | DataQualityTelemetryEvents | DocumentDetailsTelemetryEvents - | AttackDiscoveryTelemetryEvent | { eventType: TelemetryEventTypes.MLJobUpdate; schema: RootSchema<ReportMLJobUpdateParams>; diff --git a/x-pack/plugins/security_solution/public/common/mock/global_state.ts b/x-pack/plugins/security_solution/public/common/mock/global_state.ts index 2a61b964774ee..4365a30c2f07d 100644 --- a/x-pack/plugins/security_solution/public/common/mock/global_state.ts +++ b/x-pack/plugins/security_solution/public/common/mock/global_state.ts @@ -520,9 +520,13 @@ export const mockGlobalState: State = { }, status: { fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Idle, }, error: { fetchNotesByDocumentId: null, + createNote: null, + deleteNote: null, }, }, }; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_columns.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_columns.tsx index 4428d6cca6de6..984f0f5dee926 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_columns.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_columns.tsx @@ -169,11 +169,11 @@ export const getSourceEventTimeRangeColumns = () => [ return backfill ? ( <div> <div> - <FormattedDate value={backfill.to} fieldName="backfill.to" /> + <FormattedDate value={backfill.from} fieldName="backfill.from" /> </div> <EuiText textAlign="center">{'-'}</EuiText> <div> - <FormattedDate value={backfill.from} fieldName="backfill.from" /> + <FormattedDate value={backfill.to} fieldName="backfill.to" /> </div> </div> ) : ( diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_table.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_table.tsx index 1444dc8e0fd40..981f80f36f744 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_table.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/execution_log_table.tsx @@ -78,7 +78,7 @@ import { getSourceEventTimeRangeColumns, } from './execution_log_columns'; import { ExecutionLogSearchBar } from './execution_log_search_bar'; -import { RuleBackfillsInfo } from '../../../../rule_gaps/components/rule_backfills_info'; + import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features'; const EXECUTION_UUID_FIELD_NAME = 'kibana.alert.rule.execution.uuid'; @@ -594,9 +594,6 @@ const ExecutionLogTableComponent: React.FC<ExecutionLogTableProps> = ({ itemIdToExpandedRowMap={rows.itemIdToExpandedRowMap} data-test-subj="executionsTable" /> - - <EuiSpacer size="xl" /> - <RuleBackfillsInfo ruleId={ruleId} /> </EuiPanel> ); }; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/translations.ts index f84e0b6b859c2..76b3f5483baad 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/translations.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/execution_log_table/translations.ts @@ -93,7 +93,8 @@ export const COLUMN_SOURCE_EVENT_TIME_RANGE = i18n.translate( export const COLUMN_SOURCE_EVENT_TIME_RANGE_TOOLTIP = i18n.translate( 'xpack.securitySolution.detectionEngine.ruleDetails.ruleExecutionLog.sourceEventTimeRangeTooltip', { - defaultMessage: "Only for manual rule runs. Don't include additional lookback time.", + defaultMessage: + "Only applies to manual rule executions. If the rule has look-back time, it's included in the logged time range.", } ); diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx index 43491a1969fff..71ae7791fab0d 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx @@ -112,6 +112,7 @@ import { } from '../../../../detections/components/rules/rule_execution_status'; import { ExecutionEventsTable } from '../../../rule_monitoring'; import { ExecutionLogTable } from './execution_log_table/execution_log_table'; +import { RuleBackfillsInfo } from '../../../rule_gaps/components/rule_backfills_info'; import * as ruleI18n from '../../../../detections/pages/detection_engine/rules/translations'; @@ -138,6 +139,7 @@ import { RuleSnoozeBadge } from '../../../rule_management/components/rule_snooze import { useBoolState } from '../../../../common/hooks/use_bool_state'; import { RuleDefinitionSection } from '../../../rule_management/components/rule_details/rule_definition_section'; import { RuleScheduleSection } from '../../../rule_management/components/rule_details/rule_schedule_section'; +import { CustomizedPrebuiltRuleBadge } from '../../../rule_management/components/rule_details/customized_prebuilt_rule_badge'; import { ManualRuleRunModal } from '../../../rule_gaps/components/manual_rule_run'; import { useManualRuleRunConfirmation } from '../../../rule_gaps/components/manual_rule_run/use_manual_rule_run_confirmation'; // eslint-disable-next-line no-restricted-imports @@ -591,15 +593,16 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({ border subtitle={subTitle} subtitle2={ - <> - <EuiFlexGroup gutterSize="xs" alignItems="center" justifyContent="flexStart"> + <EuiFlexGroup gutterSize="m" alignItems="center" justifyContent="flexStart"> + <CustomizedPrebuiltRuleBadge rule={rule} /> + <EuiFlexGroup alignItems="center" gutterSize="xs"> <EuiFlexItem grow={false}> {ruleStatusI18n.STATUS} {':'} </EuiFlexItem> {ruleStatusInfo} </EuiFlexGroup> - </> + </EuiFlexGroup> } title={title} badgeOptions={badgeOptions} @@ -785,13 +788,17 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({ /> </Route> <Route path={`/rules/id/:detailName/:tabName(${RuleDetailTabs.executionResults})`}> - <ExecutionLogTable - ruleId={ruleId} - selectAlertsTab={navigateToAlertsTab} - analytics={analytics} - i18n={i18nStart} - theme={theme} - /> + <> + <ExecutionLogTable + ruleId={ruleId} + selectAlertsTab={navigateToAlertsTab} + analytics={analytics} + i18n={i18nStart} + theme={theme} + /> + <EuiSpacer size="xl" /> + <RuleBackfillsInfo ruleId={ruleId} /> + </> </Route> <Route path={`/rules/id/:detailName/:tabName(${RuleDetailTabs.executionEvents})`}> <ExecutionEventsTable ruleId={ruleId} /> diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/api/hooks/use_schedule_rule_run_mutation.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/api/hooks/use_schedule_rule_run_mutation.ts index 78e3c5cbe6ca5..98c8a436393ad 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/api/hooks/use_schedule_rule_run_mutation.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/api/hooks/use_schedule_rule_run_mutation.ts @@ -9,6 +9,7 @@ import type { UseMutationOptions } from '@tanstack/react-query'; import { useMutation } from '@tanstack/react-query'; import type { ScheduleBackfillProps } from '../../types'; import { scheduleRuleRun } from '../api'; +import { useInvalidateFindBackfillQuery } from './use_find_backfills_for_rules'; export const SCHEDULE_RULE_RUN_MUTATION_KEY = [ 'POST', @@ -18,8 +19,15 @@ export const SCHEDULE_RULE_RUN_MUTATION_KEY = [ export const useScheduleRuleRunMutation = ( options?: UseMutationOptions<unknown, Error, ScheduleBackfillProps> ) => { + const invalidateBackfillQuery = useInvalidateFindBackfillQuery(); return useMutation((scheduleOptions: ScheduleBackfillProps) => scheduleRuleRun(scheduleOptions), { ...options, + onSettled: (...args) => { + invalidateBackfillQuery(); + if (options?.onSettled) { + options.onSettled(...args); + } + }, mutationKey: SCHEDULE_RULE_RUN_MUTATION_KEY, }); }; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.test.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.test.tsx index 5ff3d23da7ec6..c3efb2d0d89ae 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.test.tsx @@ -6,18 +6,20 @@ */ import React from 'react'; +import moment from 'moment'; import { fireEvent, render, screen } from '@testing-library/react'; -import { ManualRuleRunModal } from '.'; +import { ManualRuleRunModal, MAX_SCHEDULE_BACKFILL_LOOKBACK_WINDOW_DAYS } from '.'; -const DATE_PICKER_PREVIOUS_BTN_CLASS = '.react-datepicker__navigation--previous'; -const DATE_PICKER_NEXT_BTN_CLASS = '.react-datepicker__navigation--next'; +const convertToDatePickerFormat = (date: moment.Moment) => { + return `${date.format('L')} ${date.format('LT')}`; +}; describe('ManualRuleRunModal', () => { const onCancelMock = jest.fn(); const onConfirmMock = jest.fn(); - let startDatePicker: HTMLElement; - let endDatePicker: HTMLElement; + let startDatePicker: Element; + let endDatePicker: Element; let confirmModalConfirmButton: HTMLElement; let cancelModalConfirmButton: HTMLElement; let timeRangeForm: HTMLElement; @@ -28,18 +30,13 @@ describe('ManualRuleRunModal', () => { }); beforeEach(() => { - // This is an attempt to fix the "TypeError: scrollIntoView is not a function" error - // According to https://stackoverflow.com/a/53294906 the `scrollIntoView` is not implemented in jsdom, - // and proposed solution is coming from https://github.com/jsdom/jsdom/issues/1695 - window.HTMLElement.prototype.scrollIntoView = () => {}; - render(<ManualRuleRunModal onCancel={onCancelMock} onConfirm={onConfirmMock} />); - startDatePicker = screen.getByTestId('start-date-picker'); - endDatePicker = screen.getByTestId('end-date-picker'); + timeRangeForm = screen.getByTestId('manual-rule-run-time-range-form'); + startDatePicker = timeRangeForm.getElementsByClassName('start-date-picker')[0]; + endDatePicker = timeRangeForm.getElementsByClassName('end-date-picker')[0]; confirmModalConfirmButton = screen.getByTestId('confirmModalConfirmButton'); cancelModalConfirmButton = screen.getByTestId('confirmModalCancelButton'); - timeRangeForm = screen.getByTestId('manual-rule-run-time-range-form'); }); it('should render modal', () => { @@ -51,7 +48,16 @@ describe('ManualRuleRunModal', () => { it('should render confirmation button disabled if invalid time range has been selected', () => { expect(confirmModalConfirmButton).toBeEnabled(); - fireEvent.click(endDatePicker.querySelector(DATE_PICKER_PREVIOUS_BTN_CLASS)!); + const now = moment(); + const startDate = now.clone().subtract(1, 'd'); + const endDate = now.clone().subtract(2, 'd'); + + fireEvent.change(startDatePicker, { + target: { value: convertToDatePickerFormat(startDate) }, + }); + fireEvent.change(endDatePicker, { + target: { value: convertToDatePickerFormat(endDate) }, + }); expect(confirmModalConfirmButton).toBeDisabled(); expect(timeRangeForm).toHaveTextContent('Selected time range is invalid'); @@ -60,10 +66,14 @@ describe('ManualRuleRunModal', () => { it('should render confirmation button disabled if selected start date is more than 90 days in the past', () => { expect(confirmModalConfirmButton).toBeEnabled(); - fireEvent.click(startDatePicker.querySelector(DATE_PICKER_PREVIOUS_BTN_CLASS)!); - fireEvent.click(startDatePicker.querySelector(DATE_PICKER_PREVIOUS_BTN_CLASS)!); - fireEvent.click(startDatePicker.querySelector(DATE_PICKER_PREVIOUS_BTN_CLASS)!); - fireEvent.click(startDatePicker.querySelector(DATE_PICKER_PREVIOUS_BTN_CLASS)!); + const now = moment(); + const startDate = now.clone().subtract(MAX_SCHEDULE_BACKFILL_LOOKBACK_WINDOW_DAYS, 'd'); + + fireEvent.change(startDatePicker, { + target: { + value: convertToDatePickerFormat(startDate), + }, + }); expect(confirmModalConfirmButton).toBeDisabled(); expect(timeRangeForm).toHaveTextContent( @@ -74,7 +84,12 @@ describe('ManualRuleRunModal', () => { it('should render confirmation button disabled if selected end date is in future', () => { expect(confirmModalConfirmButton).toBeEnabled(); - fireEvent.click(endDatePicker.querySelector(DATE_PICKER_NEXT_BTN_CLASS)!); + const now = moment(); + const endDate = now.clone().add(2, 'd'); + + fireEvent.change(endDatePicker, { + target: { value: convertToDatePickerFormat(endDate) }, + }); expect(confirmModalConfirmButton).toBeDisabled(); expect(timeRangeForm).toHaveTextContent('Manual rule run cannot be scheduled for the future'); diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.tsx index 365ebc865ec32..37a4762254329 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/index.tsx @@ -13,9 +13,9 @@ import { EuiFlexItem, EuiForm, EuiFormRow, - EuiHorizontalRule, - EuiSpacer, useGeneratedHtmlId, + EuiCallOut, + EuiSpacer, } from '@elastic/eui'; import moment from 'moment'; import React, { useCallback, useMemo, useState } from 'react'; @@ -23,6 +23,8 @@ import { TECHNICAL_PREVIEW, TECHNICAL_PREVIEW_TOOLTIP } from '../../../../common import * as i18n from './translations'; +const MANUAL_RULE_RUN_MODAL_WIDTH = 600; + export const MAX_SCHEDULE_BACKFILL_LOOKBACK_WINDOW_DAYS = 90; interface ManualRuleRunModalProps { @@ -68,36 +70,34 @@ const ManualRuleRunModalComponent = ({ onCancel, onConfirm }: ManualRuleRunModal return ( <EuiConfirmModal aria-labelledby={modalTitleId} - titleProps={{ id: modalTitleId }} + title={ + <EuiFlexGroup justifyContent="spaceBetween"> + <EuiFlexItem>{i18n.MANUAL_RULE_RUN_MODAL_TITLE}</EuiFlexItem> + <EuiFlexItem grow={false}> + <EuiBetaBadge label={TECHNICAL_PREVIEW} tooltipContent={TECHNICAL_PREVIEW_TOOLTIP} /> + </EuiFlexItem> + </EuiFlexGroup> + } + titleProps={{ id: modalTitleId, style: { width: '100%' } }} onCancel={onCancel} onConfirm={handleConfirm} confirmButtonText={i18n.MANUAL_RULE_RUN_CONFIRM_BUTTON} cancelButtonText={i18n.MANUAL_RULE_RUN_CANCEL_BUTTON} confirmButtonDisabled={isInvalid} + style={{ width: MANUAL_RULE_RUN_MODAL_WIDTH }} > - <EuiForm data-test-subj="manual-rule-run-modal-form"> - <EuiSpacer size="m" /> + <EuiForm data-test-subj="manual-rule-run-modal-form" fullWidth> <EuiFormRow data-test-subj="manual-rule-run-time-range-form" - label={ - <EuiFlexGroup> - <EuiFlexItem>{i18n.MANUAL_RULE_RUN_TIME_RANGE_TITLE}</EuiFlexItem> - <EuiFlexItem grow={false}> - <EuiBetaBadge - label={TECHNICAL_PREVIEW} - tooltipContent={TECHNICAL_PREVIEW_TOOLTIP} - /> - </EuiFlexItem> - </EuiFlexGroup> - } + label={i18n.MANUAL_RULE_RUN_TIME_RANGE_TITLE} isInvalid={isInvalid} error={errorMessage} > <EuiDatePickerRange data-test-subj="manual-rule-run-time-range" - readOnly={true} startDateControl={ <EuiDatePicker + className="start-date-picker" aria-label="Start date range" selected={startDate} onChange={(date) => date && setStartDate(date)} @@ -108,6 +108,7 @@ const ManualRuleRunModalComponent = ({ onCancel, onConfirm }: ManualRuleRunModal } endDateControl={ <EuiDatePicker + className="end-date-picker" aria-label="End date range" selected={endDate} onChange={(date) => date && setEndDate(date)} @@ -118,31 +119,19 @@ const ManualRuleRunModalComponent = ({ onCancel, onConfirm }: ManualRuleRunModal } /> </EuiFormRow> - <EuiHorizontalRule /> - <EuiFormRow data-test-subj="start-date-picker" label={i18n.MANUAL_RULE_RUN_START_AT_TITLE}> - <EuiDatePicker - aria-label="Start date picker" - inline - selected={startDate} - onChange={(date) => date && setStartDate(date)} - startDate={startDate} - endDate={endDate} - showTimeSelect={true} - /> - </EuiFormRow> - <EuiHorizontalRule /> - <EuiFormRow data-test-subj="end-date-picker" label={i18n.MANUAL_RULE_RUN_END_AT_TITLE}> - <EuiDatePicker - aria-label="End date picker" - inline - selected={endDate} - onChange={(date) => date && setEndDate(date)} - startDate={startDate} - endDate={endDate} - showTimeSelect={true} - /> - </EuiFormRow> </EuiForm> + + <EuiSpacer size="m" /> + + <EuiCallOut + size="s" + iconType="warning" + title={i18n.MANUAL_RULE_RUN_NOTIFIACTIONS_LIMITATIONS} + /> + + <EuiSpacer size="m" /> + + <EuiCallOut size="s" title={i18n.MANUAL_RULE_RUN_ALERT_LIMITATIONS} iconType="iInCircle" /> </EuiConfirmModal> ); }; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/translations.ts index c640377ed3b23..d9833232deb11 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/translations.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/manual_rule_run/translations.ts @@ -6,58 +6,80 @@ */ import { i18n } from '@kbn/i18n'; +export const MANUAL_RULE_RUN_MODAL_TITLE = i18n.translate( + 'xpack.securitySolution.manualRuleRun.modalTitle', + { + defaultMessage: 'Manual rule run', + } +); + export const MANUAL_RULE_RUN_TIME_RANGE_TITLE = i18n.translate( - 'xpack.securitySolution.manuelRuleRun.timeRangeTitle', + 'xpack.securitySolution.manualRuleRun.timeRangeTitle', { defaultMessage: 'Select timerange for manual rule run', } ); export const MANUAL_RULE_RUN_START_AT_TITLE = i18n.translate( - 'xpack.securitySolution.manuelRuleRun.startAtTitle', + 'xpack.securitySolution.manualRuleRun.startAtTitle', { defaultMessage: 'Start at', } ); export const MANUAL_RULE_RUN_END_AT_TITLE = i18n.translate( - 'xpack.securitySolution.manuelRuleRun.endAtTitle', + 'xpack.securitySolution.manualRuleRun.endAtTitle', { defaultMessage: 'Finish at', } ); export const MANUAL_RULE_RUN_CONFIRM_BUTTON = i18n.translate( - 'xpack.securitySolution.manuelRuleRun.confirmButton', + 'xpack.securitySolution.manualRuleRun.confirmButton', { defaultMessage: 'Run', } ); export const MANUAL_RULE_RUN_CANCEL_BUTTON = i18n.translate( - 'xpack.securitySolution.manuelRuleRun.cancelButton', + 'xpack.securitySolution.manualRuleRun.cancelButton', { defaultMessage: 'Cancel', } ); export const MANUAL_RULE_RUN_INVALID_TIME_RANGE_ERROR = i18n.translate( - 'xpack.securitySolution.manuelRuleRun.invalidTimeRangeError', + 'xpack.securitySolution.manualRuleRun.invalidTimeRangeError', { defaultMessage: 'Selected time range is invalid', } ); export const MANUAL_RULE_RUN_FUTURE_TIME_RANGE_ERROR = i18n.translate( - 'xpack.securitySolution.manuelRuleRun.futureTimeRangeError', + 'xpack.securitySolution.manualRuleRun.futureTimeRangeError', { defaultMessage: 'Manual rule run cannot be scheduled for the future', } ); export const MANUAL_RULE_RUN_START_DATE_OUT_OF_RANGE_ERROR = (maxDaysLookback: number) => - i18n.translate('xpack.securitySolution.manuelRuleRun.startDateIsOutOfRangeError', { + i18n.translate('xpack.securitySolution.manuelRulaRun.startDateIsOutOfRangeError', { values: { maxDaysLookback }, defaultMessage: 'Manual rule run cannot be scheduled earlier than {maxDaysLookback, plural, =1 {# day} other {# days}} ago', }); + +export const MANUAL_RULE_RUN_ALERT_LIMITATIONS = i18n.translate( + 'xpack.securitySolution.manualRuleRun.alertLimitations', + { + defaultMessage: + 'To view alerts generated by this run, filter the Alerts page by the time range that was selected for this manual rule run.', + } +); + +export const MANUAL_RULE_RUN_NOTIFIACTIONS_LIMITATIONS = i18n.translate( + 'xpack.securitySolution.manualRuleRun.notificationsLimitations', + { + defaultMessage: 'Rule actions are not performed during manual rule runs.', + } +); diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx index 1c8a180207d2a..3a2a608d84431 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx @@ -6,12 +6,15 @@ */ import React, { useState } from 'react'; -import { EuiAutoRefresh, EuiBasicTable, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; -import type { - EuiBasicTableColumn, - CriteriaWithPagination, - OnRefreshChangeProps, +import { + EuiButton, + EuiBasicTable, + EuiFlexGroup, + EuiFlexItem, + EuiPanel, + EuiBetaBadge, } from '@elastic/eui'; +import type { EuiBasicTableColumn, CriteriaWithPagination } from '@elastic/eui'; import { useFindBackfillsForRules } from '../../api/hooks/use_find_backfills_for_rules'; import { StopBackfill } from './stop_backfill'; import { BackfillStatusInfo } from './backfill_status'; @@ -23,12 +26,15 @@ import { useUserData } from '../../../../detections/components/user_info'; import { getBackfillRowsFromResponse } from './utils'; import { HeaderSection } from '../../../../common/components/header_section'; import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; +import { TableHeaderTooltipCell } from '../../../rule_management_ui/components/rules_table/table_header_tooltip_cell'; +import { TECHNICAL_PREVIEW, TECHNICAL_PREVIEW_TOOLTIP } from '../../../../common/translations'; +import { useKibana } from '../../../../common/lib/kibana'; -const AUTO_REFRESH_INTERVAL = 3000; const DEFAULT_PAGE_SIZE = 10; const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => { const stopAction = { + name: i18n.BACKFILLS_TABLE_COLUMN_ACTION, render: (item: BackfillRow) => <StopBackfill id={item.id} />, width: '10%', }; @@ -36,18 +42,33 @@ const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => { const columns: Array<EuiBasicTableColumn<BackfillRow>> = [ { field: 'status', - name: i18n.BACKFILLS_TABLE_COLUMN_STATUS, + name: ( + <TableHeaderTooltipCell + title={i18n.BACKFILLS_TABLE_COLUMN_STATUS} + tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_STATUS_TOOLTIP} + /> + ), render: (value: BackfillStatus) => <BackfillStatusInfo status={value} />, width: '10%', }, { field: 'created_at', - name: i18n.BACKFILLS_TABLE_COLUMN_CREATED_AT, + name: ( + <TableHeaderTooltipCell + title={i18n.BACKFILLS_TABLE_COLUMN_CREATED_AT} + tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_CREATED_AT_TOOLTIP} + /> + ), render: (value: 'string') => <FormattedDate value={value} fieldName={'created_at'} />, width: '20%', }, { - name: i18n.BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANCE, + name: ( + <TableHeaderTooltipCell + title={i18n.BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANGE} + tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANGE_TOOLTIP} + /> + ), render: (value: BackfillRow) => ( <> <FormattedDate value={value.start} fieldName={'start'} /> @@ -60,31 +81,56 @@ const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => { { field: 'error', align: 'right', - name: i18n.BACKFILLS_TABLE_COLUMN_ERROR, + name: ( + <TableHeaderTooltipCell + title={i18n.BACKFILLS_TABLE_COLUMN_ERROR} + tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_ERROR_TOOLTIP} + /> + ), 'data-test-subj': 'rule-backfills-column-error', }, { field: 'pending', align: 'right', - name: i18n.BACKFILLS_TABLE_COLUMN_PENDING, + name: ( + <TableHeaderTooltipCell + title={i18n.BACKFILLS_TABLE_COLUMN_PENDING} + tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_PENDING_TOOLTIP} + /> + ), 'data-test-subj': 'rule-backfills-column-pending', }, { field: 'running', align: 'right', - name: i18n.BACKFILLS_TABLE_COLUMN_RUNNING, + name: ( + <TableHeaderTooltipCell + title={i18n.BACKFILLS_TABLE_COLUMN_RUNNING} + tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_RUNNING_TOOLTIP} + /> + ), 'data-test-subj': 'rule-backfills-column-running', }, { field: 'complete', align: 'right', - name: i18n.BACKFILLS_TABLE_COLUMN_COMPLETED, + name: ( + <TableHeaderTooltipCell + title={i18n.BACKFILLS_TABLE_COLUMN_COMPLETED} + tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_COMPLETED_TOOLTIP} + /> + ), 'data-test-subj': 'rule-backfills-column-completed', }, { field: 'total', align: 'right', - name: i18n.BACKFILLS_TABLE_COLUMN_TOTAL, + name: ( + <TableHeaderTooltipCell + title={i18n.BACKFILLS_TABLE_COLUMN_TOTAL} + tooltipContent={i18n.BACKFILLS_TABLE_COLUMN_TOTAL_TOOLTIP} + /> + ), 'data-test-subj': 'rule-backfills-column-total', }, ]; @@ -98,21 +144,18 @@ const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => { export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) => { const isManualRuleRunEnabled = useIsExperimentalFeatureEnabled('manualRuleRunEnabled'); - const [autoRefreshInterval, setAutoRefreshInterval] = useState(AUTO_REFRESH_INTERVAL); - const [isAutoRefresh, setIsAutoRefresh] = useState(false); const [pageIndex, setPageIndex] = useState(0); const [pageSize, setPageSize] = useState(DEFAULT_PAGE_SIZE); const [{ canUserCRUD }] = useUserData(); const hasCRUDPermissions = hasUserCRUDPermission(canUserCRUD); - - const { data, isLoading, isError } = useFindBackfillsForRules( + const { timelines } = useKibana().services; + const { data, isLoading, isError, refetch, dataUpdatedAt } = useFindBackfillsForRules( { ruleIds: [ruleId], page: pageIndex + 1, perPage: pageSize, }, { - refetchInterval: isAutoRefresh ? autoRefreshInterval : false, enabled: isManualRuleRunEnabled, } ); @@ -131,13 +174,6 @@ export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) => totalItemCount: data?.total ?? 0, }; - if (data?.total === 0) return null; - - const handleRefreshChange = ({ isPaused, refreshInterval }: OnRefreshChangeProps) => { - setIsAutoRefresh(!isPaused); - setAutoRefreshInterval(refreshInterval); - }; - const handleTableChange: (params: CriteriaWithPagination<BackfillRow>) => void = ({ page, sort, @@ -148,23 +184,39 @@ export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) => } }; + const handleRefresh = () => { + refetch(); + }; + return ( - <div> - <EuiFlexGroup gutterSize="s" data-test-subj="rule-backfills-info"> + <EuiPanel hasBorder> + <EuiFlexGroup alignItems="flexStart" gutterSize="s" data-test-subj="rule-backfills-info"> <EuiFlexItem grow={true}> - <HeaderSection - title={i18n.BACKFILL_TABLE_TITLE} - subtitle={i18n.BACKFILL_TABLE_SUBTITLE} - /> + <EuiFlexGroup gutterSize="s" alignItems="baseline"> + <HeaderSection + title={i18n.BACKFILL_TABLE_TITLE} + subtitle={i18n.BACKFILL_TABLE_SUBTITLE} + /> + <EuiBetaBadge label={TECHNICAL_PREVIEW} tooltipContent={TECHNICAL_PREVIEW_TOOLTIP} /> + </EuiFlexGroup> + </EuiFlexItem> + + <EuiFlexItem grow={false}> + <EuiButton iconType="refresh" fill onClick={handleRefresh}> + {i18n.BACKFILL_TABLE_REFRESH} + </EuiButton> </EuiFlexItem> + </EuiFlexGroup> + + <EuiFlexGroup justifyContent="flexEnd"> <EuiFlexItem grow={false}> - <EuiAutoRefresh - isPaused={!isAutoRefresh} - refreshInterval={autoRefreshInterval} - onRefreshChange={handleRefreshChange} - /> + {timelines.getLastUpdated({ + showUpdating: isLoading, + updatedAt: dataUpdatedAt, + })} </EuiFlexItem> </EuiFlexGroup> + <EuiBasicTable data-test-subj="rule-backfills-table" items={backfills} @@ -173,9 +225,8 @@ export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) => error={isError ? 'error' : undefined} loading={isLoading} onChange={handleTableChange} - noItemsMessage={'not found'} /> - </div> + </EuiPanel> ); }); diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/translations.ts index cb77ec89524fc..c2297e237100b 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/translations.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_gaps/translations.ts @@ -14,6 +14,13 @@ export const BACKFILLS_TABLE_COLUMN_STATUS = i18n.translate( } ); +export const BACKFILLS_TABLE_COLUMN_STATUS_TOOLTIP = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.statusTooltip', + { + defaultMessage: 'Overall status of execution', + } +); + export const BACKFILLS_TABLE_COLUMN_CREATED_AT = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.column.createdAt', { @@ -21,13 +28,27 @@ export const BACKFILLS_TABLE_COLUMN_CREATED_AT = i18n.translate( } ); -export const BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANCE = i18n.translate( +export const BACKFILLS_TABLE_COLUMN_CREATED_AT_TOOLTIP = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.createdAtTooltip', + { + defaultMessage: 'When the manual run started', + } +); + +export const BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANGE = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.column.sourceTimeRange', { defaultMessage: 'Source event time range', } ); +export const BACKFILLS_TABLE_COLUMN_SOURCE_TIME_RANGE_TOOLTIP = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.sourceTimeRangeTooltip', + { + defaultMessage: 'The date and time range selected for the manual run', + } +); + export const BACKFILLS_TABLE_COLUMN_ERROR = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.column.error', { @@ -35,6 +56,13 @@ export const BACKFILLS_TABLE_COLUMN_ERROR = i18n.translate( } ); +export const BACKFILLS_TABLE_COLUMN_ERROR_TOOLTIP = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.errorTooltip', + { + defaultMessage: 'The number of failed manual run rule executions', + } +); + export const BACKFILLS_TABLE_COLUMN_COMPLETED = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.column.completed', { @@ -42,6 +70,13 @@ export const BACKFILLS_TABLE_COLUMN_COMPLETED = i18n.translate( } ); +export const BACKFILLS_TABLE_COLUMN_COMPLETED_TOOLTIP = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.completedTooltip', + { + defaultMessage: 'The number of completed manual run rule executions', + } +); + export const BACKFILLS_TABLE_COLUMN_RUNNING = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.column.running', { @@ -49,6 +84,13 @@ export const BACKFILLS_TABLE_COLUMN_RUNNING = i18n.translate( } ); +export const BACKFILLS_TABLE_COLUMN_RUNNING_TOOLTIP = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.runningTooltip', + { + defaultMessage: 'The number of manual run rule executions that are in progress', + } +); + export const BACKFILLS_TABLE_COLUMN_PENDING = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.column.pending', { @@ -56,6 +98,13 @@ export const BACKFILLS_TABLE_COLUMN_PENDING = i18n.translate( } ); +export const BACKFILLS_TABLE_COLUMN_PENDING_TOOLTIP = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.pendingTooltip', + { + defaultMessage: 'The number of manual run rule executions that are waiting to execute', + } +); + export const BACKFILLS_TABLE_COLUMN_TOTAL = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.column.total', { @@ -63,17 +112,25 @@ export const BACKFILLS_TABLE_COLUMN_TOTAL = i18n.translate( } ); +export const BACKFILLS_TABLE_COLUMN_TOTAL_TOOLTIP = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.totalTooltip', + { + defaultMessage: + 'The total number of rule executions that will occur during the selected date and time range', + } +); + export const BACKFILLS_TABLE_STOP = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.stop', { - defaultMessage: 'Stop', + defaultMessage: 'Stop run', } ); export const BACKFILLS_TABLE_STOP_CONFIRMATION_TITLE = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.stop.confirmationTitle', { - defaultMessage: 'Are you sure you want to stop this run?', + defaultMessage: 'Stop this rule run', } ); @@ -87,42 +144,49 @@ export const BACKFILLS_TABLE_STOP_CONFIRMATION_CANCEL = i18n.translate( export const BACKFILLS_TABLE_STOP_CONFIRMATION_STOP_RUNS = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.stop.stopRuns', { - defaultMessage: 'Stop runs', + defaultMessage: 'Stop run', } ); export const BACKFILLS_TABLE_STOP_CONFIRMATION_BODY = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.stop.description', { - defaultMessage: 'All remaining rule runs will be stopped', + defaultMessage: 'All the pending rule executions for this manual rule run will be stopped', } ); export const BACKFILLS_TABLE_STOP_CONFIRMATION_SUCCESS = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.stop.confirmationSuccess', { - defaultMessage: 'Run stopped', + defaultMessage: 'Rule run stopped', } ); export const BACKFILLS_TABLE_STOP_CONFIRMATION_ERROR = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillsTable.stop.confirmationError', { - defaultMessage: 'Error stopping run', + defaultMessage: 'Error stopping rule run', } ); export const BACKFILL_TABLE_TITLE = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillTable.title', { - defaultMessage: 'Backfill runs', + defaultMessage: 'Manual runs', + } +); + +export const BACKFILL_TABLE_REFRESH = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillTable.refresh', + { + defaultMessage: 'Refresh', } ); export const BACKFILL_TABLE_SUBTITLE = i18n.translate( 'xpack.securitySolution.rule_gaps.backfillTable.subtitle', { - defaultMessage: 'View and manage backfill runs', + defaultMessage: 'View and manage active manual runs', } ); @@ -132,13 +196,20 @@ export const BACKFILL_SCHEDULE_SUCCESS = (numRules: number) => { values: { numRules }, defaultMessage: - 'Successfully scheduled backfill for {numRules, plural, =1 {# rule} other {# rules}}', + 'Successfully scheduled manual run for {numRules, plural, =1 {# rule} other {# rules}}', } ); export const BACKFILL_SCHEDULE_ERROR_TITLE = i18n.translate( 'xpack.securitySolution.containers.detectionEngine.backfillSchedule.scheduleRuleRunErrorTitle', { - defaultMessage: 'Error while scheduling backfill', + defaultMessage: 'Error while scheduling manual run', + } +); + +export const BACKFILLS_TABLE_COLUMN_ACTION = i18n.translate( + 'xpack.securitySolution.rule_gaps.backfillsTable.column.action', + { + defaultMessage: 'Action', } ); diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/customized_prebuilt_rule_badge.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/customized_prebuilt_rule_badge.tsx new file mode 100644 index 0000000000000..56a559a91794a --- /dev/null +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/customized_prebuilt_rule_badge.tsx @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { EuiBadge } from '@elastic/eui'; +import * as i18n from './translations'; +import { isCustomizedPrebuiltRule } from '../../../../../common/api/detection_engine'; +import type { RuleResponse } from '../../../../../common/api/detection_engine'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; + +interface CustomizedPrebuiltRuleBadgeProps { + rule: RuleResponse | null; +} + +export const CustomizedPrebuiltRuleBadge: React.FC<CustomizedPrebuiltRuleBadgeProps> = ({ + rule, +}) => { + const isPrebuiltRulesCustomizationEnabled = useIsExperimentalFeatureEnabled( + 'prebuiltRulesCustomizationEnabled' + ); + + if (!isPrebuiltRulesCustomizationEnabled) { + return null; + } + + if (rule === null || !isCustomizedPrebuiltRule(rule)) { + return null; + } + + return <EuiBadge color="hollow">{i18n.CUSTOMIZED_PREBUILT_RULE_LABEL}</EuiBadge>; +}; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/translations.ts b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/translations.ts index 3e75677d54da9..a5fab42457e44 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/translations.ts +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/translations.ts @@ -349,3 +349,10 @@ export const MAX_SIGNALS_FIELD_LABEL = i18n.translate( defaultMessage: 'Max alerts per run', } ); + +export const CUSTOMIZED_PREBUILT_RULE_LABEL = i18n.translate( + 'xpack.securitySolution.detectionEngine.ruleDetails.customizedPrebuiltRuleLabel', + { + defaultMessage: 'Customized Elastic rule', + } +); diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx index dc4a0cb429b87..4af2fdd7ef356 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx @@ -122,7 +122,8 @@ export const useRulesTableActions = ({ { type: 'icon', 'data-test-subj': 'manualRuleRunAction', - description: i18n.MANUAL_RULE_RUN, + description: (rule) => + !rule.enabled ? i18n.MANUAL_RULE_RUN_TOOLTIP : i18n.MANUAL_RULE_RUN, icon: 'play', name: i18n.MANUAL_RULE_RUN, onClick: async (rule: Rule) => { diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx index 7a3ed25b8084e..c1465be7e67e0 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx @@ -471,7 +471,8 @@ const createThresholdTimeline = async ( ...acc, { ...formatAlertToEcsSignal(_source), - _id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + _id: _id!, _index, timestamp: _source['@timestamp'], }, @@ -629,7 +630,8 @@ const createNewTermsTimeline = async ( ...acc, { ...formatAlertToEcsSignal(_source), - _id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + _id: _id!, _index, timestamp: _source['@timestamp'], }, @@ -795,7 +797,8 @@ const createSuppressedTimeline = async ( ...acc, { ...formatAlertToEcsSignal(_source), - _id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + _id: _id!, _index, timestamp: _source['@timestamp'], }, diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx index 5be000d508195..6ed110483ecc4 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx @@ -155,6 +155,11 @@ const RuleActionsOverflowComponent = ({ key={i18nActions.MANUAL_RULE_RUN} icon="play" disabled={!userHasPermissions || !rule.enabled} + toolTipContent={ + !userHasPermissions || !rule.enabled + ? i18nActions.MANUAL_RULE_RUN_TOOLTIP + : '' + } data-test-subj="rules-details-manual-rule-run" onClick={async () => { startTransaction({ name: SINGLE_RULE_ACTIONS.MANUAL_RULE_RUN }); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts index eb2d6b01b492f..b8e4063abb600 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts @@ -584,6 +584,13 @@ export const MANUAL_RULE_RUN = i18n.translate( } ); +export const MANUAL_RULE_RUN_TOOLTIP = i18n.translate( + 'xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunTooltip', + { + defaultMessage: 'Manual run available only for enabled rules', + } +); + export const COLUMN_RULE = i18n.translate( 'xpack.securitySolution.detectionEngine.rules.allRules.columns.ruleTitle', { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx index 635d273b43237..52ce2d707d4ba 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/header.tsx @@ -32,7 +32,7 @@ export const PanelHeader: FC = () => { const title = ( <EuiFlexGroup responsive gutterSize="s"> <EuiFlexItem grow={false} data-test-subj="flyoutHostIsolationHeaderTitle"> - {isolateAction === 'isolateHost' ? <>{ISOLATE_HOST}</> : <>{UNISOLATE_HOST}</>} + {isolateAction === 'isolateHost' ? ISOLATE_HOST : UNISOLATE_HOST} </EuiFlexItem> {showTechPreviewBadge && ( <EuiFlexItem grow={false}> diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.test.tsx new file mode 100644 index 0000000000000..9c3319aa9e9d2 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.test.tsx @@ -0,0 +1,170 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as uuid from 'uuid'; +import { render } from '@testing-library/react'; +import React from 'react'; +import { createMockStore, mockGlobalState, TestProviders } from '../../../../common/mock'; +import { AddNote, CREATE_NOTE_ERROR } from './add_note'; +import { + ADD_NOTE_BUTTON_TEST_ID, + ADD_NOTE_MARKDOWN_TEST_ID, + ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID, +} from './test_ids'; +import { ReqStatus } from '../../../../notes/store/notes.slice'; +import { useIsTimelineFlyoutOpen } from '../../shared/hooks/use_is_timeline_flyout_open'; +import { TimelineId } from '../../../../../common/types'; + +jest.mock('../../shared/hooks/use_is_timeline_flyout_open'); + +const mockAddError = jest.fn(); +jest.mock('../../../../common/hooks/use_app_toasts', () => ({ + useAppToasts: () => ({ + addError: mockAddError, + }), +})); + +const mockDispatch = jest.fn(); +jest.mock('react-redux', () => { + const original = jest.requireActual('react-redux'); + return { + ...original, + useDispatch: () => mockDispatch, + }; +}); + +const renderAddNote = () => + render( + <TestProviders> + <AddNote eventId={'event-id'} /> + </TestProviders> + ); + +describe('AddNote', () => { + it('should render the markdown and add button components', () => { + const { getByTestId } = renderAddNote(); + + expect(getByTestId(ADD_NOTE_MARKDOWN_TEST_ID)).toBeInTheDocument(); + expect(getByTestId(ADD_NOTE_BUTTON_TEST_ID)).toBeInTheDocument(); + expect(getByTestId(ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID)).toBeInTheDocument(); + }); + + it('should create note', () => { + const { getByTestId } = renderAddNote(); + + getByTestId(ADD_NOTE_BUTTON_TEST_ID).click(); + + expect(mockDispatch).toHaveBeenCalled(); + }); + + it('should render the add note button in loading state while creating a new note', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + createNote: ReqStatus.Loading, + }, + }, + }); + + const { container } = render( + <TestProviders store={store}> + <AddNote eventId={'event-id'} /> + </TestProviders> + ); + + expect(container.querySelector('.euiLoadingSpinner')).toBeInTheDocument(); + }); + + it('should render error toast if create a note fails', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + createNote: ReqStatus.Failed, + }, + error: { + ...mockGlobalState.notes.error, + createNote: { type: 'http', status: 500 }, + }, + }, + }); + + render( + <TestProviders store={store}> + <AddNote eventId={'event-id'} /> + </TestProviders> + ); + + expect(mockAddError).toHaveBeenCalledWith(null, { + title: CREATE_NOTE_ERROR, + }); + }); + + it('should disable attach to timeline checkbox if flyout is not open from timeline', () => { + (useIsTimelineFlyoutOpen as jest.Mock).mockReturnValue(false); + + const { getByTestId } = renderAddNote(); + + expect(getByTestId(ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID)).toHaveAttribute('disabled'); + }); + + it('should disable attach to timeline checkbox if active timeline is not saved', () => { + (useIsTimelineFlyoutOpen as jest.Mock).mockReturnValue(true); + + const store = createMockStore({ + ...mockGlobalState, + timeline: { + ...mockGlobalState.timeline, + timelineById: { + ...mockGlobalState.timeline.timelineById, + [TimelineId.active]: { + ...mockGlobalState.timeline.timelineById[TimelineId.test], + }, + }, + }, + }); + + const { getByTestId } = render( + <TestProviders store={store}> + <AddNote eventId={'event-id'} /> + </TestProviders> + ); + + expect(getByTestId(ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID)).toHaveAttribute('disabled'); + }); + + it('should have attach to timeline checkbox enabled', () => { + (useIsTimelineFlyoutOpen as jest.Mock).mockReturnValue(true); + + const store = createMockStore({ + ...mockGlobalState, + timeline: { + ...mockGlobalState.timeline, + timelineById: { + ...mockGlobalState.timeline.timelineById, + [TimelineId.active]: { + ...mockGlobalState.timeline.timelineById[TimelineId.test], + savedObjectId: uuid.v4(), + }, + }, + }, + }); + + const { getByTestId } = render( + <TestProviders store={store}> + <AddNote eventId={'event-id'} /> + </TestProviders> + ); + + expect(getByTestId(ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID)).not.toHaveAttribute('disabled'); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.tsx new file mode 100644 index 0000000000000..d89bcfb23a97c --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/add_note.tsx @@ -0,0 +1,180 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo, useCallback, useEffect, useState } from 'react'; +import { + EuiButton, + EuiCheckbox, + EuiComment, + EuiCommentList, + EuiFlexGroup, + EuiFlexItem, + EuiIcon, + EuiSpacer, + EuiToolTip, +} from '@elastic/eui'; +import { css } from '@emotion/react'; +import { useDispatch, useSelector } from 'react-redux'; +import { i18n } from '@kbn/i18n'; +import { TimelineId } from '../../../../../common/types'; +import { timelineSelectors } from '../../../../timelines/store'; +import { useIsTimelineFlyoutOpen } from '../../shared/hooks/use_is_timeline_flyout_open'; +import { + ADD_NOTE_BUTTON_TEST_ID, + ADD_NOTE_MARKDOWN_TEST_ID, + ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID, +} from './test_ids'; +import { useAppToasts } from '../../../../common/hooks/use_app_toasts'; +import type { State } from '../../../../common/store'; +import { + createNote, + ReqStatus, + selectCreateNoteError, + selectCreateNoteStatus, +} from '../../../../notes/store/notes.slice'; +import { MarkdownEditor } from '../../../../common/components/markdown_editor'; + +const timelineCheckBoxId = 'xpack.securitySolution.notes.attachToTimelineCheckboxId'; + +export const MARKDOWN_ARIA_LABEL = i18n.translate( + 'xpack.securitySolution.notes.markdownAriaLabel', + { + defaultMessage: 'Note', + } +); +export const ADD_NOTE_BUTTON = i18n.translate('xpack.securitySolution.notes.addNoteBtnLabel', { + defaultMessage: 'Add note', +}); +export const CREATE_NOTE_ERROR = i18n.translate( + 'xpack.securitySolution.notes.createNoteErrorLabel', + { + defaultMessage: 'Error create note', + } +); +export const ATTACH_TO_TIMELINE_CHECKBOX = i18n.translate( + 'xpack.securitySolution.notes.attachToTimelineCheckboxLabel', + { + defaultMessage: 'Attach to active timeline', + } +); +export const ATTACH_TO_TIMELINE_INFO = i18n.translate( + 'xpack.securitySolution.notes.attachToTimelineInfoLabel', + { + defaultMessage: 'The active timeline must be saved before a note can be associated with it', + } +); + +export interface AddNewNoteProps { + /** + * Id of the document + */ + eventId: string; +} + +/** + * Renders a markdown editor and an add button to create new notes. + * The checkbox is automatically checked if the flyout is opened from a timeline and that timeline is saved. It is disabled if the flyout is NOT opened from a timeline. + */ +export const AddNote = memo(({ eventId }: AddNewNoteProps) => { + const dispatch = useDispatch(); + const { addError: addErrorToast } = useAppToasts(); + const [editorValue, setEditorValue] = useState(''); + + const activeTimeline = useSelector((state: State) => + timelineSelectors.selectTimelineById(state, TimelineId.active) + ); + + // if the flyout is open from a timeline and that timeline is saved, we automatically check the checkbox to associate the note to it + const isTimelineFlyout = useIsTimelineFlyoutOpen(); + const [checked, setChecked] = useState(isTimelineFlyout && activeTimeline.savedObjectId != null); + const onCheckboxChange = useCallback( + (e: React.ChangeEvent<HTMLInputElement>) => setChecked(e.target.checked), + [] + ); + + const createStatus = useSelector((state: State) => selectCreateNoteStatus(state)); + const createError = useSelector((state: State) => selectCreateNoteError(state)); + + const addNote = useCallback(() => { + dispatch( + createNote({ + note: { + timelineId: (checked && activeTimeline?.savedObjectId) || '', + eventId, + note: editorValue, + }, + }) + ); + setEditorValue(''); + }, [activeTimeline?.savedObjectId, checked, dispatch, editorValue, eventId]); + + // show a toast if the create note call fails + useEffect(() => { + if (createStatus === ReqStatus.Failed && createError) { + addErrorToast(null, { + title: CREATE_NOTE_ERROR, + }); + } + }, [addErrorToast, createError, createStatus]); + + const checkBoxDisabled = + !isTimelineFlyout || (isTimelineFlyout && activeTimeline.savedObjectId == null); + + return ( + <> + <EuiCommentList> + <EuiComment username=""> + <MarkdownEditor + dataTestSubj={ADD_NOTE_MARKDOWN_TEST_ID} + value={editorValue} + onChange={setEditorValue} + ariaLabel={MARKDOWN_ARIA_LABEL} + setIsMarkdownInvalid={() => {}} + /> + </EuiComment> + </EuiCommentList> + <EuiSpacer /> + <EuiFlexGroup alignItems="center" justifyContent="flexEnd" responsive={false}> + <EuiFlexItem grow={false}> + <> + <EuiCheckbox + data-test-subj={ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID} + id={timelineCheckBoxId} + label={ + <> + {ATTACH_TO_TIMELINE_CHECKBOX} + <EuiToolTip position="top" content={ATTACH_TO_TIMELINE_INFO}> + <EuiIcon + type="iInCircle" + css={css` + margin-left: 4px; + `} + /> + </EuiToolTip> + </> + } + disabled={checkBoxDisabled} + checked={checked} + onChange={(e) => onCheckboxChange(e)} + /> + </> + </EuiFlexItem> + <EuiFlexItem grow={false}> + <EuiButton + onClick={addNote} + isLoading={createStatus === ReqStatus.Loading} + data-test-subj={ADD_NOTE_BUTTON_TEST_ID} + > + {ADD_NOTE_BUTTON} + </EuiButton> + </EuiFlexItem> + </EuiFlexGroup> + </> + ); +}); + +AddNote.displayName = 'AddNote'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx index 7b2307d06669d..aff568e29bea8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import '@testing-library/jest-dom'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; import { AnalyzeGraph } from './analyze_graph'; import { ANALYZER_GRAPH_TEST_ID } from './test_ids'; @@ -34,13 +34,13 @@ describe('<AnalyzeGraph />', () => { it('renders analyzer graph correctly', () => { const contextValue = { eventId: 'eventId', - } as unknown as LeftPanelContext; + } as unknown as DocumentDetailsContext; const wrapper = render( <TestProviders> - <LeftPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <AnalyzeGraph /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); expect(wrapper.getByTestId(ANALYZER_GRAPH_TEST_ID)).toBeInTheDocument(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx index 6a252296983a3..faefd92e9b689 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx @@ -8,7 +8,7 @@ import type { FC } from 'react'; import React, { useMemo } from 'react'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { ANALYZER_GRAPH_TEST_ID } from './test_ids'; import { Resolver } from '../../../../resolver/view'; import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters'; @@ -20,7 +20,7 @@ export const ANALYZE_GRAPH_ID = 'analyze_graph'; * Analyzer graph view displayed in the document details expandable flyout left section under the Visualize tab */ export const AnalyzeGraph: FC = () => { - const { eventId } = useLeftPanelContext(); + const { eventId } = useDocumentDetailsContext(); const scopeId = 'flyout'; // Different scope Id to distinguish flyout and data table analyzers const { from, to, shouldUpdate, selectedPatterns } = useTimelineDataFilters( isActiveTimeline(scopeId) diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/cell_actions.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/cell_actions.tsx index 27fb6f752f71b..322568c6a53f9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/cell_actions.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/cell_actions.tsx @@ -7,7 +7,7 @@ import type { FC } from 'react'; import React, { useMemo } from 'react'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getSourcererScopeId } from '../../../../helpers'; import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers'; import { SecurityCellActionType } from '../../../../app/actions/constants'; @@ -40,7 +40,7 @@ interface CellActionsProps { * Security cell action wrapper for document details flyout */ export const CellActions: FC<CellActionsProps> = ({ field, value, isObjectArray, children }) => { - const { dataFormattedForFieldBrowser, scopeId, isPreview } = useLeftPanelContext(); + const { dataFormattedForFieldBrowser, scopeId, isPreview } = useDocumentDetailsContext(); const { isAlert } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser); const triggerId = isAlert diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx index a0a147d9754d5..b3b129a75c13d 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.test.tsx @@ -9,7 +9,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import { CorrelationsDetails } from './correlations_details'; import { TestProviders } from '../../../../common/mock'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { useShowRelatedAlertsByAncestry } from '../../shared/hooks/use_show_related_alerts_by_ancestry'; import { useShowRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_show_related_alerts_by_same_source_event'; import { useShowRelatedAlertsBySession } from '../../shared/hooks/use_show_related_alerts_by_session'; @@ -26,7 +26,7 @@ import { useFetchRelatedAlertsBySession } from '../../shared/hooks/use_fetch_rel import { useFetchRelatedAlertsByAncestry } from '../../shared/hooks/use_fetch_related_alerts_by_ancestry'; import { useFetchRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_fetch_related_alerts_by_same_source_event'; import { useFetchRelatedCases } from '../../shared/hooks/use_fetch_related_cases'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters'; import { EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID } from '../../../shared/components/test_ids'; @@ -52,9 +52,9 @@ const mockUseTimelineDataFilters = useTimelineDataFilters as jest.Mock; const renderCorrelationDetails = () => { return render( <TestProviders> - <LeftPanelContext.Provider value={mockContextValue}> + <DocumentDetailsContext.Provider value={mockContextValue}> <CorrelationsDetails /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); }; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx index 9c5a33a04a243..a3b3d5f1e0751 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/correlations_details.tsx @@ -15,7 +15,7 @@ import { RelatedCases } from './related_cases'; import { useShowRelatedCases } from '../../shared/hooks/use_show_related_cases'; import { useShowRelatedAlertsByAncestry } from '../../shared/hooks/use_show_related_alerts_by_ancestry'; import { useShowSuppressedAlerts } from '../../shared/hooks/use_show_suppressed_alerts'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { useShowRelatedAlertsBySameSourceEvent } from '../../shared/hooks/use_show_related_alerts_by_same_source_event'; import { useShowRelatedAlertsBySession } from '../../shared/hooks/use_show_related_alerts_by_session'; import { RelatedAlertsByAncestry } from './related_alerts_by_ancestry'; @@ -29,7 +29,8 @@ export const CORRELATIONS_TAB_ID = 'correlations'; * Correlations displayed in the document details expandable flyout left section under the Insights tab */ export const CorrelationsDetails: React.FC = () => { - const { dataAsNestedObject, eventId, getFieldsData, scopeId, isPreview } = useLeftPanelContext(); + const { dataAsNestedObject, eventId, getFieldsData, scopeId, isPreview } = + useDocumentDetailsContext(); const { selectedPatterns } = useTimelineDataFilters(isActiveTimeline(scopeId)); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.test.tsx index 7f8d428ece2ea..d9d468649a221 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.test.tsx @@ -8,11 +8,11 @@ import React from 'react'; import { render } from '@testing-library/react'; import '@testing-library/jest-dom'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; import { EntitiesDetails } from './entities_details'; import { ENTITIES_DETAILS_TEST_ID, HOST_DETAILS_TEST_ID, USER_DETAILS_TEST_ID } from './test_ids'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { EXPANDABLE_PANEL_CONTENT_TEST_ID } from '../../../shared/components/test_ids'; import type { Anomalies } from '../../../../common/components/ml/types'; import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities'; @@ -100,12 +100,12 @@ const HOST_TEST_ID = EXPANDABLE_PANEL_CONTENT_TEST_ID(HOST_DETAILS_TEST_ID); const NO_DATA_MESSAGE = 'Host and user information are unavailable for this alert.'; -const renderEntitiesDetails = (contextValue: LeftPanelContext) => +const renderEntitiesDetails = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <LeftPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <EntitiesDetails /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx index d4064e6894c3a..2f3c652492500 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/entities_details.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getField } from '../../shared/utils'; import { UserDetails } from './user_details'; import { HostDetails } from './host_details'; @@ -20,7 +20,7 @@ export const ENTITIES_TAB_ID = 'entity'; * Entities displayed in the document details expandable flyout left section under the Insights tab */ export const EntitiesDetails: React.FC = () => { - const { getFieldsData, scopeId } = useLeftPanelContext(); + const { getFieldsData, scopeId } = useDocumentDetailsContext(); const hostName = getField(getFieldsData('host.name')); const userName = getField(getFieldsData('user.name')); const timestamp = getField(getFieldsData('@timestamp')); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx index e0b6bedea0047..b4bd21de8de1e 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/host_details.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import type { Anomalies } from '../../../../common/components/ml/types'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; import { HostDetails } from './host_details'; import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities'; @@ -23,7 +23,7 @@ import { } from './test_ids'; import { EXPANDABLE_PANEL_CONTENT_TEST_ID } from '../../../shared/components/test_ids'; import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; jest.mock('react-router-dom', () => { const actual = jest.requireActual('react-router-dom'); @@ -124,12 +124,12 @@ const mockRelatedUsersResponse = { loading: false, }; -const renderHostDetails = (contextValue: LeftPanelContext) => +const renderHostDetails = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <LeftPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <HostDetails {...defaultProps} /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.test.tsx index 7ba849e1fec1b..fc0e140a73d9f 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.test.tsx @@ -8,10 +8,10 @@ import React from 'react'; import { render } from '@testing-library/react'; import { InvestigationGuide } from './investigation_guide'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; import { INVESTIGATION_GUIDE_TEST_ID, INVESTIGATION_GUIDE_LOADING_TEST_ID } from './test_ids'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide'; jest.mock('../../shared/hooks/use_investigation_guide'); @@ -20,11 +20,11 @@ const NO_DATA_TEXT = "There's no investigation guide for this rule. Edit the rule's settingsExternal link(opens in a new tab or window) to add one."; const PREVIEW_MESSAGE = 'Investigation guide is not available in alert preview.'; -const renderInvestigationGuide = (context: LeftPanelContext = mockContextValue) => ( +const renderInvestigationGuide = (context: DocumentDetailsContext = mockContextValue) => ( <TestProviders> - <LeftPanelContext.Provider value={context}> + <DocumentDetailsContext.Provider value={context}> <InvestigationGuide /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx index d061cbb25c4c8..0bf6ca92b28fa 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/investigation_guide.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { EuiLink } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { INVESTIGATION_GUIDE_TEST_ID, INVESTIGATION_GUIDE_LOADING_TEST_ID } from './test_ids'; import { InvestigationGuideView } from '../../../../common/components/event_details/investigation_guide_view'; import { FlyoutLoading } from '../../../shared/components/flyout_loading'; @@ -18,7 +18,7 @@ import { FlyoutLoading } from '../../../shared/components/flyout_loading'; * Renders a message saying the guide hasn't been set up or the full investigation guide. */ export const InvestigationGuide: React.FC = () => { - const { dataFormattedForFieldBrowser, isPreview } = useLeftPanelContext(); + const { dataFormattedForFieldBrowser, isPreview } = useDocumentDetailsContext(); const { loading, error, basicAlertData, ruleNote } = useInvestigationGuide({ dataFormattedForFieldBrowser, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.test.tsx new file mode 100644 index 0000000000000..ba1700e22e090 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.test.tsx @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render } from '@testing-library/react'; +import React from 'react'; +import { DocumentDetailsContext } from '../../shared/context'; +import { TestProviders } from '../../../../common/mock'; +import { NotesDetails } from './notes_details'; + +const mockDispatch = jest.fn(); +jest.mock('react-redux', () => { + const original = jest.requireActual('react-redux'); + return { + ...original, + useDispatch: () => mockDispatch, + }; +}); + +const panelContextValue = { + eventId: 'event id', +} as unknown as DocumentDetailsContext; + +const renderNotesDetails = () => + render( + <TestProviders> + <DocumentDetailsContext.Provider value={panelContextValue}> + <NotesDetails /> + </DocumentDetailsContext.Provider> + </TestProviders> + ); + +describe('NotesDetails', () => { + it('should fetch notes for the document id', () => { + renderNotesDetails(); + expect(mockDispatch).toHaveBeenCalled(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.tsx index 7d7d370d4953c..94e5233ff8d70 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_details.tsx @@ -7,8 +7,11 @@ import React, { memo, useEffect } from 'react'; import { useDispatch } from 'react-redux'; +import { EuiSpacer } from '@elastic/eui'; +import { AddNote } from './add_note'; +import { NotesList } from './notes_list'; import { fetchNotesByDocumentId } from '../../../../notes/store/notes.slice'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; /** * List all the notes for a document id and allows to create new notes associated with that document. @@ -16,13 +19,19 @@ import { useLeftPanelContext } from '../context'; */ export const NotesDetails = memo(() => { const dispatch = useDispatch(); - const { eventId } = useLeftPanelContext(); + const { eventId } = useDocumentDetailsContext(); useEffect(() => { dispatch(fetchNotesByDocumentId({ documentId: eventId })); }, [dispatch, eventId]); - return <></>; + return ( + <> + <NotesList eventId={eventId} /> + <EuiSpacer /> + <AddNote eventId={eventId} /> + </> + ); }); NotesDetails.displayName = 'NotesDetails'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.test.tsx new file mode 100644 index 0000000000000..d73053047341e --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.test.tsx @@ -0,0 +1,286 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render, within } from '@testing-library/react'; +import React from 'react'; +import { + ADD_NOTE_LOADING_TEST_ID, + DELETE_NOTE_BUTTON_TEST_ID, + NOTE_AVATAR_TEST_ID, + NOTES_COMMENT_TEST_ID, + NOTES_LOADING_TEST_ID, + OPEN_TIMELINE_BUTTON_TEST_ID, +} from './test_ids'; +import { createMockStore, mockGlobalState, TestProviders } from '../../../../common/mock'; +import { DELETE_NOTE_ERROR, FETCH_NOTES_ERROR, NO_NOTES, NotesList } from './notes_list'; +import { ReqStatus } from '../../../../notes/store/notes.slice'; +import { useQueryTimelineById } from '../../../../timelines/components/open_timeline/helpers'; + +jest.mock('../../../../timelines/components/open_timeline/helpers'); + +const mockAddError = jest.fn(); +jest.mock('../../../../common/hooks/use_app_toasts', () => ({ + useAppToasts: () => ({ + addError: mockAddError, + }), +})); + +const mockDispatch = jest.fn(); +jest.mock('react-redux', () => { + const original = jest.requireActual('react-redux'); + return { + ...original, + useDispatch: () => mockDispatch, + }; +}); + +const renderNotesList = () => + render( + <TestProviders> + <NotesList eventId={'event-id'} /> + </TestProviders> + ); + +describe('NotesList', () => { + it('should render a note as a comment', () => { + const { getByTestId, getByText } = renderNotesList(); + expect(getByTestId(`${NOTES_COMMENT_TEST_ID}-0`)).toBeInTheDocument(); + expect(getByText('note-1')).toBeInTheDocument(); + expect(getByTestId(`${DELETE_NOTE_BUTTON_TEST_ID}-0`)).toBeInTheDocument(); + expect(getByTestId(`${OPEN_TIMELINE_BUTTON_TEST_ID}-0`)).toBeInTheDocument(); + expect(getByTestId(`${NOTE_AVATAR_TEST_ID}-0`)).toBeInTheDocument(); + }); + + it('should render loading spinner if notes are being fetched', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + fetchNotesByDocumentId: ReqStatus.Loading, + }, + }, + }); + + const { getByTestId } = render( + <TestProviders store={store}> + <NotesList eventId={'event-id'} /> + </TestProviders> + ); + + expect(getByTestId(NOTES_LOADING_TEST_ID)).toBeInTheDocument(); + }); + + it('should render no data message if no notes are present', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + fetchNotesByDocumentId: ReqStatus.Succeeded, + }, + }, + }); + + const { getByText } = render( + <TestProviders store={store}> + <NotesList eventId={'wrong-event-id'} /> + </TestProviders> + ); + + expect(getByText(NO_NOTES)).toBeInTheDocument(); + }); + + it('should render error toast if fetching notes fails', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + fetchNotesByDocumentId: ReqStatus.Failed, + }, + error: { + ...mockGlobalState.notes.error, + fetchNotesByDocumentId: { type: 'http', status: 500 }, + }, + }, + }); + + render( + <TestProviders store={store}> + <NotesList eventId={'event-id'} /> + </TestProviders> + ); + + expect(mockAddError).toHaveBeenCalledWith(null, { + title: FETCH_NOTES_ERROR, + }); + }); + + it('should render ? in avatar is user is missing', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + entities: { + '1': { + eventId: 'event-id', + noteId: '1', + note: 'note-1', + timelineId: '', + created: 1663882629000, + createdBy: 'elastic', + updated: 1663882629000, + updatedBy: null, + version: 'version', + }, + }, + }, + }); + + const { getByTestId } = render( + <TestProviders store={store}> + <NotesList eventId={'event-id'} /> + </TestProviders> + ); + const { getByText } = within(getByTestId(`${NOTE_AVATAR_TEST_ID}-0`)); + + expect(getByText('?')).toBeInTheDocument(); + }); + + it('should render create loading when user creates a new note', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + createNote: ReqStatus.Loading, + }, + }, + }); + + const { getByTestId } = render( + <TestProviders store={store}> + <NotesList eventId={'event-id'} /> + </TestProviders> + ); + + expect(getByTestId(ADD_NOTE_LOADING_TEST_ID)).toBeInTheDocument(); + }); + + it('should dispatch delete action when user deletes a new note', () => { + const { getByTestId } = renderNotesList(); + + const deleteIcon = getByTestId(`${DELETE_NOTE_BUTTON_TEST_ID}-0`); + + expect(deleteIcon).toBeInTheDocument(); + expect(deleteIcon).not.toHaveAttribute('disabled'); + + deleteIcon.click(); + + expect(mockDispatch).toHaveBeenCalled(); + }); + + it('should have delete icons disabled and show spinner if a new note is being deleted', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + deleteNote: ReqStatus.Loading, + }, + }, + }); + + const { getByTestId } = render( + <TestProviders store={store}> + <NotesList eventId={'event-id'} /> + </TestProviders> + ); + + expect(getByTestId(`${DELETE_NOTE_BUTTON_TEST_ID}-0`)).toHaveAttribute('disabled'); + }); + + it('should render error toast if deleting a note fails', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + deleteNote: ReqStatus.Failed, + }, + error: { + ...mockGlobalState.notes.error, + deleteNote: { type: 'http', status: 500 }, + }, + }, + }); + + render( + <TestProviders store={store}> + <NotesList eventId={'event-id'} /> + </TestProviders> + ); + + expect(mockAddError).toHaveBeenCalledWith(null, { + title: DELETE_NOTE_ERROR, + }); + }); + + it('should open timeline if user clicks on the icon', () => { + const queryTimelineById = jest.fn(); + (useQueryTimelineById as jest.Mock).mockReturnValue(queryTimelineById); + + const { getByTestId } = renderNotesList(); + + getByTestId(`${OPEN_TIMELINE_BUTTON_TEST_ID}-0`).click(); + + expect(queryTimelineById).toHaveBeenCalledWith({ + duplicate: false, + onOpenTimeline: undefined, + timelineId: 'timeline-1', + timelineType: undefined, + unifiedComponentsInTimelineEnabled: false, + }); + }); + + it('should not render timeline icon if no timeline is related to the note', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + entities: { + '1': { + eventId: 'event-id', + noteId: '1', + note: 'note-1', + timelineId: '', + created: 1663882629000, + createdBy: 'elastic', + updated: 1663882629000, + updatedBy: 'elastic', + version: 'version', + }, + }, + }, + }); + + const { queryByTestId } = render( + <TestProviders store={store}> + <NotesList eventId={'event-id'} /> + </TestProviders> + ); + + expect(queryByTestId(`${OPEN_TIMELINE_BUTTON_TEST_ID}-0`)).not.toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.tsx new file mode 100644 index 0000000000000..248b3958339d1 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/notes_list.tsx @@ -0,0 +1,194 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo, useCallback, useEffect, useState } from 'react'; +import { + EuiAvatar, + EuiButtonIcon, + EuiComment, + EuiCommentList, + EuiLoadingElastic, +} from '@elastic/eui'; +import { useDispatch, useSelector } from 'react-redux'; +import { FormattedRelative } from '@kbn/i18n-react'; +import { i18n } from '@kbn/i18n'; +import { MarkdownRenderer } from '../../../../common/components/markdown_editor'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; +import { useQueryTimelineById } from '../../../../timelines/components/open_timeline/helpers'; +import { + ADD_NOTE_LOADING_TEST_ID, + DELETE_NOTE_BUTTON_TEST_ID, + NOTE_AVATAR_TEST_ID, + NOTES_COMMENT_TEST_ID, + NOTES_LOADING_TEST_ID, + OPEN_TIMELINE_BUTTON_TEST_ID, +} from './test_ids'; +import type { State } from '../../../../common/store'; +import type { Note } from '../../../../../common/api/timeline'; +import { + deleteNote, + ReqStatus, + selectCreateNoteStatus, + selectDeleteNoteError, + selectDeleteNoteStatus, + selectFetchNotesByDocumentIdError, + selectFetchNotesByDocumentIdStatus, + selectNotesByDocumentId, +} from '../../../../notes/store/notes.slice'; +import { useAppToasts } from '../../../../common/hooks/use_app_toasts'; + +export const ADDED_A_NOTE = i18n.translate('xpack.securitySolution.notes.addedANoteLabel', { + defaultMessage: 'added a note', +}); +export const FETCH_NOTES_ERROR = i18n.translate( + 'xpack.securitySolution.notes.fetchNotesErrorLabel', + { + defaultMessage: 'Error fetching notes', + } +); +export const NO_NOTES = i18n.translate('xpack.securitySolution.notes.noNotesLabel', { + defaultMessage: 'No notes have been created for this document', +}); +export const DELETE_NOTE = i18n.translate('xpack.securitySolution.notes.deleteNoteLabel', { + defaultMessage: 'Delete note', +}); +export const DELETE_NOTE_ERROR = i18n.translate( + 'xpack.securitySolution.notes.deleteNoteErrorLabel', + { + defaultMessage: 'Error deleting note', + } +); + +export interface NotesListProps { + /** + * Id of the document + */ + eventId: string; +} + +/** + * Renders a list of notes for the document. + * If a note belongs to a timeline, a timeline icon will be shown the top right corner. + * Also, a delete icon is shown in the top right corner to delete a note. + * When a note is being created, the component renders a loading spinner when the new note is about to be added. + */ +export const NotesList = memo(({ eventId }: NotesListProps) => { + const dispatch = useDispatch(); + const { addError: addErrorToast } = useAppToasts(); + + const unifiedComponentsInTimelineEnabled = useIsExperimentalFeatureEnabled( + 'unifiedComponentsInTimelineEnabled' + ); + + const fetchStatus = useSelector((state: State) => selectFetchNotesByDocumentIdStatus(state)); + const fetchError = useSelector((state: State) => selectFetchNotesByDocumentIdError(state)); + const notes: Note[] = useSelector((state: State) => selectNotesByDocumentId(state, eventId)); + + const createStatus = useSelector((state: State) => selectCreateNoteStatus(state)); + + const deleteStatus = useSelector((state: State) => selectDeleteNoteStatus(state)); + const deleteError = useSelector((state: State) => selectDeleteNoteError(state)); + const [deletingNoteId, setDeletingNoteId] = useState(''); + + const deleteNoteFc = useCallback( + (noteId: string) => { + setDeletingNoteId(noteId); + dispatch(deleteNote({ id: noteId })); + }, + [dispatch] + ); + + const queryTimelineById = useQueryTimelineById(); + const openTimeline = useCallback( + ({ timelineId }) => + queryTimelineById({ + duplicate: false, + onOpenTimeline: undefined, + timelineId, + timelineType: undefined, + unifiedComponentsInTimelineEnabled, + }), + [queryTimelineById, unifiedComponentsInTimelineEnabled] + ); + + // show a toast if the fetch notes call fails + useEffect(() => { + if (fetchStatus === ReqStatus.Failed && fetchError) { + addErrorToast(null, { + title: FETCH_NOTES_ERROR, + }); + } + }, [addErrorToast, fetchError, fetchStatus]); + + useEffect(() => { + if (deleteStatus === ReqStatus.Failed && deleteError) { + addErrorToast(null, { + title: DELETE_NOTE_ERROR, + }); + } + }, [addErrorToast, deleteError, deleteStatus]); + + if (fetchStatus === ReqStatus.Loading) { + return <EuiLoadingElastic data-test-subj={NOTES_LOADING_TEST_ID} size="xxl" />; + } + + if (fetchStatus === ReqStatus.Succeeded && notes.length === 0) { + return <p>{NO_NOTES}</p>; + } + + return ( + <EuiCommentList> + {notes.map((note, index) => ( + <EuiComment + data-test-subj={`${NOTES_COMMENT_TEST_ID}-${index}`} + key={note.noteId} + username={note.createdBy} + timestamp={<>{note.created && <FormattedRelative value={new Date(note.created)} />}</>} + event={ADDED_A_NOTE} + actions={ + <> + {note.timelineId && note.timelineId.length > 0 && ( + <EuiButtonIcon + data-test-subj={`${OPEN_TIMELINE_BUTTON_TEST_ID}-${index}`} + title="Open timeline" + aria-label="Open timeline" + color="text" + iconType="timeline" + onClick={() => openTimeline(note)} + /> + )} + <EuiButtonIcon + data-test-subj={`${DELETE_NOTE_BUTTON_TEST_ID}-${index}`} + title={DELETE_NOTE} + aria-label={DELETE_NOTE} + color="text" + iconType="trash" + onClick={() => deleteNoteFc(note.noteId)} + disabled={deletingNoteId !== note.noteId && deleteStatus === ReqStatus.Loading} + isLoading={deletingNoteId === note.noteId && deleteStatus === ReqStatus.Loading} + /> + </> + } + timelineAvatar={ + <EuiAvatar + data-test-subj={`${NOTE_AVATAR_TEST_ID}-${index}`} + size="l" + name={note.updatedBy || '?'} + /> + } + > + <MarkdownRenderer>{note.note || ''}</MarkdownRenderer> + </EuiComment> + ))} + {createStatus === ReqStatus.Loading && ( + <EuiLoadingElastic size="xxl" data-test-subj={ADD_NOTE_LOADING_TEST_ID} /> + )} + </EuiCommentList> + ); +}); + +NotesList.displayName = 'NotesList'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx index 3d881e80b0e47..a822ffa2be976 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.test.tsx @@ -7,7 +7,7 @@ import { render } from '@testing-library/react'; import React from 'react'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { PrevalenceDetails } from './prevalence_details'; import { PREVALENCE_DETAILS_TABLE_ALERT_COUNT_CELL_TEST_ID, @@ -53,16 +53,16 @@ const panelContextValue = { indexName: 'indexName', browserFields: {}, dataFormattedForFieldBrowser: [], -} as unknown as LeftPanelContext; +} as unknown as DocumentDetailsContext; const UPSELL_MESSAGE = 'Host and user prevalence are only available with a'; const renderPrevalenceDetails = () => render( <TestProviders> - <LeftPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <PrevalenceDetails /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -170,9 +170,9 @@ describe('PrevalenceDetails', () => { const { getByTestId } = render( <TestProviders> - <LeftPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <PrevalenceDetails /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -207,9 +207,9 @@ describe('PrevalenceDetails', () => { const { getByTestId } = render( <TestProviders> - <LeftPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <PrevalenceDetails /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.tsx index fd6cadc598477..7937560e0d81e 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/prevalence_details.tsx @@ -39,7 +39,7 @@ import { PREVALENCE_DETAILS_UPSELL_TEST_ID, PREVALENCE_DETAILS_TABLE_UPSELL_CELL_TEST_ID, } from './test_ids'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getDataProvider, getDataProviderAnd, @@ -296,7 +296,7 @@ const columns: Array<EuiBasicTableColumn<PrevalenceDetailsRow>> = [ * Prevalence table displayed in the document details expandable flyout left section under the Insights tab */ export const PrevalenceDetails: React.FC = () => { - const { dataFormattedForFieldBrowser, investigationFields } = useLeftPanelContext(); + const { dataFormattedForFieldBrowser, investigationFields } = useDocumentDetailsContext(); const isPlatinumPlus = useLicense().isPlatinumPlus(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.test.tsx index 9eac104c768b1..e8be41c601844 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import '@testing-library/jest-dom'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { rawEventData, TestProviders } from '../../../../common/mock'; import { RESPONSE_DETAILS_TEST_ID } from './test_ids'; import { ResponseDetails } from './response_details'; @@ -68,7 +68,7 @@ const defaultContextValue = { _id: 'test', }, searchHit: rawEventData, -} as unknown as LeftPanelContext; +} as unknown as DocumentDetailsContext; const contextWithResponseActions = { ...defaultContextValue, @@ -88,12 +88,12 @@ const contextWithResponseActions = { }; // Renders System Under Test -const renderResponseDetails = (contextValue: LeftPanelContext) => +const renderResponseDetails = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <LeftPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <ResponseDetails /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx index 8caaad7225057..c240799639166 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/response_details.tsx @@ -10,7 +10,7 @@ import { EuiSpacer, EuiTitle } from '@elastic/eui'; import styled from 'styled-components'; import { FormattedMessage } from '@kbn/i18n-react'; import { RESPONSE_DETAILS_TEST_ID } from './test_ids'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; import { useOsqueryTab } from '../../../../common/components/event_details/osquery_tab'; import { useResponseActionsView } from '../../../../common/components/event_details/response_actions_view'; @@ -24,7 +24,7 @@ const ExtendedFlyoutWrapper = styled.div` * Automated response actions results, displayed in the document details expandable flyout left section under the Insights tab, Response tab */ export const ResponseDetails: React.FC = () => { - const { searchHit, dataAsNestedObject, isPreview } = useLeftPanelContext(); + const { searchHit, dataAsNestedObject, isPreview } = useDocumentDetailsContext(); const endpointResponseActionsEnabled = useIsExperimentalFeatureEnabled( 'endpointResponseActionsEnabled' ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.test.tsx index 559aeb5427bea..cce77411d6c9f 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import '@testing-library/jest-dom'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; import { SESSION_VIEW_TEST_ID } from './test_ids'; import { SessionView } from './session_view'; @@ -46,12 +46,12 @@ jest.mock('../../../../common/lib/kibana', () => { }; }); -const renderSessionView = (contextValue: LeftPanelContext) => +const renderSessionView = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <LeftPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <SessionView /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -60,7 +60,7 @@ describe('<SessionView />', () => { const contextValue = { getFieldsData: mockFieldsData, indexName: '.ds-logs-endpoint.events.process-default', - } as unknown as LeftPanelContext; + } as unknown as DocumentDetailsContext; const wrapper = renderSessionView(contextValue); expect(wrapper.getByTestId(SESSION_VIEW_TEST_ID)).toBeInTheDocument(); @@ -70,7 +70,7 @@ describe('<SessionView />', () => { const contextValue = { getFieldsData: mockFieldsData, indexName: '.alerts-security', // it should prioritize KIBANA_ANCESTOR_INDEX above indexName - } as unknown as LeftPanelContext; + } as unknown as DocumentDetailsContext; const wrapper = renderSessionView(contextValue); expect(wrapper.getByTestId(SESSION_VIEW_TEST_ID)).toBeInTheDocument(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx index 60bafd1765179..fa44e0154b59f 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/session_view.tsx @@ -15,7 +15,7 @@ import { import { getField } from '../../shared/utils'; import { SESSION_VIEW_TEST_ID } from './test_ids'; import { useKibana } from '../../../../common/lib/kibana'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; export const SESSION_VIEW_ID = 'session-view'; @@ -24,7 +24,7 @@ export const SESSION_VIEW_ID = 'session-view'; */ export const SessionView: FC = () => { const { sessionView } = useKibana().services; - const { getFieldsData, indexName } = useLeftPanelContext(); + const { getFieldsData, indexName } = useDocumentDetailsContext(); const ancestorIndex = getField(getFieldsData(ANCESTOR_INDEX)); // e.g in case of alert, we want to grab it's origin index const sessionEntityId = getField(getFieldsData(ENTRY_LEADER_ENTITY_ID)) || ''; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/suppressed_alerts.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/suppressed_alerts.test.tsx index c78fdaca30124..5c05e373105d8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/suppressed_alerts.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/suppressed_alerts.test.tsx @@ -18,8 +18,8 @@ import { EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID, EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID, } from '../../../shared/components/test_ids'; -import { LeftPanelContext } from '../context'; -import { mockContextValue } from '../mocks/mock_context'; +import { DocumentDetailsContext } from '../../shared/context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { isSuppressionRuleInGA } from '../../../../../common/detection_engine/utils'; jest.mock('../../../../../common/detection_engine/utils', () => ({ @@ -46,12 +46,12 @@ const INVESTIGATE_IN_TIMELINE_BUTTON_TEST_ID = `${CORRELATIONS_DETAILS_SUPPRESSE const renderSuppressedAlerts = (alertSuppressionCount: number) => render( <TestProviders> - <LeftPanelContext.Provider value={mockContextValue}> + <DocumentDetailsContext.Provider value={mockContextValue}> <SuppressedAlerts alertSuppressionCount={alertSuppressionCount} dataAsNestedObject={mockDataAsNestedObject} /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts index 1ac4fb1c5f263..be835ba74108a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts @@ -89,3 +89,15 @@ export const RESPONSE_NO_DATA_TEST_ID = `${RESPONSE_TEST_ID}NoData` as const; export const INVESTIGATION_GUIDE_TEST_ID = `${PREFIX}InvestigationGuide` as const; export const INVESTIGATION_GUIDE_LOADING_TEST_ID = `${INVESTIGATION_GUIDE_TEST_ID}Loading` as const; + +/* Notes */ + +export const NOTES_LOADING_TEST_ID = `${PREFIX}NotesLoading` as const; +export const NOTES_COMMENT_TEST_ID = `${PREFIX}NotesComment` as const; +export const ADD_NOTE_LOADING_TEST_ID = `${PREFIX}AddNotesLoading` as const; +export const ADD_NOTE_MARKDOWN_TEST_ID = `${PREFIX}AddNotesMarkdown` as const; +export const ADD_NOTE_BUTTON_TEST_ID = `${PREFIX}AddNotesButton` as const; +export const NOTE_AVATAR_TEST_ID = `${PREFIX}NoteAvatar` as const; +export const DELETE_NOTE_BUTTON_TEST_ID = `${PREFIX}DeleteNotesButton` as const; +export const ATTACH_TO_TIMELINE_CHECKBOX_TEST_ID = `${PREFIX}AttachToTimelineCheckbox` as const; +export const OPEN_TIMELINE_BUTTON_TEST_ID = `${PREFIX}OpenTimelineButton` as const; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/threat_intelligence_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/threat_intelligence_details.test.tsx index 110a6f186d584..c028b9194748f 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/threat_intelligence_details.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/threat_intelligence_details.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import '@testing-library/jest-dom'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; import { THREAT_INTELLIGENCE_DETAILS_ENRICHMENTS_TEST_ID, @@ -35,15 +35,15 @@ jest.mock('../hooks/use_threat_intelligence_details'); const defaultContextValue = { getFieldsData: () => 'id', -} as unknown as LeftPanelContext; +} as unknown as DocumentDetailsContext; // Renders System Under Test -const renderThreatIntelligenceDetails = (contextValue: LeftPanelContext) => +const renderThreatIntelligenceDetails = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <LeftPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <ThreatIntelligenceDetails /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.test.tsx index fff177d43040c..9aaffcfe2d71c 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.test.tsx @@ -8,8 +8,8 @@ import React from 'react'; import { render, waitFor, fireEvent } from '@testing-library/react'; import { LeftPanelTour } from './tour'; -import { LeftPanelContext } from '../context'; -import { mockContextValue } from '../mocks/mock_context'; +import { DocumentDetailsContext } from '../../shared/context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { createMockStore, createSecuritySolutionStorageMock, @@ -31,15 +31,15 @@ const mockStore = createMockStore(undefined, undefined, undefined, { ...storageMock, }); -const renderLeftPanelTour = (context: LeftPanelContext = mockContextValue) => +const renderLeftPanelTour = (context: DocumentDetailsContext = mockContextValue) => render( <TestProviders store={mockStore}> - <LeftPanelContext.Provider value={context}> + <DocumentDetailsContext.Provider value={context}> <LeftPanelTour /> {Object.values(FLYOUT_TOUR_CONFIG_ANCHORS).map((i, idx) => ( <div key={idx} data-test-subj={i} /> ))} - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.tsx index e1719be5b20a5..4e3adc140a8aa 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/tour.tsx @@ -8,7 +8,7 @@ import React, { memo, useMemo } from 'react'; import { getField } from '../../shared/utils'; import { EventKind } from '../../shared/constants/event_kinds'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { FlyoutTour } from '../../shared/components/flyout_tour'; import { getLeftSectionTourSteps } from '../../shared/utils/tour_step_config'; import { useIsTimelineFlyoutOpen } from '../../shared/hooks/use_is_timeline_flyout_open'; @@ -17,7 +17,7 @@ import { useIsTimelineFlyoutOpen } from '../../shared/hooks/use_is_timeline_flyo * Guided tour for the left panel in details flyout */ export const LeftPanelTour = memo(() => { - const { getFieldsData, isPreview } = useLeftPanelContext(); + const { getFieldsData, isPreview } = useDocumentDetailsContext(); const eventKind = getField(getFieldsData('event.kind')); const isAlert = eventKind === EventKind.signal; const isTimelineFlyoutOpen = useIsTimelineFlyoutOpen(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx index 35853d8e4d97a..1ca56340635d9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/user_details.test.tsx @@ -9,7 +9,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import type { Anomalies } from '../../../../common/components/ml/types'; import { TestProviders } from '../../../../common/mock'; -import { LeftPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { UserDetails } from './user_details'; import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities'; import { mockAnomalies } from '../../../../common/components/ml/mock'; @@ -23,7 +23,7 @@ import { } from './test_ids'; import { EXPANDABLE_PANEL_CONTENT_TEST_ID } from '../../../shared/components/test_ids'; import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; jest.mock('react-router-dom', () => { const actual = jest.requireActual('react-router-dom'); @@ -121,12 +121,12 @@ const mockRelatedHostsResponse = { loading: false, }; -const renderUserDetails = (contextValue: LeftPanelContext) => +const renderUserDetails = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <LeftPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <UserDetails {...defaultProps} /> - </LeftPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx deleted file mode 100644 index 52bf509462699..0000000000000 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/context.tsx +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { BrowserFields, TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common'; -import React, { createContext, memo, useContext, useMemo } from 'react'; -import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; -import { TableId } from '@kbn/securitysolution-data-table'; -import { useEventDetails } from '../shared/hooks/use_event_details'; -import { FlyoutError } from '../../shared/components/flyout_error'; -import { FlyoutLoading } from '../../shared/components/flyout_loading'; -import type { SearchHit } from '../../../../common/search_strategy'; -import type { LeftPanelProps } from '.'; -import type { GetFieldsData } from '../../../common/hooks/use_get_fields_data'; -import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers'; -import { useRuleWithFallback } from '../../../detection_engine/rule_management/logic/use_rule_with_fallback'; - -export interface LeftPanelContext { - /** - * Id of the document - */ - eventId: string; - /** - * Name of the index used in the parent's page - */ - indexName: string; - /** - * Maintain backwards compatibility // TODO remove when possible - */ - scopeId: string; - /** - * An object containing fields by type - */ - browserFields: BrowserFields; - /** - * An object with top level fields from the ECS object - */ - dataAsNestedObject: Ecs; - /** - * An array of field objects with category and value - */ - dataFormattedForFieldBrowser: TimelineEventsDetailsItem[]; - /** - * The actual raw document object - */ - searchHit: SearchHit; - /** - * User defined fields to highlight (defined on the rule) - */ - investigationFields: string[]; - /** - * Retrieves searchHit values for the provided field - */ - getFieldsData: GetFieldsData; - /** - * Boolean to indicate whether it is a preview flyout - */ - isPreview: boolean; -} - -export const LeftPanelContext = createContext<LeftPanelContext | undefined>(undefined); - -export type LeftPanelProviderProps = { - /** - * React components to render - */ - children: React.ReactNode; -} & Partial<LeftPanelProps['params']>; - -export const LeftPanelProvider = memo( - ({ id, indexName, scopeId, children }: LeftPanelProviderProps) => { - const { - browserFields, - dataAsNestedObject, - dataFormattedForFieldBrowser, - getFieldsData, - loading, - searchHit, - } = useEventDetails({ eventId: id, indexName }); - - const { ruleId } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser); - const { rule: maybeRule } = useRuleWithFallback(ruleId); - - const contextValue = useMemo( - () => - id && - indexName && - scopeId && - dataAsNestedObject && - dataFormattedForFieldBrowser && - searchHit - ? { - eventId: id, - indexName, - scopeId, - browserFields, - dataAsNestedObject, - dataFormattedForFieldBrowser, - searchHit, - investigationFields: maybeRule?.investigation_fields?.field_names ?? [], - getFieldsData, - isPreview: scopeId === TableId.rulePreview, - } - : undefined, - [ - id, - indexName, - scopeId, - browserFields, - dataAsNestedObject, - dataFormattedForFieldBrowser, - searchHit, - maybeRule?.investigation_fields, - getFieldsData, - ] - ); - - if (loading) { - return <FlyoutLoading />; - } - - if (!contextValue) { - return <FlyoutError />; - } - - return <LeftPanelContext.Provider value={contextValue}>{children}</LeftPanelContext.Provider>; - } -); - -LeftPanelProvider.displayName = 'LeftPanelProvider'; - -export const useLeftPanelContext = () => { - const contextValue = useContext(LeftPanelContext); - - if (!contextValue) { - throw new Error('LeftPanelContext can only be used within LeftPanelContext provider'); - } - - return contextValue; -}; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/header.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/header.tsx index bbc8201a19f1a..2b61a97577e06 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/header.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/header.tsx @@ -14,7 +14,7 @@ import { FlyoutHeader } from '../../shared/components/flyout_header'; import type { LeftPanelTabType } from './tabs'; import { getField } from '../shared/utils'; import { EventKind } from '../shared/constants/event_kinds'; -import { useLeftPanelContext } from './context'; +import { useDocumentDetailsContext } from '../shared/context'; export interface PanelHeaderProps { /** @@ -38,7 +38,7 @@ export interface PanelHeaderProps { */ export const PanelHeader: FC<PanelHeaderProps> = memo( ({ selectedTabId, setSelectedTabId, tabs }) => { - const { getFieldsData } = useLeftPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); const isEventKindSignal = getField(getFieldsData('event.kind')) === EventKind.signal; const onSelectedTabChanged = (id: LeftPanelPaths) => setSelectedTabId(id); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts index f8a34e374a938..ae71c7f74c8d6 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts @@ -11,7 +11,7 @@ import { renderHook } from '@testing-library/react-hooks'; import { useTimelineEventsDetails } from '../../../../timelines/containers/details'; import { useSourcererDataView } from '../../../../sourcerer/containers'; import { useRouteSpy } from '../../../../common/utils/route/use_route_spy'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { useInvestigationTimeEnrichment } from '../../../../common/containers/cti/event_enrichment'; import { SecurityPageName } from '../../../../../common/constants'; import type { RouteSpyState } from '../../../../common/utils/route/types'; @@ -19,12 +19,12 @@ import { type GetBasicDataFromDetailsData, useBasicDataFromDetailsData, } from '../../../../timelines/components/side_panel/event_details/helpers'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; jest.mock('../../../../timelines/containers/details'); jest.mock('../../../../sourcerer/containers'); jest.mock('../../../../common/utils/route/use_route_spy'); -jest.mock('../context'); +jest.mock('../../shared/context'); jest.mock('../../../../common/containers/cti/event_enrichment'); jest.mock('../../../../timelines/components/side_panel/event_details/helpers'); @@ -64,7 +64,7 @@ describe('useThreatIntelligenceDetails', () => { () => {}, ]); - jest.mocked(useLeftPanelContext).mockReturnValue(mockContextValue); + jest.mocked(useDocumentDetailsContext).mockReturnValue(mockContextValue); }); afterEach(() => { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts index f8d6ee67edbc9..04a2bd0ddee47 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts @@ -22,7 +22,7 @@ import { useInvestigationTimeEnrichment } from '../../../../common/containers/ct import { useTimelineEventsDetails } from '../../../../timelines/containers/details'; import { useSourcererDataView } from '../../../../sourcerer/containers'; import { useRouteSpy } from '../../../../common/utils/route/use_route_spy'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; export interface ThreatIntelligenceDetailsValue { enrichments: CtiEnrichment[]; @@ -43,7 +43,7 @@ export interface ThreatIntelligenceDetailsValue { * for component testing. */ export const useThreatIntelligenceDetails = (): ThreatIntelligenceDetailsValue => { - const { indexName, eventId } = useLeftPanelContext(); + const { indexName, eventId } = useDocumentDetailsContext(); const [{ pageName }] = useRouteSpy(); const sourcererScope = pageName === SecurityPageName.detections diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx index a93b1e7e7a4fb..8facaef0885ca 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx @@ -7,7 +7,7 @@ import type { FC } from 'react'; import React, { memo, useMemo } from 'react'; -import type { FlyoutPanelProps, PanelPath } from '@kbn/expandable-flyout'; + import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features'; import { DocumentDetailsLeftPanelKey } from '../shared/constants/panel_keys'; @@ -18,7 +18,8 @@ import type { LeftPanelTabType } from './tabs'; import * as tabs from './tabs'; import { getField } from '../shared/utils'; import { EventKind } from '../shared/constants/event_kinds'; -import { useLeftPanelContext } from './context'; +import { useDocumentDetailsContext } from '../shared/context'; +import type { DocumentDetailsProps } from '../shared/types'; import { LeftPanelTour } from './components/tour'; export type LeftPanelPaths = 'visualize' | 'insights' | 'investigation' | 'response' | 'notes'; @@ -28,33 +29,25 @@ export const LeftPanelInvestigationTab: LeftPanelPaths = 'investigation'; export const LeftPanelResponseTab: LeftPanelPaths = 'response'; export const LeftPanelNotesTab: LeftPanelPaths = 'notes'; -export interface LeftPanelProps extends FlyoutPanelProps { - key: typeof DocumentDetailsLeftPanelKey; - path?: PanelPath; - params?: { - id: string; - indexName: string; - scopeId: string; - }; -} - -export const LeftPanel: FC<Partial<LeftPanelProps>> = memo(({ path }) => { +export const LeftPanel: FC<Partial<DocumentDetailsProps>> = memo(({ path }) => { const { telemetry } = useKibana().services; const { openLeftPanel } = useExpandableFlyoutApi(); - const { eventId, indexName, scopeId, getFieldsData } = useLeftPanelContext(); + const { eventId, indexName, scopeId, getFieldsData } = useDocumentDetailsContext(); const eventKind = getField(getFieldsData('event.kind')); - const notesEnabled = useIsExperimentalFeatureEnabled('notesEnabled'); + const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled( + 'securitySolutionNotesEnabled' + ); const tabsDisplayed = useMemo(() => { const tabList = eventKind === EventKind.signal ? [tabs.insightsTab, tabs.investigationTab, tabs.responseTab] : [tabs.insightsTab]; - if (notesEnabled) { + if (securitySolutionNotesEnabled) { tabList.push(tabs.notesTab); } return tabList; - }, [eventKind, notesEnabled]); + }, [eventKind, securitySolutionNotesEnabled]); const selectedTabId = useMemo(() => { const defaultTab = tabsDisplayed[0].id; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx index 4513e857b0b6f..99072977ac982 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx @@ -21,7 +21,7 @@ import { INSIGHTS_TAB_PREVALENCE_BUTTON_TEST_ID, INSIGHTS_TAB_CORRELATIONS_BUTTON_TEST_ID, } from './test_ids'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInsightsTab } from '..'; import { ENTITIES_TAB_ID, EntitiesDetails } from '../components/entities_details'; @@ -86,7 +86,7 @@ const insightsButtons: EuiButtonGroupOptionProps[] = [ */ export const InsightsTab = memo(() => { const { telemetry } = useKibana().services; - const { eventId, indexName, scopeId, getFieldsData } = useLeftPanelContext(); + const { eventId, indexName, scopeId, getFieldsData } = useDocumentDetailsContext(); const isEventKindSignal = getField(getFieldsData('event.kind')) === EventKind.signal; const { openLeftPanel } = useExpandableFlyoutApi(); const panels = useExpandableFlyoutState(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx index ab148fd04c65b..32f64aecd1cb8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx @@ -11,7 +11,7 @@ import type { EuiButtonGroupOptionProps } from '@elastic/eui/src/components/butt import { useExpandableFlyoutApi, useExpandableFlyoutState } from '@kbn/expandable-flyout'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import { useLeftPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelVisualizeTab } from '..'; import { @@ -51,7 +51,7 @@ const visualizeButtons: EuiButtonGroupOptionProps[] = [ * Visualize view displayed in the document details expandable flyout left section */ export const VisualizeTab = memo(() => { - const { eventId, indexName, scopeId } = useLeftPanelContext(); + const { eventId, indexName, scopeId } = useDocumentDetailsContext(); const { openLeftPanel } = useExpandableFlyoutApi(); const panels = useExpandableFlyoutState(); const [activeVisualizationId, setActiveVisualizationId] = useState( diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.test.tsx index 7013e5d3303e1..46cefbb7533aa 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.test.tsx @@ -19,8 +19,8 @@ import { } from './test_ids'; import { TestProviders } from '../../../../common/mock'; import { AboutSection } from './about_section'; -import { RightPanelContext } from '../context'; -import { mockContextValue } from '../mocks/mock_context'; +import { DocumentDetailsContext } from '../../shared/context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { useExpandSection } from '../hooks/use_expand_section'; jest.mock('../../../../common/components/link_to'); @@ -42,9 +42,9 @@ const renderAboutSection = (getFieldsData = mockGetFieldsData) => { }; return render( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <AboutSection /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); }; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.tsx index a02e69f611ab0..5b9da45df2dfd 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/about_section.tsx @@ -15,7 +15,7 @@ import { Reason } from './reason'; import { MitreAttack } from './mitre_attack'; import { getField } from '../../shared/utils'; import { EventKind } from '../../shared/constants/event_kinds'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { isEcsAllowedValue } from '../utils/event_utils'; import { EventCategoryDescription } from './event_category_description'; import { EventKindDescription } from './event_kind_description'; @@ -30,7 +30,7 @@ const KEY = 'about'; * For all other events, it shows the event kind description, a list of event categories and event renderer. */ export const AboutSection = memo(() => { - const { getFieldsData } = useRightPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); const eventKind = getField(getFieldsData('event.kind')); const eventKindInECS = eventKind && isEcsAllowedValue('event.kind', eventKind); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.test.tsx index 601e97f42ad0f..c8a00cf0837fa 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.test.tsx @@ -14,7 +14,7 @@ import { ALERT_DESCRIPTION_DETAILS_TEST_ID, } from './test_ids'; import { AlertDescription, RULE_OVERVIEW_BANNER } from './alert_description'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common'; import { DocumentDetailsRuleOverviewPanelKey } from '../../shared/constants/panel_keys'; @@ -71,15 +71,15 @@ const panelContextValue = (dataFormattedForFieldBrowser: TimelineEventsDetailsIt scopeId: 'scopeId', dataFormattedForFieldBrowser, getFieldsData: mockGetFieldsData, - } as unknown as RightPanelContext); + } as unknown as DocumentDetailsContext); -const renderDescription = (panelContext: RightPanelContext) => +const renderDescription = (panelContext: DocumentDetailsContext) => render( <TestProviders> <IntlProvider locale="en"> - <RightPanelContext.Provider value={panelContext}> + <DocumentDetailsContext.Provider value={panelContext}> <AlertDescription /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </IntlProvider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.tsx index 2b681267ebc73..b908185cd9d9d 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_description.tsx @@ -14,7 +14,7 @@ import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; import { useKibana } from '../../../../common/lib/kibana'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers'; import { ALERT_DESCRIPTION_DETAILS_TEST_ID, @@ -37,7 +37,7 @@ export const RULE_OVERVIEW_BANNER = { export const AlertDescription: FC = () => { const { telemetry } = useKibana().services; const { dataFormattedForFieldBrowser, scopeId, eventId, indexName, isPreview } = - useRightPanelContext(); + useDocumentDetailsContext(); const { isAlert, ruleDescription, ruleName, ruleId } = useBasicDataFromDetailsData( dataFormattedForFieldBrowser ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx index 61dbc57a2080a..4a0267a8dade8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { RISK_SCORE_VALUE_TEST_ID, SEVERITY_VALUE_TEST_ID, @@ -32,15 +32,15 @@ const dateFormat = 'MMM D, YYYY @ HH:mm:ss.SSS'; const mockContextValue = { dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, getFieldsData: jest.fn().mockImplementation(mockGetFieldsData), -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; const HEADER_TEXT_TEST_ID = `${FLYOUT_ALERT_HEADER_TITLE_TEST_ID}Text`; -const renderHeader = (contextValue: RightPanelContext) => +const renderHeader = (contextValue: DocumentDetailsContext) => render( <TestProvidersComponent> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <AlertHeaderTitle /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvidersComponent> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx index 8386acdba31ca..a9da1ae146394 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx @@ -16,7 +16,7 @@ import { DocumentSeverity } from './severity'; import { RiskScore } from './risk_score'; import { useRefetchByScope } from '../../../../timelines/components/side_panel/event_details/flyout/use_refetch_by_scope'; import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { PreferenceFormattedDate } from '../../../../common/components/formatted_date'; import { FLYOUT_ALERT_HEADER_TITLE_TEST_ID, ALERT_SUMMARY_PANEL_TEST_ID } from './test_ids'; import { Assignees } from './assignees'; @@ -33,7 +33,7 @@ export const AlertHeaderTitle = memo(() => { isPreview, refetchFlyoutData, getFieldsData, - } = useRightPanelContext(); + } = useDocumentDetailsContext(); const { isAlert, ruleName, timestamp, ruleId } = useBasicDataFromDetailsData( dataFormattedForFieldBrowser ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx index 7e5323e37b518..67d7438e8bb68 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.test.tsx @@ -10,9 +10,9 @@ import React from 'react'; import { TestProviders } from '../../../../common/mock'; import { useAlertPrevalenceFromProcessTree } from '../../../../common/containers/alerts/use_alert_prevalence_from_process_tree'; import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { AnalyzerPreview } from './analyzer_preview'; import { ANALYZER_PREVIEW_TEST_ID } from './test_ids'; import * as mock from '../mocks/mock_analyzer_data'; @@ -34,12 +34,12 @@ const mockTreeValues = { statsNodes: mock.mockStatsNodes, }; -const renderAnalyzerPreview = (contextValue: RightPanelContext) => +const renderAnalyzerPreview = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <AnalyzerPreview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx index e87bc1fddbe92..efae023e0d092 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview.tsx @@ -12,7 +12,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { ANALYZER_PREVIEW_TEST_ID, ANALYZER_PREVIEW_LOADING_TEST_ID } from './test_ids'; import { getTreeNodes } from '../utils/analyzer_helpers'; import { ANCESTOR_ID, RULE_INDICES } from '../../shared/constants/field_names'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { useAlertPrevalenceFromProcessTree } from '../../../../common/containers/alerts/use_alert_prevalence_from_process_tree'; import type { StatsNode } from '../../../../common/containers/alerts/use_alert_prevalence_from_process_tree'; import { isActiveTimeline } from '../../../../helpers'; @@ -41,7 +41,7 @@ export const AnalyzerPreview: React.FC = () => { scopeId, eventId, isPreview, - } = useRightPanelContext(); + } = useDocumentDetailsContext(); const ancestorId = getField(getFieldsData(ANCESTOR_ID)) ?? ''; const documentId = isPreview ? ancestorId : eventId; // use ancestor as fallback for alert preview diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx index c43511ddae460..5ce6fcebae76b 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx @@ -8,8 +8,8 @@ import { render, screen } from '@testing-library/react'; import { TestProviders } from '../../../../common/mock'; import React from 'react'; -import { RightPanelContext } from '../context'; -import { mockContextValue } from '../mocks/mock_context'; +import { DocumentDetailsContext } from '../../shared/context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { AnalyzerPreviewContainer } from './analyzer_preview_container'; import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver'; import { ANALYZER_PREVIEW_TEST_ID } from './test_ids'; @@ -56,9 +56,9 @@ const panelContextValue = { const renderAnalyzerPreview = (context = panelContextValue) => render( <TestProviders> - <RightPanelContext.Provider value={context}> + <DocumentDetailsContext.Provider value={context}> <AnalyzerPreviewContainer /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx index 6e3c8241136ea..ad85e8e8701e1 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx @@ -15,7 +15,7 @@ import { useInvestigateInTimeline } from '../../../../detections/components/aler import { ALERTS_ACTIONS } from '../../../../common/lib/apm/user_actions'; import { getScopedActions } from '../../../../helpers'; import { setActiveTabTimeline } from '../../../../timelines/store/actions'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver'; import { AnalyzerPreview } from './analyzer_preview'; import { ANALYZER_PREVIEW_TEST_ID } from './test_ids'; @@ -27,7 +27,7 @@ const timelineId = 'timeline-1'; * Analyzer preview under Overview, Visualizations. It shows a tree representation of analyzer. */ export const AnalyzerPreviewContainer: React.FC = () => { - const { dataAsNestedObject, isPreview } = useRightPanelContext(); + const { dataAsNestedObject, isPreview } = useDocumentDetailsContext(); // decide whether to show the analyzer preview or not const isEnabled = useIsInvestigateInResolverActionEnabled(dataAsNestedObject); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/cell_actions.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/cell_actions.tsx index 52c216517b9de..96a0f2b100291 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/cell_actions.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/cell_actions.tsx @@ -7,7 +7,7 @@ import type { FC } from 'react'; import React, { useMemo } from 'react'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getSourcererScopeId } from '../../../../helpers'; import { SecurityCellActionType } from '../../../../app/actions/constants'; import { @@ -39,7 +39,7 @@ interface CellActionsProps { * Security cell action wrapper for document details flyout */ export const CellActions: FC<CellActionsProps> = ({ field, value, isObjectArray, children }) => { - const { scopeId, isPreview } = useRightPanelContext(); + const { scopeId, isPreview } = useDocumentDetailsContext(); const data = useMemo(() => ({ field, value }), [field, value]); const metadata = useMemo(() => ({ scopeId, isObjectArray }), [scopeId, isObjectArray]); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx index 2ae680fc54ba9..2145d3efff129 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx @@ -9,7 +9,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import type { ExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; import { CorrelationsOverview } from './correlations_overview'; import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details'; @@ -76,13 +76,13 @@ const panelContextValue = { browserFields: {}, getFieldsData: () => {}, scopeId: 'scopeId', -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; -const renderCorrelationsOverview = (contextValue: RightPanelContext) => ( +const renderCorrelationsOverview = (contextValue: DocumentDetailsContext) => ( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <CorrelationsOverview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -209,9 +209,9 @@ describe('<CorrelationsOverview />', () => { it('should navigate to the left section Insights tab when clicking on button', () => { const { getByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <CorrelationsOverview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -230,9 +230,9 @@ describe('<CorrelationsOverview />', () => { it('should navigate to the left section Insights tab automatically when active step is "view case"', () => { render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <CorrelationsOverview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx index 2125eb47316ae..3bf57aa916963 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx @@ -24,7 +24,7 @@ import { useShowSuppressedAlerts } from '../../shared/hooks/use_show_suppressed_ import { RelatedCases } from './related_cases'; import { useShowRelatedCases } from '../../shared/hooks/use_show_related_cases'; import { CORRELATIONS_TEST_ID } from './test_ids'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInsightsTab } from '../../left'; import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details'; @@ -43,7 +43,7 @@ import { */ export const CorrelationsOverview: React.FC = () => { const { dataAsNestedObject, eventId, indexName, getFieldsData, scopeId, isPreview } = - useRightPanelContext(); + useDocumentDetailsContext(); const { openLeftPanel } = useExpandableFlyoutApi(); const { isTourShown, activeStep } = useTourContext(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.test.tsx index e27470debe535..7c8c119b31c6b 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { ENTITIES_HOST_OVERVIEW_TEST_ID, ENTITIES_USER_OVERVIEW_TEST_ID, @@ -67,14 +67,14 @@ const mockContextValue = { indexName: 'index', scopeId: 'scopeId', getFieldsData: mockGetFieldsData, -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; -const renderEntitiesOverview = (contextValue: RightPanelContext) => +const renderEntitiesOverview = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <EntitiesOverview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -108,7 +108,7 @@ describe('<EntitiesOverview />', () => { const contextValue = { ...mockContextValue, getFieldsData: (field: string) => (field === 'user.name' ? 'user1' : null), - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { queryByTestId, getByTestId, queryByText } = renderEntitiesOverview(contextValue); @@ -121,7 +121,7 @@ describe('<EntitiesOverview />', () => { const contextValue = { ...mockContextValue, getFieldsData: (field: string) => (field === 'host.name' ? 'host1' : null), - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { queryByTestId, getByTestId, queryByText } = renderEntitiesOverview(contextValue); @@ -134,7 +134,7 @@ describe('<EntitiesOverview />', () => { const contextValue = { ...mockContextValue, getFieldsData: (field: string) => {}, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { getByText } = renderEntitiesOverview(contextValue); expect(getByText(NO_DATA_MESSAGE)).toBeInTheDocument(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx index 7d150c0850c81..51ec7f002ed0a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx @@ -11,7 +11,7 @@ import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { FormattedMessage } from '@kbn/i18n-react'; import { INSIGHTS_ENTITIES_TEST_ID } from './test_ids'; import { ExpandablePanel } from '../../../shared/components/expandable_panel'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getField } from '../../shared/utils'; import { HostEntityOverview } from './host_entity_overview'; import { UserEntityOverview } from './user_entity_overview'; @@ -23,7 +23,7 @@ import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; * Entities section under Insights section, overview tab. It contains a preview of host and user information. */ export const EntitiesOverview: React.FC = () => { - const { eventId, getFieldsData, indexName, scopeId } = useRightPanelContext(); + const { eventId, getFieldsData, indexName, scopeId } = useDocumentDetailsContext(); const { openLeftPanel } = useExpandableFlyoutApi(); const hostName = getField(getFieldsData('host.name')); const userName = getField(getFieldsData('user.name')); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.test.tsx index 8ce893fa4f828..1719eed80aaa0 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.test.tsx @@ -7,18 +7,18 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { EVENT_CATEGORY_DESCRIPTION_TEST_ID } from './test_ids'; import { EventCategoryDescription } from './event_category_description'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { TestProvidersComponent } from '../../../../common/mock'; -const renderDescription = (contextValue: RightPanelContext) => +const renderDescription = (contextValue: DocumentDetailsContext) => render( <TestProvidersComponent> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <EventCategoryDescription /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvidersComponent> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.tsx index 2a9048a0504e5..2900c05200741 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_category_description.tsx @@ -8,7 +8,7 @@ import React, { useMemo } from 'react'; import { EuiFlexItem, EuiTitle, EuiSpacer, EuiText } from '@elastic/eui'; import { startCase } from 'lodash'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getEcsAllowedValueDescription } from '../utils/event_utils'; import { getFieldArray } from '../../shared/utils'; import { EVENT_CATEGORY_DESCRIPTION_TEST_ID } from './test_ids'; @@ -17,7 +17,7 @@ import { EVENT_CATEGORY_DESCRIPTION_TEST_ID } from './test_ids'; * Displays the category description of an event document. */ export const EventCategoryDescription: React.FC = () => { - const { getFieldsData } = useRightPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); const eventCategories = useMemo( () => getFieldArray(getFieldsData('event.category')), [getFieldsData] diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.test.tsx index 049e129d10120..05f5f0a166a52 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.test.tsx @@ -7,12 +7,12 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { SEVERITY_VALUE_TEST_ID, FLYOUT_EVENT_HEADER_TITLE_TEST_ID } from './test_ids'; import { EventHeaderTitle } from './event_header_title'; import moment from 'moment-timezone'; import { useDateFormat, useTimeZone } from '../../../../common/lib/kibana'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { TestProvidersComponent } from '../../../../common/mock'; jest.mock('../../../../common/lib/kibana'); @@ -22,12 +22,12 @@ moment.tz.setDefault('UTC'); const dateFormat = 'MMM D, YYYY @ HH:mm:ss.SSS'; -const renderHeader = (contextValue: RightPanelContext) => +const renderHeader = (contextValue: DocumentDetailsContext) => render( <TestProvidersComponent> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <EventHeaderTitle /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvidersComponent> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.tsx index f19e3c27ee4dc..4bed17e24b77e 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_header_title.tsx @@ -12,7 +12,7 @@ import { i18n } from '@kbn/i18n'; import { FlyoutTitle } from '../../../shared/components/flyout_title'; import { DocumentSeverity } from './severity'; import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { PreferenceFormattedDate } from '../../../../common/components/formatted_date'; import { FLYOUT_EVENT_HEADER_TITLE_TEST_ID } from './test_ids'; import { getField } from '../../shared/utils'; @@ -22,7 +22,7 @@ import { EVENT_CATEGORY_TO_FIELD } from '../utils/event_utils'; * Event details flyout right section header */ export const EventHeaderTitle = memo(() => { - const { dataFormattedForFieldBrowser, getFieldsData } = useRightPanelContext(); + const { dataFormattedForFieldBrowser, getFieldsData } = useDocumentDetailsContext(); const { timestamp } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser); const eventKind = getField(getFieldsData('event.kind')); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.test.tsx index 6c7f69b175f03..5039040e701be 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.test.tsx @@ -7,22 +7,22 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { EVENT_KIND_DESCRIPTION_TEST_ID, EVENT_KIND_DESCRIPTION_TEXT_TEST_ID, EVENT_KIND_DESCRIPTION_CATEGORIES_TEST_ID, } from './test_ids'; import { EventKindDescription } from './event_kind_description'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { TestProvidersComponent } from '../../../../common/mock'; -const renderDescription = (contextValue: RightPanelContext) => +const renderDescription = (contextValue: DocumentDetailsContext) => render( <TestProvidersComponent> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <EventKindDescription eventKind="alert" /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvidersComponent> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.tsx index 21e4a6a2d4a49..3750e9c83448c 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_kind_description.tsx @@ -9,7 +9,7 @@ import React, { useMemo } from 'react'; import { EuiFlexGroup, EuiFlexItem, EuiTitle, EuiSpacer, EuiText, EuiToolTip } from '@elastic/eui'; import { startCase } from 'lodash'; import { FormattedMessage } from '@kbn/i18n-react'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getEcsAllowedValueDescription } from '../utils/event_utils'; import { getFieldArray } from '../../shared/utils'; import { @@ -30,7 +30,7 @@ export interface EventKindDescriptionProps { * Shows the ecs description of the event kind, and a list of event categories */ export const EventKindDescription: React.FC<EventKindDescriptionProps> = ({ eventKind }) => { - const { getFieldsData } = useRightPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); const eventCategories = useMemo( () => getFieldArray(getFieldsData('event.category')), [getFieldsData] diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.test.tsx index f6e91cbe31756..761a8c4df8649 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.test.tsx @@ -8,17 +8,17 @@ import React from 'react'; import { render } from '@testing-library/react'; import { EventRenderer } from './event_renderer'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { EVENT_RENDERER_TEST_ID } from './test_ids'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { mockDataAsNestedObject } from '../../shared/mocks/mock_data_as_nested_object'; import { TestProviders } from '../../../../common/mock'; -const renderEventRenderer = (contextValue: RightPanelContext) => +const renderEventRenderer = (contextValue: DocumentDetailsContext) => render( - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <EventRenderer /> - </RightPanelContext.Provider>, + </DocumentDetailsContext.Provider>, { wrapper: TestProviders } ); @@ -38,7 +38,7 @@ describe('<EventRenderer />', () => { }); it('should render empty component if event renderer is not available', async () => { - const { container } = renderEventRenderer({} as unknown as RightPanelContext); + const { container } = renderEventRenderer({} as unknown as DocumentDetailsContext); expect(container).toBeEmptyDOMElement(); }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.tsx index 54e60d0331b81..cd612286f01fb 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/event_renderer.tsx @@ -12,7 +12,7 @@ import styled from '@emotion/styled'; import { euiThemeVars } from '@kbn/ui-theme'; import { getRowRenderer } from '../../../../timelines/components/timeline/body/renderers/get_row_renderer'; import { defaultRowRenderers } from '../../../../timelines/components/timeline/body/renderers'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { EVENT_RENDERER_TEST_ID } from './test_ids'; const ReasonPreviewContainerWrapper = styled.div` @@ -26,7 +26,7 @@ const ReasonPreviewContainer = styled.div``; * Event renderer of an event document */ export const EventRenderer: FC = () => { - const { dataAsNestedObject, scopeId } = useRightPanelContext(); + const { dataAsNestedObject, scopeId } = useDocumentDetailsContext(); const renderer = useMemo( () => getRowRenderer({ data: dataAsNestedObject, rowRenderers: defaultRowRenderers }), diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.test.tsx index 2a46926d9dc3b..26d2c9d1f63d4 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { SHARE_BUTTON_TEST_ID, CHAT_BUTTON_TEST_ID } from './test_ids'; import { HeaderActions } from './header_actions'; import { useAssistant } from '../hooks/use_assistant'; @@ -31,14 +31,14 @@ const alertUrl = 'https://example.com/alert'; const mockContextValue = { dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, getFieldsData: jest.fn().mockImplementation(mockGetFieldsData), -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; -const renderHeaderActions = (contextValue: RightPanelContext) => +const renderHeaderActions = (contextValue: DocumentDetailsContext) => render( <TestProvidersComponent> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <HeaderActions /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvidersComponent> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.tsx index 89f982810068b..00fbd9303c332 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_actions.tsx @@ -17,14 +17,14 @@ import { ALERT_SUMMARY_CONVERSATION_ID, EVENT_SUMMARY_CONVERSATION_ID, } from '../../../../common/components/event_details/translations'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { SHARE_BUTTON_TEST_ID } from './test_ids'; /** * Actions displayed in the header menu in the right section of alerts flyout */ export const HeaderActions: VFC = memo(() => { - const { dataFormattedForFieldBrowser, eventId, indexName } = useRightPanelContext(); + const { dataFormattedForFieldBrowser, eventId, indexName } = useDocumentDetailsContext(); const { isAlert, timestamp } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser); const alertDetailsLink = useGetAlertDetailsFlyoutLink({ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.test.tsx index cf5db0460b88a..f4033bba7bce9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { HIGHLIGHTED_FIELDS_DETAILS_TEST_ID, HIGHLIGHTED_FIELDS_TITLE_TEST_ID } from './test_ids'; import { HighlightedFields } from './highlighted_fields'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; @@ -18,12 +18,12 @@ import { useRuleWithFallback } from '../../../../detection_engine/rule_managemen jest.mock('../../shared/hooks/use_highlighted_fields'); jest.mock('../../../../detection_engine/rule_management/logic/use_rule_with_fallback'); -const renderHighlightedFields = (contextValue: RightPanelContext) => +const renderHighlightedFields = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <HighlightedFields /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -38,7 +38,7 @@ describe('<HighlightedFields />', () => { const contextValue = { dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, scopeId: 'scopeId', - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; (useHighlightedFields as jest.Mock).mockReturnValue({ field: { values: ['value'], @@ -55,7 +55,7 @@ describe('<HighlightedFields />', () => { const contextValue = { dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, scopeId: 'scopeId', - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; (useHighlightedFields as jest.Mock).mockReturnValue({}); const { getByText } = renderHighlightedFields(contextValue); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.tsx index 02f7ac73665ad..22e5b65bdade8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields.tsx @@ -16,7 +16,7 @@ import { useBasicDataFromDetailsData } from '../../../../timelines/components/si import { HighlightedFieldsCell } from './highlighted_fields_cell'; import { CellActions } from './cell_actions'; import { HIGHLIGHTED_FIELDS_DETAILS_TEST_ID, HIGHLIGHTED_FIELDS_TITLE_TEST_ID } from './test_ids'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { useHighlightedFields } from '../../shared/hooks/use_highlighted_fields'; export interface HighlightedFieldsTableRow { @@ -92,7 +92,7 @@ const columns: Array<EuiBasicTableColumn<HighlightedFieldsTableRow>> = [ * Component that displays the highlighted fields in the right panel under the Investigation section. */ export const HighlightedFields: FC = () => { - const { dataFormattedForFieldBrowser, scopeId, isPreview } = useRightPanelContext(); + const { dataFormattedForFieldBrowser, scopeId, isPreview } = useDocumentDetailsContext(); const { ruleId } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser); const { loading, rule: maybeRule } = useRuleWithFallback(ruleId); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx index d7fb75cfa57a4..445992a2c21f4 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx @@ -13,19 +13,13 @@ import { HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID, } from './test_ids'; import { HighlightedFieldsCell } from './highlighted_fields_cell'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInsightsTab } from '../../left'; import { TestProviders } from '../../../../common/mock'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; -import { useGetEndpointDetails } from '../../../../management/hooks'; -import { - useAgentStatusHook, - useGetAgentStatus, - useGetSentinelOneAgentStatus, -} from '../../../../management/hooks/agents/use_get_agent_status'; +import { useGetAgentStatus } from '../../../../management/hooks/agents/use_get_agent_status'; import { type ExpandableFlyoutApi, useExpandableFlyoutApi } from '@kbn/expandable-flyout'; -import { RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD } from '../../../../../common/endpoint/service/response_actions/constants'; jest.mock('../../../../management/hooks'); jest.mock('../../../../management/hooks/agents/use_get_agent_status'); @@ -35,13 +29,7 @@ jest.mock('@kbn/expandable-flyout', () => ({ ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>, })); -const useGetSentinelOneAgentStatusMock = useGetSentinelOneAgentStatus as jest.Mock; const useGetAgentStatusMock = useGetAgentStatus as jest.Mock; -const useAgentStatusHookMock = useAgentStatusHook as jest.Mock; -const hooksToMock: Record<string, jest.Mock> = { - useGetSentinelOneAgentStatus: useGetSentinelOneAgentStatusMock, - useGetAgentStatus: useGetAgentStatusMock, -}; const flyoutContextValue = { openLeftPanel: jest.fn(), @@ -51,14 +39,14 @@ const panelContextValue = { eventId: 'event id', indexName: 'indexName', scopeId: 'scopeId', -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; const renderHighlightedFieldsCell = (values: string[], field: string) => render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <HighlightedFieldsCell values={values} field={field} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -105,7 +93,10 @@ describe('<HighlightedFieldsCell />', () => { }); it('should render agent status cell if field is `agent.status`', () => { - (useGetEndpointDetails as jest.Mock).mockReturnValue({}); + useGetAgentStatusMock.mockReturnValue({ + isFetched: true, + isLoading: false, + }); const { getByTestId } = render( <TestProviders> <HighlightedFieldsCell values={['value']} field={'agent.status'} /> @@ -115,55 +106,43 @@ describe('<HighlightedFieldsCell />', () => { expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument(); }); - // TODO: 8.15 simplify when `agentStatusClientEnabled` FF is enabled and removed - it.each(Object.keys(hooksToMock))( - `should render SentinelOne agent status cell if field is agent.status and 'originalField' is ${RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.sentinel_one} with %s hook`, - (hookName) => { - const hook = hooksToMock[hookName]; - useAgentStatusHookMock.mockImplementation(() => hook); - - (hook as jest.Mock).mockReturnValue({ - isFetched: true, - isLoading: false, - }); - - const { getByTestId } = render( - <TestProviders> - <HighlightedFieldsCell - values={['value']} - field={'agent.status'} - originalField={RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.sentinel_one} - /> - </TestProviders> - ); - - expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument(); - } - ); - it.each(Object.keys(hooksToMock))( - `should render Crowdstrike agent status cell if field is agent.status and 'originalField' is ${RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.crowdstrike} with %s hook`, - (hookName) => { - const hook = hooksToMock[hookName]; - useAgentStatusHookMock.mockImplementation(() => hook); - - (hook as jest.Mock).mockReturnValue({ - isFetched: true, - isLoading: false, - }); - - const { getByTestId } = render( - <TestProviders> - <HighlightedFieldsCell - values={['value']} - field={'agent.status'} - originalField={RESPONSE_ACTIONS_ALERT_AGENT_ID_FIELD.crowdstrike} - /> - </TestProviders> - ); - - expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument(); - } - ); + it('should render SentinelOne agent status cell if field is agent.status and `originalField` is `observer.serial_number`', () => { + useGetAgentStatusMock.mockReturnValue({ + isFetched: true, + isLoading: false, + }); + + const { getByTestId } = render( + <TestProviders> + <HighlightedFieldsCell + values={['value']} + field={'agent.status'} + originalField="observer.serial_number" + /> + </TestProviders> + ); + + expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument(); + }); + + it('should render Crowdstrike agent status cell if field is agent.status and `originalField` is `crowdstrike.event.DeviceId`', () => { + useGetAgentStatusMock.mockReturnValue({ + isFetched: true, + isLoading: false, + }); + + const { getByTestId } = render( + <TestProviders> + <HighlightedFieldsCell + values={['value']} + field={'agent.status'} + originalField="crowdstrike.event.DeviceId" + /> + </TestProviders> + ); + + expect(getByTestId(HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID)).toBeInTheDocument(); + }); it('should not render if values is null', () => { const { container } = render( <TestProviders> diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx index 51e60b67ed8b0..0d2597d972d02 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx @@ -6,16 +6,12 @@ */ import type { VFC } from 'react'; -import React, { memo, useCallback, useMemo } from 'react'; +import React, { useCallback, useMemo } from 'react'; import { EuiFlexItem, EuiLink } from '@elastic/eui'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants'; -import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; -import { - AgentStatus, - EndpointAgentStatusById, -} from '../../../../common/components/endpoint/agents/agent_status'; -import { useRightPanelContext } from '../context'; +import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status'; +import { useDocumentDetailsContext } from '../../shared/context'; import { AGENT_STATUS_FIELD_NAME, HOST_NAME_FIELD_NAME, @@ -44,7 +40,7 @@ interface LinkFieldCellProps { * // Currently we can use the same component for both host name and username */ const LinkFieldCell: VFC<LinkFieldCellProps> = ({ value }) => { - const { scopeId, eventId, indexName } = useRightPanelContext(); + const { scopeId, eventId, indexName } = useDocumentDetailsContext(); const { openLeftPanel } = useExpandableFlyoutApi(); const goToInsightsEntities = useCallback(() => { @@ -81,33 +77,7 @@ export interface HighlightedFieldsCellProps { values: string[] | null | undefined; } -const FieldsAgentStatus = memo( - ({ value, agentType }: { value: string | undefined; agentType: ResponseActionAgentType }) => { - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); - if (agentType !== 'endpoint' || agentStatusClientEnabled) { - return ( - <AgentStatus - agentId={String(value ?? '')} - agentType={agentType} - data-test-subj={HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID} - /> - ); - } else { - // TODO: remove usage of `EndpointAgentStatusById` when `agentStatusClientEnabled` FF is enabled and removed - return ( - <EndpointAgentStatusById - endpointAgentId={String(value ?? '')} - data-test-subj={HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID} - /> - ); - } - } -); - -FieldsAgentStatus.displayName = 'FieldsAgentStatus'; - /** - * console.log('c::*, values != null * Renders a component in the highlighted fields table cell based on the field name */ export const HighlightedFieldsCell: VFC<HighlightedFieldsCellProps> = ({ @@ -146,7 +116,11 @@ export const HighlightedFieldsCell: VFC<HighlightedFieldsCellProps> = ({ {field === HOST_NAME_FIELD_NAME || field === USER_NAME_FIELD_NAME ? ( <LinkFieldCell value={value} /> ) : field === AGENT_STATUS_FIELD_NAME ? ( - <FieldsAgentStatus value={value} agentType={agentType} /> + <AgentStatus + agentId={String(value ?? '')} + agentType={agentType} + data-test-subj={HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID} + /> ) : ( <span data-test-subj={HIGHLIGHTED_FIELDS_BASIC_CELL_TEST_ID}>{value}</span> )} diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx index 3e74b94b1efa9..0ea41677dc744 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx @@ -17,8 +17,8 @@ import { ENTITIES_HOST_OVERVIEW_RISK_LEVEL_TEST_ID, ENTITIES_HOST_OVERVIEW_LOADING_TEST_ID, } from './test_ids'; -import { RightPanelContext } from '../context'; -import { mockContextValue } from '../mocks/mock_context'; +import { DocumentDetailsContext } from '../../shared/context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { useExpandableFlyoutApi, type ExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; @@ -76,9 +76,9 @@ jest.mock('../../../../common/containers/use_first_last_seen'); const renderHostEntityContent = () => render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <HostEntityOverview hostName={hostName} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -115,9 +115,9 @@ describe('<HostEntityContent />', () => { const { getByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <HostEntityOverview hostName={hostName} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); expect(getByTestId(ENTITIES_HOST_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument(); @@ -129,9 +129,9 @@ describe('<HostEntityContent />', () => { const { getByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <HostEntityOverview hostName={hostName} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); expect(getByTestId(ENTITIES_HOST_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx index b1316cb8fa434..fdc7640feaefc 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx @@ -20,7 +20,7 @@ import { getOr } from 'lodash/fp'; import { i18n } from '@kbn/i18n'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { useRiskScore } from '../../../../entity_analytics/api/hooks/use_risk_score'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import type { DescriptionList } from '../../../../../common/utility_types'; import { FirstLastSeen, @@ -67,7 +67,7 @@ export interface HostEntityOverviewProps { * Host preview content for the entities preview in right flyout. It contains ip addresses and risk level */ export const HostEntityOverview: React.FC<HostEntityOverviewProps> = ({ hostName }) => { - const { eventId, indexName, scopeId } = useRightPanelContext(); + const { eventId, indexName, scopeId } = useDocumentDetailsContext(); const { openLeftPanel } = useExpandableFlyoutApi(); const goToEntitiesTab = useCallback(() => { openLeftPanel({ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx index d98dcb3c9edc7..eb1af2a74b8df 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { INSIGHTS_HEADER_TEST_ID, INSIGHTS_THREAT_INTELLIGENCE_TEST_ID, @@ -102,12 +102,12 @@ jest.mock('../../../../common/components/guided_onboarding_tour', () => ({ useTourContext: jest.fn().mockReturnValue({ activeStep: 1, isTourShown: jest.fn(() => true) }), })); -const renderInsightsSection = (contextValue: RightPanelContext) => +const renderInsightsSection = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <InsightsSection /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -134,7 +134,7 @@ describe('<InsightsSection />', () => { const contextValue = { eventId: 'some_Id', getFieldsData: mockGetFieldsData, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const wrapper = renderInsightsSection(contextValue); @@ -150,7 +150,7 @@ describe('<InsightsSection />', () => { eventId: 'some_Id', dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, getFieldsData: mockGetFieldsData, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const wrapper = renderInsightsSection(contextValue); expect(wrapper.getByTestId(INSIGHTS_CONTENT_TEST_ID)).not.toBeVisible(); @@ -163,7 +163,7 @@ describe('<InsightsSection />', () => { eventId: 'some_Id', dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, getFieldsData: mockGetFieldsData, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const wrapper = renderInsightsSection(contextValue); expect(wrapper.getByTestId(INSIGHTS_CONTENT_TEST_ID)).toBeVisible(); @@ -177,7 +177,7 @@ describe('<InsightsSection />', () => { eventId: 'some_Id', dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, getFieldsData: mockGetFieldsData, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const wrapper = renderInsightsSection(contextValue); expect(wrapper.getByTestId(INSIGHTS_CONTENT_TEST_ID)).toBeVisible(); @@ -196,7 +196,7 @@ describe('<InsightsSection />', () => { eventId: 'some_Id', getFieldsData, documentIsSignal: true, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { getByTestId } = renderInsightsSection(contextValue); @@ -219,7 +219,7 @@ describe('<InsightsSection />', () => { eventId: 'some_Id', getFieldsData, documentIsSignal: false, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { getByTestId, queryByTestId } = renderInsightsSection(contextValue); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.tsx index 7ea4b67734ae4..19c75a77cbabf 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/insights_section.tsx @@ -15,7 +15,7 @@ import { ThreatIntelligenceOverview } from './threat_intelligence_overview'; import { INSIGHTS_TEST_ID } from './test_ids'; import { EntitiesOverview } from './entities_overview'; import { ExpandableSection } from './expandable_section'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getField } from '../../shared/utils'; import { EventKind } from '../../shared/constants/event_kinds'; import { useTourContext } from '../../../../common/components/guided_onboarding_tour'; @@ -30,7 +30,7 @@ const KEY = 'insights'; * Insights section under overview tab. It contains entities, threat intelligence, prevalence and correlations. */ export const InsightsSection = memo(() => { - const { getFieldsData } = useRightPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); const eventKind = getField(getFieldsData('event.kind')); const { activeStep, isTourShown } = useTourContext(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx index a1292e66a6c2f..128ca3b643af9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx @@ -9,13 +9,13 @@ import React from 'react'; import { __IntlProvider as IntlProvider } from '@kbn/i18n-react'; import { render } from '@testing-library/react'; import { InvestigationGuide } from './investigation_guide'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { INVESTIGATION_GUIDE_BUTTON_TEST_ID, INVESTIGATION_GUIDE_LOADING_TEST_ID, INVESTIGATION_GUIDE_TEST_ID, } from './test_ids'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import type { ExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide'; @@ -33,9 +33,9 @@ const PREVIEW_MESSAGE = 'Investigation guide is not available in alert preview.' const renderInvestigationGuide = () => render( <IntlProvider locale="en"> - <RightPanelContext.Provider value={mockContextValue}> + <DocumentDetailsContext.Provider value={mockContextValue}> <InvestigationGuide /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </IntlProvider> ); @@ -109,9 +109,9 @@ describe('<InvestigationGuide />', () => { it('should render preview message when flyout is in preview', () => { const { queryByTestId, getByTestId } = render( <IntlProvider locale="en"> - <RightPanelContext.Provider value={{ ...mockContextValue, isPreview: true }}> + <DocumentDetailsContext.Provider value={{ ...mockContextValue, isPreview: true }}> <InvestigationGuide /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </IntlProvider> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx index 4b19af37fcfea..33fa0db42c453 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx @@ -10,7 +10,7 @@ import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInvestigationTab } from '../../left'; import { @@ -26,7 +26,7 @@ import { export const InvestigationGuide: React.FC = () => { const { openLeftPanel } = useExpandableFlyoutApi(); const { eventId, indexName, scopeId, dataFormattedForFieldBrowser, isPreview } = - useRightPanelContext(); + useDocumentDetailsContext(); const { loading, error, basicAlertData, ruleNote } = useInvestigationGuide({ dataFormattedForFieldBrowser, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.test.tsx index 192befd46f339..7f137dc1815c8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.test.tsx @@ -14,12 +14,12 @@ import { INVESTIGATION_GUIDE_TEST_ID, HIGHLIGHTED_FIELDS_TITLE_TEST_ID, } from './test_ids'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { InvestigationSection } from './investigation_section'; import { useRuleWithFallback } from '../../../../detection_engine/rule_management/logic/use_rule_with_fallback'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { TestProvider } from '@kbn/expandable-flyout/src/test/provider'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { useExpandSection } from '../hooks/use_expand_section'; jest.mock('../../../../detection_engine/rule_management/logic/use_rule_with_fallback'); @@ -36,9 +36,9 @@ const renderInvestigationSection = (contextValue = panelContextValue) => render( <IntlProvider locale="en"> <TestProvider> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <InvestigationSection /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </IntlProvider> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.tsx index 167db7aebc058..b211fa597df5f 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_section.tsx @@ -15,7 +15,7 @@ import { INVESTIGATION_SECTION_TEST_ID } from './test_ids'; import { InvestigationGuide } from './investigation_guide'; import { getField } from '../../shared/utils'; import { EventKind } from '../../shared/constants/event_kinds'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; const KEY = 'investigation'; @@ -24,7 +24,7 @@ const KEY = 'investigation'; * It contains investigation guide (alerts only) and highlighted fields */ export const InvestigationSection = memo(() => { - const { getFieldsData } = useRightPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); const eventKind = getField(getFieldsData('event.kind')); const expanded = useExpandSection({ title: KEY, defaultValue: true }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.test.tsx index 41a7e7b0e3da9..34245fc136f47 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.test.tsx @@ -8,21 +8,21 @@ import React from 'react'; import { act, render } from '@testing-library/react'; import { MitreAttack } from './mitre_attack'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { MITRE_ATTACK_DETAILS_TEST_ID, MITRE_ATTACK_TITLE_TEST_ID } from './test_ids'; import { mockSearchHit } from '../../shared/mocks/mock_search_hit'; -const renderMitreAttack = (contextValue: RightPanelContext) => +const renderMitreAttack = (contextValue: DocumentDetailsContext) => render( - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <MitreAttack /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> ); // FLAKY: https://github.com/elastic/kibana/issues/176002 describe.skip('<MitreAttack />', () => { it('should render mitre attack information', async () => { - const contextValue = { searchHit: mockSearchHit } as unknown as RightPanelContext; + const contextValue = { searchHit: mockSearchHit } as unknown as DocumentDetailsContext; const { getByTestId } = renderMitreAttack(contextValue); @@ -37,7 +37,7 @@ describe.skip('<MitreAttack />', () => { searchHit: { some_field: 'some_value', }, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { container } = renderMitreAttack(contextValue); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.tsx index e84c7b8759140..2c7a45dc17346 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/mitre_attack.tsx @@ -10,10 +10,10 @@ import type { FC } from 'react'; import React, { useMemo } from 'react'; import { MITRE_ATTACK_DETAILS_TEST_ID, MITRE_ATTACK_TITLE_TEST_ID } from './test_ids'; import { getMitreComponentParts } from '../../../../detections/mitre/get_mitre_threat_component'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; export const MitreAttack: FC = () => { - const { searchHit } = useRightPanelContext(); + const { searchHit } = useDocumentDetailsContext(); const threatDetails = useMemo(() => getMitreComponentParts(searchHit), [searchHit]); if (!threatDetails || !threatDetails[0]) { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx index f516ddb0860d7..d2fa414ac746a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx @@ -7,7 +7,7 @@ import { render } from '@testing-library/react'; import { TestProviders } from '../../../../common/mock'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { PREVALENCE_TEST_ID } from './test_ids'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInsightsTab } from '../../left'; @@ -22,7 +22,7 @@ import { EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID, } from '../../../shared/components/test_ids'; import { usePrevalence } from '../../shared/hooks/use_prevalence'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { type ExpandableFlyoutApi, useExpandableFlyoutApi } from '@kbn/expandable-flyout'; jest.mock('../../shared/hooks/use_prevalence'); @@ -43,12 +43,12 @@ jest.mock('@kbn/expandable-flyout', () => ({ ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>, })); -const renderPrevalenceOverview = (contextValue: RightPanelContext = mockContextValue) => +const renderPrevalenceOverview = (contextValue: DocumentDetailsContext = mockContextValue) => render( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <PrevalenceOverview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx index 527e2f16e0f60..7135df1ec79ec 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx @@ -13,7 +13,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { ExpandablePanel } from '../../../shared/components/expandable_panel'; import { usePrevalence } from '../../shared/hooks/use_prevalence'; import { PREVALENCE_TEST_ID } from './test_ids'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInsightsTab } from '../../left'; import { PREVALENCE_TAB_ID } from '../../left/components/prevalence_details'; @@ -29,7 +29,7 @@ const DEFAULT_TO = 'now'; */ export const PrevalenceOverview: FC = () => { const { eventId, indexName, dataFormattedForFieldBrowser, scopeId, investigationFields } = - useRightPanelContext(); + useDocumentDetailsContext(); const { openLeftPanel } = useExpandableFlyoutApi(); const goPrevalenceTab = useCallback(() => { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx index 81cac0ea0dd40..e69f2d833e949 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx @@ -10,7 +10,7 @@ import { render } from '@testing-library/react'; import { __IntlProvider as IntlProvider } from '@kbn/i18n-react'; import { REASON_DETAILS_PREVIEW_BUTTON_TEST_ID, REASON_TITLE_TEST_ID } from './test_ids'; import { Reason, ALERT_REASON_BANNER } from './reason'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { DocumentDetailsAlertReasonPanelKey } from '../../shared/constants/panel_keys'; @@ -44,15 +44,15 @@ const panelContextValue = { scopeId: 'scopeId', dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, getFieldsData: mockGetFieldsData, -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; -const renderReason = (panelContext: RightPanelContext = panelContextValue) => +const renderReason = (panelContext: DocumentDetailsContext = panelContextValue) => render( <TestProviders> <IntlProvider locale="en"> - <RightPanelContext.Provider value={panelContext}> + <DocumentDetailsContext.Provider value={panelContext}> <Reason /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </IntlProvider> </TestProviders> ); @@ -91,7 +91,7 @@ describe('<Reason />', () => { const panelContext = { ...panelContextValue, getFieldsData: () => {}, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { getByText } = renderReason(panelContext); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx index bcd1bca8dc002..1ce7e9ed53949 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx @@ -21,7 +21,7 @@ import { REASON_TITLE_TEST_ID, } from './test_ids'; import { useBasicDataFromDetailsData } from '../../../../timelines/components/side_panel/event_details/helpers'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; export const ALERT_REASON_BANNER = { title: i18n.translate( @@ -40,7 +40,7 @@ export const ALERT_REASON_BANNER = { export const Reason: FC = () => { const { telemetry } = useKibana().services; const { eventId, indexName, scopeId, dataFormattedForFieldBrowser, getFieldsData } = - useRightPanelContext(); + useDocumentDetailsContext(); const { isAlert } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser); const alertReason = getField(getFieldsData(ALERT_REASON)); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.test.tsx index 2c0e5a5d5574a..3765daec05496 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.test.tsx @@ -8,9 +8,9 @@ import React from 'react'; import { __IntlProvider as IntlProvider } from '@kbn/i18n-react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { RESPONSE_BUTTON_TEST_ID, RESPONSE_EMPTY_TEST_ID } from './test_ids'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { ResponseButton } from './response_button'; import type { SearchHit } from '../../../../../common/search_strategy'; import { TestProvider } from '@kbn/expandable-flyout/src/test/provider'; @@ -30,13 +30,13 @@ const mockValidSearchHit = { }, } as unknown as SearchHit; -const renderResponseButton = (panelContextValue: RightPanelContext = mockContextValue) => +const renderResponseButton = (panelContextValue: DocumentDetailsContext = mockContextValue) => render( <IntlProvider locale="en"> <TestProvider> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <ResponseButton /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </IntlProvider> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx index 36b941886383f..206c4d32a4238 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx @@ -8,7 +8,7 @@ import React, { useCallback } from 'react'; import { EuiButton } from '@elastic/eui'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { FormattedMessage } from '@kbn/i18n-react'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelResponseTab } from '../../left'; import { RESPONSE_BUTTON_TEST_ID } from './test_ids'; @@ -18,7 +18,7 @@ import { RESPONSE_BUTTON_TEST_ID } from './test_ids'; */ export const ResponseButton: React.FC = () => { const { openLeftPanel } = useExpandableFlyoutApi(); - const { eventId, indexName, scopeId } = useRightPanelContext(); + const { eventId, indexName, scopeId } = useDocumentDetailsContext(); const goToResponseTab = useCallback(() => { openLeftPanel({ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.test.tsx index 60ccf34154297..a401b8da14adb 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.test.tsx @@ -13,8 +13,8 @@ import { RESPONSE_SECTION_CONTENT_TEST_ID, RESPONSE_SECTION_HEADER_TEST_ID, } from './test_ids'; -import { RightPanelContext } from '../context'; -import { mockContextValue } from '../mocks/mock_context'; +import { DocumentDetailsContext } from '../../shared/context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { ResponseSection } from './response_section'; import { TestProvider } from '@kbn/expandable-flyout/src/test/provider'; import { useExpandSection } from '../hooks/use_expand_section'; @@ -27,9 +27,9 @@ const renderResponseSection = () => render( <IntlProvider locale="en"> <TestProvider> - <RightPanelContext.Provider value={mockContextValue}> + <DocumentDetailsContext.Provider value={mockContextValue}> <ResponseSection /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </IntlProvider> ); @@ -70,14 +70,14 @@ describe('<ResponseSection />', () => { const { getByTestId } = render( <IntlProvider locale="en"> <TestProvider> - <RightPanelContext.Provider + <DocumentDetailsContext.Provider value={{ ...mockContextValue, getFieldsData: mockGetFieldsData, }} > <ResponseSection /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </IntlProvider> ); @@ -90,9 +90,9 @@ describe('<ResponseSection />', () => { const { getByTestId } = render( <IntlProvider locale="en"> <TestProvider> - <RightPanelContext.Provider value={{ ...mockContextValue, isPreview: true }}> + <DocumentDetailsContext.Provider value={{ ...mockContextValue, isPreview: true }}> <ResponseSection /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </IntlProvider> ); @@ -111,14 +111,14 @@ describe('<ResponseSection />', () => { const { container } = render( <IntlProvider locale="en"> <TestProvider> - <RightPanelContext.Provider + <DocumentDetailsContext.Provider value={{ ...mockContextValue, getFieldsData: mockGetFieldsData, }} > <ResponseSection /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </IntlProvider> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.tsx index a95d44abafe0e..6a802dfd94cf4 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_section.tsx @@ -10,7 +10,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { useExpandSection } from '../hooks/use_expand_section'; import { ResponseButton } from './response_button'; import { ExpandableSection } from './expandable_section'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getField } from '../../shared/utils'; import { EventKind } from '../../shared/constants/event_kinds'; import { RESPONSE_SECTION_TEST_ID } from './test_ids'; @@ -21,7 +21,7 @@ const KEY = 'response'; * Most bottom section of the overview tab. It contains a summary of the response tab. */ export const ResponseSection = memo(() => { - const { isPreview, getFieldsData } = useRightPanelContext(); + const { isPreview, getFieldsData } = useDocumentDetailsContext(); const expanded = useExpandSection({ title: KEY, defaultValue: false }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.test.tsx index d0b006794ac32..ce6093703f735 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.test.tsx @@ -8,17 +8,17 @@ import React from 'react'; import { __IntlProvider as IntlProvider } from '@kbn/i18n-react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { RISK_SCORE_TITLE_TEST_ID, RISK_SCORE_VALUE_TEST_ID } from './test_ids'; import { RiskScore } from './risk_score'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; -const renderRiskScore = (contextValue: RightPanelContext) => +const renderRiskScore = (contextValue: DocumentDetailsContext) => render( <IntlProvider locale="en"> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <RiskScore /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </IntlProvider> ); @@ -26,7 +26,7 @@ describe('<RiskScore />', () => { it('should render risk score information', () => { const contextValue = { getFieldsData: jest.fn().mockImplementation(mockGetFieldsData), - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { getByTestId } = renderRiskScore(contextValue); @@ -39,7 +39,7 @@ describe('<RiskScore />', () => { it('should render empty component if missing getFieldsData value', () => { const contextValue = { getFieldsData: jest.fn(), - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { container } = renderRiskScore(contextValue); @@ -49,7 +49,7 @@ describe('<RiskScore />', () => { it('should render empty component if getFieldsData is invalid', () => { const contextValue = { getFieldsData: jest.fn().mockImplementation(() => 123), - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { container } = renderRiskScore(contextValue); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx index 95c5310b4d992..dfa03cabd53e6 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx @@ -10,13 +10,13 @@ import { EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui'; import { ALERT_RISK_SCORE } from '@kbn/rule-data-utils'; import { FormattedMessage } from '@kbn/i18n-react'; import { RISK_SCORE_TITLE_TEST_ID, RISK_SCORE_VALUE_TEST_ID } from './test_ids'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; /** * Document details risk score displayed in flyout right section header */ export const RiskScore = memo(() => { - const { getFieldsData } = useRightPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); const fieldsData = getFieldsData(ALERT_RISK_SCORE); if (!fieldsData) { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.test.tsx index 97fcd563a9ef7..8f7736f6a1d35 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.test.tsx @@ -10,7 +10,7 @@ import { useProcessData } from '../hooks/use_process_data'; import { SessionPreview } from './session_preview'; import { TestProviders } from '../../../../common/mock'; import React from 'react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProvider } from '@kbn/expandable-flyout/src/test/provider'; import { SESSION_PREVIEW_RULE_DETAILS_LINK_TEST_ID } from './test_ids'; import { useRuleDetailsLink } from '../../shared/hooks/use_rule_details_link'; @@ -23,15 +23,15 @@ const panelContextValue = { indexName: 'indexName', browserFields: {}, dataFormattedForFieldBrowser: [], -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; const renderSessionPreview = () => render( <TestProviders> <TestProvider> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <SessionPreview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.tsx index a50d2e9188c88..b9610823619a1 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview.tsx @@ -12,7 +12,7 @@ import { css } from '@emotion/react'; import { FormattedMessage } from '@kbn/i18n-react'; import { useRuleDetailsLink } from '../../shared/hooks/use_rule_details_link'; import { SESSION_PREVIEW_RULE_DETAILS_LINK_TEST_ID, SESSION_PREVIEW_TEST_ID } from './test_ids'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { PreferenceFormattedDate } from '../../../../common/components/formatted_date'; import { useProcessData } from '../hooks/use_process_data'; @@ -36,7 +36,7 @@ const ValueContainer: FC<PropsWithChildren<{ text?: ReactElement }>> = ({ text, * Renders session preview under Visualizations section in the flyout right EuiPanel */ export const SessionPreview: FC = () => { - const { isPreview } = useRightPanelContext(); + const { isPreview } = useDocumentDetailsContext(); const { processName, userName, startAt, ruleName, ruleId, workdir, command } = useProcessData(); const { euiTheme } = useEuiTheme(); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.test.tsx index 80d9c81a064e8..f6f56f1c9cd2a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.test.tsx @@ -8,7 +8,7 @@ import { render, screen } from '@testing-library/react'; import { TestProviders } from '../../../../common/mock'; import React from 'react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { SessionPreviewContainer } from './session_preview_container'; import { useSessionPreview } from '../hooks/use_session_preview'; import { useLicense } from '../../../../common/hooks/use_license'; @@ -32,7 +32,7 @@ const UPSELL_TEXT = 'This feature requires an Enterprise subscription'; const panelContextValue = { getFieldsData: mockGetFieldsData, -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; const sessionViewConfig = { index: {}, @@ -43,9 +43,9 @@ const sessionViewConfig = { const renderSessionPreview = (context = panelContextValue) => render( <TestProviders> - <RightPanelContext.Provider value={context}> + <DocumentDetailsContext.Provider value={context}> <SessionPreviewContainer /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.tsx index 54990dd6b67f8..43a19667d4fb6 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/session_preview_container.tsx @@ -15,7 +15,7 @@ import { useLicense } from '../../../../common/hooks/use_license'; import { SessionPreview } from './session_preview'; import { useSessionPreview } from '../hooks/use_session_preview'; import { useInvestigateInTimeline } from '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { ALERTS_ACTIONS } from '../../../../common/lib/apm/user_actions'; import { ExpandablePanel } from '../../../shared/components/expandable_panel'; import { SESSION_PREVIEW_TEST_ID } from './test_ids'; @@ -30,7 +30,7 @@ const timelineId = 'timeline-1'; */ export const SessionPreviewContainer: FC = () => { const { dataAsNestedObject, getFieldsData, isPreview, dataFormattedForFieldBrowser } = - useRightPanelContext(); + useDocumentDetailsContext(); // decide whether to show the session view or not const sessionViewConfig = useSessionPreview({ getFieldsData, dataFormattedForFieldBrowser }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.test.tsx index 0a61ccacac201..5402f6f229671 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.test.tsx @@ -7,18 +7,18 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { SEVERITY_VALUE_TEST_ID } from './test_ids'; import { DocumentSeverity } from './severity'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; import { TestProviders } from '../../../../common/mock'; -const renderDocumentSeverity = (contextValue: RightPanelContext) => +const renderDocumentSeverity = (contextValue: DocumentDetailsContext) => render( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <DocumentSeverity /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -27,7 +27,7 @@ describe('<DocumentSeverity />', () => { const contextValue = { getFieldsData: jest.fn().mockImplementation(mockGetFieldsData), scopeId: 'scopeId', - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { getByTestId } = renderDocumentSeverity(contextValue); @@ -40,7 +40,7 @@ describe('<DocumentSeverity />', () => { const contextValue = { getFieldsData: jest.fn(), scopeId: 'scopeId', - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { container } = renderDocumentSeverity(contextValue); @@ -51,7 +51,7 @@ describe('<DocumentSeverity />', () => { const contextValue = { getFieldsData: jest.fn().mockImplementation(() => ['abc']), scopeId: 'scopeId', - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { container } = renderDocumentSeverity(contextValue); @@ -62,7 +62,7 @@ describe('<DocumentSeverity />', () => { const contextValue = { getFieldsData: jest.fn().mockImplementation(() => 'abc'), scopeId: 'scopeId', - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { container } = renderDocumentSeverity(contextValue); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.tsx index 275affef442de..0ecd0928697c4 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/severity.tsx @@ -9,7 +9,7 @@ import React, { memo } from 'react'; import { ALERT_SEVERITY } from '@kbn/rule-data-utils'; import type { Severity } from '@kbn/securitysolution-io-ts-alerting-types'; import { CellActions } from './cell_actions'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { SeverityBadge } from '../../../../common/components/severity_badge'; const isSeverity = (x: unknown): x is Severity => @@ -19,7 +19,7 @@ const isSeverity = (x: unknown): x is Severity => * Document details severity displayed in flyout right section header */ export const DocumentSeverity = memo(() => { - const { getFieldsData } = useRightPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); const fieldsData = getFieldsData(ALERT_SEVERITY); if (!fieldsData) { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.test.tsx index 2d11e3dc24f48..9cb3d61343875 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { DocumentStatus } from './status'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { TestProviders } from '../../../../common/mock'; @@ -17,13 +17,13 @@ import { TestProvider } from '@kbn/expandable-flyout/src/test/provider'; jest.mock('../../../../detections/components/alerts_table/timeline_actions/use_alerts_actions'); -const renderStatus = (contextValue: RightPanelContext) => +const renderStatus = (contextValue: DocumentDetailsContext) => render( <TestProviders> <TestProvider> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <DocumentStatus /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </TestProviders> ); @@ -45,7 +45,7 @@ describe('<DocumentStatus />', () => { browserFields: {}, dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, scopeId: 'scopeId', - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { getByTestId, getByText } = renderStatus(contextValue); @@ -62,7 +62,7 @@ describe('<DocumentStatus />', () => { browserFields: {}, dataFormattedForFieldBrowser: [], scopeId: 'scopeId', - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { container } = renderStatus(contextValue); @@ -76,7 +76,7 @@ describe('<DocumentStatus />', () => { dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, scopeId: 'scopeId', isPreview: true, - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { container } = renderStatus(contextValue); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx index a97e009e11556..2737a5a608b5a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx @@ -18,7 +18,7 @@ import type { } from '../../../../common/components/event_details/types'; import { SIGNAL_STATUS_FIELD_NAME } from '../../../../timelines/components/timeline/body/renderers/constants'; import { StatusPopoverButton } from '../../../../common/components/event_details/overview/status_popover_button'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { getEnrichedFieldInfo } from '../../../../common/components/event_details/helpers'; import { CellActions } from './cell_actions'; import { STATUS_TITLE_TEST_ID } from './test_ids'; @@ -36,7 +36,7 @@ function hasData(fieldInfo?: EnrichedFieldInfo): fieldInfo is EnrichedFieldInfoW export const DocumentStatus: FC = () => { const { closeFlyout } = useExpandableFlyoutApi(); const { eventId, browserFields, dataFormattedForFieldBrowser, scopeId, isPreview } = - useRightPanelContext(); + useDocumentDetailsContext(); const statusData = useMemo(() => { const item = find( diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx index 9cb6da0b929f8..542aae9ce18c0 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import { useExpandableFlyoutApi, type ExpandableFlyoutApi } from '@kbn/expandable-flyout'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; import { ThreatIntelligenceOverview } from './threat_intelligence_overview'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; @@ -46,18 +46,18 @@ const panelContextValue = { eventId: 'event id', indexName: 'indexName', dataFormattedForFieldBrowser: [], -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; jest.mock('@kbn/expandable-flyout', () => ({ useExpandableFlyoutApi: jest.fn(), ExpandableFlyoutProvider: ({ children }: React.PropsWithChildren<{}>) => <>{children}</>, })); -const renderThreatIntelligenceOverview = (contextValue: RightPanelContext) => ( +const renderThreatIntelligenceOverview = (contextValue: DocumentDetailsContext) => ( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <ThreatIntelligenceOverview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -161,9 +161,9 @@ describe('<ThreatIntelligenceOverview />', () => { }); const { getByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <ThreatIntelligenceOverview /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx index 351c09f71d3f7..1bc0191f8bce2 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx @@ -13,7 +13,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { ExpandablePanel } from '../../../shared/components/expandable_panel'; import { useFetchThreatIntelligence } from '../hooks/use_fetch_threat_intelligence'; import { InsightsSummaryRow } from './insights_summary_row'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { INSIGHTS_THREAT_INTELLIGENCE_TEST_ID } from './test_ids'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInsightsTab } from '../../left'; @@ -25,7 +25,7 @@ import { THREAT_INTELLIGENCE_TAB_ID } from '../../left/components/threat_intelli * and the SummaryPanel component for data rendering. */ export const ThreatIntelligenceOverview: FC = () => { - const { eventId, indexName, scopeId, dataFormattedForFieldBrowser } = useRightPanelContext(); + const { eventId, indexName, scopeId, dataFormattedForFieldBrowser } = useDocumentDetailsContext(); const { openLeftPanel } = useExpandableFlyoutApi(); const goToThreatIntelligenceTab = useCallback(() => { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.test.tsx index 60b655d3c63c7..f0cc3f1da8559 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.test.tsx @@ -8,8 +8,8 @@ import React from 'react'; import { render, waitFor, fireEvent } from '@testing-library/react'; import { RightPanelTour } from './tour'; -import { RightPanelContext } from '../context'; -import { mockContextValue } from '../mocks/mock_context'; +import { DocumentDetailsContext } from '../../shared/context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { createMockStore, createSecuritySolutionStorageMock, @@ -37,15 +37,15 @@ const mockCasesContract = casesPluginMock.createStartContract(); const mockUseIsAddToCaseOpen = mockCasesContract.hooks.useIsAddToCaseOpen as jest.Mock; mockUseIsAddToCaseOpen.mockReturnValue(false); -const renderRightPanelTour = (context: RightPanelContext = mockContextValue) => +const renderRightPanelTour = (context: DocumentDetailsContext = mockContextValue) => render( <TestProviders store={mockStore}> - <RightPanelContext.Provider value={context}> + <DocumentDetailsContext.Provider value={context}> <RightPanelTour /> {Object.values(FLYOUT_TOUR_CONFIG_ANCHORS).map((i, idx) => ( <div key={idx} data-test-subj={i} /> ))} - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.tsx index 9fd7219007dd8..621bf90d823c3 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/tour.tsx @@ -7,7 +7,7 @@ import React, { memo, useMemo, useCallback } from 'react'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import { FlyoutTour } from '../../shared/components/flyout_tour'; import { getRightSectionTourSteps, @@ -35,7 +35,7 @@ export const RightPanelTour = memo(() => { const { isTourShown: isGuidedOnboardingTourShown } = useTourContext(); const { openLeftPanel, openRightPanel } = useExpandableFlyoutApi(); - const { eventId, indexName, scopeId, isPreview, getFieldsData } = useRightPanelContext(); + const { eventId, indexName, scopeId, isPreview, getFieldsData } = useDocumentDetailsContext(); const eventKind = getField(getFieldsData('event.kind')); const isAlert = eventKind === EventKind.signal; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx index 23de6a14d7d5a..c248005701b9c 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx @@ -17,9 +17,9 @@ import { ENTITIES_USER_OVERVIEW_LOADING_TEST_ID, } from './test_ids'; import { useObservedUserDetails } from '../../../../explore/users/containers/users/observed_details'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInsightsTab } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; @@ -76,9 +76,9 @@ jest.mock('../../../../common/containers/use_first_last_seen'); const renderUserEntityOverview = () => render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <UserEntityOverview userName={userName} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -139,9 +139,9 @@ describe('<UserEntityOverview />', () => { const { getByTestId, queryByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <UserEntityOverview userName={userName} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); expect(getByTestId(ENTITIES_USER_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument(); @@ -154,9 +154,9 @@ describe('<UserEntityOverview />', () => { const { getByTestId, queryByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <UserEntityOverview userName={userName} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); expect(getByTestId(ENTITIES_USER_OVERVIEW_LOADING_TEST_ID)).toBeInTheDocument(); @@ -169,9 +169,9 @@ describe('<UserEntityOverview />', () => { const { getByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={panelContextValue}> + <DocumentDetailsContext.Provider value={panelContextValue}> <UserEntityOverview userName={userName} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx index 49dfa9df1c0ba..34d317bdfcb1e 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx @@ -22,7 +22,7 @@ import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; import { LeftPanelInsightsTab } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import type { DescriptionList } from '../../../../../common/utility_types'; import { getField } from '../../shared/utils'; import { CellActions } from './cell_actions'; @@ -68,7 +68,7 @@ export interface UserEntityOverviewProps { * User preview content for the entities preview in right flyout. It contains ip addresses and risk level */ export const UserEntityOverview: React.FC<UserEntityOverviewProps> = ({ userName }) => { - const { eventId, indexName, scopeId } = useRightPanelContext(); + const { eventId, indexName, scopeId } = useDocumentDetailsContext(); const { openLeftPanel } = useExpandableFlyoutApi(); const goToEntitiesTab = useCallback(() => { openLeftPanel({ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx index 766f73d7f98e6..36fe53aa41dea 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx @@ -15,9 +15,9 @@ import { VISUALIZATIONS_SECTION_HEADER_TEST_ID, } from './test_ids'; import { VisualizationsSection } from './visualizations_section'; -import { mockContextValue } from '../mocks/mock_context'; +import { mockContextValue } from '../../shared/mocks/mock_context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { useAlertPrevalenceFromProcessTree } from '../../../../common/containers/alerts/use_alert_prevalence_from_process_tree'; import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters'; import { TestProvider } from '@kbn/expandable-flyout/src/test/provider'; @@ -59,9 +59,9 @@ const renderVisualizationsSection = (contextValue = panelContextValue) => render( <IntlProvider locale="en"> <TestProvider> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <VisualizationsSection /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProvider> </IntlProvider> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx index 83d93f03ea26b..100365b0bc6f9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/footer.tsx @@ -12,7 +12,7 @@ import styled from 'styled-components'; import { euiThemeVars } from '@kbn/ui-theme'; import { DocumentDetailsIsolateHostPanelKey } from '../shared/constants/panel_keys'; import { FlyoutFooter } from '../../../timelines/components/side_panel/event_details/flyout'; -import { useRightPanelContext } from './context'; +import { useDocumentDetailsContext } from '../shared/context'; import { useHostIsolationTools } from '../../../timelines/components/side_panel/event_details/use_host_isolation_tools'; const ContainerDiv = styled('div')` @@ -40,7 +40,7 @@ export const PanelFooter: FC<PanelFooterProps> = ({ isPreview }) => { dataAsNestedObject, refetchFlyoutData, scopeId, - } = useRightPanelContext(); + } = useDocumentDetailsContext(); const { isHostIsolationPanelOpen, showHostIsolationPanel } = useHostIsolationTools(); const showHostIsolationPanelCallback = useCallback( diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/header.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/header.test.tsx index f77e636ef5901..8130174ebbda6 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/header.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/header.test.tsx @@ -13,8 +13,8 @@ import { allThreeTabs } from './hooks/use_tabs'; import { GuidedOnboardingTourStep } from '../../../common/components/guided_onboarding_tour/tour_step'; import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers'; -jest.mock('./context', () => ({ - useRightPanelContext: jest.fn().mockReturnValue({ dataFormattedForFieldBrowser: [] }), +jest.mock('../shared/context', () => ({ + useDocumentDetailsContext: jest.fn().mockReturnValue({ dataFormattedForFieldBrowser: [] }), })); jest.mock('../../../timelines/components/side_panel/event_details/helpers', () => ({ useBasicDataFromDetailsData: jest.fn(), diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/header.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/header.tsx index b85476d2679fc..22e6df6d01fd7 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/header.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/header.tsx @@ -14,7 +14,7 @@ import { FlyoutHeader } from '../../shared/components/flyout_header'; import { FlyoutHeaderTabs } from '../../shared/components/flyout_header_tabs'; import { AlertHeaderTitle } from './components/alert_header_title'; import { EventHeaderTitle } from './components/event_header_title'; -import { useRightPanelContext } from './context'; +import { useDocumentDetailsContext } from '../shared/context'; import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers'; import { AlertsCasesTourSteps, @@ -41,7 +41,7 @@ export interface PanelHeaderProps { export const PanelHeader: FC<PanelHeaderProps> = memo( ({ selectedTabId, setSelectedTabId, tabs }) => { - const { dataFormattedForFieldBrowser } = useRightPanelContext(); + const { dataFormattedForFieldBrowser } = useDocumentDetailsContext(); const { isAlert } = useBasicDataFromDetailsData(dataFormattedForFieldBrowser); const onSelectedTabChanged = (id: RightPanelPaths) => setSelectedTabId(id); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.test.tsx index 01b7b62e19b01..31eb78975d195 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.test.tsx @@ -8,7 +8,7 @@ import { getUserDisplayName, useProcessData } from './use_process_data'; import { renderHook } from '@testing-library/react-hooks'; import type { FC, PropsWithChildren } from 'react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import React from 'react'; describe('getUserDisplayName', () => { @@ -59,10 +59,12 @@ describe('getUserDisplayName', () => { const panelContextValue = { getFieldsData: jest.fn().mockReturnValue('test'), -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; const ProviderComponent: FC<PropsWithChildren<unknown>> = ({ children }) => ( - <RightPanelContext.Provider value={panelContextValue}>{children}</RightPanelContext.Provider> + <DocumentDetailsContext.Provider value={panelContextValue}> + {children} + </DocumentDetailsContext.Provider> ); describe('useProcessData', () => { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.ts index 8d3edf833e0db..8f02f371a5319 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/hooks/use_process_data.ts @@ -9,7 +9,7 @@ import { useMemo } from 'react'; import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils'; import type { GetFieldsData } from '../../../../common/hooks/use_get_fields_data'; import { getField } from '../../shared/utils'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; const FIELD_USER_NAME = 'process.entry_leader.user.name' as const; const FIELD_USER_ID = 'process.entry_leader.user.id' as const; @@ -40,7 +40,7 @@ export const getUserDisplayName = (getFieldsData: GetFieldsData): string => { * Returns memoized process-related values for the session preview component */ export const useProcessData = () => { - const { getFieldsData } = useRightPanelContext(); + const { getFieldsData } = useDocumentDetailsContext(); return useMemo( () => ({ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx index 969d481b09407..1f9006b8d04a8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx @@ -7,13 +7,13 @@ import type { FC } from 'react'; import React, { memo, useEffect } from 'react'; -import type { FlyoutPanelProps, PanelPath } from '@kbn/expandable-flyout'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { DocumentDetailsRightPanelKey } from '../shared/constants/panel_keys'; import { useTabs } from './hooks/use_tabs'; import { FLYOUT_STORAGE_KEYS } from '../shared/constants/local_storage'; import { useKibana } from '../../../common/lib/kibana'; -import { useRightPanelContext } from './context'; +import { useDocumentDetailsContext } from '../shared/context'; +import type { DocumentDetailsProps } from '../shared/types'; import { PanelNavigation } from './navigation'; import { PanelHeader } from './header'; import { PanelContent } from './content'; @@ -24,24 +24,14 @@ import { useFlyoutIsExpandable } from './hooks/use_flyout_is_expandable'; export type RightPanelPaths = 'overview' | 'table' | 'json'; -export interface RightPanelProps extends FlyoutPanelProps { - key: typeof DocumentDetailsRightPanelKey; - path?: PanelPath; - params?: { - id: string; - indexName: string; - scopeId: string; - }; -} - /** * Panel to be displayed in the document details expandable flyout right section */ -export const RightPanel: FC<Partial<RightPanelProps>> = memo(({ path }) => { +export const RightPanel: FC<Partial<DocumentDetailsProps>> = memo(({ path }) => { const { storage, telemetry } = useKibana().services; const { openRightPanel, closeFlyout } = useExpandableFlyoutApi(); const { eventId, indexName, scopeId, isPreview, dataAsNestedObject, getFieldsData } = - useRightPanelContext(); + useDocumentDetailsContext(); // if the flyout is expandable we render all 3 tabs (overview, table and json) // if the flyout is not, we render only table and json diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/mocks/mock_context.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/mocks/mock_context.ts deleted file mode 100644 index 086c272bee359..0000000000000 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/mocks/mock_context.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { mockBrowserFields } from '../../shared/mocks/mock_browser_fields'; -import { mockSearchHit } from '../../shared/mocks/mock_search_hit'; -import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; -import { mockDataAsNestedObject } from '../../shared/mocks/mock_data_as_nested_object'; -import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; -import type { RightPanelContext } from '../context'; - -/** - * Mock contextValue for right panel context - */ -export const mockContextValue: RightPanelContext = { - eventId: 'eventId', - indexName: 'index', - scopeId: 'scopeId', - getFieldsData: mockGetFieldsData, - dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, - browserFields: mockBrowserFields, - dataAsNestedObject: mockDataAsNestedObject, - searchHit: mockSearchHit, - investigationFields: [], - refetchFlyoutData: jest.fn(), - isPreview: false, -}; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx index 110f6892309ef..b4f12fbabf94f 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx @@ -12,7 +12,7 @@ import { useKibana } from '../../../common/lib/kibana'; import { HeaderActions } from './components/header_actions'; import { FlyoutNavigation } from '../../shared/components/flyout_navigation'; import { DocumentDetailsLeftPanelKey } from '../shared/constants/panel_keys'; -import { useRightPanelContext } from './context'; +import { useDocumentDetailsContext } from '../shared/context'; interface PanelNavigationProps { /** @@ -24,7 +24,7 @@ interface PanelNavigationProps { export const PanelNavigation: FC<PanelNavigationProps> = memo(({ flyoutIsExpandable }) => { const { telemetry } = useKibana().services; const { openLeftPanel } = useExpandableFlyoutApi(); - const { eventId, indexName, scopeId } = useRightPanelContext(); + const { eventId, indexName, scopeId } = useDocumentDetailsContext(); const expandDetails = useCallback(() => { openLeftPanel({ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.test.tsx index 7a9ab169ccfea..47055c7bde2ae 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.test.tsx @@ -8,7 +8,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import { __IntlProvider as IntlProvider } from '@kbn/i18n-react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { JsonTab } from './json_tab'; import { JSON_TAB_CONTENT_TEST_ID, JSON_TAB_COPY_TO_CLIPBOARD_BUTTON_TEST_ID } from './test_ids'; @@ -22,14 +22,14 @@ const searchHit = { }; const contextValue = { searchHit, -} as unknown as RightPanelContext; +} as unknown as DocumentDetailsContext; const renderJsonTab = () => render( <IntlProvider locale="en"> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <JsonTab /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </IntlProvider> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.tsx index 54d82c33b6014..0b8c3e3216f53 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/json_tab.tsx @@ -11,7 +11,7 @@ import { EuiButtonEmpty, EuiCopy, EuiFlexGroup, EuiFlexItem } from '@elastic/eui import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { JSON_TAB_CONTENT_TEST_ID, JSON_TAB_COPY_TO_CLIPBOARD_BUTTON_TEST_ID } from './test_ids'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; const FLYOUT_BODY_PADDING = 24; const COPY_TO_CLIPBOARD_BUTTON_HEIGHT = 24; @@ -21,7 +21,7 @@ const FLYOUT_FOOTER_HEIGHT = 72; * Json view displayed in the document details expandable flyout right section */ export const JsonTab = memo(() => { - const { searchHit, isPreview } = useRightPanelContext(); + const { searchHit, isPreview } = useDocumentDetailsContext(); const jsonValue = JSON.stringify(searchHit, null, 2); const flexGroupElement = useRef<HTMLDivElement>(null); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.test.tsx index 08a63c2cd9cc0..0f6f3046ee3af 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { render } from '@testing-library/react'; -import { RightPanelContext } from '../context'; +import { DocumentDetailsContext } from '../../shared/context'; import { TABLE_TAB_CONTENT_TEST_ID } from './test_ids'; import { TableTab } from './table_tab'; import { TestProviders } from '../../../../common/mock'; @@ -28,13 +28,13 @@ describe('<TableTab />', () => { eventId: 'some_Id', browserFields: {}, dataFormattedForFieldBrowser: [], - } as unknown as RightPanelContext; + } as unknown as DocumentDetailsContext; const { getByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={contextValue}> + <DocumentDetailsContext.Provider value={contextValue}> <TableTab /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx index b00004e936d95..138714693a796 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/tabs/table_tab.tsx @@ -7,25 +7,17 @@ import React, { memo } from 'react'; import { EuiText } from '@elastic/eui'; -import { get } from 'lodash'; -import memoizeOne from 'memoize-one'; +import { getFieldFromBrowserField } from '../../../../common/components/event_details/columns'; import type { EventFieldsData } from '../../../../common/components/event_details/types'; import { FieldValueCell } from '../../../../common/components/event_details/table/field_value_cell'; -import type { BrowserField, BrowserFields } from '../../../../../common/search_strategy'; import { FieldNameCell } from '../../../../common/components/event_details/table/field_name_cell'; import { CellActions } from '../components/cell_actions'; import * as i18n from '../../../../common/components/event_details/translations'; -import { useRightPanelContext } from '../context'; +import { useDocumentDetailsContext } from '../../shared/context'; import type { ColumnsProvider } from '../../../../common/components/event_details/event_fields_browser'; import { EventFieldsBrowser } from '../../../../common/components/event_details/event_fields_browser'; import { TimelineTabs } from '../../../../../common/types'; -export const getFieldFromBrowserField = memoizeOne( - (keys: string[], browserFields: BrowserFields): BrowserField | undefined => - get(browserFields, keys), - (newArgs, lastArgs) => newArgs[0].join() === lastArgs[0].join() -); - export const getColumns: ColumnsProvider = ({ browserFields, eventId, @@ -57,10 +49,7 @@ export const getColumns: ColumnsProvider = ({ ), width: '70%', render: (values, data) => { - const fieldFromBrowserField = getFieldFromBrowserField( - [data.category as string, 'fields', data.field], - browserFields - ); + const fieldFromBrowserField = getFieldFromBrowserField(data.field, browserFields); return ( <CellActions field={data.field} value={values} isObjectArray={data.isObjectArray}> <FieldValueCell @@ -82,7 +71,8 @@ export const getColumns: ColumnsProvider = ({ * Table view displayed in the document details expandable flyout right section */ export const TableTab = memo(() => { - const { browserFields, dataFormattedForFieldBrowser, eventId, scopeId } = useRightPanelContext(); + const { browserFields, dataFormattedForFieldBrowser, eventId, scopeId } = + useDocumentDetailsContext(); return ( <EventFieldsBrowser diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx similarity index 79% rename from x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx rename to x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx index 7311a030b2175..388706e4bd0b3 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/context.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/context.tsx @@ -9,17 +9,16 @@ import type { BrowserFields, TimelineEventsDetailsItem } from '@kbn/timelines-pl import React, { createContext, memo, useContext, useMemo } from 'react'; import type { EcsSecurityExtension as Ecs } from '@kbn/securitysolution-ecs'; import { TableId } from '@kbn/securitysolution-data-table'; - -import { useEventDetails } from '../shared/hooks/use_event_details'; +import { useEventDetails } from './hooks/use_event_details'; import { FlyoutError } from '../../shared/components/flyout_error'; import { FlyoutLoading } from '../../shared/components/flyout_loading'; import type { SearchHit } from '../../../../common/search_strategy'; import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers'; -import type { RightPanelProps } from '.'; +import type { DocumentDetailsProps } from './types'; import type { GetFieldsData } from '../../../common/hooks/use_get_fields_data'; import { useRuleWithFallback } from '../../../detection_engine/rule_management/logic/use_rule_with_fallback'; -export interface RightPanelContext { +export interface DocumentDetailsContext { /** * Id of the document */ @@ -66,17 +65,17 @@ export interface RightPanelContext { isPreview: boolean; } -export const RightPanelContext = createContext<RightPanelContext | undefined>(undefined); +export const DocumentDetailsContext = createContext<DocumentDetailsContext | undefined>(undefined); -export type RightPanelProviderProps = { +export type DocumentDetailsProviderProps = { /** * React components to render */ children: React.ReactNode; -} & Partial<RightPanelProps['params']>; +} & Partial<DocumentDetailsProps['params']>; -export const RightPanelProvider = memo( - ({ id, indexName, scopeId, children }: RightPanelProviderProps) => { +export const DocumentDetailsProvider = memo( + ({ id, indexName, scopeId, children }: DocumentDetailsProviderProps) => { const { browserFields, dataAsNestedObject, @@ -134,17 +133,23 @@ export const RightPanelProvider = memo( return <FlyoutError />; } - return <RightPanelContext.Provider value={contextValue}>{children}</RightPanelContext.Provider>; + return ( + <DocumentDetailsContext.Provider value={contextValue}> + {children} + </DocumentDetailsContext.Provider> + ); } ); -RightPanelProvider.displayName = 'RightPanelProvider'; +DocumentDetailsProvider.displayName = 'DocumentDetailsProvider'; -export const useRightPanelContext = (): RightPanelContext => { - const contextValue = useContext(RightPanelContext); +export const useDocumentDetailsContext = (): DocumentDetailsContext => { + const contextValue = useContext(DocumentDetailsContext); if (!contextValue) { - throw new Error('RightPanelContext can only be used within RightPanelContext provider'); + throw new Error( + 'DocumentDetailsContext can only be used within DocumentDetailsContext provider' + ); } return contextValue; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/mocks/mock_context.ts b/x-pack/plugins/security_solution/public/flyout/document_details/shared/mocks/mock_context.ts similarity index 54% rename from x-pack/plugins/security_solution/public/flyout/document_details/left/mocks/mock_context.ts rename to x-pack/plugins/security_solution/public/flyout/document_details/shared/mocks/mock_context.ts index 4892d7d4dfa08..11148dc2e0993 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/mocks/mock_context.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/mocks/mock_context.ts @@ -5,25 +5,26 @@ * 2.0. */ -import { mockBrowserFields } from '../../shared/mocks/mock_browser_fields'; -import { mockSearchHit } from '../../shared/mocks/mock_search_hit'; -import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; -import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; -import { mockDataAsNestedObject } from '../../shared/mocks/mock_data_as_nested_object'; -import type { LeftPanelContext } from '../context'; +import { mockBrowserFields } from './mock_browser_fields'; +import { mockSearchHit } from './mock_search_hit'; +import { mockDataFormattedForFieldBrowser } from './mock_data_formatted_for_field_browser'; +import { mockGetFieldsData } from './mock_get_fields_data'; +import { mockDataAsNestedObject } from './mock_data_as_nested_object'; +import type { DocumentDetailsContext } from '../context'; /** * Mock contextValue for left panel context */ -export const mockContextValue: LeftPanelContext = { +export const mockContextValue: DocumentDetailsContext = { eventId: 'eventId', indexName: 'index', scopeId: 'scopeId', - browserFields: mockBrowserFields, - dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, getFieldsData: mockGetFieldsData, - searchHit: mockSearchHit, + dataFormattedForFieldBrowser: mockDataFormattedForFieldBrowser, + browserFields: mockBrowserFields, dataAsNestedObject: mockDataAsNestedObject, + searchHit: mockSearchHit, investigationFields: [], + refetchFlyoutData: jest.fn(), isPreview: false, }; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/types.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/shared/types.tsx new file mode 100644 index 0000000000000..e72220ae02ac3 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/types.tsx @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FlyoutPanelProps, PanelPath } from '@kbn/expandable-flyout'; +import type { + DocumentDetailsLeftPanelKey, + DocumentDetailsRightPanelKey, +} from './constants/panel_keys'; + +export interface DocumentDetailsProps extends FlyoutPanelProps { + key: typeof DocumentDetailsLeftPanelKey | typeof DocumentDetailsRightPanelKey; + path?: PanelPath; + params?: { + id: string; + indexName: string; + scopeId: string; + }; +} diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx index a8ba12de451e3..690a2972c4a2e 100644 --- a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.test.tsx @@ -11,6 +11,8 @@ import React from 'react'; import { mockObservedHostData } from '../../mocks'; import { policyFields } from './endpoint_policy_fields'; +jest.mock('../../../../management/hooks/agents/use_get_agent_status'); + const TestWrapper = ({ el }: { el: JSX.Element | undefined }) => <>{el}</>; jest.mock( diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx index 1b8897c73271b..1132b89563162 100644 --- a/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/host_right/fields/endpoint_policy_fields.tsx @@ -10,7 +10,7 @@ import { EuiHealth } from '@elastic/eui'; import type { EntityTableRows } from '../../shared/components/entity_table/types'; import type { ObservedEntityData } from '../../shared/components/observed_entity/types'; -import { EndpointAgentStatus } from '../../../../common/components/endpoint/agents/agent_status'; +import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status'; import { getEmptyTagValue } from '../../../../common/components/empty_value'; import type { HostItem } from '../../../../../common/search_strategy'; import { HostPolicyResponseActionStatus } from '../../../../../common/search_strategy'; @@ -57,8 +57,9 @@ export const policyFields: EntityTableRows<ObservedEntityData<HostItem>> = [ label: i18n.FLEET_AGENT_STATUS, render: (hostData: ObservedEntityData<HostItem>) => hostData.details.endpoint?.hostInfo ? ( - <EndpointAgentStatus - endpointHostInfo={hostData.details.endpoint?.hostInfo} + <AgentStatus + agentId={hostData.details.endpoint?.hostInfo.metadata.agent.id} + agentType="endpoint" data-test-subj="endpointHostAgentStatus" /> ) : ( diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs.tsx index e00d6bdd365c0..358dd5357ae2f 100644 --- a/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs.tsx +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs.tsx @@ -17,7 +17,7 @@ import type { } from '../../../../common/search_strategy/security_solution/users/managed_details'; import { ENTRA_TAB_TEST_ID, OKTA_TAB_TEST_ID } from './test_ids'; import { AssetDocumentTab } from './tabs/asset_document'; -import { RightPanelProvider } from '../../document_details/right/context'; +import { DocumentDetailsProvider } from '../../document_details/shared/context'; import { RiskScoreEntity } from '../../../../common/search_strategy'; import type { LeftPanelTabsType } from '../shared/components/left_panel/left_panel_header'; import { EntityDetailsLeftPanelTab } from '../shared/components/left_panel/left_panel_header'; @@ -62,13 +62,13 @@ const getOktaTab = (oktaManagedUser: ManagedUserHit) => ({ /> ), content: ( - <RightPanelProvider + <DocumentDetailsProvider id={oktaManagedUser._id} indexName={oktaManagedUser._index} scopeId={UserAssetTableType.assetOkta} > <AssetDocumentTab /> - </RightPanelProvider> + </DocumentDetailsProvider> ), }); @@ -83,13 +83,13 @@ const getEntraTab = (entraManagedUser: ManagedUserHit) => { /> ), content: ( - <RightPanelProvider + <DocumentDetailsProvider id={entraManagedUser._id} indexName={entraManagedUser._index} scopeId={UserAssetTableType.assetEntra} > <AssetDocumentTab /> - </RightPanelProvider> + </DocumentDetailsProvider> ), }; }; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs/asset_document.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs/asset_document.test.tsx index 6289fa0a66cd8..f7c46963ba201 100644 --- a/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs/asset_document.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_details_left/tabs/asset_document.test.tsx @@ -10,8 +10,8 @@ import { render } from '@testing-library/react'; import { TestProviders } from '../../../../common/mock'; import { AssetDocumentTab } from './asset_document'; import { FLYOUT_BODY_TEST_ID } from './test_ids'; -import { RightPanelContext } from '../../../document_details/right/context'; -import { mockContextValue } from '../../../document_details/right/mocks/mock_context'; +import { DocumentDetailsContext } from '../../../document_details/shared/context'; +import { mockContextValue } from '../../../document_details/shared/mocks/mock_context'; import userEvent from '@testing-library/user-event'; import { JSON_TAB_CONTENT_TEST_ID, @@ -22,9 +22,9 @@ describe('AssetDocumentTab', () => { it('renders', () => { const { getByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={mockContextValue}> + <DocumentDetailsContext.Provider value={mockContextValue}> <AssetDocumentTab /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -34,9 +34,9 @@ describe('AssetDocumentTab', () => { it('should preselect the table tab', () => { const { getByTestId } = render( <TestProviders> - <RightPanelContext.Provider value={mockContextValue}> + <DocumentDetailsContext.Provider value={mockContextValue}> <AssetDocumentTab /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -46,9 +46,9 @@ describe('AssetDocumentTab', () => { it('should select json tab when clicked', async () => { const { getByTestId, getByTitle } = render( <TestProviders> - <RightPanelContext.Provider value={mockContextValue}> + <DocumentDetailsContext.Provider value={mockContextValue}> <AssetDocumentTab /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); @@ -60,9 +60,9 @@ describe('AssetDocumentTab', () => { it('should select table tab when path tab is table', async () => { const { getByTestId, getByTitle } = render( <TestProviders> - <RightPanelContext.Provider value={mockContextValue}> + <DocumentDetailsContext.Provider value={mockContextValue}> <AssetDocumentTab path={{ tab: 'table' }} /> - </RightPanelContext.Provider> + </DocumentDetailsContext.Provider> </TestProviders> ); diff --git a/x-pack/plugins/security_solution/public/flyout/index.tsx b/x-pack/plugins/security_solution/public/flyout/index.tsx index 80e922ff1935b..bcb7555b2fc81 100644 --- a/x-pack/plugins/security_solution/public/flyout/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/index.tsx @@ -18,12 +18,10 @@ import { import type { IsolateHostPanelProps } from './document_details/isolate_host'; import { IsolateHostPanel } from './document_details/isolate_host'; import { IsolateHostPanelProvider } from './document_details/isolate_host/context'; -import type { RightPanelProps } from './document_details/right'; +import type { DocumentDetailsProps } from './document_details/shared/types'; +import { DocumentDetailsProvider } from './document_details/shared/context'; import { RightPanel } from './document_details/right'; -import { RightPanelProvider } from './document_details/right/context'; -import type { LeftPanelProps } from './document_details/left'; import { LeftPanel } from './document_details/left'; -import { LeftPanelProvider } from './document_details/left/context'; import type { AlertReasonPanelProps } from './document_details/alert_reason'; import { AlertReasonPanel } from './document_details/alert_reason'; import { AlertReasonPanelProvider } from './document_details/alert_reason/context'; @@ -47,17 +45,17 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] { key: DocumentDetailsRightPanelKey, component: (props) => ( - <RightPanelProvider {...(props as RightPanelProps).params}> - <RightPanel path={props.path as RightPanelProps['path']} /> - </RightPanelProvider> + <DocumentDetailsProvider {...(props as DocumentDetailsProps).params}> + <RightPanel path={props.path as DocumentDetailsProps['path']} /> + </DocumentDetailsProvider> ), }, { key: DocumentDetailsLeftPanelKey, component: (props) => ( - <LeftPanelProvider {...(props as LeftPanelProps).params}> - <LeftPanel path={props.path as LeftPanelProps['path']} /> - </LeftPanelProvider> + <DocumentDetailsProvider {...(props as DocumentDetailsProps).params}> + <LeftPanel path={props.path as DocumentDetailsProps['path']} /> + </DocumentDetailsProvider> ), }, { diff --git a/x-pack/plugins/security_solution/public/management/common/constants.ts b/x-pack/plugins/security_solution/public/management/common/constants.ts index b362f696e9756..4b050266f3ac3 100644 --- a/x-pack/plugins/security_solution/public/management/common/constants.ts +++ b/x-pack/plugins/security_solution/public/management/common/constants.ts @@ -41,5 +41,5 @@ export const MANAGEMENT_DEFAULT_SORT_ORDER = 'desc'; export const MANAGEMENT_DEFAULT_SORT_FIELD = 'created_at'; // --[ DEFAULTS ]--------------------------------------------------------------------------- -/** The default polling interval to start all polling pages */ +/** The default polling interval for API calls that require a refresh interval */ export const DEFAULT_POLL_INTERVAL = 10000; diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.test.tsx new file mode 100644 index 0000000000000..747548fc2dac6 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.test.tsx @@ -0,0 +1,429 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import type { ActionDetails, MaybeImmutable } from '../../../../common/endpoint/types'; +import type { AppContextTestRender } from '../../../common/mock/endpoint'; +import { createAppRootMockRenderer } from '../../../common/mock/endpoint'; +import { EndpointActionGenerator } from '../../../../common/endpoint/data_generators/endpoint_action_generator'; +import { EndpointActionFailureMessage } from './endpoint_action_failure_message'; + +describe('EndpointActionFailureMessage', () => { + const testPrefix = 'test'; + const testId = `${testPrefix}-response-action-failure-info`; + + let appTestContext: AppContextTestRender; + let render: () => ReturnType<AppContextTestRender['render']>; + let renderResult: ReturnType<typeof render>; + let action: MaybeImmutable<ActionDetails>; + + beforeEach(() => { + appTestContext = createAppRootMockRenderer(); + action = new EndpointActionGenerator('seed').generateActionDetails({}); + + render = () => + (renderResult = appTestContext.render( + <EndpointActionFailureMessage action={action} data-test-subj={testPrefix} /> + )); + }); + + it('should not render when action is not completed', () => { + action = { ...action, agents: ['agent-fails-a-lot'], isCompleted: false }; + render(); + expect(renderResult.queryByTestId(testId)).toBeNull(); + }); + + it('should not render when action is successful', () => { + action = { ...action, agents: ['agent-fails-a-lot'], wasSuccessful: true }; + render(); + expect(renderResult.queryByTestId(testId)).toBeNull(); + }); + + it('should render `unknown error` when no errors/outputs', () => { + action = { + ...action, + agents: ['agent-fails-a-lot'], + command: 'scan', + isCompleted: true, + wasSuccessful: false, + hosts: { + 'agent-fails-a-lot': { + name: 'Fails-a-lot', + }, + }, + errors: undefined, + agentState: { + 'agent-fails-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: undefined, + }, + }, + outputs: undefined, + }; + render(); + const { getByTestId } = renderResult; + const unknownErrorMessage = getByTestId(testId); + + expect(unknownErrorMessage).not.toBeNull(); + expect(unknownErrorMessage.textContent).toEqual( + 'The following errors were encountered:An unknown error occurred' + ); + }); + + describe('when there is a single agent for the action', () => { + it('should show errors and outputs for an agent', () => { + action = { + ...action, + agents: ['agent-fails-a-lot'], + command: 'scan', + isCompleted: true, + wasSuccessful: false, + hosts: { + 'agent-fails-a-lot': { + name: 'Fails-a-lot', + }, + }, + errors: ['Error info A', 'Error info B', 'Error info C'], + agentState: { + 'agent-fails-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: ['Error info A', 'Error info B', 'Error info C'], + }, + }, + outputs: { + 'agent-fails-a-lot': { + type: 'json', + content: { + code: 'ra_scan_error_scan-queue-quota', + }, + }, + }, + }; + render(); + const { getByTestId } = renderResult; + + const errorMessages = getByTestId(testId); + expect(errorMessages).not.toBeNull(); + expect(errorMessages.textContent).toContain( + 'The following errors were encountered:Too many scans are queued | Error info A | Error info B | Error info C' + ); + }); + + it('should show errors for an agent when unknown output code', () => { + action = { + ...action, + agents: ['agent-fails-a-lot'], + command: 'scan', + isCompleted: true, + wasSuccessful: false, + hosts: { + 'agent-fails-a-lot': { + name: 'Fails-a-lot', + }, + }, + errors: ['Error info A', 'Error info B', 'Error info C'], + agentState: { + 'agent-fails-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: ['Error info A', 'Error info B', 'Error info C'], + }, + }, + outputs: { + 'agent-fails-a-lot': { + type: 'json', + content: { + code: 'non_existent_code', + }, + }, + }, + }; + render(); + const { getByTestId } = renderResult; + + const errorMessages = getByTestId(testId); + expect(errorMessages).not.toBeNull(); + expect(errorMessages.textContent).toContain( + 'The following errors were encountered:Error info A | Error info B | Error info C' + ); + }); + + it('should show single error for an agent when unknown output code', () => { + action = { + ...action, + agents: ['agent-fails-a-lot'], + command: 'scan', + isCompleted: true, + wasSuccessful: false, + hosts: { + 'agent-fails-a-lot': { + name: 'Fails-a-lot', + }, + }, + errors: ['Error info A'], + agentState: { + 'agent-fails-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: ['Error info A'], + }, + }, + outputs: { + 'agent-fails-a-lot': { + type: 'json', + content: { + code: 'non_existent_code', + }, + }, + }, + }; + render(); + const { getByTestId } = renderResult; + + const errorMessages = getByTestId(testId); + expect(errorMessages).not.toBeNull(); + expect(errorMessages.textContent).toContain( + 'The following error was encountered:Error info A' + ); + }); + }); + + describe('when there are multiple agents for the action', () => { + it('should show errors and outputs for each agent grouped by Host/Errors', () => { + action = { + ...action, + agents: ['agent-fails-a-lot', 'agent-errs-a-lot'], + command: 'scan', + isCompleted: true, + wasSuccessful: false, + hosts: { + 'agent-fails-a-lot': { + name: 'Fails-a-lot', + }, + 'agent-errs-a-lot': { + name: 'Errs-a-lot', + }, + }, + errors: ['Error info A', 'Error info B', 'Error info C'], + agentState: { + 'agent-fails-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: ['Error info A', 'Error info B', 'Error info C'], + }, + 'agent-errs-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: ['Error info P', 'Error info Q', 'Error info R'], + }, + }, + outputs: { + 'agent-fails-a-lot': { + type: 'json', + content: { + code: 'ra_scan_error_scan-queue-quota', + }, + }, + 'agent-errs-a-lot': { + type: 'json', + content: { + code: 'ra_scan_error_not-found', + }, + }, + }, + }; + render(); + const { getByTestId } = renderResult; + + const errorMessages = getByTestId(testId); + expect(errorMessages).not.toBeNull(); + expect(errorMessages.textContent).toContain( + 'The following errors were encountered:Host: Fails-a-lotErrors: Too many scans are queued | Error info A | Error info B | Error info CHost: Errs-a-lotErrors: File path or folder was not found (404) | Error info P | Error info Q | Error info R' + ); + }); + + it('should show errors for each agent grouped by Host/Errors, when unknown output codes', () => { + action = { + ...action, + agents: ['agent-fails-a-lot', 'agent-errs-a-lot'], + command: 'scan', + isCompleted: true, + wasSuccessful: false, + hosts: { + 'agent-fails-a-lot': { + name: 'Fails-a-lot', + }, + 'agent-errs-a-lot': { + name: 'Errs-a-lot', + }, + }, + errors: [ + 'Error info A', + 'Error info B', + 'Error info C', + 'Error info P', + 'Error info Q', + 'Error info R', + ], + agentState: { + 'agent-fails-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: ['Error info A', 'Error info B', 'Error info C'], + }, + 'agent-errs-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: ['Error info P', 'Error info Q', 'Error info R'], + }, + }, + outputs: { + 'agent-fails-a-lot': { + type: 'json', + content: { + code: 'non_existent_code', + }, + }, + 'agent-errs-a-lot': { + type: 'json', + content: { + code: 'non_existent_code', + }, + }, + }, + }; + render(); + const { getByTestId } = renderResult; + + const errorMessages = getByTestId(testId); + expect(errorMessages).not.toBeNull(); + expect(errorMessages.textContent).toContain( + 'The following errors were encountered:Host: Fails-a-lotErrors: Error info A | Error info B | Error info CHost: Errs-a-lotErrors: Error info P | Error info Q | Error info R' + ); + }); + + it('should show errors and outputs for each agent grouped by Host/Errors for agents that have errors', () => { + action = { + ...action, + agents: ['agent-runs-a-lot', 'agent-errs-a-lot'], + command: 'scan', + isCompleted: true, + wasSuccessful: false, + hosts: { + 'agent-runs-a-lot': { + name: 'runs-a-lot', + }, + 'agent-errs-a-lot': { + name: 'Errs-a-lot', + }, + }, + errors: ['Error info P', 'Error info Q', 'Error info R'], + agentState: { + 'agent-runs-a-lot': { + isCompleted: true, + wasSuccessful: true, + completedAt: new Date().toISOString(), + errors: undefined, + }, + 'agent-errs-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: ['Error info P', 'Error info Q', 'Error info R'], + }, + }, + outputs: { + 'agent-runs-a-lot': { + type: 'json', + content: { + code: 'non_existent_code', + }, + }, + 'agent-errs-a-lot': { + type: 'json', + content: { + code: 'ra_scan_error_not-found', + }, + }, + }, + }; + render(); + const { getByTestId } = renderResult; + + const errorMessages = getByTestId(testId); + expect(errorMessages).not.toBeNull(); + expect(errorMessages.textContent).toContain( + 'The following errors were encountered:Host: Errs-a-lotErrors: File path or folder was not found (404) | Error info P | Error info Q | Error info R' + ); + }); + + it('should show errors and outputs for each agent grouped by Host/Errors for agents that have a single error/output code', () => { + action = { + ...action, + agents: ['agent-runs-a-lot', 'agent-errs-a-lot'], + command: 'scan', + isCompleted: true, + wasSuccessful: false, + hosts: { + 'agent-runs-a-lot': { + name: 'runs-a-lot', + }, + 'agent-errs-a-lot': { + name: 'Errs-a-lot', + }, + }, + errors: [], + agentState: { + 'agent-runs-a-lot': { + isCompleted: true, + wasSuccessful: true, + completedAt: new Date().toISOString(), + errors: undefined, + }, + 'agent-errs-a-lot': { + isCompleted: true, + wasSuccessful: false, + completedAt: new Date().toISOString(), + errors: [], + }, + }, + outputs: { + 'agent-runs-a-lot': { + type: 'json', + content: { + code: 'non_existent_code', + }, + }, + 'agent-errs-a-lot': { + type: 'json', + content: { + code: 'ra_scan_error_not-found', + }, + }, + }, + }; + render(); + const { getByTestId } = renderResult; + + const errorMessages = getByTestId(testId); + expect(errorMessages).not.toBeNull(); + expect(errorMessages.textContent).toContain( + 'The following error was encountered:Host: Errs-a-lotErrors: File path or folder was not found (404)' + ); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx index f9f982188ffa4..44fc869a2d526 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_action_failure_message/endpoint_action_failure_message.tsx @@ -9,71 +9,123 @@ import React, { memo, useMemo } from 'react'; import { EuiSpacer } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; +import { getEmptyValue } from '../../../common/components/empty_value'; import { endpointActionResponseCodes } from '../endpoint_responder/lib/endpoint_action_response_codes'; import type { ActionDetails, MaybeImmutable } from '../../../../common/endpoint/types'; +import { KeyValueDisplay } from '../key_value_display'; +import { useTestIdGenerator } from '../../hooks/use_test_id_generator'; + +const emptyValue = getEmptyValue(); + +const ERROR_INFO_LABELS = Object.freeze<Record<string, string>>({ + errors: i18n.translate('xpack.securitySolution.endpointActionFailureMessage.errors', { + defaultMessage: 'Errors', + }), + host: i18n.translate('xpack.securitySolution.endpointActionFailureMessage.host', { + defaultMessage: 'Host', + }), +}); interface EndpointActionFailureMessageProps { action: MaybeImmutable<ActionDetails>; 'data-test-subj'?: string; } +// logic for determining agent host/errors info +const getAgentErrors = (action: MaybeImmutable<ActionDetails>) => { + const allAgentErrors: Array<{ name: string; errors: string[] }> = []; + + if (action.outputs || (action.errors && action.errors.length)) { + for (const agent of action.agents) { + const endpointAgentOutput = action.outputs?.[agent]; + + const agentState = action.agentState[agent]; + const hasErrors = agentState && agentState.errors; + const hasOutputCode: boolean = + !!endpointAgentOutput && + endpointAgentOutput.type === 'json' && + !!endpointAgentOutput.content && + !!endpointAgentOutput.content.code; + + const agentErrorInfo: { name: string; errors: string[] } = { name: '', errors: [] }; + + if ( + hasOutputCode && + !!endpointAgentOutput && + !!endpointActionResponseCodes[endpointAgentOutput.content.code] + ) { + agentErrorInfo.errors.push(endpointActionResponseCodes[endpointAgentOutput.content.code]); + } + + if (hasErrors) { + const errorMessages: string[] = [...new Set(agentState.errors)]; + agentErrorInfo.errors.push(...errorMessages); + } + + if (agentErrorInfo.errors.length && action.hosts[agent]?.name) { + agentErrorInfo.name = action.hosts[agent].name; + } + + if (agentErrorInfo.errors.length) { + allAgentErrors.push(agentErrorInfo); + } + } + } + + return allAgentErrors; +}; + export const EndpointActionFailureMessage = memo<EndpointActionFailureMessageProps>( ({ action, 'data-test-subj': dataTestSubj }) => { + const getTestId = useTestIdGenerator(dataTestSubj); + return useMemo(() => { if (!action.isCompleted || action.wasSuccessful) { return null; } - const errors: string[] = []; - - // Determine if each endpoint returned a response code and if so, - // see if we have a localized message for it - if (action.outputs) { - for (const agent of action.agents) { - const endpointAgentOutput = action.outputs[agent]; - - if ( - endpointAgentOutput && - endpointAgentOutput.type === 'json' && - endpointAgentOutput.content.code && - endpointActionResponseCodes[endpointAgentOutput.content.code] - ) { - errors.push(endpointActionResponseCodes[endpointAgentOutput.content.code]); - } - } - } + const allAgentErrors = getAgentErrors(action); - if (!errors.length) { - if (action.errors) { - errors.push(...action.errors); - } else { - errors.push( - i18n.translate('xpack.securitySolution.endpointActionFailureMessage.unknownFailure', { - defaultMessage: 'Action failed', - }) - ); - } - } + const errorCount = allAgentErrors + .map((agentErrorInfo) => agentErrorInfo.errors) + .flat().length; + const isMultiAgentAction = errorCount && action.agents.length > 1; return ( - <div data-test-subj={dataTestSubj}> + <div data-test-subj={getTestId('response-action-failure-info')}> <FormattedMessage id="xpack.securitySolution.endpointResponseActions.actionError.errorMessage" defaultMessage="The following { errorCount, plural, =1 {error was} other {errors were}} encountered:" - values={{ errorCount: errors.length }} + values={{ errorCount }} /> <EuiSpacer size="s" /> - <div>{errors.join(' | ')}</div> + <> + {!errorCount ? ( + <FormattedMessage + id="xpack.securitySolution.endpointActionFailureMessage.unknownFailure" + defaultMessage="An unknown error occurred" + /> + ) : isMultiAgentAction ? ( + allAgentErrors.map((agentErrorInfo) => ( + <div key={agentErrorInfo.name}> + <KeyValueDisplay + name={ERROR_INFO_LABELS.host} + value={agentErrorInfo.name.length ? agentErrorInfo.name : emptyValue} + /> + <KeyValueDisplay + name={ERROR_INFO_LABELS.errors} + value={agentErrorInfo.errors.join(' | ')} + /> + <EuiSpacer size="s" /> + </div> + )) + ) : ( + <>{allAgentErrors[0].errors.join(' | ')}</> + )} + </> </div> ); - }, [ - action.agents, - action.errors, - action.isCompleted, - action.outputs, - action.wasSuccessful, - dataTestSubj, - ]); + }, [action, getTestId]); } ); EndpointActionFailureMessage.displayName = 'EndpointActionFailureMessage'; diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_file_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_file_action.test.tsx index 06148aed5b483..40ac509c6fdde 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_file_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_file_action.test.tsx @@ -189,11 +189,20 @@ describe('When using get-file action from response actions console', () => { const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/a.b.c', }) as ActionDetailsApiResponse<ResponseActionGetFileOutputContent>; - pendingDetailResponse.data.agents = ['a.b.c']; + + pendingDetailResponse.data.command = 'get-file'; pendingDetailResponse.data.wasSuccessful = false; pendingDetailResponse.data.errors = ['not found']; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['not found'], + completedAt: new Date().toISOString(), + }, + }; pendingDetailResponse.data.outputs = { - 'a.b.c': { + 'agent-a': { type: 'json', content: { code: outputCode, diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx index e063aa1245900..08c9ffd673f5d 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/get_processes_action.test.tsx @@ -134,7 +134,16 @@ describe('When using processes action from response actions console', () => { const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/1.2.3', }); + pendingDetailResponse.data.command = 'running-processes'; pendingDetailResponse.data.wasSuccessful = false; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['error one', 'error two'], + completedAt: new Date().toISOString(), + }, + }; pendingDetailResponse.data.errors = ['error one', 'error two']; apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); await render(); @@ -194,6 +203,7 @@ describe('When using processes action from response actions console', () => { const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/1.2.3', }); + pendingDetailResponse.data.command = 'running-processes'; pendingDetailResponse.data.isCompleted = false; apiMocks.responseProvider.actionDetails.mockClear(); apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/isolate_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/isolate_action.test.tsx index f5a20be31580a..b7f717e396d84 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/isolate_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/isolate_action.test.tsx @@ -135,6 +135,14 @@ describe('When using isolate action from response actions console', () => { }); pendingDetailResponse.data.wasSuccessful = false; pendingDetailResponse.data.errors = ['error one', 'error two']; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['error one', 'error two'], + completedAt: new Date().toISOString(), + }, + }; apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); await render(); enterConsoleCommand(renderResult, 'isolate'); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx index 5b10bb38f8a42..517bd7101393b 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx @@ -229,8 +229,17 @@ describe('When using the kill-process action from response actions console', () const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/1.2.3', }); + pendingDetailResponse.data.command = 'kill-process'; pendingDetailResponse.data.wasSuccessful = false; pendingDetailResponse.data.errors = ['error one', 'error two']; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['error one', 'error two'], + completedAt: new Date().toISOString(), + }, + }; apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); await render(); enterConsoleCommand(renderResult, 'kill-process --pid 123'); @@ -248,11 +257,19 @@ describe('When using the kill-process action from response actions console', () const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/a.b.c', }) as ActionDetailsApiResponse<KillProcessActionOutputContent>; - pendingDetailResponse.data.agents = ['a.b.c']; + pendingDetailResponse.data.command = 'kill-process'; pendingDetailResponse.data.wasSuccessful = false; pendingDetailResponse.data.errors = ['not found']; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['not found'], + completedAt: new Date().toISOString(), + }, + }; pendingDetailResponse.data.outputs = { - 'a.b.c': { + 'agent-a': { type: 'json', content: { code: outputCode, @@ -318,6 +335,7 @@ describe('When using the kill-process action from response actions console', () path: '/api/endpoint/action/1.2.3', }); + pendingDetailResponse.data.command = 'kill-process'; pendingDetailResponse.data.isCompleted = false; apiMocks.responseProvider.actionDetails.mockClear(); apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx index 2a4c7838e0219..64c9eb4c1c7bf 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx @@ -134,8 +134,17 @@ describe('When using the release action from response actions console', () => { const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/1.2.3', }); + pendingDetailResponse.data.command = 'unisolate'; pendingDetailResponse.data.wasSuccessful = false; pendingDetailResponse.data.errors = ['error one', 'error two']; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['error one', 'error two'], + completedAt: new Date().toISOString(), + }, + }; apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); await render(); enterConsoleCommand(renderResult, 'release'); @@ -202,6 +211,7 @@ describe('When using the release action from response actions console', () => { const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/1.2.3', }); + pendingDetailResponse.data.command = 'unisolate'; pendingDetailResponse.data.isCompleted = false; apiMocks.responseProvider.actionDetails.mockClear(); apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx index 7552b1c926d08..ed60cc734994c 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/scan_action.test.tsx @@ -158,6 +158,26 @@ describe('When using scan action from response actions console', () => { ); }); + it('should work with a single `--comment` argument', async () => { + await render(); + enterConsoleCommand(renderResult, 'scan --path="one/two" --comment "Scan folder"'); + + await waitFor(() => { + expect(renderResult.getByTestId('scan-pending').textContent).toEqual( + 'File path scan is in progress.' + ); + }); + }); + + it('should work with `--help argument`', async () => { + await render(); + enterConsoleCommand(renderResult, 'scan --help'); + + expect(renderResult.getByTestId('test-helpOutput').textContent).toEqual( + 'AboutScan the host for malwareUsagescan --path [--comment]Examplescan --path "/full/path/to/folder" --comment "Scan folder for malware"Required parameters--path - The absolute path to a file or directory to be scannedOptional parameters--comment - A comment to go along with the action' + ); + }); + it('should display pending message', async () => { await render(); enterConsoleCommand(renderResult, 'scan --path="one/two"'); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/suspend_process_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/suspend_process_action.test.tsx index be2cd5327185b..b8184d9dc90bb 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/suspend_process_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/suspend_process_action.test.tsx @@ -21,7 +21,7 @@ import type { EndpointCapabilities } from '../../../../../../common/endpoint/ser import { ENDPOINT_CAPABILITIES } from '../../../../../../common/endpoint/service/response_actions/constants'; import type { ActionDetailsApiResponse, - KillProcessActionOutputContent, + SuspendProcessActionOutputContent, } from '../../../../../../common/endpoint/types'; import { endpointActionResponseCodes } from '../../lib/endpoint_action_response_codes'; import { UPGRADE_AGENT_FOR_RESPONDER } from '../../../../../common/translations'; @@ -220,8 +220,17 @@ describe('When using the suspend-process action from response actions console', const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/1.2.3', }); + pendingDetailResponse.data.command = 'suspend-process'; pendingDetailResponse.data.wasSuccessful = false; pendingDetailResponse.data.errors = ['error one', 'error two']; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['error one', 'error two'], + completedAt: new Date().toISOString(), + }, + }; apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); await render(); enterConsoleCommand(renderResult, 'suspend-process --pid 123'); @@ -233,7 +242,7 @@ describe('When using the suspend-process action from response actions console', }); }); - it('should show error if kill-process API fails', async () => { + it('should show error if suspend-process API fails', async () => { apiMocks.responseProvider.suspendProcess.mockRejectedValueOnce({ status: 500, message: 'this is an error', @@ -253,18 +262,28 @@ describe('When using the suspend-process action from response actions console', async (outputCode) => { const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/a.b.c', - }) as ActionDetailsApiResponse<KillProcessActionOutputContent>; - pendingDetailResponse.data.agents = ['a.b.c']; + }) as ActionDetailsApiResponse<SuspendProcessActionOutputContent>; + + pendingDetailResponse.data.command = 'suspend-process'; pendingDetailResponse.data.wasSuccessful = false; - pendingDetailResponse.data.errors = ['not found']; + pendingDetailResponse.data.errors = ['error one', 'error two']; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['error one', 'error two'], + completedAt: new Date().toISOString(), + }, + }; pendingDetailResponse.data.outputs = { - 'a.b.c': { + 'agent-a': { type: 'json', content: { code: outputCode, }, }, }; + apiMocks.responseProvider.actionDetails.mockReturnValue(pendingDetailResponse); await render(); enterConsoleCommand(renderResult, 'suspend-process --pid 123'); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx index 1f2065197bb31..a0f23c2bb427e 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx @@ -220,11 +220,19 @@ describe('When using `upload` response action', () => { const pendingDetailResponse = apiMocks.responseProvider.actionDetails({ path: '/api/endpoint/action/a.b.c', }) as ActionDetailsApiResponse<ResponseActionUploadOutputContent>; - pendingDetailResponse.data.agents = ['a.b.c']; + pendingDetailResponse.data.command = 'upload'; pendingDetailResponse.data.wasSuccessful = false; pendingDetailResponse.data.errors = ['not found']; + pendingDetailResponse.data.agentState = { + 'agent-a': { + isCompleted: true, + wasSuccessful: false, + errors: ['not found'], + completedAt: new Date().toISOString(), + }, + }; pendingDetailResponse.data.outputs = { - 'a.b.c': { + 'agent-a': { type: 'json', content: { code: outputCode, diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx index 7ea0986a3e721..dff91fb21141d 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/status_action.tsx @@ -10,6 +10,7 @@ import { EuiDescriptionList } from '@elastic/eui'; import { v4 as uuidV4 } from 'uuid'; import { i18n } from '@kbn/i18n'; import type { IHttpFetchError } from '@kbn/core-http-browser'; +import { getAgentStatusText } from '../../../../common/components/endpoint/agents/agent_status/translations'; import type { HostInfo, PendingActionsResponse } from '../../../../../common/endpoint/types'; import type { EndpointCommandDefinitionMeta } from '../types'; import { useGetEndpointPendingActionsSummary } from '../../../hooks/response_actions/use_get_endpoint_pending_actions_summary'; @@ -19,7 +20,6 @@ import type { CommandExecutionComponentProps } from '../../console/types'; import { FormattedError } from '../../formatted_error'; import { ConsoleCodeBlock } from '../../console/components/console_code_block'; import { POLICY_STATUS_TO_TEXT } from '../../../pages/endpoint_hosts/view/host_constants'; -import { getAgentStatusText } from '../../../../common/components/endpoint/agents/agent_status_text'; export const EndpointStatusActionResult = memo< CommandExecutionComponentProps< @@ -28,6 +28,7 @@ export const EndpointStatusActionResult = memo< apiCalled?: boolean; endpointDetails?: HostInfo; detailsFetchError?: IHttpFetchError; + // FIXME:PT remove this and use new API/TYpe (team issue: 9783) endpointPendingActions?: PendingActionsResponse; }, EndpointCommandDefinitionMeta diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.test.tsx index 272c7bafce4d4..e7b04bc4a5817 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.test.tsx @@ -10,10 +10,7 @@ import React from 'react'; import type { AppContextTestRender } from '../../../../../../common/mock/endpoint'; import { createAppRootMockRenderer } from '../../../../../../common/mock/endpoint'; import { AgentInfo } from './agent_info'; -import { - useAgentStatusHook, - useGetAgentStatus, -} from '../../../../../hooks/agents/use_get_agent_status'; +import { useGetAgentStatus } from '../../../../../hooks/agents/use_get_agent_status'; import type { ResponseActionAgentType } from '../../../../../../../common/endpoint/service/response_actions/constants'; import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../../../../common/endpoint/service/response_actions/constants'; import type { Platform } from '../platforms'; @@ -22,7 +19,6 @@ import { HostStatus } from '../../../../../../../common/endpoint/types'; jest.mock('../../../../../hooks/agents/use_get_agent_status'); const getAgentStatusMock = useGetAgentStatus as jest.Mock; -const useAgentStatusHookMock = useAgentStatusHook as jest.Mock; describe('Responder header Agent Info', () => { let render: ( @@ -54,7 +50,6 @@ describe('Responder header Agent Info', () => { )); getAgentStatusMock.mockReturnValue({ data: {} }); - useAgentStatusHookMock.mockImplementation(() => useGetAgentStatus); }); afterEach(() => { diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.tsx index 7845b9d8b3efd..1ce87a03caf7e 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/agent_info/agent_info.tsx @@ -6,22 +6,21 @@ */ import React, { memo } from 'react'; +import type { ResponseActionAgentType } from '../../../../../../../common/endpoint/service/response_actions/constants'; import { AgentStatus } from '../../../../../../common/components/endpoint/agents/agent_status'; -import { useAgentStatusHook } from '../../../../../hooks/agents/use_get_agent_status'; -import type { ThirdPartyAgentInfo } from '../../../../../../../common/types'; +import { useGetAgentStatus } from '../../../../../hooks/agents/use_get_agent_status'; import { HeaderAgentInfo } from '../header_agent_info'; import type { Platform } from '../platforms'; interface AgentInfoProps { - agentId: ThirdPartyAgentInfo['agent']['id']; - agentType: ThirdPartyAgentInfo['agent']['type']; - platform: ThirdPartyAgentInfo['host']['os']['family']; - hostName: ThirdPartyAgentInfo['host']['name']; + agentId: string; + agentType: ResponseActionAgentType; + platform: string; + hostName: string; } export const AgentInfo = memo<AgentInfoProps>(({ agentId, platform, hostName, agentType }) => { - const getAgentStatus = useAgentStatusHook(); - const { data } = getAgentStatus([agentId], agentType); + const { data } = useGetAgentStatus(agentId, agentType); const agentStatus = data?.[agentId]; const lastCheckin = agentStatus ? agentStatus.lastSeen : ''; diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.test.tsx index c6c79a503150c..909ca060b7f0a 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.test.tsx @@ -10,15 +10,17 @@ import { EndpointActionGenerator } from '../../../../../../../common/endpoint/da import type { HostInfo } from '../../../../../../../common/endpoint/types'; import type { AppContextTestRender } from '../../../../../../common/mock/endpoint'; import { createAppRootMockRenderer } from '../../../../../../common/mock/endpoint'; -import { useGetEndpointDetails } from '../../../../../hooks/endpoint/use_get_endpoint_details'; +import { useGetEndpointDetails as _useGetEndpointDetails } from '../../../../../hooks/endpoint/use_get_endpoint_details'; import { useGetEndpointPendingActionsSummary } from '../../../../../hooks/response_actions/use_get_endpoint_pending_actions_summary'; import { mockEndpointDetailsApiResult } from '../../../../../pages/endpoint_hosts/store/mock_endpoint_result_list'; import { HeaderEndpointInfo } from './header_endpoint_info'; +import { agentStatusGetHttpMock } from '../../../../../mocks'; +import { waitFor } from '@testing-library/react'; jest.mock('../../../../../hooks/endpoint/use_get_endpoint_details'); jest.mock('../../../../../hooks/response_actions/use_get_endpoint_pending_actions_summary'); -const getEndpointDetails = useGetEndpointDetails as jest.Mock; +const useGetEndpointDetailsMock = _useGetEndpointDetails as jest.Mock; const getPendingActions = useGetEndpointPendingActionsSummary as jest.Mock; describe('Responder header endpoint info', () => { @@ -27,12 +29,12 @@ describe('Responder header endpoint info', () => { let mockedContext: AppContextTestRender; let endpointDetails: HostInfo; - beforeEach(() => { + beforeEach(async () => { mockedContext = createAppRootMockRenderer(); render = () => (renderResult = mockedContext.render(<HeaderEndpointInfo endpointId={'1234'} />)); endpointDetails = mockEndpointDetailsApiResult(); - getEndpointDetails.mockReturnValue({ data: endpointDetails }); + useGetEndpointDetailsMock.mockReturnValue({ data: endpointDetails }); getPendingActions.mockReturnValue({ data: { data: [ @@ -42,7 +44,11 @@ describe('Responder header endpoint info', () => { ], }, }); + const apiMock = agentStatusGetHttpMock(mockedContext.coreStart.http); render(); + await waitFor(() => { + expect(apiMock.responseProvider.getAgentStatus).toHaveBeenCalled(); + }); }); afterEach(() => { @@ -56,7 +62,7 @@ describe('Responder header endpoint info', () => { const agentStatus = await renderResult.findByTestId( 'responderHeaderEndpointAgentIsolationStatus' ); - expect(agentStatus.textContent).toBe(`UnhealthyIsolating`); + expect(agentStatus.textContent).toBe(`Healthy`); }); it('should show last checkin time', async () => { const lastUpdated = await renderResult.findByTestId('responderHeaderLastSeen'); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.tsx index 28ac70e7c969d..5a76abbe297cb 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/endpoint/header_endpoint_info.tsx @@ -7,7 +7,7 @@ import React, { memo } from 'react'; import { EuiSkeletonText } from '@elastic/eui'; -import { EndpointAgentStatus } from '../../../../../../common/components/endpoint/agents/agent_status'; +import { AgentStatus } from '../../../../../../common/components/endpoint/agents/agent_status'; import { HeaderAgentInfo } from '../header_agent_info'; import { useGetEndpointDetails } from '../../../../../hooks'; import type { Platform } from '../platforms'; @@ -35,8 +35,9 @@ export const HeaderEndpointInfo = memo<HeaderEndpointInfoProps>(({ endpointId }) hostName={endpointDetails.metadata.host.name} lastCheckin={endpointDetails.last_checkin} > - <EndpointAgentStatus - endpointHostInfo={endpointDetails} + <AgentStatus + agentId={endpointId} + agentType="endpoint" data-test-subj="responderHeaderEndpointAgentIsolationStatus" /> </HeaderAgentInfo> diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/sentinel_one/header_sentinel_one_info.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/sentinel_one/header_sentinel_one_info.tsx deleted file mode 100644 index 72a155833f967..0000000000000 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/header_info/sentinel_one/header_sentinel_one_info.tsx +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React, { memo } from 'react'; -import { AgentStatus } from '../../../../../../common/components/endpoint/agents/agent_status'; -import { useAgentStatusHook } from '../../../../../hooks/agents/use_get_agent_status'; -import { useIsExperimentalFeatureEnabled } from '../../../../../../common/hooks/use_experimental_features'; -import type { ThirdPartyAgentInfo } from '../../../../../../../common/types'; -import { HeaderAgentInfo } from '../header_agent_info'; -import type { Platform } from '../platforms'; - -interface HeaderSentinelOneInfoProps { - agentId: ThirdPartyAgentInfo['agent']['id']; - agentType: ThirdPartyAgentInfo['agent']['type']; - platform: ThirdPartyAgentInfo['host']['os']['family']; - hostName: ThirdPartyAgentInfo['host']['name']; -} - -export const HeaderSentinelOneInfo = memo<HeaderSentinelOneInfoProps>( - ({ agentId, agentType, platform, hostName }) => { - const isSentinelOneV1Enabled = useIsExperimentalFeatureEnabled( - 'sentinelOneManualHostActionsEnabled' - ); - const getAgentStatus = useAgentStatusHook(); - const { data } = getAgentStatus([agentId], 'sentinel_one', { enabled: isSentinelOneV1Enabled }); - const agentStatus = data?.[agentId]; - const lastCheckin = agentStatus ? agentStatus.lastSeen : ''; - - return ( - <HeaderAgentInfo - platform={platform.toLowerCase() as Platform} - hostName={hostName} - lastCheckin={lastCheckin} - > - <AgentStatus - agentId={agentId} - agentType={agentType} - data-test-subj="responderHeaderSentinelOneAgentIsolationStatus" - /> - </HeaderAgentInfo> - ); - } -); - -HeaderSentinelOneInfo.displayName = 'HeaderSentinelOneInfo'; diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.test.tsx index ffa739ede735b..936d28296bea1 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.test.tsx @@ -8,101 +8,62 @@ import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants'; import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../../common/endpoint/service/response_actions/constants'; import React from 'react'; -import type { HostInfo } from '../../../../../common/endpoint/types'; import { HostStatus } from '../../../../../common/endpoint/types'; import type { AppContextTestRender } from '../../../../common/mock/endpoint'; import { createAppRootMockRenderer } from '../../../../common/mock/endpoint'; -import { - useAgentStatusHook, - useGetAgentStatus, - useGetSentinelOneAgentStatus, -} from '../../../hooks/agents/use_get_agent_status'; -import { useGetEndpointDetails } from '../../../hooks/endpoint/use_get_endpoint_details'; -import { mockEndpointDetailsApiResult } from '../../../pages/endpoint_hosts/store/mock_endpoint_result_list'; import { OfflineCallout } from './offline_callout'; - -jest.mock('../../../hooks/endpoint/use_get_endpoint_details'); -jest.mock('../../../hooks/agents/use_get_agent_status'); - -const getEndpointDetails = useGetEndpointDetails as jest.Mock; -const getSentinelOneAgentStatus = useGetSentinelOneAgentStatus as jest.Mock; -const getAgentStatus = useGetAgentStatus as jest.Mock; -const useAgentStatusHookMock = useAgentStatusHook as jest.Mock; +import { agentStatusGetHttpMock } from '../../../mocks'; +import { agentStatusMocks } from '../../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks'; +import { waitFor } from '@testing-library/react'; describe('Responder offline callout', () => { - // TODO: 8.15 remove the sentinelOneAgentStatus hook when `agentStatusClientEnabled` is enabled and removed - describe.each([ - [useGetSentinelOneAgentStatus, getSentinelOneAgentStatus], - [useGetAgentStatus, getAgentStatus], - ])('works with %s hook', (hook, mockHook) => { - let render: (agentType?: ResponseActionAgentType) => ReturnType<AppContextTestRender['render']>; - let renderResult: ReturnType<typeof render>; - let mockedContext: AppContextTestRender; - let endpointDetails: HostInfo; + let render: (agentType?: ResponseActionAgentType) => ReturnType<AppContextTestRender['render']>; + let renderResult: ReturnType<typeof render>; + let mockedContext: AppContextTestRender; + let apiMocks: ReturnType<typeof agentStatusGetHttpMock>; - beforeEach(() => { - mockedContext = createAppRootMockRenderer(); - render = (agentType?: ResponseActionAgentType) => - (renderResult = mockedContext.render( - <OfflineCallout - endpointId={'1234'} - agentType={agentType || 'endpoint'} - hostName="Host name" - /> - )); - endpointDetails = mockEndpointDetailsApiResult(); - getEndpointDetails.mockReturnValue({ data: endpointDetails }); - mockHook.mockReturnValue({ data: {} }); - useAgentStatusHookMock.mockImplementation(() => hook); - render(); - }); + beforeEach(() => { + mockedContext = createAppRootMockRenderer(); + apiMocks = agentStatusGetHttpMock(mockedContext.coreStart.http); + render = (agentType?: ResponseActionAgentType) => + (renderResult = mockedContext.render( + <OfflineCallout + endpointId={'abfe4a35-d5b4-42a0-a539-bd054c791769'} + agentType={agentType || 'endpoint'} + hostName="Host name" + /> + )); + }); - afterEach(() => { - jest.clearAllMocks(); - }); + it.each(RESPONSE_ACTION_AGENT_TYPE)( + 'should be visible when agent type is %s and host is offline', + async (agentType) => { + apiMocks.responseProvider.getAgentStatus.mockReturnValue({ + data: { + 'abfe4a35-d5b4-42a0-a539-bd054c791769': agentStatusMocks.generateAgentStatus({ + agentType, + status: HostStatus.OFFLINE, + }), + }, + }); + render(agentType); + await waitFor(() => { + expect(apiMocks.responseProvider.getAgentStatus).toHaveBeenCalled(); + }); - it.each(RESPONSE_ACTION_AGENT_TYPE)( - 'should be visible when agent type is %s and host is offline', - (agentType) => { - if (agentType === 'endpoint') { - getEndpointDetails.mockReturnValue({ - data: { ...endpointDetails, host_status: HostStatus.OFFLINE }, - }); - } else { - mockHook.mockReturnValue({ - data: { - '1234': { - status: HostStatus.OFFLINE, - }, - }, - }); - } - render(agentType); - const callout = renderResult.queryByTestId('offlineCallout'); - expect(callout).toBeTruthy(); - } - ); + expect(renderResult.getByTestId('offlineCallout')).toBeTruthy(); + } + ); - it.each(RESPONSE_ACTION_AGENT_TYPE)( - 'should not be visible when agent type is %s and host is online', - (agentType) => { - if (agentType === 'endpoint') { - getEndpointDetails.mockReturnValue({ - data: { ...endpointDetails, host_status: HostStatus.HEALTHY }, - }); - } else { - mockHook.mockReturnValue({ - data: { - '1234': { - status: HostStatus.HEALTHY, - }, - }, - }); - } - render(agentType); - const callout = renderResult.queryByTestId('offlineCallout'); - expect(callout).toBeFalsy(); - } - ); - }); + it.each(RESPONSE_ACTION_AGENT_TYPE)( + 'should NOT be visible when agent type is %s and host is online', + async (agentType) => { + render(agentType); + await waitFor(() => { + expect(apiMocks.responseProvider.getAgentStatus).toHaveBeenCalled(); + }); + + expect(renderResult.queryByTestId('offlineCallout')).toBeNull(); + } + ); }); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.tsx index 727d30a6c75b4..dab6ceb7c8c79 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_responder/components/offline_callout.tsx @@ -5,15 +5,12 @@ * 2.0. */ -import React, { memo, useMemo } from 'react'; +import React, { memo } from 'react'; import { EuiCallOut, EuiSpacer } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; -import { isAgentTypeAndActionSupported } from '../../../../common/lib/endpoint'; -import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; -import { useAgentStatusHook } from '../../../hooks/agents/use_get_agent_status'; +import { useGetAgentStatus } from '../../../hooks/agents/use_get_agent_status'; import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants'; -import { useGetEndpointDetails } from '../../../hooks'; import { HostStatus } from '../../../../../common/endpoint/types'; interface OfflineCalloutProps { @@ -23,45 +20,9 @@ interface OfflineCalloutProps { } export const OfflineCallout = memo<OfflineCalloutProps>(({ agentType, endpointId, hostName }) => { - const isEndpointAgent = agentType === 'endpoint'; - const isSentinelOneAgent = agentType === 'sentinel_one'; - const isCrowdstrikeAgent = agentType === 'crowdstrike'; - const getAgentStatus = useAgentStatusHook(); - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); + const { data } = useGetAgentStatus(endpointId, agentType); - const isAgentTypeEnabled = useMemo(() => { - return isAgentTypeAndActionSupported(agentType); - }, [agentType]); - - const { data: endpointDetails } = useGetEndpointDetails(endpointId, { - refetchInterval: 10000, - enabled: isEndpointAgent && !agentStatusClientEnabled, - }); - - const { data } = getAgentStatus([endpointId], agentType, { - enabled: - (isEndpointAgent && agentStatusClientEnabled) || (!isEndpointAgent && isAgentTypeEnabled), - }); - const showOfflineCallout = useMemo( - () => - (isEndpointAgent && endpointDetails?.host_status === HostStatus.OFFLINE) || - (isSentinelOneAgent && data?.[endpointId].status === HostStatus.OFFLINE) || - (isCrowdstrikeAgent && data?.[endpointId].status === HostStatus.OFFLINE), - [ - data, - endpointDetails?.host_status, - endpointId, - isEndpointAgent, - isCrowdstrikeAgent, - isSentinelOneAgent, - ] - ); - - if ((isEndpointAgent && !endpointDetails) || (isAgentTypeEnabled && !data)) { - return null; - } - - if (showOfflineCallout) { + if (data?.[endpointId].status === HostStatus.OFFLINE) { return ( <> <EuiCallOut diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx index 5a44f6584520a..11837ed6d2364 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/components/action_log_expanded_tray.tsx @@ -6,9 +6,15 @@ */ import React, { memo, useMemo } from 'react'; -import { EuiCodeBlock, EuiDescriptionList, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import { + EuiCodeBlock, + EuiDescriptionList, + EuiFlexGroup, + EuiFlexItem, + EuiSpacer, +} from '@elastic/eui'; import { css, euiStyled } from '@kbn/kibana-react-plugin/common'; -import { map } from 'lodash'; +import { reduce } from 'lodash'; import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; import { getAgentTypeName } from '../../../../common/translations'; import { RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP } from '../../../../../common/endpoint/service/response_actions/constants'; @@ -22,9 +28,9 @@ import { useUserPrivileges } from '../../../../common/components/user_privileges import { OUTPUT_MESSAGES } from '../translations'; import { useTestIdGenerator } from '../../../hooks/use_test_id_generator'; import { ResponseActionFileDownloadLink } from '../../response_action_file_download_link'; +import { EndpointActionFailureMessage } from '../../endpoint_action_failure_message'; import { ExecuteActionHostResponse } from '../../endpoint_execute_action'; import { getEmptyValue } from '../../../../common/components/empty_value'; - import { type ActionDetails, type MaybeImmutable } from '../../../../../common/endpoint/types'; const emptyValue = getEmptyValue(); @@ -93,20 +99,9 @@ const OutputContent = memo<{ action: MaybeImmutable<ActionDetails>; 'data-test-s canAccessEndpointActionsLogManagement, } = useUserPrivileges().endpointPrivileges; - const { command: _command, isCompleted, isExpired, wasSuccessful, errors } = action; + const { command: _command, isCompleted, isExpired, wasSuccessful } = action; const command = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[_command]; - if (errors?.length) { - return ( - // TODO: temporary solution, waiting for UI - <> - {errors.map((error) => ( - <EuiFlexItem>{error}</EuiFlexItem> - ))} - </> - ); - } - if (isExpired) { return <>{OUTPUT_MESSAGES.hasExpired(command)}</>; } @@ -116,7 +111,16 @@ const OutputContent = memo<{ action: MaybeImmutable<ActionDetails>; 'data-test-s } if (!wasSuccessful) { - return <>{OUTPUT_MESSAGES.hasFailed(command)}</>; + return ( + <> + {OUTPUT_MESSAGES.hasFailed(command)} + <EuiSpacer size="s" /> + <EndpointActionFailureMessage + action={action} + data-test-subj={getTestId('failureMessage')} + /> + </> + ); } if (isGetFileAction(action)) { @@ -234,7 +238,19 @@ export const ActionsLogExpandedTray = memo<{ }, { title: OUTPUT_MESSAGES.expandSection.hostname, - description: map(hosts, (host) => host.name).join(', ') || emptyValue, + description: + reduce( + hosts, + (acc, host) => { + if (host.name.trim().length) { + acc.push(host.name); + } else { + acc.push(emptyValue); + } + return acc; + }, + [] as string[] + ).join(', ') || emptyValue, }, ]; @@ -248,7 +264,11 @@ export const ActionsLogExpandedTray = memo<{ return list.map(({ title, description }) => { return { title: <StyledEuiCodeBlock>{title}</StyledEuiCodeBlock>, - description: <StyledEuiCodeBlock>{description}</StyledEuiCodeBlock>, + description: ( + <StyledEuiCodeBlock data-test-subj={getTestId(`action-details-info-${title}`)}> + {description} + </StyledEuiCodeBlock> + ), }; }); }, [ @@ -256,6 +276,7 @@ export const ActionsLogExpandedTray = memo<{ command, comment, completedAt, + getTestId, hosts, isSentinelOneV1Enabled, parametersList, diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx index c10b661124bd7..bf13fec9086b1 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx @@ -983,7 +983,7 @@ describe('Response actions history', () => { }); }); - describe('Action status ', () => { + describe('Action status', () => { beforeEach(() => { apiMocks = responseActionsHttpMocks(mockedContext.coreStart.http); }); @@ -1001,8 +1001,51 @@ describe('Response actions history', () => { async (command) => { useGetEndpointActionListMock.mockReturnValue({ ...getBaseMockedActionList(), - data: await getActionListMock({ actionCount: 2, commands: [command] }), + data: await getActionListMock({ + actionCount: 2, + agentIds: ['agent-a', 'agent-b'], + hosts: { + 'agent-a': { name: 'Host-agent-a' }, + 'agent-b': { name: 'Host-agent-b' }, + }, + commands: [command], + agentState: { + 'agent-a': { + errors: undefined, + wasSuccessful: true, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + 'agent-b': { + errors: undefined, + wasSuccessful: true, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + } as unknown as Pick<ActionDetails, 'agentState'>, + outputs: (command === 'upload' + ? { + 'agent-a': { + type: 'json', + content: { + code: 'ra_upload_file-success', + path: 'some/path/to/file', + disk_free_space: 123445, + }, + }, + 'agent-b': { + type: 'json', + content: { + code: 'ra_upload_file-success', + path: 'some/path/to/file', + disk_free_space: 123445, + }, + }, + } + : {}) as Pick<ActionDetails, 'outputs'>, + }), }); + if (command === 'get-file' || command === 'execute') { mockUseGetFileInfo = { isFetching: false, @@ -1027,15 +1070,31 @@ describe('Response actions history', () => { ); it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)( - 'shows Failed status badge for failed %s actions', + 'shows Failed status badge for failed %s action', async (command) => { useGetEndpointActionListMock.mockReturnValue({ ...getBaseMockedActionList(), data: await getActionListMock({ + agentIds: ['agent-a', 'agent-b'], actionCount: 2, commands: [command], wasSuccessful: false, status: 'failed', + errors: [], + outputs: { + 'agent-a': { + type: 'json', + content: { + code: 'non_existing_code_for_test', + }, + }, + 'agent-b': { + type: 'json', + content: { + code: 'non_existing_code_for_test', + }, + }, + } as ActionDetails['outputs'], }), }); render(); @@ -1043,8 +1102,8 @@ describe('Response actions history', () => { const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command]; const outputs = expandRows(); expect(outputs.map((n) => n.textContent)).toEqual([ - `${outputCommand} failed`, - `${outputCommand} failed`, + `${outputCommand} failedThe following errors were encountered:An unknown error occurred`, + `${outputCommand} failedThe following errors were encountered:An unknown error occurred`, ]); expect( renderResult.getAllByTestId(`${testPrefix}-column-status`).map((n) => n.textContent) @@ -1053,7 +1112,7 @@ describe('Response actions history', () => { ); it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)( - 'shows Failed status badge for expired %s actions', + 'shows Failed status badge for expired %s action', async (command) => { useGetEndpointActionListMock.mockReturnValue({ ...getBaseMockedActionList(), @@ -1097,6 +1156,339 @@ describe('Response actions history', () => { }); }); + describe('Action Outputs', () => { + beforeEach(() => { + apiMocks = responseActionsHttpMocks(mockedContext.coreStart.http); + }); + + const expandRows = () => { + const { getAllByTestId } = renderResult; + + const expandButtons = getAllByTestId(`${testPrefix}-expand-button`); + expandButtons.map((button) => userEvent.click(button)); + return getAllByTestId(`${testPrefix}-details-tray-output`); + }; + + describe('Single agents', () => { + it('should show hostname as - when no hostname is available', async () => { + const data = await getActionListMock({ + agentIds: ['agent-a'], + hosts: { 'agent-a': { name: '' } }, + actionCount: 1, + commands: ['isolate'], + wasSuccessful: true, + status: 'failed', + errors: [], + agentState: { + 'agent-a': { + errors: [], + wasSuccessful: true, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + } as unknown as Pick<ActionDetails, 'agentState'>, + outputs: {}, + }); + + useGetEndpointActionListMock.mockReturnValue({ + ...getBaseMockedActionList(), + data, + }); + render(); + + const { getAllByTestId, getByTestId } = renderResult; + const expandButtons = getAllByTestId(`${testPrefix}-expand-button`); + expandButtons.map((button) => userEvent.click(button)); + + const hostnameInfo = getByTestId(`${testPrefix}-action-details-info-Hostname`); + expect(hostnameInfo.textContent).toEqual('—'); + }); + + describe('with `outputs` and `errors`', () => { + it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)( + 'shows failed outputs and errors for %s action', + async (command) => { + const data = await getActionListMock({ + agentIds: ['agent-a'], + actionCount: 1, + commands: [command], + wasSuccessful: false, + status: 'failed', + errors: ['Error here!'], + agentState: { + 'agent-a': { + errors: ['Error here!'], + wasSuccessful: false, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + } as unknown as Pick<ActionDetails, 'agentState'>, + // just adding three commands for tests with respective error response codes + outputs: ['get-file', 'scan'].includes(command) + ? ({ + 'agent-a': { + type: 'json', + content: { + code: + command === 'get-file' + ? 'ra_get-file_error_not-found' + : command === 'scan' + ? 'ra_scan_error_scan_invalid-input' + : 'non_existing_code_for_test', + }, + }, + } as Pick<ActionDetails, 'outputs'>) + : undefined, + }); + + useGetEndpointActionListMock.mockReturnValue({ + ...getBaseMockedActionList(), + data, + }); + render(); + + const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command]; + const outputs = expandRows(); + if (command === 'get-file') { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following errors were encountered:The file specified was not found | Error here!`, + ]); + } else if (command === 'scan') { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following errors were encountered:Invalid absolute file path provided | Error here!`, + ]); + } else { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following error was encountered:Error here!`, + ]); + } + } + ); + }); + + describe('with `errors`', () => { + it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)( + 'shows failed errors for %s action when no outputs', + async (command) => { + useGetEndpointActionListMock.mockReturnValue({ + ...getBaseMockedActionList(), + data: await getActionListMock({ + agentIds: ['agent-a'], + actionCount: 1, + commands: [command], + wasSuccessful: false, + status: 'failed', + errors: ['Error message w/o output'], + outputs: undefined, + agentState: { + 'agent-a': { + errors: ['Error message w/o output'], + wasSuccessful: false, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + } as unknown as Pick<ActionDetails, 'agentState'>, + }), + }); + render(); + + const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command]; + const outputs = expandRows(); + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following error was encountered:Error message w/o output`, + ]); + } + ); + }); + }); + + describe('Multiple agents', () => { + it('should show `—` concatenated hostnames when no hostname is available for an agent', async () => { + const data = await getActionListMock({ + agentIds: ['agent-a', 'agent-b'], + hosts: { + 'agent-a': { name: '' }, + 'agent-b': { name: 'Agent-B' }, + 'agent-c': { name: '' }, + }, + actionCount: 1, + commands: ['isolate'], + wasSuccessful: true, + status: 'failed', + errors: [''], + agentState: { + 'agent-a': { + errors: [''], + wasSuccessful: true, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + 'agent-b': { + errors: [''], + wasSuccessful: false, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + 'agent-c': { + errors: [''], + isExpired: true, + wasSuccessful: false, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + } as unknown as Pick<ActionDetails, 'agentState'>, + outputs: {}, + }); + + useGetEndpointActionListMock.mockReturnValue({ + ...getBaseMockedActionList(), + data, + }); + render(); + + const { getAllByTestId } = renderResult; + const expandButtons = getAllByTestId(`${testPrefix}-expand-button`); + expandButtons.map((button) => userEvent.click(button)); + + const hostnameInfo = getAllByTestId(`${testPrefix}-action-details-info-Hostname`); + expect(hostnameInfo.map((element) => element.textContent)).toEqual(['—, Agent-B, —']); + }); + + describe('with `outputs` and `errors`', () => { + it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)( + 'shows failed outputs and errors for %s action on multiple agents', + async (command) => { + const data = await getActionListMock({ + agentIds: ['agent-a', 'agent-b'], + hosts: { 'agent-a': { name: 'Host-agent-a' }, 'agent-b': { name: 'Host-agent-b' } }, + actionCount: 1, + commands: [command], + wasSuccessful: false, + status: 'failed', + errors: ['Error with agent-a!', 'Error with agent-b!'], + agentState: { + 'agent-a': { + errors: ['Error with agent-a!'], + wasSuccessful: false, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + 'agent-b': { + errors: ['Error with agent-b!'], + wasSuccessful: false, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + } as unknown as Pick<ActionDetails, 'agentState'>, + outputs: { + 'agent-a': { + type: 'json', + content: { + code: + command === 'get-file' + ? 'ra_get-file_error_not-found' + : command === 'scan' + ? 'ra_scan_error_scan_invalid-input' + : 'non_existing_code_for_test', + content: undefined, + }, + }, + 'agent-b': { + type: 'json', + content: { + code: + command === 'get-file' + ? 'ra_get-file_error_invalid-input' + : command === 'scan' + ? 'ra_scan_error_scan_invalid-input' + : 'non_existing_code_for_test', + content: undefined, + }, + }, + } as Pick<ActionDetails, 'outputs'>, + }); + + useGetEndpointActionListMock.mockReturnValue({ + ...getBaseMockedActionList(), + data, + }); + render(); + + const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command]; + const outputs = expandRows(); + if (command === 'get-file') { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: The file specified was not found | Error with agent-a!Host: Host-agent-bErrors: The path defined is not valid | Error with agent-b!`, + ]); + } else if (command === 'scan') { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Invalid absolute file path provided | Error with agent-a!Host: Host-agent-bErrors: Invalid absolute file path provided | Error with agent-b!`, + ]); + } else { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Error with agent-a!Host: Host-agent-bErrors: Error with agent-b!`, + ]); + } + } + ); + }); + + describe('with `errors`', () => { + it.each(RESPONSE_ACTION_API_COMMANDS_NAMES)( + 'shows failed errors for %s action on multiple agents', + async (command) => { + const data = await getActionListMock({ + agentIds: ['agent-a', 'agent-b'], + hosts: { 'agent-a': { name: 'Host-agent-a' }, 'agent-b': { name: 'Host-agent-b' } }, + actionCount: 1, + commands: [command], + wasSuccessful: false, + status: 'failed', + errors: ['Error with agent-a!', 'Error with agent-b!'], + agentState: { + 'agent-a': { + errors: ['Error with agent-a!'], + wasSuccessful: false, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + 'agent-b': { + errors: ['Error with agent-b!'], + wasSuccessful: false, + isCompleted: true, + completedAt: '2023-05-10T20:09:25.824Z', + }, + } as unknown as Pick<ActionDetails, 'agentState'>, + outputs: {}, + }); + + useGetEndpointActionListMock.mockReturnValue({ + ...getBaseMockedActionList(), + data, + }); + render(); + + const outputCommand = RESPONSE_ACTION_API_COMMAND_TO_CONSOLE_COMMAND_MAP[command]; + const outputs = expandRows(); + if (command === 'get-file') { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Error with agent-a!Host: Host-agent-bErrors: Error with agent-b!`, + ]); + } else if (command === 'scan') { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Error with agent-a!Host: Host-agent-bErrors: Error with agent-b!`, + ]); + } else { + expect(outputs.map((n) => n.textContent)).toEqual([ + `${outputCommand} failedThe following errors were encountered:Host: Host-agent-aErrors: Error with agent-a!Host: Host-agent-bErrors: Error with agent-b!`, + ]); + } + } + ); + }); + }); + }); + describe('Actions filter', () => { const filterPrefix = 'actions-filter'; @@ -1435,7 +1827,7 @@ describe('Response actions history', () => { }); }); - describe('Types filter', () => { + describe('Types filter', () => { const filterPrefix = 'types-filter'; it('should show a list of action types when opened', () => { render(); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/mocks.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/mocks.tsx index e98b009f686a4..5f90b08ba71b9 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/mocks.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/mocks.tsx @@ -6,7 +6,7 @@ */ import { v4 as uuidv4 } from 'uuid'; -import type { ActionListApiResponse } from '../../../../common/endpoint/types'; +import type { ActionDetails, ActionListApiResponse } from '../../../../common/endpoint/types'; import type { ResponseActionAgentType, ResponseActionsApiCommandNames, @@ -17,6 +17,8 @@ import { EndpointActionGenerator } from '../../../../common/endpoint/data_genera export const getActionListMock = async ({ agentTypes = ['endpoint'] as ResponseActionAgentType[], agentIds: _agentIds, + hosts, + agentState, commands, actionCount = 0, endDate, @@ -27,10 +29,14 @@ export const getActionListMock = async ({ isCompleted = true, isExpired = false, wasSuccessful = true, + errors, status = 'successful', + outputs = {}, }: { agentTypes?: ResponseActionAgentType[]; + agentState?: Pick<ActionDetails, 'agentState'>; agentIds?: string[]; + hosts?: Record<string, { name: string }>; commands?: string[]; actionCount?: number; endDate?: string; @@ -41,65 +47,36 @@ export const getActionListMock = async ({ isCompleted?: boolean; isExpired?: boolean; wasSuccessful?: boolean; + errors?: string[]; status?: ResponseActionStatus; + outputs?: Pick<ActionDetails, 'outputs'>; }): Promise<ActionListApiResponse> => { const endpointActionGenerator = new EndpointActionGenerator('seed'); const agentIds = _agentIds ?? [uuidv4()]; - const data: ActionListApiResponse['data'] = agentIds.map((id) => { - const actionIds = Array(actionCount) - .fill(1) - .map(() => uuidv4()); + const actionIds = Array(actionCount) + .fill(1) + .map(() => uuidv4()); - const actionDetails: ActionListApiResponse['data'] = actionIds.map((actionId) => { - const command = (commands?.[0] ?? 'isolate') as ResponseActionsApiCommandNames; - return endpointActionGenerator.generateActionDetails({ - agents: [id], - command, - id: actionId, - isCompleted, - isExpired, - wasSuccessful, - status, - completedAt: isExpired ? undefined : new Date().toISOString(), - hosts: { - ...(command === 'upload' - ? { - [id]: { name: 'host name' }, - } - : {}), - }, - agentState: { - ...(command === 'upload' - ? { - [id]: { - errors: undefined, - wasSuccessful: true, - isCompleted: true, - completedAt: '2023-05-10T20:09:25.824Z', - }, - } - : {}), - }, - outputs: { - ...(command === 'upload' - ? { - [id]: { - type: 'json', - content: { - code: 'ra_upload_file-success', - path: 'some/path/to/file', - disk_free_space: 123445, - }, - }, - } - : {}), - }, - }); - }); - return actionDetails; - })[0]; + const actionDetails: ActionListApiResponse['data'] = actionIds.map((actionId) => { + const command = (commands?.[0] ?? 'isolate') as ResponseActionsApiCommandNames; + const actionDetailsOverrides = { + agents: agentIds, + hosts, + command, + id: actionId, + isCompleted, + isExpired, + wasSuccessful, + status, + completedAt: isExpired ? undefined : new Date().toISOString(), + agentState, + errors, + outputs, + }; + return endpointActionGenerator.generateActionDetails(actionDetailsOverrides); + }); return { page, @@ -109,9 +86,9 @@ export const getActionListMock = async ({ agentTypes, elasticAgentIds: agentIds, commands, - data, + data: actionDetails, userIds, statuses: undefined, - total: data.length ?? 0, + total: actionDetails.length ?? 0, }; }; diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.test.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.test.tsx index 567f243cbbf61..726bcfd8daa00 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.test.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.test.tsx @@ -101,7 +101,7 @@ describe('Endpoint Upload Action Result component', () => { expect(getByTestId('test')).toHaveTextContent('Action pending.'); }); - it('should show error for agent responses that failed', () => { + it('should show error for agent responses that failed when multi-agent action', () => { addAgentToAction(); // Set the second agent to be at error action.agentState['agent-b'].wasSuccessful = false; @@ -112,7 +112,7 @@ describe('Endpoint Upload Action Result component', () => { expect(getByTestId('test')).toHaveTextContent( 'Host: Host-agent-aFile saved to: /path/to/uploaded/fileFree disk space on drive: 1.18MB' + - 'Host: agent-bThe following error was encountered:some error here' + 'Host: agent-bThe following error was encountered:Host: agent-bErrors: some error here' ); }); }); diff --git a/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.tsx b/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.tsx index ee219ff5652e8..7f2f7111cbb37 100644 --- a/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.tsx +++ b/x-pack/plugins/security_solution/public/management/components/endpoint_upload_action_result/endpoint_upload_action_result.tsx @@ -12,7 +12,6 @@ import type { EuiTextProps } from '@elastic/eui'; import { EuiSpacer, EuiText } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import numeral from '@elastic/numeral'; -import { css } from '@emotion/react'; import { EndpointActionFailureMessage } from '../endpoint_action_failure_message'; import type { ActionDetails, @@ -23,6 +22,7 @@ import type { MaybeImmutable, } from '../../../../common/endpoint/types'; import { useTestIdGenerator } from '../../hooks/use_test_id_generator'; +import { KeyValueDisplay } from '../key_value_display'; const LABELS = Object.freeze<Record<string, string>>({ path: i18n.translate('xpack.securitySolution.endpointUploadActionResult.savedTo', { @@ -165,28 +165,6 @@ export const EndpointUploadActionResult = memo<EndpointUploadActionResultProps>( ); EndpointUploadActionResult.displayName = 'EndpointUploadActionResult'; -export interface KeyValueDisplayProps { - name: string; - value: string; -} -const KeyValueDisplay = memo<KeyValueDisplayProps>(({ name, value }) => { - return ( - <div - className="eui-textBreakWord" - css={css` - white-space: pre-wrap; - `} - > - <strong> - {name} - {': '} - </strong> - {value} - </div> - ); -}); -KeyValueDisplay.displayName = 'KeyValueDisplay'; - type HostUploadResultProps = PropsWithChildren<{ name?: string; 'data-test-subj'?: string; diff --git a/x-pack/plugins/security_solution/public/management/components/key_value_display/index.tsx b/x-pack/plugins/security_solution/public/management/components/key_value_display/index.tsx new file mode 100644 index 0000000000000..52629da6861b4 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/key_value_display/index.tsx @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { KeyValueDisplay } from './key_value_display'; diff --git a/x-pack/plugins/security_solution/public/management/components/key_value_display/key_value_display.tsx b/x-pack/plugins/security_solution/public/management/components/key_value_display/key_value_display.tsx new file mode 100644 index 0000000000000..59d7a26e97580 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/components/key_value_display/key_value_display.tsx @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo } from 'react'; +import { css } from '@emotion/react'; + +export interface KeyValueDisplayProps { + name: string; + value: string; +} +export const KeyValueDisplay = memo<KeyValueDisplayProps>(({ name, value }) => { + return ( + <div + className="eui-textBreakWord" + css={css` + white-space: pre-wrap; + `} + > + <strong> + {name} + {': '} + </strong> + {value} + </div> + ); +}); +KeyValueDisplay.displayName = 'KeyValueDisplay'; diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts index 20bfa44d0f8f9..3def00d1fc905 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts @@ -20,7 +20,10 @@ import { createEndpointHost } from '../../tasks/create_endpoint_host'; import { deleteAllLoadedEndpointData } from '../../tasks/delete_all_endpoint_data'; import { enableAllPolicyProtections } from '../../tasks/endpoint_policy'; -describe( +// 8.15.0 +// TODO: Re-enable when action requests history can be filtered by alert ids +// security-team issue #9822 +describe.skip( 'Automated Response Actions', { tags: ['@ess', '@serverless'], @@ -100,7 +103,7 @@ describe( closeAllToasts(); changeAlertsFilter(`process.name: "agentbeat" and agent.id: "${createdHost.agentId}"`); - cy.getByTestSubj('expand-event').eq(0).click(); + cy.getByTestSubj('expand-event').first().click(); cy.getByTestSubj('securitySolutionFlyoutNavigationExpandDetailButton').click(); cy.getByTestSubj('securitySolutionFlyoutResponseTab').click(); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts index 59c6916f23fff..ba105aa8cbc0a 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/response_actions/response_console/scan.cy.ts @@ -10,7 +10,6 @@ import { inputConsoleCommand, openResponseConsoleFromEndpointList, submitCommand, - // waitForCommandToBeExecuted, waitForEndpointListPageToBeLoaded, } from '../../../tasks/response_console'; import type { IndexedFleetEndpointPolicyResponse } from '../../../../../../common/endpoint/data_loaders/index_fleet_endpoint_policy'; @@ -80,22 +79,40 @@ describe( } }); - it('"scan --path" - should scan a folder', () => { - waitForEndpointListPageToBeLoaded(createdHost.hostname); - cy.task('createFileOnEndpoint', { - hostname: createdHost.hostname, - path: filePath, - content: fileContent, + [ + ['file', filePath], + ['folder', homeFilePath], + ].forEach(([type, path]) => { + it(`"scan --path" - should scan a ${type}`, () => { + waitForEndpointListPageToBeLoaded(createdHost.hostname); + cy.task('createFileOnEndpoint', { + hostname: createdHost.hostname, + path: filePath, + content: fileContent, + }); + + cy.intercept('api/endpoint/action/scan').as('scanAction'); + openResponseConsoleFromEndpointList(); + inputConsoleCommand(`scan --path ${path}`); + submitCommand(); + cy.wait('@scanAction', { timeout: 60000 }); + + cy.contains('Scan complete').click(); }); + }); + + it('"scan --path" - should scan a folder and report errors', () => { + waitForEndpointListPageToBeLoaded(createdHost.hostname); - // initiate get file action and wait for the API to complete cy.intercept('api/endpoint/action/scan').as('scanAction'); openResponseConsoleFromEndpointList(); - inputConsoleCommand(`scan --path ${homeFilePath}`); + inputConsoleCommand(`scan --path ${homeFilePath}/non_existent_folder`); submitCommand(); cy.wait('@scanAction', { timeout: 60000 }); - cy.contains('Scan complete').click(); + cy.getByTestSubj('scan-actionFailure') + .should('exist') + .contains('File path or folder was not found (404)'); }); }); } diff --git a/x-pack/plugins/security_solution/public/management/cypress/support/response_actions.ts b/x-pack/plugins/security_solution/public/management/cypress/support/response_actions.ts index d0d9befddd6a1..1f4619695978d 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/support/response_actions.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/support/response_actions.ts @@ -54,7 +54,8 @@ export const responseActionTasks = ( data: tamperedDataString, }, }; - return updateActionDoc(esClient, newActionDoc._id, tamperedDoc); + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + return updateActionDoc(esClient, newActionDoc._id!, tamperedDoc); }, }); }; diff --git a/x-pack/plugins/security_solution/public/management/hooks/agents/__mocks__/use_get_agent_status.ts b/x-pack/plugins/security_solution/public/management/hooks/agents/__mocks__/use_get_agent_status.ts new file mode 100644 index 0000000000000..02190ff13ef09 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/hooks/agents/__mocks__/use_get_agent_status.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { agentStatusMocks } from '../../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks'; +import type { ResponseActionAgentType } from '../../../../../common/endpoint/service/response_actions/constants'; +import type { AgentStatusRecords } from '../../../../../common/endpoint/types'; + +const useGetAgentStatusMock = jest.fn( + (agentIds: string[] | string, agentType: ResponseActionAgentType) => { + const agentsIdList = Array.isArray(agentIds) ? agentIds : [agentIds]; + + return { + data: agentsIdList.reduce<AgentStatusRecords>((acc, agentId) => { + acc[agentId] = agentStatusMocks.generateAgentStatus({ agentType, agentId }); + + return acc; + }, {}), + isLoading: false, + isFetched: true, + isFetching: false, + }; + } +); + +export { useGetAgentStatusMock as useGetAgentStatus }; diff --git a/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.test.ts b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.test.ts new file mode 100644 index 0000000000000..300fd11a700a3 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.test.ts @@ -0,0 +1,90 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { AppContextTestRender } from '../../../common/mock/endpoint'; +import { createAppRootMockRenderer } from '../../../common/mock/endpoint'; +import { useGetAgentStatus } from './use_get_agent_status'; +import { agentStatusGetHttpMock } from '../../mocks'; +import { AGENT_STATUS_ROUTE } from '../../../../common/endpoint/constants'; +import type { RenderHookResult } from '@testing-library/react-hooks/src/types'; + +describe('useGetAgentStatus hook', () => { + let httpMock: AppContextTestRender['coreStart']['http']; + let agentIdsProp: Parameters<typeof useGetAgentStatus>[0]; + let optionsProp: Parameters<typeof useGetAgentStatus>[2]; + let apiMock: ReturnType<typeof agentStatusGetHttpMock>; + let renderHook: () => RenderHookResult<unknown, ReturnType<typeof useGetAgentStatus>>; + + beforeEach(() => { + const appTestContext = createAppRootMockRenderer(); + + httpMock = appTestContext.coreStart.http; + apiMock = agentStatusGetHttpMock(httpMock); + renderHook = () => { + return appTestContext.renderHook<unknown, ReturnType<typeof useGetAgentStatus>>(() => + useGetAgentStatus(agentIdsProp, 'endpoint', optionsProp) + ); + }; + agentIdsProp = '1-2-3'; + optionsProp = undefined; + }); + + it('should accept a single agent id (string)', () => { + renderHook(); + + expect(httpMock.get).toHaveBeenCalledWith(AGENT_STATUS_ROUTE, { + query: { agentIds: ['1-2-3'], agentType: 'endpoint' }, + version: '1', + }); + }); + + it('should accept multiple agent ids (array)', () => { + agentIdsProp = ['1', '2', '3']; + renderHook(); + + expect(httpMock.get).toHaveBeenCalledWith(AGENT_STATUS_ROUTE, { + query: { agentIds: ['1', '2', '3'], agentType: 'endpoint' }, + version: '1', + }); + }); + + it('should only use agentIds that are not empty strings', () => { + agentIdsProp = ['', '1', '']; + renderHook(); + + expect(httpMock.get).toHaveBeenCalledWith(AGENT_STATUS_ROUTE, { + query: { agentIds: ['1'], agentType: 'endpoint' }, + version: '1', + }); + }); + + it('should return expected data', async () => { + const { result, waitForValueToChange } = renderHook(); + await waitForValueToChange(() => result.current); + + expect(result.current.data).toEqual({ + '1-2-3': { + agentId: '1-2-3', + agentType: 'endpoint', + found: true, + isolated: false, + lastSeen: expect.any(String), + pendingActions: {}, + status: 'healthy', + }, + }); + }); + + it('should NOT call agent status api if list of agent ids is empty', async () => { + agentIdsProp = ['', ' ']; + const { result, waitForValueToChange } = renderHook(); + await waitForValueToChange(() => result.current); + + expect(result.current.data).toEqual({}); + expect(apiMock.responseProvider.getAgentStatus).not.toHaveBeenCalled(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.ts b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.ts new file mode 100644 index 0000000000000..4d45c95fbba79 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.ts @@ -0,0 +1,61 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SentinelOneGetAgentsResponse } from '@kbn/stack-connectors-plugin/common/sentinelone/types'; +import type { UseQueryOptions, UseQueryResult } from '@tanstack/react-query'; +import { useQuery } from '@tanstack/react-query'; +import type { IHttpFetchError } from '@kbn/core-http-browser'; +import type { ActionTypeExecutorResult } from '@kbn/actions-plugin/common'; +import type { ResponseActionAgentType } from '../../../../common/endpoint/service/response_actions/constants'; +import { DEFAULT_POLL_INTERVAL } from '../../common/constants'; +import { AGENT_STATUS_ROUTE } from '../../../../common/endpoint/constants'; +import type { AgentStatusRecords, AgentStatusApiResponse } from '../../../../common/endpoint/types'; +import { useHttp } from '../../../common/lib/kibana'; + +interface ErrorType { + statusCode: number; + message: string; + meta: ActionTypeExecutorResult<SentinelOneGetAgentsResponse>; +} + +/** + * Retrieve the status of a supported host's agent type + * @param agentIds + * @param agentType + * @param options + */ +export const useGetAgentStatus = ( + agentIds: string[] | string, + agentType: ResponseActionAgentType, + options: Omit<UseQueryOptions<AgentStatusRecords, IHttpFetchError<ErrorType>>, 'queryFn'> = {} +): UseQueryResult<AgentStatusRecords, IHttpFetchError<ErrorType>> => { + const http = useHttp(); + const agentIdList = (Array.isArray(agentIds) ? agentIds : [agentIds]).filter( + (agentId) => agentId.trim().length + ); + + return useQuery<AgentStatusRecords, IHttpFetchError<ErrorType>>({ + queryKey: ['get-agent-status', agentIdList], + refetchInterval: DEFAULT_POLL_INTERVAL, + ...options, + queryFn: () => { + if (agentIdList.length === 0) { + return {}; + } + + return http + .get<AgentStatusApiResponse>(AGENT_STATUS_ROUTE, { + version: '1', + query: { + agentIds: agentIdList, + agentType, + }, + }) + .then((response) => response.data); + }, + }); +}; diff --git a/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.tsx b/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.tsx deleted file mode 100644 index 5aa1d6b5f6b21..0000000000000 --- a/x-pack/plugins/security_solution/public/management/hooks/agents/use_get_agent_status.tsx +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SentinelOneGetAgentsResponse } from '@kbn/stack-connectors-plugin/common/sentinelone/types'; -import type { UseQueryOptions, UseQueryResult } from '@tanstack/react-query'; -import { useQuery } from '@tanstack/react-query'; -import type { IHttpFetchError } from '@kbn/core-http-browser'; -import type { ActionTypeExecutorResult } from '@kbn/actions-plugin/common'; -import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features'; -import { AGENT_STATUS_ROUTE } from '../../../../common/endpoint/constants'; -import type { AgentStatusInfo, AgentStatusRecords } from '../../../../common/endpoint/types'; -import { useHttp } from '../../../common/lib/kibana'; - -interface ErrorType { - statusCode: number; - message: string; - meta: ActionTypeExecutorResult<SentinelOneGetAgentsResponse>; -} - -// TODO: 8.15: Remove `useGetSentinelOneAgentStatus` function when `agentStatusClientEnabled` is enabled/removed -export const useGetSentinelOneAgentStatus = ( - agentIds: string[], - agentType?: string, - options: UseQueryOptions<AgentStatusInfo, IHttpFetchError<ErrorType>> = {} -): UseQueryResult<AgentStatusInfo, IHttpFetchError<ErrorType>> => { - const http = useHttp(); - - return useQuery<AgentStatusInfo, IHttpFetchError<ErrorType>>({ - queryKey: ['get-agent-status', agentIds], - refetchInterval: 5000, - ...options, - enabled: agentType === 'sentinel_one', - queryFn: () => - http - .get<{ data: AgentStatusInfo }>(AGENT_STATUS_ROUTE, { - version: '1', - query: { - agentIds, - // 8.13 sentinel_one support via internal API - agentType: agentType ? agentType : 'sentinel_one', - }, - }) - .then((response) => response.data), - }); -}; - -// 8.14, 8.15 used for fetching agent status -export const useGetAgentStatus = ( - agentIds: string[], - agentType: string, - options: UseQueryOptions<AgentStatusRecords, IHttpFetchError<ErrorType>> = {} -): UseQueryResult<AgentStatusRecords, IHttpFetchError<ErrorType>> => { - const http = useHttp(); - - return useQuery<AgentStatusRecords, IHttpFetchError<ErrorType>>({ - queryKey: ['get-agent-status', agentIds], - // TODO: remove this refetchInterval and instead override it where called, via options. - refetchInterval: 5000, - ...options, - queryFn: () => - http - .get<{ data: AgentStatusRecords }>(AGENT_STATUS_ROUTE, { - version: '1', - query: { - agentIds: agentIds.filter((agentId) => agentId.trim().length), - agentType, - }, - }) - .then((response) => response.data), - }); -}; - -export const useAgentStatusHook = (): - | typeof useGetAgentStatus - | typeof useGetSentinelOneAgentStatus => { - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); - // 8.15 use agent status client hook if `agentStatusClientEnabled` FF enabled - return !agentStatusClientEnabled ? useGetSentinelOneAgentStatus : useGetAgentStatus; -}; diff --git a/x-pack/plugins/security_solution/public/management/hooks/use_with_show_responder.tsx b/x-pack/plugins/security_solution/public/management/hooks/use_with_show_responder.tsx index b820e75dad97c..bd348c77fde3e 100644 --- a/x-pack/plugins/security_solution/public/management/hooks/use_with_show_responder.tsx +++ b/x-pack/plugins/security_solution/public/management/hooks/use_with_show_responder.tsx @@ -18,7 +18,6 @@ import { useUserPrivileges } from '../../common/components/user_privileges'; import { ActionLogButton, getEndpointConsoleCommands, - HeaderEndpointInfo, OfflineCallout, } from '../components/endpoint_responder'; import { useConsoleManager } from '../components/console'; @@ -54,7 +53,6 @@ export const useWithShowResponder = (): ShowResponseActionsConsole => { const responseActionsCrowdstrikeManualHostIsolationEnabled = useIsExperimentalFeatureEnabled( 'responseActionsCrowdstrikeManualHostIsolationEnabled' ); - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); return useCallback( (props: ResponderInfoProps) => { @@ -89,22 +87,14 @@ export const useWithShowResponder = (): ShowResponseActionsConsole => { 'data-test-subj': `${agentType}ResponseActionsConsole`, storagePrefix: 'xpack.securitySolution.Responder', TitleComponent: () => { - if (agentStatusClientEnabled || agentType !== 'endpoint') { - return ( - <AgentInfo - agentId={agentId} - agentType={agentType} - hostName={hostName} - platform={platform} - /> - ); - } - // TODO: 8.15 remove this if block when agentStatusClientEnabled is enabled/removed - if (agentType === 'endpoint') { - return <HeaderEndpointInfo endpointId={agentId} />; - } - - return null; + return ( + <AgentInfo + agentId={agentId} + agentType={agentType} + hostName={hostName} + platform={platform} + /> + ); }, }; @@ -157,7 +147,6 @@ export const useWithShowResponder = (): ShowResponseActionsConsole => { endpointPrivileges, isEnterpriseLicense, consoleManager, - agentStatusClientEnabled, ] ); }; diff --git a/x-pack/plugins/security_solution/public/management/links.ts b/x-pack/plugins/security_solution/public/management/links.ts index 21a5fc69ca1d9..06d47e2936115 100644 --- a/x-pack/plugins/security_solution/public/management/links.ts +++ b/x-pack/plugins/security_solution/public/management/links.ts @@ -233,7 +233,7 @@ export const links: LinkItem = { path: NOTES_MANAGEMENT_PATH, skipUrlState: true, hideTimeline: true, - experimentalKey: 'notesEnabled', + experimentalKey: 'securitySolutionNotesEnabled', }, ], }; diff --git a/x-pack/plugins/security_solution/public/management/mocks/agent_status_http_mocks.ts b/x-pack/plugins/security_solution/public/management/mocks/agent_status_http_mocks.ts new file mode 100644 index 0000000000000..94fe0623d26f2 --- /dev/null +++ b/x-pack/plugins/security_solution/public/management/mocks/agent_status_http_mocks.ts @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { HttpFetchOptionsWithPath } from '@kbn/core-http-browser'; +import type { Mutable } from 'utility-types'; +import { agentStatusMocks } from '../../../common/endpoint/service/response_actions/mocks/agent_status.mocks'; +import type { EndpointAgentStatusRequestQueryParams } from '../../../common/api/endpoint/agent/get_agent_status_route'; +import type { ResponseProvidersInterface } from '../../common/mock/endpoint'; +import { httpHandlerMockFactory } from '../../common/mock/endpoint/http_handler_mock_factory'; +import type { AgentStatusApiResponse, AgentStatusRecords } from '../../../common/endpoint/types'; +import { AGENT_STATUS_ROUTE } from '../../../common/endpoint/constants'; + +export type AgentStatusHttpMocksInterface = ResponseProvidersInterface<{ + getAgentStatus: (options: HttpFetchOptionsWithPath) => AgentStatusApiResponse; +}>; + +export const agentStatusGetHttpMock = httpHandlerMockFactory<AgentStatusHttpMocksInterface>([ + { + id: 'getAgentStatus', + method: 'get', + path: AGENT_STATUS_ROUTE, + handler: (options): AgentStatusApiResponse => { + const queryOptions = options.query as Mutable<EndpointAgentStatusRequestQueryParams>; + const agentType = queryOptions.agentType || 'endpoint'; + const agentIds = Array.isArray(queryOptions.agentIds) + ? queryOptions.agentIds + : [queryOptions.agentIds]; + + return { + data: agentIds.reduce<AgentStatusRecords>((acc, agentId) => { + acc[agentId] = agentStatusMocks.generateAgentStatus({ agentId, agentType }); + return acc; + }, {}), + }; + }, + }, +]); diff --git a/x-pack/plugins/security_solution/public/management/mocks/index.ts b/x-pack/plugins/security_solution/public/management/mocks/index.ts index 5368872e207af..6e5c9d72478f2 100644 --- a/x-pack/plugins/security_solution/public/management/mocks/index.ts +++ b/x-pack/plugins/security_solution/public/management/mocks/index.ts @@ -8,3 +8,4 @@ export * from './fleet_mocks'; export * from './trusted_apps_http_mocks'; export * from './exceptions_list_http_mocks'; +export * from './agent_status_http_mocks'; diff --git a/x-pack/plugins/security_solution/public/management/mocks/response_actions_http_mocks.ts b/x-pack/plugins/security_solution/public/management/mocks/response_actions_http_mocks.ts index 4ca4004ce89b1..256484f8d0e92 100644 --- a/x-pack/plugins/security_solution/public/management/mocks/response_actions_http_mocks.ts +++ b/x-pack/plugins/security_solution/public/management/mocks/response_actions_http_mocks.ts @@ -39,7 +39,7 @@ import type { ResponseActionGetFileParameters, ResponseActionScanOutputContent, ResponseActionsExecuteParameters, - ResponseActionsScanParameters, + ResponseActionScanParameters, ResponseActionUploadOutputContent, ResponseActionUploadParameters, } from '../../../common/endpoint/types'; @@ -263,12 +263,12 @@ export const responseActionsHttpMocks = httpHandlerMockFactory<ResponseActionsHt method: 'post', handler: (): ActionDetailsApiResponse< ResponseActionScanOutputContent, - ResponseActionsScanParameters + ResponseActionScanParameters > => { const generator = new EndpointActionGenerator('seed'); const response = generator.generateActionDetails< ResponseActionScanOutputContent, - ResponseActionsScanParameters + ResponseActionScanParameters >({ command: 'scan', }); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts index 5837578063526..01b9b3455dea9 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts @@ -141,10 +141,6 @@ export type EndpointIsolationRequestStateChange = Action<'endpointIsolationReque payload: EndpointState['isolationRequestState']; }; -export type EndpointPendingActionsStateChanged = Action<'endpointPendingActionsStateChanged'> & { - payload: EndpointState['endpointPendingActions']; -}; - export type LoadMetadataTransformStats = Action<'loadMetadataTransformStats'>; export type MetadataTransformStatsChanged = Action<'metadataTransformStatsChanged'> & { @@ -173,7 +169,6 @@ export type EndpointAction = | ServerFailedToReturnEndpointsTotal | EndpointIsolationRequest | EndpointIsolationRequestStateChange - | EndpointPendingActionsStateChanged | LoadMetadataTransformStats | MetadataTransformStatsChanged | ServerFinishedInitialization; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts index fe8255960dea4..a47590023dbc3 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/builders.ts @@ -11,7 +11,7 @@ import { } from '../../../../../common/endpoint/constants'; import type { Immutable } from '../../../../../common/endpoint/types'; import { DEFAULT_POLL_INTERVAL } from '../../../common/constants'; -import { createLoadedResourceState, createUninitialisedResourceState } from '../../../state'; +import { createUninitialisedResourceState } from '../../../state'; import type { EndpointState } from '../types'; export const initialEndpointPageState = (): Immutable<EndpointState> => { @@ -41,7 +41,6 @@ export const initialEndpointPageState = (): Immutable<EndpointState> => { endpointsTotal: 0, endpointsTotalError: undefined, isolationRequestState: createUninitialisedResourceState(), - endpointPendingActions: createLoadedResourceState(new Map()), metadataTransformStats: createUninitialisedResourceState(), isInitialized: false, }; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts index dd81b3d2759a3..ea2e82ac864e1 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts @@ -72,10 +72,6 @@ describe('EndpointList store concerns', () => { isolationRequestState: { type: 'UninitialisedResourceState', }, - endpointPendingActions: { - data: new Map(), - type: 'LoadedResourceState', - }, metadataTransformStats: createUninitialisedResourceState(), }); }); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts index 763bc15dace43..a737ccd77884c 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.test.ts @@ -138,7 +138,6 @@ describe('endpoint list middleware', () => { await Promise.all([ waitForAction('serverReturnedEndpointList'), - waitForAction('endpointPendingActionsStateChanged'), waitForAction('serverReturnedMetadataPatterns'), waitForAction('serverCancelledPolicyItemsLoading'), waitForAction('serverReturnedEndpointExistValue'), @@ -236,42 +235,6 @@ describe('endpoint list middleware', () => { }); }); - describe('handle Endpoint Pending Actions state actions', () => { - let mockedApis: ReturnType<typeof endpointPageHttpMock>; - - beforeEach(() => { - mockedApis = endpointPageHttpMock(fakeHttpServices); - }); - - it('should include all agents ids from the list when calling API', async () => { - const loadingPendingActions = waitForAction('endpointPendingActionsStateChanged', { - validate: (action) => isLoadedResourceState(action.payload), - }); - - dispatchUserChangedUrlToEndpointList(); - await loadingPendingActions; - - expect(mockedApis.responseProvider.pendingActions).toHaveBeenCalledWith({ - path: expect.any(String), - version: '2023-10-31', - query: { - agent_ids: [ - '0dc3661d-6e67-46b0-af39-6f12b025fcb0', - 'fe16dda9-7f34-434c-9824-b4844880f410', - 'f412728b-929c-48d5-bdb6-5a1298e3e607', - 'd0405ddc-1e7c-48f0-93d7-d55f954bd745', - '46d78dd2-aedf-4d3f-b3a9-da445f1fd25f', - '5aafa558-26b8-4bb4-80e2-ac0644d77a3f', - 'edac2c58-1748-40c3-853c-8fab48c333d7', - '06b7223a-bb2a-428a-9021-f1c0d2267ada', - 'b8daa43b-7f73-4684-9221-dbc8b769405e', - 'fbc06310-7d41-46b8-a5ea-ceed8a993b1a', - ], - }, - }); - }); - }); - describe('handles metadata transform stats actions', () => { const dispatchLoadTransformStats = () => { dispatch({ diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts index 215a789a8b4ed..fce262052220e 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts @@ -30,7 +30,6 @@ import type { ResponseActionApiResponse, } from '../../../../../common/endpoint/types'; import { isolateHost, unIsolateHost } from '../../../../common/lib/endpoint/endpoint_isolation'; -import { fetchPendingActionsByAgentId } from '../../../../common/lib/endpoint/endpoint_pending_actions'; import type { ImmutableMiddlewareAPI, ImmutableMiddlewareFactory } from '../../../../common/store'; import type { AppAction } from '../../../../common/store/actions'; import { sendGetEndpointSpecificPackagePolicies } from '../../../services/policies/policies'; @@ -45,13 +44,7 @@ import { sendGetEndpointSecurityPackage, } from '../../../services/policies/ingest'; import type { GetPolicyListResponse } from '../../policy/types'; -import type { - AgentIdsPendingActions, - EndpointState, - PolicyIds, - TransformStats, - TransformStatsResponse, -} from '../types'; +import type { EndpointState, PolicyIds, TransformStats, TransformStatsResponse } from '../types'; import type { EndpointPackageInfoStateChanged } from './action'; import { endpointPackageInfo, @@ -62,7 +55,6 @@ import { getMetadataTransformStats, isMetadataTransformStatsLoading, isOnEndpointPage, - listData, nonExistingPolicies, patterns, searchBarQuery, @@ -301,47 +293,6 @@ async function getEndpointPackageInfo( } } -/** - * retrieves the Endpoint pending actions for all the existing endpoints being displayed on the list - * or the details tab. - * - * @param store - */ -const loadEndpointsPendingActions = async ({ - getState, - dispatch, -}: EndpointPageStore): Promise<void> => { - const state = getState(); - const listEndpoints = listData(state); - const agentsIds = new Set<string>(); - - for (const endpointInfo of listEndpoints) { - agentsIds.add(endpointInfo.metadata.elastic.agent.id); - } - - if (agentsIds.size === 0) { - return; - } - - try { - const { data: pendingActions } = await fetchPendingActionsByAgentId(Array.from(agentsIds)); - const agentIdToPendingActions: AgentIdsPendingActions = new Map(); - - for (const pendingAction of pendingActions) { - agentIdToPendingActions.set(pendingAction.agent_id, pendingAction.pending_actions); - } - - dispatch({ - type: 'endpointPendingActionsStateChanged', - payload: createLoadedResourceState(agentIdToPendingActions), - }); - } catch (error) { - // TODO should handle the error instead of logging it to the browser - // Also this is an anti-pattern we shouldn't use - logError(error); - } -}; - async function endpointListMiddleware({ store, coreStart, @@ -380,8 +331,6 @@ async function endpointListMiddleware({ payload: endpointResponse, }); - loadEndpointsPendingActions(store); - dispatchIngestPolicies({ http: coreStart.http, hosts: endpointResponse.data, store }); } catch (error) { dispatch({ diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts index dab1961ac0e8e..806f66654ca6d 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts @@ -5,11 +5,7 @@ * 2.0. */ -import type { - EndpointPackageInfoStateChanged, - EndpointPendingActionsStateChanged, - MetadataTransformStatsChanged, -} from './action'; +import type { EndpointPackageInfoStateChanged, MetadataTransformStatsChanged } from './action'; import { getCurrentIsolationRequestState, hasSelectedEndpoint, @@ -29,19 +25,6 @@ type CaseReducer<T extends AppAction> = ( action: Immutable<T> ) => Immutable<EndpointState>; -const handleEndpointPendingActionsStateChanged: CaseReducer<EndpointPendingActionsStateChanged> = ( - state, - action -) => { - if (isOnEndpointPage(state)) { - return { - ...state, - endpointPendingActions: action.payload, - }; - } - return state; -}; - const handleEndpointPackageInfoStateChanged: CaseReducer<EndpointPackageInfoStateChanged> = ( state, action @@ -109,8 +92,6 @@ export const endpointListReducer: StateReducer = (state = initialEndpointPageSta ...state, patternsError: action.payload, }; - } else if (action.type === 'endpointPendingActionsStateChanged') { - return handleEndpointPendingActionsStateChanged(state, action); } else if (action.type === 'serverReturnedPoliciesForOnboarding') { return { ...state, diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts index 612c7f770dffa..bd8cff1495be9 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts @@ -11,11 +11,7 @@ import { createSelector } from 'reselect'; import { matchPath } from 'react-router-dom'; import { decode } from '@kbn/rison'; import type { Query } from '@kbn/es-query'; -import type { - EndpointPendingActions, - EndpointSortableField, - Immutable, -} from '../../../../../common/endpoint/types'; +import type { EndpointSortableField, Immutable } from '../../../../../common/endpoint/types'; import type { EndpointIndexUIQueryParams, EndpointState } from '../types'; import { extractListPaginationParams } from '../../../common/routing'; import { @@ -31,7 +27,6 @@ import { } from '../../../state'; import type { ServerApiError } from '../../../../common/types'; -import { EndpointDetailsTabsTypes } from '../view/details/components/endpoint_details_tabs'; export const listData = (state: Immutable<EndpointState>) => state.hosts; @@ -234,17 +229,6 @@ export const getIsolationRequestError: ( } }); -export const getIsOnEndpointDetailsActivityLog: (state: Immutable<EndpointState>) => boolean = - createSelector(uiQueryParams, (searchParams) => { - return searchParams.show === EndpointDetailsTabsTypes.activityLog; - }); - -export const getEndpointPendingActionsState = ( - state: Immutable<EndpointState> -): Immutable<EndpointState['endpointPendingActions']> => { - return state.endpointPendingActions; -}; - export const getMetadataTransformStats = (state: Immutable<EndpointState>) => state.metadataTransformStats; @@ -253,24 +237,3 @@ export const metadataTransformStats = (state: Immutable<EndpointState>) => export const isMetadataTransformStatsLoading = (state: Immutable<EndpointState>) => isLoadingResourceState(state.metadataTransformStats); - -/** - * Returns a function (callback) that can be used to retrieve the list of pending actions against - * an endpoint currently displayed in the endpoint list - */ -export const getEndpointPendingActionsCallback: ( - state: Immutable<EndpointState> -) => (endpointId: string) => EndpointPendingActions['pending_actions'] = createSelector( - getEndpointPendingActionsState, - (pendingActionsState) => { - return (endpointId: string) => { - let response: EndpointPendingActions['pending_actions'] = {}; - - if (isLoadedResourceState(pendingActionsState)) { - response = pendingActionsState.data.get(endpointId) ?? {}; - } - - return response; - }; - } -); diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts index dddccede82536..37e01860d262a 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts @@ -71,12 +71,6 @@ export interface EndpointState { endpointsTotalError?: ServerApiError; /** Host isolation request state for a single endpoint */ isolationRequestState: AsyncResourceState<ResponseActionApiResponse>; - /** - * Holds a map of `agentId` to `EndpointPendingActions` that is used by both the list and details view - * Getting pending endpoint actions is "supplemental" data, so there is no need to show other Async - * states other than Loaded - */ - endpointPendingActions: AsyncResourceState<AgentIdsPendingActions>; // Metadata transform stats to checking transform state metadataTransformStats: AsyncResourceState<TransformStats[]>; isInitialized: boolean; diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details_content.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details_content.tsx index 3832eae088ef6..454b85ad32238 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details_content.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/endpoint_details_content.tsx @@ -17,18 +17,10 @@ import { import React, { memo, useMemo } from 'react'; import { FormattedMessage } from '@kbn/i18n-react'; import { isPolicyOutOfDate } from '../../utils'; -import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features'; -import { - AgentStatus, - EndpointAgentStatus, -} from '../../../../../common/components/endpoint/agents/agent_status'; +import { AgentStatus } from '../../../../../common/components/endpoint/agents/agent_status'; import type { HostInfo } from '../../../../../../common/endpoint/types'; import { useEndpointSelector } from '../hooks'; -import { - getEndpointPendingActionsCallback, - nonExistingPolicies, - uiQueryParams, -} from '../../store/selectors'; +import { nonExistingPolicies, uiQueryParams } from '../../store/selectors'; import { POLICY_STATUS_TO_BADGE_COLOR } from '../host_constants'; import { FormattedDate } from '../../../../../common/components/formatted_date'; import { useNavigateByRouterEventHandler } from '../../../../../common/hooks/endpoint/use_navigate_by_router_event_handler'; @@ -50,13 +42,11 @@ interface EndpointDetailsContentProps { export const EndpointDetailsContent = memo<EndpointDetailsContentProps>( ({ hostInfo, policyInfo }) => { - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); const queryParams = useEndpointSelector(uiQueryParams); const policyStatus = useMemo( () => hostInfo.metadata.Endpoint.policy.applied.status, [hostInfo] ); - const getHostPendingActions = useEndpointSelector(getEndpointPendingActionsCallback); const missingPolicies = useEndpointSelector(nonExistingPolicies); const policyResponseRoutePath = useMemo(() => { @@ -92,15 +82,7 @@ export const EndpointDetailsContent = memo<EndpointDetailsContentProps>( /> </ColumnTitle> ), - // TODO: 8.15 remove `EndpointAgentStatus` when `agentStatusClientEnabled` FF is enabled and removed - description: agentStatusClientEnabled ? ( - <AgentStatus agentId={hostInfo.metadata.agent.id} agentType="endpoint" /> - ) : ( - <EndpointAgentStatus - pendingActions={getHostPendingActions(hostInfo.metadata.agent.id)} - endpointHostInfo={hostInfo} - /> - ), + description: <AgentStatus agentId={hostInfo.metadata.agent.id} agentType="endpoint" />, }, { title: ( @@ -198,15 +180,7 @@ export const EndpointDetailsContent = memo<EndpointDetailsContentProps>( ), }, ]; - }, [ - hostInfo, - agentStatusClientEnabled, - getHostPendingActions, - policyInfo, - missingPolicies, - policyStatus, - policyStatusClickHandler, - ]); + }, [hostInfo, policyInfo, missingPolicies, policyStatus, policyStatusClickHandler]); return ( <div> diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx index f69970ab7d538..0d3fd2004b1c8 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx @@ -55,6 +55,8 @@ import { getUserPrivilegesMockDefaultValue } from '../../../../common/components import { ENDPOINT_CAPABILITIES } from '../../../../../common/endpoint/service/response_actions/constants'; import { getEndpointPrivilegesInitialStateMock } from '../../../../common/components/user_privileges/endpoint/mocks'; import { useGetEndpointDetails } from '../../../hooks/endpoint/use_get_endpoint_details'; +import { useGetAgentStatus as _useGetAgentStatus } from '../../../hooks/agents/use_get_agent_status'; +import { agentStatusMocks } from '../../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks'; const mockUserPrivileges = useUserPrivileges as jest.Mock; // not sure why this can't be imported from '../../../../common/mock/formatted_relative'; @@ -80,6 +82,9 @@ jest.mock('../../../services/policies/ingest', () => { }; }); +jest.mock('../../../hooks/agents/use_get_agent_status'); +const useGetAgentStatusMock = _useGetAgentStatus as jest.Mock; + const mockUseUiSetting$ = useUiSetting$ as jest.Mock; const timepickerRanges = [ { @@ -325,6 +330,18 @@ describe('when on the endpoint list page', () => { endpointsResults: hostListData, endpointPackagePolicies: ingestPackagePolicies, }); + + useGetAgentStatusMock.mockImplementation((agentId, agentType) => { + return { + data: { + [agentId]: agentStatusMocks.generateAgentStatus({ + agentType, + }), + }, + isLoading: false, + isFetched: true, + }; + }); }); }); afterEach(() => { @@ -347,18 +364,19 @@ describe('when on the endpoint list page', () => { const total = await renderResult.findByTestId('endpointListTableTotal'); expect(total.textContent).toEqual('Showing 5 endpoints'); }); - it('should display correct status', async () => { + it('should agent status', async () => { const renderResult = render(); await reactTestingLibrary.act(async () => { await middlewareSpy.waitForAction('serverReturnedEndpointList'); }); + const hostStatuses = await renderResult.findAllByTestId('rowHostStatus'); - expect(hostStatuses[0].textContent).toEqual('Unhealthy'); + expect(hostStatuses[0].textContent).toEqual('Healthy'); expect(hostStatuses[1].textContent).toEqual('Healthy'); - expect(hostStatuses[2].textContent).toEqual('Offline'); - expect(hostStatuses[3].textContent).toEqual('Updating'); - expect(hostStatuses[4].textContent).toEqual('Inactive'); + expect(hostStatuses[2].textContent).toEqual('Healthy'); + expect(hostStatuses[3].textContent).toEqual('Healthy'); + expect(hostStatuses[4].textContent).toEqual('Healthy'); }); it('should display correct policy status', async () => { diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx index 4eebc9a6c3983..3c0d08821f6e7 100644 --- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx @@ -33,21 +33,19 @@ import type { CreatePackagePolicyRouteState, } from '@kbn/fleet-plugin/public'; import { isPolicyOutOfDate } from '../utils'; -import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; +import { useGetAgentStatus } from '../../../hooks/agents/use_get_agent_status'; import { TransformFailedCallout } from './components/transform_failed_callout'; import type { EndpointIndexUIQueryParams } from '../types'; import { EndpointListNavLink } from './components/endpoint_list_nav_link'; -import { - AgentStatus, - EndpointAgentStatus, -} from '../../../../common/components/endpoint/agents/agent_status'; +import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status'; import { EndpointDetailsFlyout } from './details'; import * as selectors from '../store/selectors'; -import { getEndpointPendingActionsCallback, nonExistingPolicies } from '../store/selectors'; +import { nonExistingPolicies } from '../store/selectors'; import { useEndpointSelector } from './hooks'; import { POLICY_STATUS_TO_HEALTH_COLOR, POLICY_STATUS_TO_TEXT } from './host_constants'; import type { CreateStructuredSelector } from '../../../../common/store'; import type { + AgentStatusRecords, HostInfo, HostInfoInterface, Immutable, @@ -81,13 +79,12 @@ const StyledDatePicker = styled.div` `; interface GetEndpointListColumnsProps { - agentStatusClientEnabled: boolean; missingPolicies: ReturnType<typeof nonExistingPolicies>; backToEndpointList: PolicyDetailsRouteState['backLink']; - getHostPendingActions: ReturnType<typeof getEndpointPendingActionsCallback>; queryParams: Immutable<EndpointIndexUIQueryParams>; search: string; getAppUrl: ReturnType<typeof useAppUrl>['getAppUrl']; + agentStatusRecords: AgentStatusRecords; } const columnWidths: Record< @@ -106,13 +103,12 @@ const columnWidths: Record< }; const getEndpointListColumns = ({ - agentStatusClientEnabled, missingPolicies, backToEndpointList, - getHostPendingActions, queryParams, search, getAppUrl, + agentStatusRecords, }: GetEndpointListColumnsProps): Array<EuiBasicTableColumn<Immutable<HostInfo>>> => { const lastActiveColumnName = i18n.translate('xpack.securitySolution.endpoint.list.lastActive', { defaultMessage: 'Last active', @@ -156,13 +152,10 @@ const getEndpointListColumns = ({ }), sortable: true, render: (hostStatus: HostInfo['host_status'], endpointInfo) => { - // TODO: 8.15 remove `EndpointAgentStatus` when `agentStatusClientEnabled` FF is enabled and removed - return agentStatusClientEnabled ? ( - <AgentStatus agentId={endpointInfo.metadata.agent.id} agentType="endpoint" /> - ) : ( - <EndpointAgentStatus - endpointHostInfo={endpointInfo} - pendingActions={getHostPendingActions(endpointInfo.metadata.agent.id)} + return ( + <AgentStatus + statusInfo={agentStatusRecords[endpointInfo.metadata.agent.id]} + agentType="endpoint" data-test-subj="rowHostStatus" /> ); @@ -323,8 +316,6 @@ const stateHandleDeployEndpointsClick: AgentPolicyDetailsDeployAgentAction = { }; export const EndpointList = () => { - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); - const history = useHistory(); const { listData, @@ -349,7 +340,6 @@ export const EndpointList = () => { isInitialized, } = useEndpointSelector(selector); const missingPolicies = useEndpointSelector(nonExistingPolicies); - const getHostPendingActions = useEndpointSelector(getEndpointPendingActionsCallback); const { canReadEndpointList, canAccessFleet, @@ -509,26 +499,23 @@ export const EndpointList = () => { }; }, []); + const { data: agentStatusRecords } = useGetAgentStatus( + listData.map((rowItem) => rowItem.metadata.agent.id), + 'endpoint', + { enabled: hasListData } + ); + const columns = useMemo( () => getEndpointListColumns({ - agentStatusClientEnabled, backToEndpointList, getAppUrl, missingPolicies, - getHostPendingActions, queryParams, search, + agentStatusRecords: agentStatusRecords ?? {}, }), - [ - agentStatusClientEnabled, - backToEndpointList, - getAppUrl, - getHostPendingActions, - missingPolicies, - queryParams, - search, - ] + [agentStatusRecords, backToEndpointList, getAppUrl, missingPolicies, queryParams, search] ); const sorting = useMemo( diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts index ca5375e61d70b..b535070a07ee9 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts +++ b/x-pack/plugins/security_solution/public/management/pages/policy/models/advanced_policy_schema.ts @@ -662,6 +662,17 @@ export const AdvancedPolicySchema: AdvancedPolicySchemaType[] = [ } ), }, + { + key: 'windows.advanced.kernel.network_report_loopback', + first_supported_version: '8.15', + documentation: i18n.translate( + 'xpack.securitySolution.endpoint.policy.advanced.windows.advanced.kernel.network_report_loopback', + { + defaultMessage: + 'Controls whether the kernel reports loopback network events. Default: true.', + } + ), + }, { key: 'windows.advanced.kernel.fileopen', first_supported_version: '7.9', diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts index 87f547ced403a..57154ea39a3d5 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts +++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_details/index.test.ts @@ -325,8 +325,8 @@ describe('policy details: ', () => { }, logging: { file: 'info' }, antivirus_registration: { - enabled: false, - mode: 'disabled', + enabled: true, + mode: 'sync_with_malware_prevent', }, }, mac: { diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.test.tsx index 7d29148aeccb6..b9e563ec7e6e1 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/antivirus_registration_card.test.tsx @@ -41,7 +41,7 @@ describe('Policy Form Antivirus Registration Card', () => { getRadioButton = (testSubject) => renderResult.getByTestId(testSubject).querySelector('input')!; }); - it('should render in edit mode', () => { + it('should render in edit mode with default value selected', () => { render(); expect(renderResult.getByTestId(antivirusTestSubj.radioButtons)).toBeTruthy(); @@ -49,6 +49,10 @@ describe('Policy Form Antivirus Registration Card', () => { expect(getRadioButton(antivirusTestSubj.disabledRadioButton)).not.toHaveAttribute('disabled'); expect(getRadioButton(antivirusTestSubj.enabledRadioButton)).not.toHaveAttribute('disabled'); expect(getRadioButton(antivirusTestSubj.syncRadioButton)).not.toHaveAttribute('disabled'); + + expect(getRadioButton(antivirusTestSubj.disabledRadioButton).checked).toBe(false); + expect(getRadioButton(antivirusTestSubj.enabledRadioButton).checked).toBe(false); + expect(getRadioButton(antivirusTestSubj.syncRadioButton).checked).toBe(true); }); it('should check `disabled` radio button if `antivirus_registration.mode` is disabled', () => { @@ -144,9 +148,9 @@ describe('Policy Form Antivirus Registration Card', () => { render(); expectIsViewOnly(renderResult.getByTestId(antivirusTestSubj.card)); - expect(getRadioButton(antivirusTestSubj.disabledRadioButton).checked).toBe(true); + expect(getRadioButton(antivirusTestSubj.disabledRadioButton).checked).toBe(false); expect(getRadioButton(antivirusTestSubj.enabledRadioButton).checked).toBe(false); - expect(getRadioButton(antivirusTestSubj.syncRadioButton).checked).toBe(false); + expect(getRadioButton(antivirusTestSubj.syncRadioButton).checked).toBe(true); }); it('should render in view mode (option enabled)', () => { diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx index db1074f031953..bdaeb561e6c5f 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/cards/malware_protections_card.test.tsx @@ -74,7 +74,7 @@ describe('Policy Malware Protections Card', () => { (feature: { name: 'blocklist' | 'onWriteScan'; config: string; deafult: boolean }) => { it(`should set ${feature.name} to disabled if malware is turned off`, () => { const expectedUpdatedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedUpdatedPolicy, true); + setMalwareMode({ policy: expectedUpdatedPolicy, turnOff: true }); render(); userEvent.click(renderResult.getByTestId(testSubj.enableDisableSwitch)); @@ -86,9 +86,9 @@ describe('Policy Malware Protections Card', () => { it(`should set ${feature.name} to enabled if malware is turned on`, () => { const expectedUpdatedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedUpdatedPolicy); + setMalwareMode({ policy: expectedUpdatedPolicy }); const initialPolicy = cloneDeep(formProps.policy); - setMalwareMode(initialPolicy, true); + setMalwareMode({ policy: initialPolicy, turnOff: true }); render(initialPolicy); userEvent.click(renderResult.getByTestId(testSubj.enableDisableSwitch)); diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.test.tsx index 1c57d6d20163b..ab1b88a64d105 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/components/protection_setting_card_switch.test.tsx @@ -69,7 +69,11 @@ describe('Policy form ProtectionSettingCardSwitch component', () => { it('should be able to disable it', () => { const expectedUpdatedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedUpdatedPolicy, true, true, false); + setMalwareMode({ + policy: expectedUpdatedPolicy, + turnOff: true, + includeSubfeatures: false, + }); render(); userEvent.click(renderResult.getByTestId('test')); @@ -80,9 +84,17 @@ describe('Policy form ProtectionSettingCardSwitch component', () => { }); it('should be able to enable it', () => { - setMalwareMode(formProps.policy, true, true, false); + setMalwareMode({ + policy: formProps.policy, + turnOff: true, + includeSubfeatures: false, + }); const expectedUpdatedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedUpdatedPolicy, false, true, false); + setMalwareMode({ + policy: expectedUpdatedPolicy, + turnOff: false, + includeSubfeatures: false, + }); render(); userEvent.click(renderResult.getByTestId('test')); @@ -100,7 +112,11 @@ describe('Policy form ProtectionSettingCardSwitch component', () => { }); const expectedPolicyDataBeforeAdditionalCallback = cloneDeep(formProps.policy); - setMalwareMode(expectedPolicyDataBeforeAdditionalCallback, true, true, false); + setMalwareMode({ + policy: expectedPolicyDataBeforeAdditionalCallback, + turnOff: true, + includeSubfeatures: false, + }); const expectedUpdatedPolicy = cloneDeep(expectedPolicyDataBeforeAdditionalCallback); expectedUpdatedPolicy.windows.popup.malware.message = 'foo'; @@ -134,7 +150,12 @@ describe('Policy form ProtectionSettingCardSwitch component', () => { it('should NOT update notification settings when disabling', () => { const expectedUpdatedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedUpdatedPolicy, true, false, false); + setMalwareMode({ + policy: expectedUpdatedPolicy, + turnOff: true, + includePopup: false, + includeSubfeatures: false, + }); render(); userEvent.click(renderResult.getByTestId('test')); @@ -146,7 +167,12 @@ describe('Policy form ProtectionSettingCardSwitch component', () => { it('should NOT update notification settings when enabling', () => { const expectedUpdatedPolicy = cloneDeep(formProps.policy); - setMalwareMode(formProps.policy, true, false, false); + setMalwareMode({ + policy: formProps.policy, + turnOff: true, + includePopup: false, + includeSubfeatures: false, + }); render(); userEvent.click(renderResult.getByTestId('test')); @@ -176,7 +202,11 @@ describe('Policy form ProtectionSettingCardSwitch component', () => { }); it('should show option when unchecked', () => { - setMalwareMode(formProps.policy, true, true, false); + setMalwareMode({ + policy: formProps.policy, + turnOff: true, + includeSubfeatures: false, + }); render(); expect(renderResult.getByTestId('test-label')).toHaveTextContent(exactMatchText('Malware')); diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/mocks.ts b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/mocks.ts index c2af340726de8..b2ef180dd4bfd 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/mocks.ts +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/mocks.ts @@ -201,13 +201,21 @@ export const exactMatchText = (text: string): RegExp => { * @param turnOff * @param includePopup * @param includeSubfeatures + * @param includeAntivirus */ -export const setMalwareMode = ( - policy: PolicyConfig, - turnOff: boolean = false, - includePopup: boolean = true, - includeSubfeatures: boolean = true -) => { +export const setMalwareMode = ({ + policy, + turnOff = false, + includePopup = true, + includeSubfeatures = true, + includeAntivirus = false, +}: { + policy: PolicyConfig; + turnOff?: boolean; + includePopup?: boolean; + includeSubfeatures?: boolean; + includeAntivirus?: boolean; +}) => { const mode = turnOff ? ProtectionModes.off : ProtectionModes.prevent; const enableValue = mode !== ProtectionModes.off; @@ -215,6 +223,10 @@ export const setMalwareMode = ( set(policy, 'mac.malware.mode', mode); set(policy, 'linux.malware.mode', mode); + if (includeAntivirus) { + set(policy, 'windows.antivirus_registration.enabled', !turnOff); + } + if (includePopup) { set(policy, 'windows.popup.malware.enabled', enableValue); set(policy, 'mac.popup.malware.enabled', enableValue); diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.test.tsx index 76928a8de4179..9607e5949d9a0 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_form/policy_settings_form.test.tsx @@ -119,13 +119,13 @@ describe('Endpoint Policy Settings Form', () => { describe('changing malware when antivirus registration is synced with malware', () => { it('should enable antivirus registration when malware is enabled', () => { setAntivirusRegistration(formProps.policy, AntivirusRegistrationModes.sync, false); - setMalwareMode(formProps.policy, true); + setMalwareMode({ policy: formProps.policy, turnOff: true }); render(); userEvent.click(renderResult.getByTestId(testSubj.malware.enableDisableSwitch)); const expectedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedPolicy); + setMalwareMode({ policy: expectedPolicy }); setAntivirusRegistration(expectedPolicy, AntivirusRegistrationModes.sync, true); expectOnChangeToBeCalledWith(expectedPolicy); }); @@ -137,14 +137,14 @@ describe('Endpoint Policy Settings Form', () => { userEvent.click(renderResult.getByTestId(testSubj.malware.enableDisableSwitch)); const expectedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedPolicy, true); + setMalwareMode({ policy: expectedPolicy, turnOff: true }); setAntivirusRegistration(expectedPolicy, AntivirusRegistrationModes.sync, false); expectOnChangeToBeCalledWith(expectedPolicy); }); it('should disable antivirus registration when malware is set to detect only', () => { setAntivirusRegistration(formProps.policy, AntivirusRegistrationModes.sync, true); - setMalwareMode(formProps.policy); + setMalwareMode({ policy: formProps.policy }); render(); clickOnRadio(testSubj.malware.protectionDetectRadio); @@ -159,13 +159,13 @@ describe('Endpoint Policy Settings Form', () => { describe('changing malware when antivirus registration is NOT synced with malware', () => { it('should not change antivirus registration when malware is enabled', () => { setAntivirusRegistration(formProps.policy, AntivirusRegistrationModes.disabled, false); - setMalwareMode(formProps.policy, true); + setMalwareMode({ policy: formProps.policy, turnOff: true }); render(); userEvent.click(renderResult.getByTestId(testSubj.malware.enableDisableSwitch)); const expectedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedPolicy); + setMalwareMode({ policy: expectedPolicy }); expectOnChangeToBeCalledWith(expectedPolicy); }); @@ -176,13 +176,13 @@ describe('Endpoint Policy Settings Form', () => { userEvent.click(renderResult.getByTestId(testSubj.malware.enableDisableSwitch)); const expectedPolicy = cloneDeep(formProps.policy); - setMalwareMode(expectedPolicy, true); + setMalwareMode({ policy: expectedPolicy, turnOff: true }); expectOnChangeToBeCalledWith(expectedPolicy); }); it('should not change antivirus registration when malware is set to detect only', () => { setAntivirusRegistration(formProps.policy, AntivirusRegistrationModes.enabled, true); - setMalwareMode(formProps.policy); + setMalwareMode({ policy: formProps.policy }); render(); clickOnRadio(testSubj.malware.protectionDetectRadio); @@ -219,7 +219,7 @@ describe('Endpoint Policy Settings Form', () => { describe('changing antivirus registration mode when malware is disabled', () => { beforeEach(() => { - setMalwareMode(formProps.policy, true); + setMalwareMode({ policy: formProps.policy, turnOff: true }); }); it('should disable antivirus registration when set to sync', () => { diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_layout/policy_settings_layout.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_layout/policy_settings_layout.test.tsx index bfc0ec3691363..4a685bb475810 100644 --- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_layout/policy_settings_layout.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_settings_layout/policy_settings_layout.test.tsx @@ -93,7 +93,11 @@ describe('When rendering PolicySettingsLayout', () => { // Turn off malware userEvent.click(getByTestId(testSubj.malware.enableDisableSwitch)); - setMalwareMode(policySettings, true); + setMalwareMode({ + policy: policySettings, + turnOff: true, + includeAntivirus: true, + }); // Turn off Behaviour Protection userEvent.click(getByTestId(testSubj.behaviour.enableDisableSwitch)); diff --git a/x-pack/plugins/security_solution/public/notes/api/api.ts b/x-pack/plugins/security_solution/public/notes/api/api.ts index d9cef8cf997ab..302e70185cfba 100644 --- a/x-pack/plugins/security_solution/public/notes/api/api.ts +++ b/x-pack/plugins/security_solution/public/notes/api/api.ts @@ -6,6 +6,29 @@ */ import * as uuid from 'uuid'; +import type { BareNote, Note } from '../../../common/api/timeline'; +import { KibanaServices } from '../../common/lib/kibana'; +import { NOTE_URL } from '../../../common/constants'; + +/** + * Adds a new note. + * This code is very close to the persistNote found in x-pack/plugins/security_solution/public/timelines/containers/notes/api.ts. + * // TODO remove the old method when the transition to the new notes system is complete + */ +export const createNote = async ({ note }: { note: BareNote }) => { + try { + const response = await KibanaServices.get().http.patch<{ + data: { persistNote: { code: number; message: string; note: Note } }; + }>(NOTE_URL, { + method: 'PATCH', + body: JSON.stringify({ note }), + version: '2023-10-31', + }); + return response.data.persistNote.note; + } catch (err) { + throw new Error(`Failed to stringify query: ${JSON.stringify(err)}`); + } +}; // TODO point to the correct API when it is available /** @@ -20,7 +43,7 @@ export const fetchNotesByDocumentId = async (documentId: string) => { }; // TODO remove when the API is available -const generateNoteMock = (documentId: string) => ({ +export const generateNoteMock = (documentId: string) => ({ noteId: uuid.v4(), version: 'WzU1MDEsMV0=', timelineId: '', @@ -31,3 +54,14 @@ const generateNoteMock = (documentId: string) => ({ updated: new Date().getTime(), updatedBy: 'elastic', }); + +/** + * Deletes a note + */ +export const deleteNote = async (noteId: string) => { + const response = await KibanaServices.get().http.delete<{ data: unknown }>(NOTE_URL, { + body: JSON.stringify({ noteId }), + version: '2023-10-31', + }); + return response; +}; diff --git a/x-pack/plugins/security_solution/public/notes/jest.config.js b/x-pack/plugins/security_solution/public/notes/jest.config.js new file mode 100644 index 0000000000000..7a19d2648f6be --- /dev/null +++ b/x-pack/plugins/security_solution/public/notes/jest.config.js @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../../../../..', + roots: ['<rootDir>/x-pack/plugins/security_solution/public/notes'], + coverageDirectory: + '<rootDir>/target/kibana-coverage/jest/x-pack/plugins/security_solution/public/notes', + coverageReporters: ['text', 'html'], + collectCoverageFrom: ['<rootDir>/x-pack/plugins/security_solution/public/notes/**/*.{ts,tsx}'], + moduleNameMapper: require('../../server/__mocks__/module_name_map'), +}; diff --git a/x-pack/plugins/security_solution/public/notes/store/notes.slice.test.ts b/x-pack/plugins/security_solution/public/notes/store/notes.slice.test.ts new file mode 100644 index 0000000000000..57347c1562837 --- /dev/null +++ b/x-pack/plugins/security_solution/public/notes/store/notes.slice.test.ts @@ -0,0 +1,317 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + createNote, + deleteNote, + fetchNotesByDocumentId, + initialNotesState, + notesReducer, + ReqStatus, + selectAllNotes, + selectCreateNoteError, + selectCreateNoteStatus, + selectDeleteNoteError, + selectDeleteNoteStatus, + selectFetchNotesByDocumentIdError, + selectFetchNotesByDocumentIdStatus, + selectNoteById, + selectNoteIds, + selectNotesByDocumentId, +} from './notes.slice'; +import { generateNoteMock } from '../api/api'; +import { mockGlobalState } from '../../common/mock'; + +const initalEmptyState = initialNotesState; + +const mockNote = { ...generateNoteMock('1') }; +const initialNonEmptyState = { + entities: { + [mockNote.noteId]: mockNote, + }, + ids: [mockNote.noteId], + status: { + fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Idle, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, +}; + +describe('notesSlice', () => { + describe('notesReducer', () => { + it('should handle an unknown action and return the initial state', () => { + expect(notesReducer(initalEmptyState, { type: 'unknown' })).toEqual({ + entities: {}, + ids: [], + status: { + fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Idle, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, + }); + }); + + describe('fetchNotesByDocumentId', () => { + it('should set correct status state when fetching notes by document id', () => { + const action = { type: fetchNotesByDocumentId.pending.type }; + + expect(notesReducer(initalEmptyState, action)).toEqual({ + entities: {}, + ids: [], + status: { + fetchNotesByDocumentId: ReqStatus.Loading, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Idle, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, + }); + }); + + it('should set correct state when success on fetch notes by document id on an empty state', () => { + const action = { + type: fetchNotesByDocumentId.fulfilled.type, + payload: { + entities: { + notes: { + [mockNote.noteId]: mockNote, + }, + }, + result: [mockNote.noteId], + }, + }; + + expect(notesReducer(initalEmptyState, action)).toEqual({ + entities: action.payload.entities.notes, + ids: action.payload.result, + status: { + fetchNotesByDocumentId: ReqStatus.Succeeded, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Idle, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, + }); + }); + + it('should replace notes when success on fetch notes by document id on a non-empty state', () => { + const newMockNote = { ...mockNote, timelineId: 'timelineId' }; + const action = { + type: fetchNotesByDocumentId.fulfilled.type, + payload: { + entities: { + notes: { + [newMockNote.noteId]: newMockNote, + }, + }, + result: [newMockNote.noteId], + }, + }; + + expect(notesReducer(initialNonEmptyState, action)).toEqual({ + entities: action.payload.entities.notes, + ids: action.payload.result, + status: { + fetchNotesByDocumentId: ReqStatus.Succeeded, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Idle, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, + }); + }); + + it('should set correct error state when failing to fetch notes by document id', () => { + const action = { type: fetchNotesByDocumentId.rejected.type, error: 'error' }; + + expect(notesReducer(initalEmptyState, action)).toEqual({ + entities: {}, + ids: [], + status: { + fetchNotesByDocumentId: ReqStatus.Failed, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Idle, + }, + error: { + fetchNotesByDocumentId: 'error', + createNote: null, + deleteNote: null, + }, + }); + }); + }); + + describe('createNote', () => { + it('should set correct status state when creating a note by document id', () => { + const action = { type: createNote.pending.type }; + + expect(notesReducer(initalEmptyState, action)).toEqual({ + entities: {}, + ids: [], + status: { + fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Loading, + deleteNote: ReqStatus.Idle, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, + }); + }); + + it('should set correct state when success on create a note by document id on an empty state', () => { + const action = { + type: createNote.fulfilled.type, + payload: { + entities: { + notes: { + [mockNote.noteId]: mockNote, + }, + }, + result: mockNote.noteId, + }, + }; + + expect(notesReducer(initalEmptyState, action)).toEqual({ + entities: action.payload.entities.notes, + ids: [action.payload.result], + status: { + fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Succeeded, + deleteNote: ReqStatus.Idle, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, + }); + }); + + it('should set correct error state when failing to create a note by document id', () => { + const action = { type: createNote.rejected.type, error: 'error' }; + + expect(notesReducer(initalEmptyState, action)).toEqual({ + entities: {}, + ids: [], + status: { + fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Failed, + deleteNote: ReqStatus.Idle, + }, + error: { + fetchNotesByDocumentId: null, + createNote: 'error', + deleteNote: null, + }, + }); + }); + }); + + describe('deleteNote', () => { + it('should set correct status state when deleting a note', () => { + const action = { type: deleteNote.pending.type }; + + expect(notesReducer(initalEmptyState, action)).toEqual({ + entities: {}, + ids: [], + status: { + fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Loading, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, + }); + }); + + it('should set correct state when success on deleting a note', () => { + const action = { + type: deleteNote.fulfilled.type, + payload: mockNote.noteId, + }; + + expect(notesReducer(initialNonEmptyState, action)).toEqual({ + entities: {}, + ids: [], + status: { + fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Succeeded, + }, + error: { fetchNotesByDocumentId: null, createNote: null, deleteNote: null }, + }); + }); + + it('should set correct state when failing to create a note by document id', () => { + const action = { type: deleteNote.rejected.type, error: 'error' }; + + expect(notesReducer(initalEmptyState, action)).toEqual({ + entities: {}, + ids: [], + status: { + fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Failed, + }, + error: { + fetchNotesByDocumentId: null, + createNote: null, + deleteNote: 'error', + }, + }); + }); + }); + }); + + describe('selectors', () => { + it('should return all notes', () => { + const state = mockGlobalState; + state.notes.entities = initialNonEmptyState.entities; + state.notes.ids = initialNonEmptyState.ids; + expect(selectAllNotes(state)).toEqual([mockNote]); + }); + + it('should return note by id', () => { + const state = mockGlobalState; + state.notes.entities = initialNonEmptyState.entities; + state.notes.ids = initialNonEmptyState.ids; + expect(selectNoteById(state, mockNote.noteId)).toEqual(mockNote); + }); + + it('should return note ids', () => { + const state = mockGlobalState; + state.notes.entities = initialNonEmptyState.entities; + state.notes.ids = initialNonEmptyState.ids; + expect(selectNoteIds(state)).toEqual([mockNote.noteId]); + }); + + it('should return fetch notes by document id status', () => { + expect(selectFetchNotesByDocumentIdStatus(mockGlobalState)).toEqual(ReqStatus.Idle); + }); + + it('should return fetch notes by document id error', () => { + expect(selectFetchNotesByDocumentIdError(mockGlobalState)).toEqual(null); + }); + + it('should return create note by document id status', () => { + expect(selectCreateNoteStatus(mockGlobalState)).toEqual(ReqStatus.Idle); + }); + + it('should return create note by document id error', () => { + expect(selectCreateNoteError(mockGlobalState)).toEqual(null); + }); + + it('should return delete note status', () => { + expect(selectDeleteNoteStatus(mockGlobalState)).toEqual(ReqStatus.Idle); + }); + + it('should return delete note error', () => { + expect(selectDeleteNoteError(mockGlobalState)).toEqual(null); + }); + + it('should return all notes for an existing document id', () => { + expect(selectNotesByDocumentId(mockGlobalState, '1')).toEqual([mockNote]); + }); + + it('should return no notes if document id does not exist', () => { + expect(selectNotesByDocumentId(mockGlobalState, '2')).toHaveLength(0); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/notes/store/notes.slice.ts b/x-pack/plugins/security_solution/public/notes/store/notes.slice.ts index 015bd78efd435..52a2805e765f6 100644 --- a/x-pack/plugins/security_solution/public/notes/store/notes.slice.ts +++ b/x-pack/plugins/security_solution/public/notes/store/notes.slice.ts @@ -7,11 +7,16 @@ import type { EntityState, SerializedError } from '@reduxjs/toolkit'; import { createAsyncThunk, createEntityAdapter, createSlice } from '@reduxjs/toolkit'; +import { createSelector } from 'reselect'; import type { State } from '../../common/store'; -import { fetchNotesByDocumentId as fetchNotesByDocumentIdApi } from '../api/api'; -import type { NormalizedEntities } from './normalize'; -import { normalizeEntities } from './normalize'; -import type { Note } from '../../../common/api/timeline'; +import { + createNote as createNoteApi, + deleteNote as deleteNoteApi, + fetchNotesByDocumentId as fetchNotesByDocumentIdApi, +} from '../api/api'; +import type { NormalizedEntities, NormalizedEntity } from './normalize'; +import { normalizeEntities, normalizeEntity } from './normalize'; +import type { BareNote, Note } from '../../../common/api/timeline'; export enum ReqStatus { Idle = 'idle', @@ -28,9 +33,13 @@ interface HttpError { export interface NotesState extends EntityState<Note> { status: { fetchNotesByDocumentId: ReqStatus; + createNote: ReqStatus; + deleteNote: ReqStatus; }; error: { fetchNotesByDocumentId: SerializedError | HttpError | null; + createNote: SerializedError | HttpError | null; + deleteNote: SerializedError | HttpError | null; }; } @@ -41,9 +50,13 @@ const notesAdapter = createEntityAdapter<Note>({ export const initialNotesState: NotesState = notesAdapter.getInitialState({ status: { fetchNotesByDocumentId: ReqStatus.Idle, + createNote: ReqStatus.Idle, + deleteNote: ReqStatus.Idle, }, error: { fetchNotesByDocumentId: null, + createNote: null, + deleteNote: null, }, }); @@ -57,13 +70,31 @@ export const fetchNotesByDocumentId = createAsyncThunk< return normalizeEntities(res); }); +export const createNote = createAsyncThunk<NormalizedEntity<Note>, { note: BareNote }, {}>( + 'notes/createNote', + async (args) => { + const { note } = args; + const res = await createNoteApi({ note }); + return normalizeEntity(res); + } +); + +export const deleteNote = createAsyncThunk<string, { id: string }, {}>( + 'notes/deleteNote', + async (args) => { + const { id } = args; + await deleteNoteApi(id); + return id; + } +); + const notesSlice = createSlice({ name: 'notes', initialState: initialNotesState, reducers: {}, extraReducers(builder) { builder - .addCase(fetchNotesByDocumentId.pending, (state, action) => { + .addCase(fetchNotesByDocumentId.pending, (state) => { state.status.fetchNotesByDocumentId = ReqStatus.Loading; }) .addCase(fetchNotesByDocumentId.fulfilled, (state, action) => { @@ -73,6 +104,28 @@ const notesSlice = createSlice({ .addCase(fetchNotesByDocumentId.rejected, (state, action) => { state.status.fetchNotesByDocumentId = ReqStatus.Failed; state.error.fetchNotesByDocumentId = action.payload ?? action.error; + }) + .addCase(createNote.pending, (state) => { + state.status.createNote = ReqStatus.Loading; + }) + .addCase(createNote.fulfilled, (state, action) => { + notesAdapter.addMany(state, action.payload.entities.notes); + state.status.createNote = ReqStatus.Succeeded; + }) + .addCase(createNote.rejected, (state, action) => { + state.status.createNote = ReqStatus.Failed; + state.error.createNote = action.payload ?? action.error; + }) + .addCase(deleteNote.pending, (state) => { + state.status.deleteNote = ReqStatus.Loading; + }) + .addCase(deleteNote.fulfilled, (state, action) => { + notesAdapter.removeOne(state, action.payload); + state.status.deleteNote = ReqStatus.Succeeded; + }) + .addCase(deleteNote.rejected, (state, action) => { + state.status.deleteNote = ReqStatus.Failed; + state.error.deleteNote = action.payload ?? action.error; }); }, }); @@ -84,3 +137,22 @@ export const { selectById: selectNoteById, selectIds: selectNoteIds, } = notesAdapter.getSelectors((state: State) => state.notes); + +export const selectFetchNotesByDocumentIdStatus = (state: State) => + state.notes.status.fetchNotesByDocumentId; + +export const selectFetchNotesByDocumentIdError = (state: State) => + state.notes.error.fetchNotesByDocumentId; + +export const selectCreateNoteStatus = (state: State) => state.notes.status.createNote; + +export const selectCreateNoteError = (state: State) => state.notes.error.createNote; + +export const selectDeleteNoteStatus = (state: State) => state.notes.status.deleteNote; + +export const selectDeleteNoteError = (state: State) => state.notes.error.deleteNote; + +export const selectNotesByDocumentId = createSelector( + [selectAllNotes, (state, documentId) => documentId], + (notes, documentId) => notes.filter((note) => note.eventId === documentId) +); diff --git a/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.test.tsx b/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.test.tsx index ee1148f4bd93c..1c24cb51facf4 100644 --- a/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.test.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.test.tsx @@ -14,9 +14,12 @@ import { TestProviders } from '../../../../common/mock'; import { EndpointOverview } from '.'; import type { EndpointFields } from '../../../../../common/search_strategy/security_solution/hosts'; import { EndpointMetadataGenerator } from '../../../../../common/endpoint/data_generators/endpoint_metadata_generator'; -import { set } from 'lodash'; +import { useGetAgentStatus as _useGetAgentStatus } from '../../../../management/hooks/agents/use_get_agent_status'; jest.mock('../../../../common/lib/kibana'); +jest.mock('../../../../management/hooks/agents/use_get_agent_status'); + +const useGetAgentStatusMock = _useGetAgentStatus as jest.Mock; describe('EndpointOverview Component', () => { let endpointData: EndpointFields; @@ -59,7 +62,7 @@ describe('EndpointOverview Component', () => { endpointData?.hostInfo?.metadata.Endpoint.policy.applied.status ); expect(findData.at(2).text()).toContain(endpointData?.hostInfo?.metadata.agent.version); // contain because drag adds a space - expect(findData.at(3).text()).toEqual('HealthyIsolated'); + expect(findData.at(3).text()).toEqual('Healthy'); }); test('it renders with null data', () => { @@ -71,19 +74,10 @@ describe('EndpointOverview Component', () => { }); test('it shows isolation status', () => { - set(endpointData.hostInfo ?? {}, 'metadata.Endpoint.state.isolation', true); + const status = useGetAgentStatusMock(endpointData.hostInfo?.metadata.agent.id, 'endpoint'); + status.data[endpointData.hostInfo!.metadata.agent.id].isolated = true; + useGetAgentStatusMock.mockReturnValue(status); render(); expect(findData.at(3).text()).toEqual('HealthyIsolated'); }); - - // FIXME: un-skip once pending isolation status are supported again - test.skip.each([ - ['isolate', 'Isolating'], - ['unisolate', 'Releasing'], - ])('it shows pending %s status', (action, expectedLabel) => { - set(endpointData.hostInfo ?? {}, 'metadata.Endpoint.state.isolation', true); - endpointData.pendingActions![action] = 1; - render(); - expect(findData.at(3).text()).toEqual(`Healthy${expectedLabel}`); - }); }); diff --git a/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.tsx b/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.tsx index 99eb2ed17e6b6..76b3f45d93875 100644 --- a/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/host_overview/endpoint_overview/index.tsx @@ -9,11 +9,7 @@ import { EuiHealth } from '@elastic/eui'; import { getOr } from 'lodash/fp'; import React, { useCallback, useMemo } from 'react'; -import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; -import { - AgentStatus, - EndpointAgentStatus, -} from '../../../../common/components/endpoint/agents/agent_status'; +import { AgentStatus } from '../../../../common/components/endpoint/agents/agent_status'; import { OverviewDescriptionList } from '../../../../common/components/overview_description_list'; import type { DescriptionList } from '../../../../../common/utility_types'; import { getEmptyTagValue } from '../../../../common/components/empty_value'; @@ -29,7 +25,6 @@ interface Props { } export const EndpointOverview = React.memo<Props>(({ contextID, data, scopeId }) => { - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); const getDefaultRenderer = useCallback( (fieldName: string, fieldData: EndpointFields, attrName: string) => ( <DefaultFieldRenderer @@ -82,23 +77,15 @@ export const EndpointOverview = React.memo<Props>(({ contextID, data, scopeId }) { title: i18n.FLEET_AGENT_STATUS, description: - // TODO: 8.15 remove `EndpointAgentStatus` when `agentStatusClientEnabled` FF is enabled and removed data != null && data.hostInfo ? ( - agentStatusClientEnabled ? ( - <AgentStatus agentId={data.hostInfo.metadata.agent.id} agentType="endpoint" /> - ) : ( - <EndpointAgentStatus - endpointHostInfo={data.hostInfo} - data-test-subj="endpointHostAgentStatus" - /> - ) + <AgentStatus agentId={data.hostInfo.metadata.agent.id} agentType="endpoint" /> ) : ( getEmptyTagValue() ), }, ], ]; - }, [agentStatusClientEnabled, data, getDefaultRenderer]); + }, [data, getDefaultRenderer]); return ( <> diff --git a/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts b/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts index 08e992c76aac6..a763383f4a731 100644 --- a/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts +++ b/x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts @@ -28,10 +28,7 @@ export const mockSourcererScope: SelectedDataView = { fields: { _id: { aggregatable: false, - category: '_id', - description: 'Each document has an _id that uniquely identifies it', esTypes: undefined, - example: 'Y-6TfmcB0WOhS6qyMv3s', format: undefined, indexes: mockPatterns, name: '_id', diff --git a/x-pack/plugins/security_solution/public/timelines/components/netflow/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/netflow/__snapshots__/index.test.tsx.snap index ce3d8e7f58936..2f8eb7d1fbb57 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/netflow/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/timelines/components/netflow/__snapshots__/index.test.tsx.snap @@ -2,12 +2,7 @@ exports[`Netflow renders correctly against snapshot 1`] = ` <DocumentFragment> - .c12 svg { - position: relative; - top: -1px; -} - -.c10, + .c10, .c10 * { display: inline-block; max-width: 100%; @@ -111,6 +106,11 @@ tr:hover .c2:focus::before { vertical-align: top; } +.c12 svg { + position: relative; + top: -1px; +} + .c21 { margin-right: 5px; } diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap index dc31ad380635b..6844342e8b2f0 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/__snapshots__/index.test.tsx.snap @@ -9,12 +9,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "agent.ephemeral_id": Object { "aggregatable": true, - "category": "agent", - "description": "Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but \`agent.id\` does not.", "esTypes": Array [ "keyword", ], - "example": "8a4f500f", "format": "", "indexes": Array [ "auditbeat", @@ -27,12 +24,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "agent.hostname": Object { "aggregatable": true, - "category": "agent", - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -45,12 +39,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "agent.id": Object { "aggregatable": true, - "category": "agent", - "description": "Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.", "esTypes": Array [ "keyword", ], - "example": "8a4f500d", "format": "", "indexes": Array [ "auditbeat", @@ -63,12 +54,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "agent.name": Object { "aggregatable": true, - "category": "agent", - "description": "Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.", "esTypes": Array [ "keyword", ], - "example": "foo", "format": "", "indexes": Array [ "auditbeat", @@ -85,12 +73,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "auditd.data.a0": Object { "aggregatable": true, - "category": "auditd", - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -101,12 +86,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "auditd.data.a1": Object { "aggregatable": true, - "category": "auditd", - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -117,12 +99,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "auditd.data.a2": Object { "aggregatable": true, - "category": "auditd", - "description": null, "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -137,12 +116,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "@timestamp": Object { "aggregatable": true, - "category": "base", - "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.", "esTypes": Array [ "date", ], - "example": "2016-05-23T08:05:34.853Z", "format": "", "indexes": Array [ "auditbeat", @@ -156,10 +132,7 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "_id": Object { "aggregatable": false, - "category": "base", - "description": "Each document has an _id that uniquely identifies it", "esTypes": Array [], - "example": "Y-6TfmcB0WOhS6qyMv3s", "indexes": Array [ "auditbeat", "filebeat", @@ -171,12 +144,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "message": Object { "aggregatable": false, - "category": "base", - "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.", "esTypes": Array [ "text", ], - "example": "Hello World", "format": "string", "indexes": Array [ "auditbeat", @@ -193,12 +163,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "client.address": Object { "aggregatable": true, - "category": "client", - "description": "Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -211,12 +178,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "client.bytes": Object { "aggregatable": true, - "category": "client", - "description": "Bytes sent from the client to the server.", "esTypes": Array [ "long", ], - "example": "184", "format": "", "indexes": Array [ "auditbeat", @@ -229,12 +193,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "client.domain": Object { "aggregatable": true, - "category": "client", - "description": "Client domain.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -247,12 +208,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "client.geo.country_iso_code": Object { "aggregatable": true, - "category": "client", - "description": "Country ISO code.", "esTypes": Array [ "keyword", ], - "example": "CA", "format": "", "indexes": Array [ "auditbeat", @@ -269,12 +227,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "cloud.account.id": Object { "aggregatable": true, - "category": "cloud", - "description": "The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.", "esTypes": Array [ "keyword", ], - "example": "666777888999", "format": "", "indexes": Array [ "auditbeat", @@ -287,12 +242,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "cloud.availability_zone": Object { "aggregatable": true, - "category": "cloud", - "description": "Availability zone in which this host is running.", "esTypes": Array [ "keyword", ], - "example": "us-east-1c", "format": "", "indexes": Array [ "auditbeat", @@ -309,12 +261,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "container.id": Object { "aggregatable": true, - "category": "container", - "description": "Unique container id.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -327,12 +276,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "container.image.name": Object { "aggregatable": true, - "category": "container", - "description": "Name of the image the container was built on.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -345,12 +291,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "container.image.tag": Object { "aggregatable": true, - "category": "container", - "description": "Container image tag.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -367,12 +310,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "destination.address": Object { "aggregatable": true, - "category": "destination", - "description": "Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the \`.address\` field. Then it should be duplicated to \`.ip\` or \`.domain\`, depending on which one it is.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -385,12 +325,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "destination.bytes": Object { "aggregatable": true, - "category": "destination", - "description": "Bytes sent from the destination to the source.", "esTypes": Array [ "long", ], - "example": "184", "format": "", "indexes": Array [ "auditbeat", @@ -403,12 +340,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "destination.domain": Object { "aggregatable": true, - "category": "destination", - "description": "Destination domain.", "esTypes": Array [ "keyword", ], - "example": null, "format": "", "indexes": Array [ "auditbeat", @@ -421,12 +355,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "destination.ip": Object { "aggregatable": true, - "category": "destination", - "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -439,12 +370,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "destination.port": Object { "aggregatable": true, - "category": "destination", - "description": "Port of the destination.", "esTypes": Array [ "long", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -461,12 +389,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "event.action": Object { "aggregatable": true, - "category": "event", - "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.", "esTypes": Array [ "keyword", ], - "example": "user-password-change", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -485,12 +410,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "event.category": Object { "aggregatable": true, - "category": "event", - "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.", "esTypes": Array [ "keyword", ], - "example": "authentication", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -509,12 +431,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "event.end": Object { "aggregatable": true, - "category": "event", - "description": "event.end contains the date when the event ended or when the activity was last observed.", "esTypes": Array [ "date", ], - "example": null, "format": "", "indexes": Array [ "apm-*-transaction*", @@ -533,12 +452,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "event.kind": Object { "aggregatable": true, - "category": "event", - "description": "This defined the type of event eg. alerts", "esTypes": Array [ "keyword", ], - "example": "signal", "format": "string", "indexes": Array [ "apm-*-transaction*", @@ -557,12 +473,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "event.severity": Object { "aggregatable": true, - "category": "event", - "description": "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in \`log.syslog.severity.code\`. \`event.severity\` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the \`log.syslog.severity.code\` to \`event.severity\`.", "esTypes": Array [ "long", ], - "example": 7, "format": "number", "indexes": Array [ "apm-*-transaction*", @@ -585,8 +498,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "host.name": Object { "aggregatable": true, - "category": "host", - "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.", "esTypes": Array [ "keyword", ], @@ -612,9 +523,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "nestedField.firstAttributes": Object { "aggregatable": false, - "category": "nestedField", - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -632,9 +540,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "nestedField.secondAttributes": Object { "aggregatable": false, - "category": "nestedField", - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -652,9 +557,6 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "nestedField.thirdAttributes": Object { "aggregatable": false, - "category": "nestedField", - "description": "", - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -691,12 +593,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "source.ip": Object { "aggregatable": true, - "category": "source", - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -709,12 +608,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` }, "source.port": Object { "aggregatable": true, - "category": "source", - "description": "Port of the source.", "esTypes": Array [ "long", ], - "example": "", "format": "", "indexes": Array [ "auditbeat", @@ -731,12 +627,9 @@ exports[`ColumnHeaders rendering renders correctly against snapshot 1`] = ` "fields": Object { "user.name": Object { "aggregatable": true, - "category": "user", - "description": "Short name or login of the user.", "esTypes": Array [ "keyword", ], - "example": "albert", "format": "string", "indexes": Array [ "auditbeat", diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts index 519c8d21ab70e..b205f7c73a94e 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/column_headers/helpers.test.ts @@ -105,11 +105,7 @@ describe('helpers', () => { const expectedData = [ { aggregatable: true, - category: 'base', columnHeaderType: 'not-filtered', - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', id: '@timestamp', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -122,10 +118,7 @@ describe('helpers', () => { }, { aggregatable: true, - category: 'source', columnHeaderType: 'not-filtered', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', id: 'source.ip', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -137,11 +130,7 @@ describe('helpers', () => { }, { aggregatable: true, - category: 'destination', columnHeaderType: 'not-filtered', - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', id: 'destination.ip', indexes: ['auditbeat', 'filebeat', 'packetbeat'], @@ -170,11 +159,8 @@ describe('helpers', () => { expect(getColumnHeaders(headers, mockBrowserFields)).toEqual([ { aggregatable: false, - category: 'base', columnHeaderType: 'not-filtered', - description: 'Each document has an _id that uniquely identifies it', esTypes: [], - example: 'Y-6TfmcB0WOhS6qyMv3s', id: '_id', indexes: ['auditbeat', 'filebeat', 'packetbeat'], initialWidth: 180, @@ -199,7 +185,6 @@ describe('helpers', () => { fields: { test_field_1: { aggregatable: true, - category: 'test_field_1', esTypes: ['keyword'], format: 'string', indexes: [ @@ -226,7 +211,6 @@ describe('helpers', () => { expect(getColumnHeaders(headers, oneLevelDeep)).toEqual([ { aggregatable: true, - category: 'test_field_1', columnHeaderType: 'not-filtered', esTypes: ['keyword'], format: 'string', @@ -266,7 +250,6 @@ describe('helpers', () => { fields: { 'foo.bar': { aggregatable: true, - category: 'foo', esTypes: ['keyword'], format: 'string', indexes: [ @@ -293,7 +276,6 @@ describe('helpers', () => { expect(getColumnHeaders(headers, twoLevelsDeep)).toEqual([ { aggregatable: true, - category: 'foo', columnHeaderType: 'not-filtered', esTypes: ['keyword'], format: 'string', diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx index 8d46d5438dcbc..0e100d9a25bc3 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/events/stateful_event.tsx @@ -11,8 +11,12 @@ import React, { useCallback, useMemo, useRef, useState } from 'react'; import { useDispatch } from 'react-redux'; import { isEventBuildingBlockType } from '@kbn/securitysolution-data-table'; import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; +import { LeftPanelNotesTab } from '../../../../../flyout/document_details/left'; import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features'; -import { DocumentDetailsRightPanelKey } from '../../../../../flyout/document_details/shared/constants/panel_keys'; +import { + DocumentDetailsLeftPanelKey, + DocumentDetailsRightPanelKey, +} from '../../../../../flyout/document_details/shared/constants/panel_keys'; import { useDeepEqualSelector } from '../../../../../common/hooks/use_selector'; import type { ColumnHeaderOptions, @@ -111,6 +115,9 @@ const StatefulEventComponent: React.FC<Props> = ({ const expandableFlyoutDisabled = useIsExperimentalFeatureEnabled('expandableFlyoutDisabled'); const { openFlyout } = useExpandableFlyoutApi(); + const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled( + 'securitySolutionNotesEnabled' + ); // Store context in state rather than creating object in provider value={} to prevent re-renders caused by a new object being created const [activeStatefulEventContext] = useState({ @@ -178,26 +185,57 @@ const StatefulEventComponent: React.FC<Props> = ({ [event.ecs, rowRenderers] ); + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + const indexName = event._index!; + const onToggleShowNotes = useCallback(() => { - setShowNotes((prevShowNotes) => { - if (prevShowNotes[eventId]) { - // notes are closing, so focus the notes button on the next tick, after escaping the EuiFocusTrap - setTimeout(() => { - const notesButtonElement = trGroupRef.current?.querySelector<HTMLButtonElement>( - `.${NOTES_BUTTON_CLASS_NAME}` - ); - notesButtonElement?.focus(); - }, 0); - } + if (!expandableFlyoutDisabled && securitySolutionNotesEnabled) { + openFlyout({ + right: { + id: DocumentDetailsRightPanelKey, + params: { + id: eventId, + indexName, + scopeId: timelineId, + }, + }, + left: { + id: DocumentDetailsLeftPanelKey, + path: { + tab: LeftPanelNotesTab, + }, + params: { + id: eventId, + indexName, + scopeId: timelineId, + }, + }, + }); + } else { + setShowNotes((prevShowNotes) => { + if (prevShowNotes[eventId]) { + // notes are closing, so focus the notes button on the next tick, after escaping the EuiFocusTrap + setTimeout(() => { + const notesButtonElement = trGroupRef.current?.querySelector<HTMLButtonElement>( + `.${NOTES_BUTTON_CLASS_NAME}` + ); + notesButtonElement?.focus(); + }, 0); + } - return { ...prevShowNotes, [eventId]: !prevShowNotes[eventId] }; - }); - }, [eventId]); + return { ...prevShowNotes, [eventId]: !prevShowNotes[eventId] }; + }); + } + }, [ + eventId, + expandableFlyoutDisabled, + indexName, + securitySolutionNotesEnabled, + openFlyout, + timelineId, + ]); const handleOnEventDetailPanelOpened = useCallback(() => { - // eslint-disable-next-line @typescript-eslint/no-non-null-assertion - const indexName = event._index!; - const updatedExpandedDetail: ExpandedDetailType = { panelView: 'eventDetail', params: { @@ -229,14 +267,14 @@ const StatefulEventComponent: React.FC<Props> = ({ ); } }, [ - dispatch, eventId, - event._index, + indexName, + refetch, expandableFlyoutDisabled, openFlyout, - refetch, - tabType, timelineId, + dispatch, + tabType, ]); const associateNote = useCallback( diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx index 28b60305b3f23..36233fcc3a391 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/formatted_field.tsx @@ -13,16 +13,12 @@ import { isEmpty, isNumber } from 'lodash/fp'; import React from 'react'; import { css } from '@emotion/css'; -import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features'; import type { BrowserField } from '../../../../../common/containers/source'; import { ALERT_HOST_CRITICALITY, ALERT_USER_CRITICALITY, } from '../../../../../../common/field_maps/field_names'; -import { - AgentStatus, - EndpointAgentStatusById, -} from '../../../../../common/components/endpoint/agents/agent_status'; +import { AgentStatus } from '../../../../../common/components/endpoint/agents/agent_status'; import { INDICATOR_REFERENCE } from '../../../../../../common/cti/constants'; import { DefaultDraggable } from '../../../../../common/components/draggables'; import { Bytes, BYTES_FORMAT } from './bytes'; @@ -107,8 +103,6 @@ const FormattedFieldValueComponent: React.FC<{ value, linkValue, }) => { - const agentStatusClientEnabled = useIsExperimentalFeatureEnabled('agentStatusClientEnabled'); - if (isObjectArray || asPlainText) { return <span data-test-subj={`formatted-field-${fieldName}`}>{value}</span>; } else if (fieldType === IP_FIELD_TYPE) { @@ -292,17 +286,12 @@ const FormattedFieldValueComponent: React.FC<{ /> ); } else if (fieldName === AGENT_STATUS_FIELD_NAME) { - return agentStatusClientEnabled ? ( + return ( <AgentStatus agentId={String(value ?? '')} agentType="endpoint" data-test-subj="endpointHostAgentStatus" /> - ) : ( - <EndpointAgentStatusById - endpointAgentId={String(value ?? '')} - data-test-subj="endpointHostAgentStatus" - /> ); } else if ( [ diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/netflow/__snapshots__/netflow_row_renderer.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/netflow/__snapshots__/netflow_row_renderer.test.tsx.snap index 9d2956c56d588..9ed6e85196639 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/netflow/__snapshots__/netflow_row_renderer.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/netflow/__snapshots__/netflow_row_renderer.test.tsx.snap @@ -16,11 +16,6 @@ exports[`netflowRowRenderer renders correctly against snapshot 1`] = ` border-radius: 4px; } -.c14 svg { - position: relative; - top: -1px; -} - .c12, .c12 * { display: inline-block; @@ -125,6 +120,11 @@ tr:hover .c4:focus::before { vertical-align: top; } +.c14 svg { + position: relative; + top: -1px; +} + .c23 { margin-right: 5px; } diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap index afcc519bfe10e..709438a5fcb74 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/shared/__snapshots__/use_timeline_columns.test.ts.snap @@ -4,13 +4,10 @@ exports[`useTimelineColumns augmentedColumnHeaders should return the default col Array [ Object { "aggregatable": true, - "category": "base", "columnHeaderType": "not-filtered", - "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.", "esTypes": Array [ "date", ], - "example": "2016-05-23T08:05:34.853Z", "format": "", "id": "@timestamp", "indexes": Array [ @@ -26,13 +23,10 @@ Array [ }, Object { "aggregatable": false, - "category": "base", "columnHeaderType": "not-filtered", - "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.", "esTypes": Array [ "text", ], - "example": "Hello World", "format": "string", "id": "message", "indexes": Array [ @@ -47,13 +41,10 @@ Array [ }, Object { "aggregatable": true, - "category": "event", "columnHeaderType": "not-filtered", - "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.", "esTypes": Array [ "keyword", ], - "example": "authentication", "format": "string", "id": "event.category", "indexes": Array [ @@ -74,13 +65,10 @@ Array [ }, Object { "aggregatable": true, - "category": "event", "columnHeaderType": "not-filtered", - "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.", "esTypes": Array [ "keyword", ], - "example": "user-password-change", "format": "string", "id": "event.action", "indexes": Array [ @@ -101,9 +89,7 @@ Array [ }, Object { "aggregatable": true, - "category": "host", "columnHeaderType": "not-filtered", - "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.", "esTypes": Array [ "keyword", ], @@ -127,13 +113,10 @@ Array [ }, Object { "aggregatable": true, - "category": "source", "columnHeaderType": "not-filtered", - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "source.ip", "indexes": Array [ @@ -148,13 +131,10 @@ Array [ }, Object { "aggregatable": true, - "category": "destination", "columnHeaderType": "not-filtered", - "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "destination.ip", "indexes": Array [ @@ -169,13 +149,10 @@ Array [ }, Object { "aggregatable": true, - "category": "user", "columnHeaderType": "not-filtered", - "description": "Short name or login of the user.", "esTypes": Array [ "keyword", ], - "example": "albert", "format": "string", "id": "user.name", "indexes": Array [ @@ -195,13 +172,10 @@ exports[`useTimelineColumns augmentedColumnHeaders should return the default uni Array [ Object { "aggregatable": true, - "category": "base", "columnHeaderType": "not-filtered", - "description": "Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.", "esTypes": Array [ "date", ], - "example": "2016-05-23T08:05:34.853Z", "format": "", "id": "@timestamp", "indexes": Array [ @@ -217,13 +191,10 @@ Array [ }, Object { "aggregatable": false, - "category": "base", "columnHeaderType": "not-filtered", - "description": "For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.", "esTypes": Array [ "text", ], - "example": "Hello World", "format": "string", "id": "message", "indexes": Array [ @@ -238,13 +209,10 @@ Array [ }, Object { "aggregatable": true, - "category": "event", "columnHeaderType": "not-filtered", - "description": "This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. \`event.category\` represents the \\"big buckets\\" of ECS categories. For example, filtering on \`event.category:process\` yields all events relating to process activity. This field is closely related to \`event.type\`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.", "esTypes": Array [ "keyword", ], - "example": "authentication", "format": "string", "id": "event.category", "indexes": Array [ @@ -264,13 +232,10 @@ Array [ }, Object { "aggregatable": true, - "category": "event", "columnHeaderType": "not-filtered", - "description": "The action captured by the event. This describes the information in the event. It is more specific than \`event.category\`. Examples are \`group-add\`, \`process-started\`, \`file-created\`. The value is normally defined by the implementer.", "esTypes": Array [ "keyword", ], - "example": "user-password-change", "format": "string", "id": "event.action", "indexes": Array [ @@ -290,9 +255,7 @@ Array [ }, Object { "aggregatable": true, - "category": "host", "columnHeaderType": "not-filtered", - "description": "Name of the host. It can contain what \`hostname\` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.", "esTypes": Array [ "keyword", ], @@ -315,13 +278,10 @@ Array [ }, Object { "aggregatable": true, - "category": "source", "columnHeaderType": "not-filtered", - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "source.ip", "indexes": Array [ @@ -335,13 +295,10 @@ Array [ }, Object { "aggregatable": true, - "category": "destination", "columnHeaderType": "not-filtered", - "description": "IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "destination.ip", "indexes": Array [ @@ -355,13 +312,10 @@ Array [ }, Object { "aggregatable": true, - "category": "user", "columnHeaderType": "not-filtered", - "description": "Short name or login of the user.", "esTypes": Array [ "keyword", ], - "example": "albert", "format": "string", "id": "user.name", "indexes": Array [ @@ -380,13 +334,10 @@ exports[`useTimelineColumns augmentedColumnHeaders should return the provided co Array [ Object { "aggregatable": true, - "category": "source", "columnHeaderType": "not-filtered", - "description": "IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.", "esTypes": Array [ "ip", ], - "example": "", "format": "", "id": "source.ip", "indexes": Array [ diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/__snapshots__/custom_timeline_data_grid_body.test.tsx.snap b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/__snapshots__/custom_timeline_data_grid_body.test.tsx.snap index 2c8c9d593b775..d11a5f23cbda6 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/__snapshots__/custom_timeline_data_grid_body.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/__snapshots__/custom_timeline_data_grid_body.test.tsx.snap @@ -28,6 +28,7 @@ exports[`CustomTimelineDataGridBody should render exactly as snapshots 1`] = ` .c0 . euiDataGridRowCell--controlColumn { height: 40px; + min-height: 40px; } .c0 .udt--customRow { @@ -57,12 +58,28 @@ exports[`CustomTimelineDataGridBody should render exactly as snapshots 1`] = ` -webkit-box-align: center; -ms-flex-align: center; align-items: center; - height: 36px; + height: 40px; } .c1 .euiDataGridRowCell, .c1 .euiDataGridRowCell__content { + -webkit-align-items: flex-start; + -webkit-box-align: flex-start; + -ms-flex-align: flex-start; + align-items: flex-start; + display: -webkit-box; + display: -webkit-flex; + display: -ms-flexbox; + display: flex; + -webkit-flex-direction: column; + -ms-flex-direction: column; + flex-direction: column; + -webkit-box-pack: center; + -webkit-justify-content: center; + -ms-flex-pack: center; + justify-content: center; height: 100%; + min-height: 40px; } .c1 .euiDataGridRowCell .unifiedDataTable__rowControl, diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/custom_timeline_data_grid_body.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/custom_timeline_data_grid_body.tsx index 7002360f5a346..fecfb56f87b14 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/custom_timeline_data_grid_body.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/custom_timeline_data_grid_body.tsx @@ -31,11 +31,15 @@ export type CustomTimelineDataGridBodyProps = EuiDataGridCustomBodyProps & { eventIdToNoteIds?: Record<string, string[]> | null; eventIdsAddingNotes?: Set<string>; onToggleShowNotes: (eventId?: string) => void; + rowHeight?: number; refetch?: () => void; }; const emptyNotes: string[] = []; +// THE DataGrid Row default is 34px, but we make ours 40 to account for our row actions +const DEFAULT_UDT_ROW_HEIGHT = 40; + /** * * In order to render the additional row with every event ( which displays the row-renderer, notes and notes editor) @@ -56,6 +60,7 @@ export const CustomTimelineDataGridBody: FC<CustomTimelineDataGridBodyProps> = m visibleColumns, visibleRowData, rows, + rowHeight, enabledRowRenderers, events = [], eventIdToNoteIds = {}, @@ -98,6 +103,7 @@ export const CustomTimelineDataGridBody: FC<CustomTimelineDataGridBodyProps> = m rowIndex={rowIndex} key={rowIndex} visibleColumns={visibleColumns} + rowHeight={rowHeight} Cell={Cell} enabledRowRenderers={enabledRowRenderers} notes={notes} @@ -127,7 +133,8 @@ const CustomGridRow = styled.div.attrs<{ width: fit-content; border-bottom: 1px solid ${(props) => (props.theme as EuiTheme).eui.euiBorderThin}; . euiDataGridRowCell--controlColumn { - height: 40px; + height: ${(props: { $cssRowHeight: string }) => props.$cssRowHeight}; + min-height: ${DEFAULT_UDT_ROW_HEIGHT}px; } .udt--customRow { border-radius: 0; @@ -160,10 +167,15 @@ const CustomGridRowCellWrapper = styled.div.attrs<{ }))` display: flex; align-items: center; - height: 36px; + height: ${(props: { $cssRowHeight: string }) => props.$cssRowHeight}; .euiDataGridRowCell, .euiDataGridRowCell__content { + align-items: flex-start; + display: flex; + flex-direction: column; + justify-content: center; height: 100%; + min-height: ${DEFAULT_UDT_ROW_HEIGHT}px; .unifiedDataTable__rowControl { margin-top: 0; } @@ -182,9 +194,19 @@ type CustomTimelineDataGridSingleRowProps = { onToggleShowNotes: (eventId?: string) => void; } & Pick< CustomTimelineDataGridBodyProps, - 'visibleColumns' | 'Cell' | 'enabledRowRenderers' | 'refetch' + 'visibleColumns' | 'Cell' | 'enabledRowRenderers' | 'refetch' | 'rowHeight' >; +const calculateRowHeightInPixels = (lineHeightMultiple: number): string => { + // The line height multiple can be negative to indicate "auto" in the unified data table + if (lineHeightMultiple < 0) return 'auto'; + // The base line-height in pixels is 16px. This would be calculated default by the datagird and we could use + // the `configRowHeight` prop, but since we own control of our rows via `customGridBody` we have to calculate it ourselves. + const baseRowLineHeightInPx = 16; + const rowHeightInPixels = DEFAULT_UDT_ROW_HEIGHT + baseRowLineHeightInPx * lineHeightMultiple; + return `${rowHeightInPixels}px`; +}; + /** * * RenderCustomBody component above uses this component to display a single row. @@ -204,6 +226,7 @@ const CustomDataGridSingleRow = memo(function CustomDataGridSingleRow( eventId = '', onToggleShowNotes, refetch, + rowHeight: rowHeightMultiple = 0, } = props; const dispatch = useDispatch(); const { canShowRowRenderer } = useStatefulRowRenderer({ @@ -211,6 +234,7 @@ const CustomDataGridSingleRow = memo(function CustomDataGridSingleRow( rowRenderers: enabledRowRenderers, }); + const cssRowHeight: string = calculateRowHeightInPixels(rowHeightMultiple); /** * removes the border between the actual row ( timelineEvent) and `TimelineEventDetail` row * which renders the row-renderer, notes and notes editor @@ -250,9 +274,10 @@ const CustomDataGridSingleRow = memo(function CustomDataGridSingleRow( return ( <CustomGridRow className={`${rowIndex % 2 === 0 ? 'euiDataGridRow--striped' : ''}`} + $cssRowHeight={cssRowHeight} key={rowIndex} > - <CustomGridRowCellWrapper className={eventTypeRowClassName}> + <CustomGridRowCellWrapper className={eventTypeRowClassName} $cssRowHeight={cssRowHeight}> {visibleColumns.map((column, colIndex) => { // Skip the expanded row cell - we'll render it manually outside of the flex wrapper if (column.id !== TIMELINE_EVENT_DETAIL_ROW_ID) { diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx index d7e22f116511a..f512fcbe04a0c 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/unified_components/data_table/index.tsx @@ -390,6 +390,7 @@ export const TimelineDataTableComponent: React.FC<DataTableProps> = memo( visibleColumns={visibleColumns} visibleRowData={visibleRowData} eventIdToNoteIds={eventIdToNoteIds} + rowHeight={rowHeight} setCustomGridBodyProps={setCustomGridBodyProps} events={events} enabledRowRenderers={enabledRowRenderers} @@ -405,6 +406,7 @@ export const TimelineDataTableComponent: React.FC<DataTableProps> = memo( eventIdToNoteIds, cellContext?.eventIdsAddingNotes, cellContext?.onToggleShowNotes, + rowHeight, refetch, ] ); diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.test.ts new file mode 100644 index 0000000000000..6b7526870eb9f --- /dev/null +++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.test.ts @@ -0,0 +1,171 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { elasticsearchServiceMock } from '@kbn/core-elasticsearch-server-mocks'; + +import { getAnonymizedAlerts } from './get_anonymized_alerts'; +import { mockOpenAndAcknowledgedAlertsQueryResults } from '../mock/mock_open_and_acknowledged_alerts_query_results'; +import { getOpenAndAcknowledgedAlertsQuery } from '../open_and_acknowledged_alerts/get_open_and_acknowledged_alerts_query'; +import { MIN_SIZE } from '../open_and_acknowledged_alerts/helpers'; + +jest.mock('../open_and_acknowledged_alerts/get_open_and_acknowledged_alerts_query', () => { + const original = jest.requireActual( + '../open_and_acknowledged_alerts/get_open_and_acknowledged_alerts_query' + ); + + return { + getOpenAndAcknowledgedAlertsQuery: jest.fn(() => original), + }; +}); + +describe('getAnonymizedAlerts', () => { + const alertsIndexPattern = '.alerts-security.alerts-default'; + const mockAnonymizationFields = [ + { + id: '9f95b649-f20e-4edf-bd76-1d21ab6f8e2e', + timestamp: '2024-05-06T22:16:48.489Z', + field: '_id', + allowed: true, + anonymized: false, + createdAt: '2024-05-06T22:16:48.489Z', + namespace: 'default', + }, + { + id: '22f23471-4f6a-4cec-9b2a-cf270ffb53d5', + timestamp: '2024-05-06T22:16:48.489Z', + field: 'host.name', + allowed: true, + anonymized: true, + createdAt: '2024-05-06T22:16:48.489Z', + namespace: 'default', + }, + ]; + const mockEsClient = elasticsearchServiceMock.createElasticsearchClient(); + const mockReplacements = { + replacement1: 'SRVMAC08', + replacement2: 'SRVWIN01', + replacement3: 'SRVWIN02', + }; + const size = 10; + + beforeEach(() => { + jest.clearAllMocks(); + + (mockEsClient.search as unknown as jest.Mock).mockResolvedValue( + mockOpenAndAcknowledgedAlertsQueryResults + ); + }); + + it('returns an empty array when alertsIndexPattern is not provided', async () => { + const result = await getAnonymizedAlerts({ + esClient: mockEsClient, + size, + }); + + expect(result).toEqual([]); + }); + + it('should return an empty array when size is not provided', async () => { + const result = await getAnonymizedAlerts({ + alertsIndexPattern, + esClient: mockEsClient, + }); + + expect(result).toEqual([]); + }); + + it('should return an empty array when size is out of range', async () => { + const outOfRange = MIN_SIZE - 1; + + const result = await getAnonymizedAlerts({ + alertsIndexPattern, + esClient: mockEsClient, + size: outOfRange, + }); + + expect(result).toEqual([]); + }); + + it('calls getOpenAndAcknowledgedAlertsQuery with the provided anonymizationFields', async () => { + await getAnonymizedAlerts({ + alertsIndexPattern, + anonymizationFields: mockAnonymizationFields, + esClient: mockEsClient, + replacements: mockReplacements, + size, + }); + + expect(getOpenAndAcknowledgedAlertsQuery).toHaveBeenCalledWith({ + alertsIndexPattern, + anonymizationFields: mockAnonymizationFields, + size, + }); + }); + + it('calls getOpenAndAcknowledgedAlertsQuery with empty anonymizationFields when they are NOT provided', async () => { + await getAnonymizedAlerts({ + alertsIndexPattern, + esClient: mockEsClient, + replacements: mockReplacements, + size, + }); + + expect(getOpenAndAcknowledgedAlertsQuery).toHaveBeenCalledWith({ + alertsIndexPattern, + anonymizationFields: [], + size, + }); + }); + + it('returns the expected transformed (anonymized) raw data', async () => { + const result = await getAnonymizedAlerts({ + alertsIndexPattern, + anonymizationFields: mockAnonymizationFields, + esClient: mockEsClient, + replacements: mockReplacements, + size, + }); + + expect(result).toEqual([ + '_id,b6e883c29b32571aaa667fa13e65bbb4f95172a2b84bdfb85d6f16c72b2d2560\nhost.name,replacement1', + '_id,0215a6c5cc9499dd0290cd69a4947efb87d3ddd8b6385a766d122c2475be7367\nhost.name,replacement1', + '_id,600eb9eca925f4c5b544b4e9d3cf95d83b7829f8f74c5bd746369cb4c2968b9a\nhost.name,replacement1', + '_id,e1f4a4ed70190eb4bd256c813029a6a9101575887cdbfa226ac330fbd3063f0c\nhost.name,replacement1', + '_id,2a7a4809ca625dfe22ccd35fbef7a7ba8ed07f109e5cbd17250755cfb0bc615f\nhost.name,replacement1', + '_id,2a9f7602de8656d30dda0ddcf79e78037ac2929780e13d5b2047b3bedc40bb69\nhost.name,replacement1', + '_id,4615c3a90e8057ae5cc9b358bbbf4298e346277a2f068dda052b0b43ef6d5bbd\nhost.name,replacement1', + '_id,449322a72d3f19efbdf983935a1bdd21ebd6b9c761ce31e8b252003017d7e5db\nhost.name,replacement1', + '_id,f465ca9fbfc8bc3b1871e965c9e111cac76ff3f4076fed6bc9da88d49fb43014\nhost.name,replacement3', + '_id,aa283e6a13be77b533eceffb09e48254c8f91feeccc39f7eed80fd3881d053f4\nhost.name,replacement3', + '_id,dd9e4ea23961ccfdb7a9c760ee6bedd19a013beac3b0d38227e7ae77ba4ce515\nhost.name,replacement3', + '_id,f30d55e503b1d848b34ee57741b203d8052360dd873ea34802f3fa7a9ef34d0a\nhost.name,replacement3', + '_id,6f8cd5e8021dbb64598f2b7ec56bee21fd00d1e62d4e08905f86bf234873ee66\nhost.name,replacement3', + '_id,ce110da958fe0cf0c07599a21c68d90a64c93b7607aa27970a614c7f49598316\nhost.name,replacement3', + '_id,0866787b0027b4d908767ac16e35a1da00970c83632ba85be65f2ad371132b4f\nhost.name,replacement3', + '_id,b0fdf96721e361e1137d49a67e26d92f96b146392d7f44322bddc3d660abaef1\nhost.name,replacement3', + '_id,7b4f49f21cf141e67856d3207fb4ea069c8035b41f0ea501970694cf8bd43cbe\nhost.name,replacement3', + '_id,ea81d79104cbd442236b5bcdb7a3331de897aa4ce1523e622068038d048d0a9e\nhost.name,replacement3', + '_id,cdf3b5510bb5ed622e8cefd1ce6bedc52bdd99a4c1ead537af0603469e713c8b\nhost.name,replacement2', + '_id,6abe81eb6350fb08031761be029e7ab19f7e577a7c17a9c5ea1ed010ba1620e3\nhost.name,replacement2', + ]); + }); + + it('calls onNewReplacements for every alert', async () => { + const onNewReplacements = jest.fn(); + + await getAnonymizedAlerts({ + alertsIndexPattern, + anonymizationFields: mockAnonymizationFields, + esClient: mockEsClient, + onNewReplacements, + replacements: mockReplacements, + size, + }); + + expect(onNewReplacements).toHaveBeenCalledTimes(20); // 20 alerts in mockOpenAndAcknowledgedAlertsQueryResults + }); +}); diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts index 933a7ab55b924..5989caf439518 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_anonymized_alerts.ts @@ -28,7 +28,7 @@ export const getAnonymizedAlerts = async ({ onNewReplacements?: (replacements: Replacements) => void; replacements?: Replacements; size?: number; -}) => { +}): Promise<string[]> => { if (alertsIndexPattern == null || size == null || sizeIsOutOfRange(size)) { return []; } diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_attack_discovery_prompt.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_attack_discovery_prompt.test.ts new file mode 100644 index 0000000000000..bc290bf172382 --- /dev/null +++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_attack_discovery_prompt.test.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { getAttackDiscoveryPrompt } from './get_attack_discovery_prompt'; + +describe('getAttackDiscoveryPrompt', () => { + it('should generate the correct attack discovery prompt', () => { + const anonymizedAlerts = ['Alert 1', 'Alert 2', 'Alert 3']; + + const expected = `You are a cyber security analyst tasked with analyzing security events from Elastic Security to identify and report on potential cyber attacks or progressions. Your report should focus on high-risk incidents that could severely impact the organization, rather than isolated alerts. Present your findings in a way that can be easily understood by anyone, regardless of their technical expertise, as if you were briefing the CISO. Break down your response into sections based on timing, hosts, and users involved. When correlating alerts, use kibana.alert.original_time when it's available, otherwise use @timestamp. Include appropriate context about the affected hosts and users. Describe how the attack progression might have occurred and, if feasible, attribute it to known threat groups. Prioritize high and critical alerts, but include lower-severity alerts if desired. In the description field, provide as much detail as possible, in a bulleted list explaining any attack progressions. Accuracy is of utmost importance. Escape backslashes to respect JSON validation. New lines must always be escaped with double backslashes, i.e. \\\\n to ensure valid JSON. Only return JSON output, as described above. Do not add any additional text to describe your output. + +Use context from the following open and acknowledged alerts to provide insights: + +""" +Alert 1 + +Alert 2 + +Alert 3 +""" +`; + + const prompt = getAttackDiscoveryPrompt({ anonymizedAlerts }); + + expect(prompt).toEqual(expected); + }); +}); diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.test.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.test.ts new file mode 100644 index 0000000000000..446611f87ea6a --- /dev/null +++ b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/get_output_parser.test.ts @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { getOutputParser } from './get_output_parser'; + +describe('getOutputParser', () => { + it('returns a structured output parser with the expected format instructions', () => { + const outputParser = getOutputParser(); + + const expected = `You must format your output as a JSON value that adheres to a given \"JSON Schema\" instance. + +\"JSON Schema\" is a declarative language that allows you to annotate and validate JSON documents. + +For example, the example \"JSON Schema\" instance {{\"properties\": {{\"foo\": {{\"description\": \"a list of test words\", \"type\": \"array\", \"items\": {{\"type\": \"string\"}}}}}}, \"required\": [\"foo\"]}}}} +would match an object with one required property, \"foo\". The \"type\" property specifies \"foo\" must be an \"array\", and the \"description\" property semantically describes it as \"a list of test words\". The items within \"foo\" must be strings. +Thus, the object {{\"foo\": [\"bar\", \"baz\"]}} is a well-formatted instance of this example \"JSON Schema\". The object {{\"properties\": {{\"foo\": [\"bar\", \"baz\"]}}}} is not well-formatted. + +Your output will be parsed and type-checked according to the provided schema instance, so make sure all fields in your output match the schema exactly and there are no trailing commas! + +Here is the JSON Schema instance your output must adhere to. Include the enclosing markdown codeblock: +\`\`\`json +{\"type\":\"array\",\"items\":{\"type\":\"object\",\"properties\":{\"alertIds\":{\"type\":\"array\",\"items\":{\"type\":\"string\"},\"description\":\"The alert IDs that the insight is based on.\"},\"detailsMarkdown\":{\"type\":\"string\",\"description\":\"A detailed insight with markdown that always uses special {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax for field names and values from the source data. Examples of CORRECT syntax (includes field names and values): {{ host.name hostNameValue }} {{ user.name userNameValue }} {{ source.ip sourceIpValue }} Examples of INCORRECT syntax (bad, because the field names are not included): {{ hostNameValue }} {{ userNameValue }} {{ sourceIpValue }}\"},\"entitySummaryMarkdown\":{\"type\":\"string\",\"description\":\"A short (no more than a sentence) summary of the insight featuring only the host.name and user.name fields (when they are applicable), using the same {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax\"},\"mitreAttackTactics\":{\"type\":\"array\",\"items\":{\"type\":\"string\"},\"description\":\"An array of MITRE ATT&CK tactic for the insight, using one of the following values: Reconnaissance,Initial Access,Execution,Persistence,Privilege Escalation,Discovery,Lateral Movement,Command and Control,Exfiltration\"},\"summaryMarkdown\":{\"type\":\"string\",\"description\":\"A markdown summary of insight, using the same {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax\"},\"title\":{\"type\":\"string\",\"description\":\"A short, no more than 7 words, title for the insight, NOT formatted with special syntax or markdown. This must be as brief as possible.\"}},\"required\":[\"alertIds\",\"detailsMarkdown\",\"summaryMarkdown\",\"title\"],\"additionalProperties\":false},\"description\":\"Insights with markdown that always uses special {{ field.name fieldValue1 fieldValue2 fieldValueN }} syntax for field names and values from the source data. Examples of CORRECT syntax (includes field names and values): {{ host.name hostNameValue }} {{ user.name userNameValue }} {{ source.ip sourceIpValue }} Examples of INCORRECT syntax (bad, because the field names are not included): {{ hostNameValue }} {{ userNameValue }} {{ sourceIpValue }}\",\"$schema\":\"http://json-schema.org/draft-07/schema#\"} +\`\`\` +`; + + expect(outputParser.getFormatInstructions()).toEqual(expected); + }); +}); diff --git a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/helpers.ts b/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/helpers.ts deleted file mode 100644 index fd5d4cc668df8..0000000000000 --- a/x-pack/plugins/security_solution/server/assistant/tools/attack_discovery/helpers.ts +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { Replacements } from '@kbn/elastic-assistant-common'; - -export const getReplacementsRecords = ( - replacements: Array<{ value: string; uuid: string }> -): Replacements => - replacements.reduce<Record<string, string>>( - (acc, { value, uuid }) => ({ ...acc, [uuid]: value }), - {} - ); - -export const getReplacementsArray = ( - replacements: Replacements -): Array<{ value: string; uuid: string }> => - Object.entries(replacements).map(([uuid, value]) => ({ uuid, value })); diff --git a/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts index 1fbfeef9382e5..3cd77526942ff 100644 --- a/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts +++ b/x-pack/plugins/security_solution/server/endpoint/mocks/mocks.ts @@ -48,6 +48,7 @@ import { createCasesClientMock } from '@kbn/cases-plugin/server/client/mocks'; import type { AddVersionOpts, VersionedRouteConfig } from '@kbn/core-http-server'; import { unsecuredActionsClientMock } from '@kbn/actions-plugin/server/unsecured_actions_client/unsecured_actions_client.mock'; import type { PluginStartContract } from '@kbn/actions-plugin/server'; +import type { Mutable } from 'utility-types'; import { responseActionsClientMock } from '../services/actions/clients/mocks'; import { getEndpointAuthzInitialStateMock } from '../../../common/endpoint/service/authz/mocks'; import { createMockConfig, requestContextMock } from '../../lib/detection_engine/routes/__mocks__'; @@ -264,7 +265,7 @@ export interface HttpApiTestSetupMock<P = any, Q = any, B = any> { httpResponseMock: ReturnType<typeof httpServerMock.createResponseFactory>; httpHandlerContextMock: ReturnType<typeof requestContextMock.convertContext>; getEsClientMock: (type?: 'internalUser' | 'currentUser') => ElasticsearchClientMock; - createRequestMock: (options?: RequestFixtureOptions<P, Q, B>) => KibanaRequest<P, Q, B>; + createRequestMock: (options?: RequestFixtureOptions<P, Q, B>) => Mutable<KibanaRequest<P, Q, B>>; /** Retrieves the handler that was registered with the `router` for a given `method` and `path` */ getRegisteredRouteHandler: (method: RouterMethod, path: string) => RequestHandler; /** Retrieves the route handler configuration that was registered with the router */ @@ -334,7 +335,9 @@ export const createHttpApiTestSetupMock = <P = any, Q = any, B = any>(): HttpApi httpHandlerContextMock, httpResponseMock, - createRequestMock: (options: RequestFixtureOptions<P, Q, B> = {}): KibanaRequest<P, Q, B> => { + createRequestMock: ( + options: RequestFixtureOptions<P, Q, B> = {} + ): Mutable<KibanaRequest<P, Q, B>> => { return httpServerMock.createKibanaRequest<P, Q, B>(options); }, diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts index 09512b7cbc5ed..cf8a5325b9f9a 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts @@ -50,7 +50,7 @@ import type { KillOrSuspendProcessRequestBody, ResponseActionParametersWithPidOrEntityId, ResponseActionsExecuteParameters, - ResponseActionsScanParameters, + ResponseActionScanParameters, } from '../../../../common/endpoint/types'; import type { ResponseActionsApiCommandNames } from '../../../../common/endpoint/service/response_actions/constants'; import type { @@ -301,7 +301,7 @@ export function registerResponseActionRoutes( withEndpointAuthz( { all: ['canWriteScanOperations'] }, logger, - responseActionRequestHandler<ResponseActionsScanParameters>(endpointContext, 'scan') + responseActionRequestHandler<ResponseActionScanParameters>(endpointContext, 'scan') ) ); } diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts index d60c04b58886b..ff34ff6d66d1e 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.test.ts @@ -12,12 +12,33 @@ import { registerAgentStatusRoute } from './agent_status_handler'; import { AGENT_STATUS_ROUTE } from '../../../../common/endpoint/constants'; import { CustomHttpRequestError } from '../../../utils/custom_http_request_error'; import type { EndpointAgentStatusRequestQueryParams } from '../../../../common/api/endpoint/agent/get_agent_status_route'; +import type { ResponseActionAgentType } from '../../../../common/endpoint/service/response_actions/constants'; import { RESPONSE_ACTION_AGENT_TYPE } from '../../../../common/endpoint/service/response_actions/constants'; +import type { ExperimentalFeatures } from '../../../../common'; +import { agentServiceMocks as mockAgentService } from '../../services/agent/mocks'; +import { getAgentStatusClient as _getAgentStatusClient } from '../../services'; +import type { DeepMutable } from '../../../../common/endpoint/types'; + +jest.mock('../../services', () => { + const realModule = jest.requireActual('../../services'); + + return { + ...realModule, + getAgentStatusClient: jest.fn((agentType: ResponseActionAgentType) => { + return mockAgentService.createClient(agentType); + }), + }; +}); + +const getAgentStatusClientMock = _getAgentStatusClient as jest.Mock; describe('Agent Status API route handler', () => { - let apiTestSetup: HttpApiTestSetupMock<never, EndpointAgentStatusRequestQueryParams>; + let apiTestSetup: HttpApiTestSetupMock<never, DeepMutable<EndpointAgentStatusRequestQueryParams>>; let httpRequestMock: ReturnType< - HttpApiTestSetupMock<never, EndpointAgentStatusRequestQueryParams>['createRequestMock'] + HttpApiTestSetupMock< + never, + DeepMutable<EndpointAgentStatusRequestQueryParams> + >['createRequestMock'] >; let httpHandlerContextMock: HttpApiTestSetupMock< never, @@ -43,60 +64,55 @@ describe('Agent Status API route handler', () => { apiTestSetup.endpointAppContextMock.experimentalFeatures = { ...apiTestSetup.endpointAppContextMock.experimentalFeatures, responseActionsSentinelOneV1Enabled: true, - responseActionsCrowdstrikeManualHostIsolationEnabled: false, - agentStatusClientEnabled: false, + responseActionsCrowdstrikeManualHostIsolationEnabled: true, }; registerAgentStatusRoute(apiTestSetup.routerMock, apiTestSetup.endpointAppContextMock); }); - it('should error if the sentinel_one feature flag is turned off', async () => { - apiTestSetup.endpointAppContextMock.experimentalFeatures = { - ...apiTestSetup.endpointAppContextMock.experimentalFeatures, - responseActionsSentinelOneV1Enabled: false, - responseActionsCrowdstrikeManualHostIsolationEnabled: false, - }; + it.each` + agentType | featureFlag + ${'sentinel_one'} | ${'responseActionsSentinelOneV1Enabled'} + ${'crowdstrike'} | ${'responseActionsCrowdstrikeManualHostIsolationEnabled'} + `( + 'should error if the $agentType feature flag ($featureFlag) is turned off', + async ({ + agentType, + featureFlag, + }: { + agentType: ResponseActionAgentType; + featureFlag: keyof ExperimentalFeatures; + }) => { + apiTestSetup.endpointAppContextMock.experimentalFeatures = { + ...apiTestSetup.endpointAppContextMock.experimentalFeatures, + [featureFlag]: false, + }; + httpRequestMock.query.agentType = agentType; - await apiTestSetup - .getRegisteredVersionedRoute('get', AGENT_STATUS_ROUTE, '1') - .routeHandler(httpHandlerContextMock, httpRequestMock, httpResponseMock); - - expect(httpResponseMock.customError).toHaveBeenCalledWith({ - statusCode: 400, - body: expect.any(CustomHttpRequestError), - }); - }); - - it.each(RESPONSE_ACTION_AGENT_TYPE)('should accept agent type of %s', async (agentType) => { - // @ts-expect-error `query.*` is not mutable - httpRequestMock.query.agentType = agentType; - // TODO TC: Temporary workaround to catch thrown error while Crowdstrike status is not yet supported - try { await apiTestSetup .getRegisteredVersionedRoute('get', AGENT_STATUS_ROUTE, '1') .routeHandler(httpHandlerContextMock, httpRequestMock, httpResponseMock); - } catch (error) { - if (agentType === 'crowdstrike') { - expect(error.message).toBe('Agent type [crowdstrike] does not support agent status'); - } - } - if (agentType !== 'crowdstrike') { - expect(httpResponseMock.ok).toHaveBeenCalled(); + + expect(httpResponseMock.customError).toHaveBeenCalledWith({ + statusCode: 400, + body: expect.any(CustomHttpRequestError), + }); } - }); + ); - it('should accept agent type of `endpoint` when FF is disabled', async () => { - apiTestSetup.endpointAppContextMock.experimentalFeatures = { - ...apiTestSetup.endpointAppContextMock.experimentalFeatures, - responseActionsSentinelOneV1Enabled: false, - }; - // @ts-expect-error `query.*` is not mutable - httpRequestMock.query.agentType = 'endpoint'; + it.each(RESPONSE_ACTION_AGENT_TYPE)('should accept agent type of %s', async (agentType) => { + httpRequestMock.query.agentType = agentType; await apiTestSetup .getRegisteredVersionedRoute('get', AGENT_STATUS_ROUTE, '1') .routeHandler(httpHandlerContextMock, httpRequestMock, httpResponseMock); expect(httpResponseMock.ok).toHaveBeenCalled(); + expect(getAgentStatusClientMock).toHaveBeenCalledWith(agentType, { + esClient: (await httpHandlerContextMock.core).elasticsearch.client.asInternalUser, + soClient: (await httpHandlerContextMock.core).savedObjects.client, + connectorActionsClient: (await httpHandlerContextMock.actions).getActionsClient(), + endpointService: apiTestSetup.endpointAppContextMock.service, + }); }); it('should return status code 200 with expected payload', async () => { @@ -109,43 +125,21 @@ describe('Agent Status API route handler', () => { data: { one: { agentType: 'sentinel_one', - found: false, + found: true, agentId: 'one', - isUninstalled: false, - isPendingUninstall: false, isolated: false, - lastSeen: '', - pendingActions: { - execute: 0, - 'get-file': 0, - isolate: 0, - 'kill-process': 0, - 'running-processes': 0, - 'suspend-process': 0, - unisolate: 0, - upload: 0, - }, - status: 'unenrolled', + lastSeen: expect.any(String), + pendingActions: {}, + status: 'healthy', }, two: { agentType: 'sentinel_one', - found: false, + found: true, agentId: 'two', - isUninstalled: false, - isPendingUninstall: false, isolated: false, - lastSeen: '', - pendingActions: { - execute: 0, - 'get-file': 0, - isolate: 0, - 'kill-process': 0, - 'running-processes': 0, - 'suspend-process': 0, - unisolate: 0, - upload: 0, - }, - status: 'unenrolled', + lastSeen: expect.any(String), + pendingActions: {}, + status: 'healthy', }, }, }, diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts index 25f281facb848..0a9bdbde9876e 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts @@ -6,7 +6,6 @@ */ import type { RequestHandler } from '@kbn/core/server'; -import { getSentinelOneAgentStatus } from '../../services/agent/agent_status'; import { errorHandler } from '../error_handler'; import type { EndpointAgentStatusRequestQueryParams } from '../../../../common/api/endpoint/agent/get_agent_status_route'; import { EndpointAgentStatusRequestSchema } from '../../../../common/api/endpoint/agent/get_agent_status_route'; @@ -59,6 +58,10 @@ export const getAgentStatusRouteHandler = ( const { agentType = 'endpoint', agentIds: _agentIds } = request.query; const agentIds = Array.isArray(_agentIds) ? _agentIds : [_agentIds]; + logger.debug( + `Retrieving status for: agentType [${agentType}], agentIds: [${agentIds.join(', ')}]` + ); + // Note: because our API schemas are defined as module static variables (as opposed to a // `getter` function), we need to include this additional validation here, since // `agent_type` is included in the schema independent of the feature flag @@ -77,36 +80,17 @@ export const getAgentStatusRouteHandler = ( const esClient = (await context.core).elasticsearch.client.asInternalUser; const soClient = (await context.core).savedObjects.client; + const connectorActionsClient = (await context.actions).getActionsClient(); const agentStatusClient = getAgentStatusClient(agentType, { esClient, soClient, + connectorActionsClient, endpointService: endpointContext.service, - connectorActionsClient: - agentType === 'crowdstrike' ? (await context.actions).getActionsClient() : undefined, }); - - // 8.15: use the new `agentStatusClientEnabled` FF enabled - const data = endpointContext.experimentalFeatures.agentStatusClientEnabled - ? await agentStatusClient.getAgentStatuses(agentIds) - : agentType === 'sentinel_one' - ? await getSentinelOneAgentStatus({ - agentType, - agentIds, - logger, - connectorActionsClient: (await context.actions).getActionsClient(), - }) - : []; - - logger.debug( - `Retrieving status for: agentType [${agentType}], agentIds: [${agentIds.join(', ')}]` - ); + const data = await agentStatusClient.getAgentStatuses(agentIds); try { - return response.ok({ - body: { - data, - }, - }); + return response.ok({ body: { data } }); } catch (e) { return errorHandler(logger, response, e); } diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.test.ts index 99274f83240c2..fd1f597cf3ef1 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.test.ts @@ -13,9 +13,13 @@ import { ResponseActionsNotSupportedError } from '../errors'; import type { CrowdstrikeActionsClientOptionsMock } from './mocks'; import { CrowdstrikeMock } from './mocks'; -import { ENDPOINT_ACTIONS_INDEX } from '../../../../../../common/endpoint/constants'; +import { + ENDPOINT_ACTION_RESPONSES_INDEX, + ENDPOINT_ACTIONS_INDEX, +} from '../../../../../../common/endpoint/constants'; import { SUB_ACTION } from '@kbn/stack-connectors-plugin/common/crowdstrike/constants'; import type { NormalizedExternalConnectorClient } from '../../..'; + jest.mock('../../action_details_by_id', () => { const originalMod = jest.requireActual('../../action_details_by_id'); @@ -75,6 +79,48 @@ describe('CrowdstrikeActionsClient class', () => { }); }); + it('should save response with error in case of actionResponse containing errors', async () => { + // mock execute of CS action to return error + const actionResponse = { + data: { + errors: [{ message: 'error message' }], + }, + }; + (connectorActionsMock.execute as jest.Mock).mockResolvedValueOnce(actionResponse); + + await crowdstrikeActionsClient.isolate( + createCrowdstrikeIsolationOptions({ actionId: '123-345-567' }) + ); + expect(classConstructorOptions.esClient.index.mock.calls[1][0]).toEqual({ + document: { + '@timestamp': expect.any(String), + agent: { id: ['1-2-3'] }, + EndpointActions: { + action_id: expect.any(String), + completed_at: expect.any(String), + started_at: expect.any(String), + data: { + command: 'isolate', + comment: 'test comment', + hosts: { + '1-2-3': { + name: 'Crowdstrike-1460', + }, + }, + }, + input_type: 'crowdstrike', + }, + error: { + code: '500', + message: 'Crowdstrike action failed: error message', + }, + meta: undefined, + }, + index: ENDPOINT_ACTION_RESPONSES_INDEX, + refresh: 'wait_for', + }); + }); + describe(`#isolate()`, () => { it('should send action to Crowdstrike', async () => { await crowdstrikeActionsClient.isolate( @@ -99,40 +145,61 @@ describe('CrowdstrikeActionsClient class', () => { it('should write action request to endpoint indexes', async () => { await crowdstrikeActionsClient.isolate(createCrowdstrikeIsolationOptions()); - // we do not write response to es yet - expect(classConstructorOptions.esClient.index).toHaveBeenCalledTimes(1); - expect(classConstructorOptions.esClient.index).toHaveBeenNthCalledWith( - 1, - { - document: { - '@timestamp': expect.any(String), - EndpointActions: { - action_id: expect.any(String), - data: { - command: 'isolate', - comment: 'test comment', - parameters: undefined, - hosts: { - '1-2-3': { - name: 'Crowdstrike-1460', - }, + expect(classConstructorOptions.esClient.index).toHaveBeenCalledTimes(2); + expect(classConstructorOptions.esClient.index.mock.calls[0][0]).toEqual({ + document: { + '@timestamp': expect.any(String), + EndpointActions: { + action_id: expect.any(String), + data: { + command: 'isolate', + comment: 'test comment', + parameters: undefined, + hosts: { + '1-2-3': { + name: 'Crowdstrike-1460', }, }, - expiration: expect.any(String), - input_type: 'crowdstrike', - type: 'INPUT_ACTION', }, - agent: { id: ['1-2-3'] }, - meta: { - hostName: 'Crowdstrike-1460', + expiration: expect.any(String), + input_type: 'crowdstrike', + type: 'INPUT_ACTION', + }, + agent: { id: ['1-2-3'] }, + meta: { + hostName: 'Crowdstrike-1460', + }, + user: { id: 'foo' }, + }, + index: ENDPOINT_ACTIONS_INDEX, + refresh: 'wait_for', + }); + expect(classConstructorOptions.esClient.index.mock.calls[1][0]).toEqual({ + document: { + '@timestamp': expect.any(String), + agent: { id: ['1-2-3'] }, + EndpointActions: { + action_id: expect.any(String), + completed_at: expect.any(String), + started_at: expect.any(String), + data: { + command: 'isolate', + comment: 'test comment', + hosts: { + '1-2-3': { + name: 'Crowdstrike-1460', + }, + parameters: undefined, + }, }, - user: { id: 'foo' }, + input_type: 'crowdstrike', + error: undefined, + meta: undefined, }, - index: ENDPOINT_ACTIONS_INDEX, - refresh: 'wait_for', }, - { meta: true } - ); + index: ENDPOINT_ACTION_RESPONSES_INDEX, + refresh: 'wait_for', + }); }); it('should return action details', async () => { @@ -174,40 +241,61 @@ describe('CrowdstrikeActionsClient class', () => { it('should write action request to endpoint indexes', async () => { await crowdstrikeActionsClient.release(createCrowdstrikeIsolationOptions()); - // we do not write response to es yet - expect(classConstructorOptions.esClient.index).toHaveBeenCalledTimes(1); - expect(classConstructorOptions.esClient.index).toHaveBeenNthCalledWith( - 1, - { - document: { - '@timestamp': expect.any(String), - EndpointActions: { - action_id: expect.any(String), - data: { - command: 'unisolate', - comment: 'test comment', - parameters: undefined, - hosts: { - '1-2-3': { - name: 'Crowdstrike-1460', - }, + expect(classConstructorOptions.esClient.index).toHaveBeenCalledTimes(2); + expect(classConstructorOptions.esClient.index.mock.calls[0][0]).toEqual({ + document: { + '@timestamp': expect.any(String), + EndpointActions: { + action_id: expect.any(String), + data: { + command: 'unisolate', + comment: 'test comment', + parameters: undefined, + hosts: { + '1-2-3': { + name: 'Crowdstrike-1460', }, }, - expiration: expect.any(String), - input_type: 'crowdstrike', - type: 'INPUT_ACTION', }, - agent: { id: ['1-2-3'] }, - meta: { - hostName: 'Crowdstrike-1460', + expiration: expect.any(String), + input_type: 'crowdstrike', + type: 'INPUT_ACTION', + }, + agent: { id: ['1-2-3'] }, + meta: { + hostName: 'Crowdstrike-1460', + }, + user: { id: 'foo' }, + }, + index: ENDPOINT_ACTIONS_INDEX, + refresh: 'wait_for', + }); + expect(classConstructorOptions.esClient.index.mock.calls[1][0]).toEqual({ + document: { + '@timestamp': expect.any(String), + agent: { id: ['1-2-3'] }, + EndpointActions: { + action_id: expect.any(String), + completed_at: expect.any(String), + started_at: expect.any(String), + data: { + command: 'unisolate', + comment: 'test comment', + hosts: { + '1-2-3': { + name: 'Crowdstrike-1460', + }, + }, + parameters: undefined, }, - user: { id: 'foo' }, + input_type: 'crowdstrike', }, - index: ENDPOINT_ACTIONS_INDEX, - refresh: 'wait_for', + error: undefined, + meta: undefined, }, - { meta: true } - ); + index: ENDPOINT_ACTION_RESPONSES_INDEX, + refresh: 'wait_for', + }); }); it('should return action details', async () => { diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.ts index ac982f43f151f..b4b11610e5c02 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/crowdstrike/crowdstrike_actions_client.ts @@ -11,6 +11,7 @@ import { CROWDSTRIKE_CONNECTOR_ID, } from '@kbn/stack-connectors-plugin/common/crowdstrike/constants'; import type { SearchResponse } from '@elastic/elasticsearch/lib/api/types'; +import type { CrowdstrikeBaseApiResponse } from '@kbn/stack-connectors-plugin/common/crowdstrike/types'; import type { CrowdstrikeActionRequestCommonMeta } from '../../../../../../common/endpoint/types/crowdstrike'; import type { CommonResponseActionMethodOptions, @@ -159,45 +160,6 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl { } } - // TODO TC: uncomment when working on agent status support - // private async getAgentDetails( - // id: string - // ): Promise<CrowdstrikeGetAgentsResponse['resources'][number]> { - // const executeOptions: NormalizedExternalConnectorClientExecuteOptions< - // CrowdstrikeGetAgentsParams, - // SUB_ACTION - // > = { - // params: { - // subAction: SUB_ACTION.GET_AGENT_DETAILS, - // subActionParams: { - // ids: [id], - // }, - // }, - // }; - - // let crowdstrikeApiResponse: CrowdstrikeGetAgentsResponse | undefined; - - // try { - // const response = await this.connectorActionsClient.execute(executeOptions); - - // this.log.debug(`Response for Crowdstrike agent id [${id}] returned:\n${stringify(response)}`); - - // crowdstrikeApiResponse = response.data; - // } catch (err) { - // throw new ResponseActionsClientError( - // `Error while attempting to retrieve Crowdstrike host with agent id [${id}]`, - // 500, - // err - // ); - // } - - // if (!crowdstrikeApiResponse || !crowdstrikeApiResponse.resources[0]) { - // throw new ResponseActionsClientError(`Crowdstrike agent id [${id}] not found`, 404); - // } - - // return crowdstrikeApiResponse.resources[0]; - // } - protected async validateRequest( payload: ResponseActionsClientWriteActionRequestToEndpointIndexOptions ): Promise<ResponseActionsClientValidateRequestResponse> { @@ -224,17 +186,16 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl { ...this.getMethodOptions(options), command: 'isolate', }; - + let actionResponse: ActionTypeExecutorResult<CrowdstrikeBaseApiResponse> | undefined; if (!reqIndexOptions.error) { let error = (await this.validateRequest(reqIndexOptions)).error; const actionCommentMessage = ELASTIC_RESPONSE_ACTION_MESSAGE( this.options.username, reqIndexOptions.actionId ); - if (!error) { try { - await this.sendAction(SUB_ACTION.HOST_ACTIONS, { + actionResponse = (await this.sendAction(SUB_ACTION.HOST_ACTIONS, { ids: actionRequest.endpoint_ids, actionParameters: { comment: reqIndexOptions.comment @@ -242,7 +203,7 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl { : actionCommentMessage, }, command: 'contain', - }); + })) as ActionTypeExecutorResult<CrowdstrikeBaseApiResponse>; } catch (err) { error = err; } @@ -257,6 +218,11 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl { const actionRequestDoc = await this.writeActionRequestToEndpointIndex(reqIndexOptions); + // Ensure actionResponse is assigned before using it + if (actionResponse) { + await this.completeCrowdstrikeAction(actionResponse, actionRequestDoc); + } + await this.updateCases({ command: reqIndexOptions.command, caseIds: reqIndexOptions.case_ids, @@ -284,6 +250,7 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl { command: 'unisolate', }; + let actionResponse: ActionTypeExecutorResult<CrowdstrikeBaseApiResponse> | undefined; if (!reqIndexOptions.error) { let error = (await this.validateRequest(reqIndexOptions)).error; const actionCommentMessage = ELASTIC_RESPONSE_ACTION_MESSAGE( @@ -292,13 +259,13 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl { ); if (!error) { try { - await this.sendAction(SUB_ACTION.HOST_ACTIONS, { + actionResponse = (await this.sendAction(SUB_ACTION.HOST_ACTIONS, { ids: actionRequest.endpoint_ids, command: 'lift_containment', comment: reqIndexOptions.comment ? `${actionCommentMessage}: ${reqIndexOptions.comment}` : actionCommentMessage, - }); + })) as ActionTypeExecutorResult<CrowdstrikeBaseApiResponse>; } catch (err) { error = err; } @@ -313,6 +280,11 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl { const actionRequestDoc = await this.writeActionRequestToEndpointIndex(reqIndexOptions); + // Ensure actionResponse is assigned before using it + if (actionResponse) { + await this.completeCrowdstrikeAction(actionResponse, actionRequestDoc); + } + await this.updateCases({ command: reqIndexOptions.command, caseIds: reqIndexOptions.case_ids, @@ -330,6 +302,27 @@ export class CrowdstrikeActionsClient extends ResponseActionsClientImpl { return this.fetchActionDetails(actionRequestDoc.EndpointActions.action_id); } + private async completeCrowdstrikeAction( + actionResponse: ActionTypeExecutorResult<CrowdstrikeBaseApiResponse> | undefined, + doc: LogsEndpointAction + ): Promise<void> { + const options = { + actionId: doc.EndpointActions.action_id, + agentId: doc.agent.id, + data: doc.EndpointActions.data, + ...(actionResponse?.data?.errors?.length + ? { + error: { + code: '500', + message: `Crowdstrike action failed: ${actionResponse.data.errors[0].message}`, + }, + } + : {}), + }; + + await this.writeActionResponseToEndpointIndex(options); + } + async processPendingActions({ abortSignal, addToQueue, diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts index 690dd6d84730c..eb7921e4ca420 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/endpoint/endpoint_actions_client.ts @@ -43,7 +43,7 @@ import type { LogsEndpointAction, EndpointActionDataParameterTypes, UploadedFileInfo, - ResponseActionsScanParameters, + ResponseActionScanParameters, ResponseActionScanOutputContent, } from '../../../../../../common/endpoint/types'; import type { @@ -292,10 +292,10 @@ export class EndpointActionsClient extends ResponseActionsClientImpl { async scan( actionRequest: ScanActionRequestBody, options: CommonResponseActionMethodOptions = {} - ): Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionsScanParameters>> { + ): Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters>> { return this.handleResponseAction< ScanActionRequestBody, - ActionDetails<ResponseActionScanOutputContent, ResponseActionsScanParameters> + ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters> >('scan', actionRequest, options); } diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts index 09180f97b72d6..163ea887da398 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/base_response_actions_client.ts @@ -59,7 +59,7 @@ import type { ResponseActionParametersWithPidOrEntityId, ResponseActionScanOutputContent, ResponseActionsExecuteParameters, - ResponseActionsScanParameters, + ResponseActionScanParameters, ResponseActionUploadOutputContent, ResponseActionUploadParameters, SuspendProcessActionOutputContent, @@ -698,7 +698,7 @@ export abstract class ResponseActionsClientImpl implements ResponseActionsClient public async scan( actionRequest: ScanActionRequestBody, options?: CommonResponseActionMethodOptions - ): Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionsScanParameters>> { + ): Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters>> { throw new ResponseActionsNotSupportedError('scan'); } diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/types.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/types.ts index fa20bc9ec6895..f95d0b7144a54 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/types.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/lib/types.ts @@ -23,7 +23,7 @@ import type { LogsEndpointActionResponse, UploadedFileInfo, ResponseActionScanOutputContent, - ResponseActionsScanParameters, + ResponseActionScanParameters, } from '../../../../../../common/endpoint/types'; import type { IsolationRouteRequestBody, @@ -152,5 +152,5 @@ export interface ResponseActionsClient { scan: ( actionRequest: OmitUnsupportedAttributes<ScanActionRequestBody>, options?: CommonResponseActionMethodOptions - ) => Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionsScanParameters>>; + ) => Promise<ActionDetails<ResponseActionScanOutputContent, ResponseActionScanParameters>>; } diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/sentinelone/sentinel_one_actions_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/sentinelone/sentinel_one_actions_client.ts index be612c3f2864d..470bb8f4d4914 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/sentinelone/sentinel_one_actions_client.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/clients/sentinelone/sentinel_one_actions_client.ts @@ -792,7 +792,8 @@ export class SentinelOneActionsClient extends ResponseActionsClientImpl { if (isolateActivityResponseDoc && isolateActivityResponseDoc._source) { const s1ActivityData = isolateActivityResponseDoc._source.sentinel_one.activity; - const elasticDocId = isolateActivityResponseDoc._id; + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + const elasticDocId = isolateActivityResponseDoc._id!; const s1AgentId = s1ActivityData.agent.id; const activityLogEntryId = s1ActivityData.id; const activityLogEntryType = s1ActivityData.type; @@ -987,7 +988,8 @@ export class SentinelOneActionsClient extends ResponseActionsClientImpl { error, meta: { activityLogEntryId, - elasticDocId: s1Hit._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + elasticDocId: s1Hit._id!, downloadUrl, createdAt: s1ActivityDoc?.sentinel_one.activity.updated_at ?? '', filename: s1ActivityDoc?.sentinel_one.activity.data.flattened.filename ?? '', diff --git a/x-pack/plugins/security_solution/server/endpoint/services/actions/utils/utils.ts b/x-pack/plugins/security_solution/server/endpoint/services/actions/utils/utils.ts index cd7680d3bd3ac..f5087b18e03d6 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/actions/utils/utils.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/actions/utils/utils.ts @@ -487,11 +487,13 @@ export const categorizeResponseResults = ({ return isResponseDoc ? { type: ActivityLogItemTypes.RESPONSE, - item: { id: e._id, data: e._source as LogsEndpointActionResponse }, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + item: { id: e._id!, data: e._source as LogsEndpointActionResponse }, } : { type: ActivityLogItemTypes.FLEET_RESPONSE, - item: { id: e._id, data: e._source as EndpointActionResponse }, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + item: { id: e._id!, data: e._source as EndpointActionResponse }, }; }) : []; @@ -511,11 +513,13 @@ export const categorizeActionResults = ({ return isActionDoc ? { type: ActivityLogItemTypes.ACTION, - item: { id: e._id, data: e._source as LogsEndpointAction }, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + item: { id: e._id!, data: e._source as LogsEndpointAction }, } : { type: ActivityLogItemTypes.FLEET_ACTION, - item: { id: e._id, data: e._source as EndpointAction }, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + item: { id: e._id!, data: e._source as EndpointAction }, }; }) : []; @@ -530,7 +534,8 @@ export const formatEndpointActionResults = ( ? results?.map((e) => { return { type: ActivityLogItemTypes.ACTION, - item: { id: e._id, data: e._source as LogsEndpointAction }, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + item: { id: e._id!, data: e._source as LogsEndpointAction }, }; }) : []; diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.test.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.test.ts deleted file mode 100644 index d0cbb85001637..0000000000000 --- a/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.test.ts +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { GetAgentStatusOptions } from './agent_status'; -import { getSentinelOneAgentStatus, SENTINEL_ONE_NETWORK_STATUS } from './agent_status'; -import { loggingSystemMock } from '@kbn/core-logging-server-mocks'; -import { sentinelOneMock } from '../actions/clients/sentinelone/mocks'; -import { responseActionsClientMock } from '../actions/clients/mocks'; - -describe('Endpoint Get Agent Status service', () => { - let agentStatusOptions: GetAgentStatusOptions; - - beforeEach(() => { - agentStatusOptions = { - agentType: 'sentinel_one', - agentIds: ['1', '2'], - logger: loggingSystemMock.create().get('getSentinelOneAgentStatus'), - connectorActionsClient: sentinelOneMock.createConnectorActionsClient(), - }; - }); - - it('should throw error if unable to access stack connectors', async () => { - (agentStatusOptions.connectorActionsClient.getAll as jest.Mock).mockImplementation(async () => { - throw new Error('boom'); - }); - const getStatusResponsePromise = getSentinelOneAgentStatus(agentStatusOptions); - - await expect(getStatusResponsePromise).rejects.toHaveProperty( - 'message', - 'Unable to retrieve list of stack connectors: boom' - ); - await expect(getStatusResponsePromise).rejects.toHaveProperty('statusCode', 400); - }); - - it('should throw error if no SentinelOne connector is registered', async () => { - (agentStatusOptions.connectorActionsClient.getAll as jest.Mock).mockResolvedValue([]); - const getStatusResponsePromise = getSentinelOneAgentStatus(agentStatusOptions); - - await expect(getStatusResponsePromise).rejects.toHaveProperty( - 'message', - 'No SentinelOne stack connector found' - ); - await expect(getStatusResponsePromise).rejects.toHaveProperty('statusCode', 400); - }); - - it('should send api request to SentinelOne', async () => { - await getSentinelOneAgentStatus(agentStatusOptions); - - expect(agentStatusOptions.connectorActionsClient.execute).toHaveBeenCalledWith({ - actionId: 's1-connector-instance-id', - params: { - subAction: 'getAgents', - subActionParams: { - uuids: '1,2', - }, - }, - }); - }); - - it('should throw if api call to SentinelOne failed', async () => { - (agentStatusOptions.connectorActionsClient.execute as jest.Mock).mockResolvedValue( - responseActionsClientMock.createConnectorActionExecuteResponse({ - status: 'error', - serviceMessage: 'boom', - }) - ); - const getStatusResponsePromise = getSentinelOneAgentStatus(agentStatusOptions); - - await expect(getStatusResponsePromise).rejects.toHaveProperty( - 'message', - 'Attempt retrieve agent information from to SentinelOne failed: boom' - ); - await expect(getStatusResponsePromise).rejects.toHaveProperty('statusCode', 500); - }); - - it('should return expected output', async () => { - agentStatusOptions.agentIds = ['aaa', 'bbb', 'ccc', 'invalid']; - (agentStatusOptions.connectorActionsClient.execute as jest.Mock).mockResolvedValue( - responseActionsClientMock.createConnectorActionExecuteResponse({ - data: sentinelOneMock.createGetAgentsResponse([ - sentinelOneMock.createSentinelOneAgentDetails({ - networkStatus: SENTINEL_ONE_NETWORK_STATUS.DISCONNECTED, // Isolated - uuid: 'aaa', - }), - sentinelOneMock.createSentinelOneAgentDetails({ - networkStatus: SENTINEL_ONE_NETWORK_STATUS.DISCONNECTING, // Releasing - uuid: 'bbb', - }), - sentinelOneMock.createSentinelOneAgentDetails({ - networkStatus: SENTINEL_ONE_NETWORK_STATUS.CONNECTING, // isolating - uuid: 'ccc', - }), - ]), - }) - ); - - await expect(getSentinelOneAgentStatus(agentStatusOptions)).resolves.toEqual({ - aaa: { - agentType: 'sentinel_one', - found: true, - agentId: 'aaa', - isUninstalled: false, - isPendingUninstall: false, - isolated: true, - lastSeen: '2023-12-26T21:35:35.986596Z', - pendingActions: { - execute: 0, - 'get-file': 0, - isolate: 0, - 'kill-process': 0, - 'running-processes': 0, - 'suspend-process': 0, - unisolate: 0, - upload: 0, - }, - status: 'healthy', - }, - bbb: { - agentType: 'sentinel_one', - found: true, - agentId: 'bbb', - isUninstalled: false, - isPendingUninstall: false, - isolated: false, - lastSeen: '2023-12-26T21:35:35.986596Z', - pendingActions: { - execute: 0, - 'get-file': 0, - isolate: 1, - 'kill-process': 0, - 'running-processes': 0, - 'suspend-process': 0, - unisolate: 0, - upload: 0, - }, - status: 'healthy', - }, - ccc: { - agentType: 'sentinel_one', - found: true, - agentId: 'ccc', - isUninstalled: false, - isPendingUninstall: false, - isolated: false, - lastSeen: '2023-12-26T21:35:35.986596Z', - pendingActions: { - execute: 0, - 'get-file': 0, - isolate: 0, - 'kill-process': 0, - 'running-processes': 0, - 'suspend-process': 0, - unisolate: 1, - upload: 0, - }, - status: 'healthy', - }, - invalid: { - agentType: 'sentinel_one', - found: false, - agentId: 'invalid', - isUninstalled: false, - isPendingUninstall: false, - isolated: false, - lastSeen: '', - pendingActions: { - execute: 0, - 'get-file': 0, - isolate: 0, - 'kill-process': 0, - 'running-processes': 0, - 'suspend-process': 0, - unisolate: 0, - upload: 0, - }, - status: 'unenrolled', - }, - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.ts deleted file mode 100644 index 1f5141b2bb0f7..0000000000000 --- a/x-pack/plugins/security_solution/server/endpoint/services/agent/agent_status.ts +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ActionsClient } from '@kbn/actions-plugin/server'; -import type { ConnectorWithExtraFindData } from '@kbn/actions-plugin/server/application/connector/types'; -import { - SENTINELONE_CONNECTOR_ID, - SUB_ACTION, -} from '@kbn/stack-connectors-plugin/common/sentinelone/constants'; -import type { Logger } from '@kbn/core/server'; -import { keyBy, merge } from 'lodash'; -import type { ActionTypeExecutorResult } from '@kbn/actions-plugin/common'; -import type { SentinelOneGetAgentsResponse } from '@kbn/stack-connectors-plugin/common/sentinelone/types'; -import { stringify } from '../../utils/stringify'; -import type { ResponseActionAgentType } from '../../../../common/endpoint/service/response_actions/constants'; -import type { AgentStatusInfo } from '../../../../common/endpoint/types'; -import { HostStatus } from '../../../../common/endpoint/types'; -import { CustomHttpRequestError } from '../../../utils/custom_http_request_error'; - -export interface GetAgentStatusOptions { - // NOTE: only sentinel_one currently supported - agentType: ResponseActionAgentType; - agentIds: string[]; - connectorActionsClient: ActionsClient; - logger: Logger; -} -export const getSentinelOneAgentStatus = async ({ - agentType, - agentIds, - connectorActionsClient, - logger, -}: GetAgentStatusOptions): Promise<AgentStatusInfo> => { - let connectorList: ConnectorWithExtraFindData[] = []; - - try { - connectorList = await connectorActionsClient.getAll(); - } catch (err) { - throw new CustomHttpRequestError( - `Unable to retrieve list of stack connectors: ${err.message}`, - // failure here is likely due to Authz, but because we don't have a good way to determine that, - // the `statusCode` below is set to `400` instead of `401`. - 400, - err - ); - } - const connector = connectorList.find(({ actionTypeId, isDeprecated, isMissingSecrets }) => { - return actionTypeId === SENTINELONE_CONNECTOR_ID && !isDeprecated && !isMissingSecrets; - }); - - if (!connector) { - throw new CustomHttpRequestError(`No SentinelOne stack connector found`, 400, connectorList); - } - - logger.debug(`Using SentinelOne stack connector: ${connector.name} (${connector.id})`); - - const agentDetailsResponse = (await connectorActionsClient.execute({ - actionId: connector.id, - params: { - subAction: SUB_ACTION.GET_AGENTS, - subActionParams: { - uuids: agentIds.filter((agentId) => agentId.trim().length).join(','), - }, - }, - })) as ActionTypeExecutorResult<SentinelOneGetAgentsResponse>; - - if (agentDetailsResponse.status === 'error') { - logger.error(stringify(agentDetailsResponse)); - - throw new CustomHttpRequestError( - `Attempt retrieve agent information from to SentinelOne failed: ${ - agentDetailsResponse.serviceMessage || agentDetailsResponse.message - }`, - 500, - agentDetailsResponse - ); - } - - const agentDetailsById = keyBy(agentDetailsResponse.data?.data, 'uuid'); - - logger.debug(`Response from SentinelOne API:\n${stringify(agentDetailsById)}`); - - return agentIds.reduce<AgentStatusInfo>((acc, agentId) => { - const thisAgentDetails = agentDetailsById[agentId]; - const thisAgentStatus = { - agentType, - agentId, - found: false, - isolated: false, - isPendingUninstall: false, - isUninstalled: false, - lastSeen: '', - pendingActions: { - execute: 0, - upload: 0, - unisolate: 0, - isolate: 0, - 'get-file': 0, - 'kill-process': 0, - 'suspend-process': 0, - 'running-processes': 0, - }, - status: HostStatus.UNENROLLED, - }; - - if (thisAgentDetails) { - merge(thisAgentStatus, { - found: true, - lastSeen: thisAgentDetails.updatedAt, - isPendingUninstall: thisAgentDetails.isPendingUninstall, - isUninstalled: thisAgentDetails.isUninstalled, - isolated: thisAgentDetails.networkStatus === SENTINEL_ONE_NETWORK_STATUS.DISCONNECTED, - status: !thisAgentDetails.isActive ? HostStatus.OFFLINE : HostStatus.HEALTHY, - pendingActions: { - isolate: - thisAgentDetails.networkStatus === SENTINEL_ONE_NETWORK_STATUS.DISCONNECTING ? 1 : 0, - unisolate: - thisAgentDetails.networkStatus === SENTINEL_ONE_NETWORK_STATUS.CONNECTING ? 1 : 0, - }, - }); - } - - acc[agentId] = thisAgentStatus; - - return acc; - }, {}); -}; - -export enum SENTINEL_ONE_NETWORK_STATUS { - CONNECTING = 'connecting', - CONNECTED = 'connected', - DISCONNECTING = 'disconnecting', - DISCONNECTED = 'disconnected', -} diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/crowdstrike/crowdstrike_agent_status_client.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/crowdstrike/crowdstrike_agent_status_client.ts index 61d0ae9a7ef5e..61f746dbf4e55 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/crowdstrike/crowdstrike_agent_status_client.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/agent/clients/crowdstrike/crowdstrike_agent_status_client.ts @@ -135,7 +135,7 @@ export class CrowdstrikeAgentStatusClient extends AgentStatusClient { const agentStatuses = await this.getAgentStatusFromConnectorAction(agentIds); return agentIds.reduce<AgentStatusRecords>((acc, agentId) => { - const agentInfo = mostRecentAgentInfosByAgentId[agentId].crowdstrike; + const agentInfo = mostRecentAgentInfosByAgentId[agentId]?.crowdstrike; const agentStatus = agentStatuses[agentId]; const pendingActions = allPendingActions.find( diff --git a/x-pack/plugins/security_solution/server/endpoint/services/agent/mocks.ts b/x-pack/plugins/security_solution/server/endpoint/services/agent/mocks.ts new file mode 100644 index 0000000000000..66e6498a47514 --- /dev/null +++ b/x-pack/plugins/security_solution/server/endpoint/services/agent/mocks.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ResponseActionAgentType } from '../../../../common/endpoint/service/response_actions/constants'; +import type { AgentStatusRecords } from '../../../../common/endpoint/types'; +import { agentStatusMocks } from '../../../../common/endpoint/service/response_actions/mocks/agent_status.mocks'; +import type { AgentStatusClientInterface } from '..'; + +const createClientMock = ( + agentType: ResponseActionAgentType = 'endpoint' +): jest.Mocked<AgentStatusClientInterface> => { + return { + getAgentStatuses: jest.fn(async (agentIds) => { + return agentIds.reduce<AgentStatusRecords>((acc, agentId) => { + acc[agentId] = agentStatusMocks.generateAgentStatus({ agentId, agentType }); + return acc; + }, {}); + }), + }; +}; + +export const agentServiceMocks = Object.freeze({ + ...agentStatusMocks, + createClient: createClientMock, +}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/create_migration_index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/create_migration_index.ts index fb27d2dfd71aa..30e4eb0b4e276 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/create_migration_index.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/migrations/create_migration_index.ts @@ -37,7 +37,6 @@ export const createMigrationIndex = async ({ body: { settings: { index: { - // @ts-expect-error `name` is required on IndicesIndexSettingsLifecycle lifecycle: { indexing_complete: true, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/es_results.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/es_results.ts index 8d134ad215396..57892d65da35f 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/es_results.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/__mocks__/es_results.ts @@ -121,7 +121,10 @@ export const sampleDocWithSortId = ( export const sampleDocNoSortId = ( someUuid: string = sampleIdGuid, ip?: string -): SignalSourceHit & { _source: Required<SignalSourceHit>['_source'] } => ({ +): SignalSourceHit & { + _source: Required<SignalSourceHit>['_source']; + _id: Required<SignalSourceHit>['_id']; +} => ({ _index: 'myFakeSignalIndex', _score: 100, _version: 1, @@ -144,7 +147,10 @@ export const sampleDocNoSortId = ( export const sampleAlertDocNoSortId = ( someUuid: string = sampleIdGuid, ip?: string -): SignalSourceHit & { _source: Required<SignalSourceHit>['_source'] } => ({ +): SignalSourceHit & { + _id: Required<SignalSourceHit>['_id']; + _source: Required<SignalSourceHit>['_source']; +} => ({ ...sampleDocNoSortId(someUuid, ip), _source: { event: { @@ -173,7 +179,10 @@ export const sampleAlertDocNoSortId = ( export const sampleAlertDocAADNoSortId = ( someUuid: string = sampleIdGuid, ip?: string -): AlertSourceHit & { _source: Required<AlertSourceHit>['_source'] } => ({ +): AlertSourceHit & { + _id: Required<AlertSourceHit>['_id']; + _source: Required<AlertSourceHit>['_source']; +} => ({ _index: 'myFakeSignalIndex', _score: 100, _version: 1, @@ -337,6 +346,7 @@ export const sampleDocNoSortIdWithTimestamp = ( someUuid: string = sampleIdGuid, ip?: string ): SignalSourceHit & { + _id: Required<SignalSourceHit>['_id']; _source: Required<SignalSourceHit>['_source'] & { '@timestamp': string }; } => { const doc = sampleDocNoSortId(someUuid, ip); @@ -353,6 +363,7 @@ export const sampleAlertDocNoSortIdWithTimestamp = ( someUuid: string = sampleIdGuid, ip?: string ): SignalSourceHit & { + _id: Required<SignalSourceHit>['_id']; _source: Required<SignalSourceHit>['_source'] & { '@timestamp': string }; } => { const doc = sampleAlertDocNoSortId(someUuid, ip); @@ -369,6 +380,7 @@ export const sampleAlertDocAADNoSortIdWithTimestamp = ( someUuid: string = sampleIdGuid, ip?: string ): AlertSourceHit & { + _id: Required<AlertSourceHit>['_id']; _source: Required<AlertSourceHit>['_source'] & { '@timestamp': string }; } => { const doc = sampleAlertDocAADNoSortId(someUuid, ip); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/fetch_source_documents.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/fetch_source_documents.ts index 204953552a329..13828c0ed6770 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/fetch_source_documents.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/esql/fetch_source_documents.ts @@ -59,7 +59,8 @@ export const fetchSourceDocuments = async ({ return response.hits.hits.reduce<Record<string, { fields: estypes.SearchHit['fields'] }>>( (acc, hit) => { - acc[hit._id] = { fields: hit.fields }; + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + acc[hit._id!] = { fields: hit.fields }; return acc; }, {} diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts index 4cf64c60de22e..ffb5f6ee45170 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts @@ -47,6 +47,7 @@ import { import { getCompleteRuleMock, getQueryRuleParams } from '../../../rule_schema/mocks'; type SignalDoc = SignalSourceHit & { + _id: Required<SignalSourceHit>['_id']; _source: Required<SignalSourceHit>['_source'] & { [TIMESTAMP]: string }; }; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts index 4e7c72f7dbf50..6b21ed226c165 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/wrap_hits_factory.ts @@ -45,7 +45,8 @@ export const wrapHitsFactory = const wrappedDocs = events.map((event): WrappedFieldsLatest<BaseFieldsLatest> => { const id = generateId( event._index, - event._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + event._id!, String(event._version), `${spaceId}:${completeRule.alertId}` ); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/enrich_signal_threat_matches.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/enrich_signal_threat_matches.ts index 303b7fa9eebfe..8f98eab1a93e9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/enrich_signal_threat_matches.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/enrich_signal_threat_matches.ts @@ -13,7 +13,8 @@ import type { ThreatEnrichment, ThreatListItem, ThreatMatchNamedQuery } from './ export const MAX_NUMBER_OF_SIGNAL_MATCHES = 200; -const getSignalId = (signal: SignalSourceHit): string => signal._id; +// eslint-disable-next-line @typescript-eslint/no-non-null-assertion +const getSignalId = (signal: SignalSourceHit): string => signal._id!; export const groupAndMergeSignalMatches = (signalHits: SignalSourceHit[]): SignalSourceHit[] => { const dedupedHitsMap = signalHits.reduce<Record<string, SignalSourceHit>>((acc, signalHit) => { @@ -84,7 +85,8 @@ const enrichSignalWithThreatMatches = ( // new issues. const existingEnrichmentValue = get(signalHit._source, 'threat.enrichments') ?? []; const existingEnrichments = [existingEnrichmentValue].flat(); // ensure enrichments is an array - const newEnrichmentsWithoutAtomic = enrichmentsWithoutAtomic[signalHit._id] ?? []; + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + const newEnrichmentsWithoutAtomic = enrichmentsWithoutAtomic[signalHit._id!] ?? []; const newEnrichments = newEnrichmentsWithoutAtomic.map((enrichment) => ({ ...enrichment, matched: { @@ -124,9 +126,11 @@ export const enrichSignalThreatMatchesFromSignalsMap = async ( const enrichmentsWithoutAtomic: Record<string, ThreatEnrichment[]> = {}; uniqueHits.forEach((hit) => { - enrichmentsWithoutAtomic[hit._id] = buildEnrichments({ + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + enrichmentsWithoutAtomic[hit._id!] = buildEnrichments({ indicatorPath, - queries: signalsMap.get(hit._id) ?? [], + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + queries: signalsMap.get(hit._id!) ?? [], threats: matchedThreats, }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/get_signals_map_from_threat_index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/get_signals_map_from_threat_index.ts index 7d0f49b548f37..309516a57335c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/get_signals_map_from_threat_index.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/get_signals_map_from_threat_index.ts @@ -66,7 +66,8 @@ export async function getSignalsQueryMapFromThreatIndex( const signalMatch = signalsQueryMap.get(signalId); const threatQuery = { - id: threatHit._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + id: threatHit._id!, index: threatHit._index, field: decodedQuery.field, value: decodedQuery.value, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/threat_enrichment_factory.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/threat_enrichment_factory.ts index 1bf61512135e0..df1b0080d3bef 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/threat_enrichment_factory.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/threat_enrichment_factory.ts @@ -30,7 +30,8 @@ export const threatEnrichmentFactory = ({ const threatEnrichment = (signals: SignalSourceHit[]): Promise<SignalSourceHit[]> => { const getThreats = async () => { const threatIds = signals - .map((s) => s._id) + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + .map((s) => s._id!) .reduce<string[]>((acc, id) => { return [ ...new Set([ diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/utils.ts index 2c1f74e99e925..da72d121c371c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/indicator_match/threat_mapping/utils.ts @@ -243,7 +243,8 @@ export const getSignalValueMap = ({ if (!acc[field][fieldValue]) { acc[field][fieldValue] = []; } - acc[field][fieldValue].push(event._id); + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + acc[field][fieldValue].push(event._id!); }); return acc; }, {}); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts index 3268c78dd8ab3..89328f176567d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/wrap_suppressed_alerts.ts @@ -62,7 +62,8 @@ export const wrapSuppressedAlerts = ({ const id = generateId( event._index, - event._id, + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + event._id!, String(event._version), `${spaceId}:${completeRule.alertId}` ); diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.test.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.test.ts deleted file mode 100644 index 9ef1cc8bc2106..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.test.ts +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { riskScoreCalculationRoute } from './calculation'; - -import { loggerMock } from '@kbn/logging-mocks'; -import { RISK_SCORE_CALCULATION_URL } from '../../../../../common/constants'; -import { - serverMock, - requestContextMock, - requestMock, -} from '../../../detection_engine/routes/__mocks__'; -import { riskScoreServiceFactory } from '../risk_score_service'; -import { riskScoreServiceMock } from '../risk_score_service.mock'; -import { getRiskInputsIndex } from '../get_risk_inputs_index'; -import { calculateAndPersistRiskScoresMock } from '../calculate_and_persist_risk_scores.mock'; - -jest.mock('../get_risk_inputs_index'); -jest.mock('../risk_score_service'); - -describe('risk score calculation route', () => { - let server: ReturnType<typeof serverMock.create>; - let { clients, context } = requestContextMock.createTools(); - let logger: ReturnType<typeof loggerMock.create>; - let mockRiskScoreService: ReturnType<typeof riskScoreServiceMock.create>; - - beforeEach(() => { - jest.resetAllMocks(); - - server = serverMock.create(); - logger = loggerMock.create(); - ({ clients, context } = requestContextMock.createTools()); - mockRiskScoreService = riskScoreServiceMock.create(); - - (getRiskInputsIndex as jest.Mock).mockResolvedValue({ - index: 'default-dataview-index', - runtimeMappings: {}, - }); - clients.appClient.getAlertsIndex.mockReturnValue('default-alerts-index'); - (riskScoreServiceFactory as jest.Mock).mockReturnValue(mockRiskScoreService); - - riskScoreCalculationRoute(server.router, logger); - }); - - const buildRequest = (overrides: object = {}) => { - const defaults = { - data_view_id: 'default-dataview-id', - range: { start: 'now-30d', end: 'now' }, - identifier_type: 'host', - }; - - return requestMock.create({ - method: 'post', - path: RISK_SCORE_CALCULATION_URL, - body: { ...defaults, ...overrides }, - }); - }; - - it('should return 200 when risk score calculation is successful', async () => { - mockRiskScoreService.calculateAndPersistScores.mockResolvedValue( - calculateAndPersistRiskScoresMock.buildResponse() - ); - const request = buildRequest(); - - const response = await server.inject(request, requestContextMock.convertContext(context)); - - expect(response.status).toEqual(200); - }); - - describe('parameters', () => { - it('accepts a parameter for the dataview', async () => { - const request = buildRequest({ data_view_id: 'custom-dataview-id' }); - - const response = await server.inject(request, requestContextMock.convertContext(context)); - - expect(response.status).toEqual(200); - expect(getRiskInputsIndex).toHaveBeenCalledWith( - expect.objectContaining({ dataViewId: 'custom-dataview-id' }) - ); - }); - - it('accepts a parameter for the range', async () => { - const request = buildRequest({ range: { start: 'now-30d', end: 'now-20d' } }); - const response = await server.inject(request, requestContextMock.convertContext(context)); - - expect(response.status).toEqual(200); - expect(mockRiskScoreService.calculateAndPersistScores).toHaveBeenCalledWith( - expect.objectContaining({ range: { start: 'now-30d', end: 'now-20d' } }) - ); - }); - }); - - describe('validation', () => { - describe('required parameters', () => { - it('requires a parameter for the dataview', async () => { - const request = buildRequest({ data_view_id: undefined }); - const result = await server.validate(request); - - expect(result.badRequest).toHaveBeenCalledWith('data_view_id: Required'); - }); - - it('requires a parameter for the date range', async () => { - const request = buildRequest({ range: undefined }); - const result = await server.validate(request); - - expect(result.badRequest).toHaveBeenCalledWith('range: Required'); - }); - - it('requires a parameter for the identifier type', async () => { - const request = buildRequest({ identifier_type: undefined }); - const result = await server.validate(request); - - expect(result.badRequest).toHaveBeenCalledWith('identifier_type: Required'); - }); - }); - - it('uses an unknown dataview as index pattern', async () => { - const request = buildRequest({ data_view_id: 'unknown-dataview' }); - (getRiskInputsIndex as jest.Mock).mockResolvedValue({ - index: 'unknown-dataview', - runtimeMappings: {}, - }); - - const response = await server.inject(request, requestContextMock.convertContext(context)); - - expect(response.status).toEqual(200); - expect(mockRiskScoreService.calculateAndPersistScores).toHaveBeenCalledWith( - expect.objectContaining({ index: 'unknown-dataview', runtimeMappings: {} }) - ); - }); - - it('rejects an invalid date range', async () => { - const request = buildRequest({ range: 'bad range' }); - const result = await server.validate(request); - - expect(result.badRequest).toHaveBeenCalledWith('range: Expected object, received string'); - }); - }); -}); diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.ts deleted file mode 100644 index 1602e724db227..0000000000000 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/calculation.ts +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { Logger } from '@kbn/core/server'; -import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils'; -import { transformError } from '@kbn/securitysolution-es-utils'; -import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; -import { RiskScoresCalculationRequest } from '../../../../../common/api/entity_analytics/risk_engine/calculation_route.gen'; -import { - APP_ID, - DEFAULT_RISK_SCORE_PAGE_SIZE, - RISK_SCORE_CALCULATION_URL, -} from '../../../../../common/constants'; -import { getRiskInputsIndex } from '../get_risk_inputs_index'; -import type { EntityAnalyticsRoutesDeps } from '../../types'; -import { RiskScoreAuditActions } from '../audit'; -import { AUDIT_CATEGORY, AUDIT_OUTCOME, AUDIT_TYPE } from '../../audit'; -import { buildRiskScoreServiceForRequest } from './helpers'; - -export const riskScoreCalculationRoute = ( - router: EntityAnalyticsRoutesDeps['router'], - logger: Logger -) => { - router.versioned - .post({ - path: RISK_SCORE_CALCULATION_URL, - access: 'internal', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], - }, - }) - .addVersion( - { - version: '1', - validate: { request: { body: buildRouteValidationWithZod(RiskScoresCalculationRequest) } }, - }, - async (context, request, response) => { - const securityContext = await context.securitySolution; - - securityContext.getAuditLogger()?.log({ - message: 'User triggered custom manual scoring', - event: { - action: RiskScoreAuditActions.RISK_ENGINE_MANUAL_SCORING, - category: AUDIT_CATEGORY.DATABASE, - type: AUDIT_TYPE.CHANGE, - outcome: AUDIT_OUTCOME.UNKNOWN, - }, - }); - - const siemResponse = buildSiemResponse(response); - const coreContext = await context.core; - const soClient = coreContext.savedObjects.client; - const securityConfig = await securityContext.getConfig(); - - const riskScoreService = buildRiskScoreServiceForRequest( - securityContext, - coreContext, - logger - ); - - const { - after_keys: userAfterKeys, - data_view_id: dataViewId, - debug, - page_size: userPageSize, - identifier_type: identifierType, - filter, - range, - weights, - } = request.body; - - try { - const { index, runtimeMappings } = await getRiskInputsIndex({ - dataViewId, - logger, - soClient, - }); - - const afterKeys = userAfterKeys ?? {}; - const pageSize = userPageSize ?? DEFAULT_RISK_SCORE_PAGE_SIZE; - const entityAnalyticsConfig = await riskScoreService.getConfigurationWithDefaults( - securityConfig.entityAnalytics - ); - - const alertSampleSizePerShard = entityAnalyticsConfig?.alertSampleSizePerShard; - - const result = await riskScoreService.calculateAndPersistScores({ - afterKeys, - debug, - pageSize, - identifierType, - index, - filter, - range, - runtimeMappings, - weights, - alertSampleSizePerShard, - }); - - return response.ok({ body: result }); - } catch (e) { - const error = transformError(e); - - return siemResponse.error({ - statusCode: error.statusCode, - body: { message: error.message, full_error: JSON.stringify(e) }, - bypassErrorFormat: true, - }); - } - } - ); -}; diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts index eeb773b41a180..c521d11d19704 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts @@ -6,10 +6,16 @@ */ import { isEmpty } from 'lodash/fp'; -import type { Logger } from '@kbn/core/server'; +import type { + IKibanaResponse, + KibanaRequest, + KibanaResponseFactory, + Logger, +} from '@kbn/core/server'; import { buildSiemResponse } from '@kbn/lists-plugin/server/routes/utils'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import type { SecuritySolutionRequestHandlerContext } from '../../../../types'; import type { RiskScoresCalculationResponse } from '../../../../../common/api/entity_analytics/risk_engine/calculation_route.gen'; import type { AfterKeys } from '../../../../../common/api/entity_analytics/common'; import { RiskScoresEntityCalculationRequest } from '../../../../../common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; @@ -23,6 +29,160 @@ import { buildRiskScoreServiceForRequest } from './helpers'; import { getFieldForIdentifier } from '../helpers'; import { withRiskEnginePrivilegeCheck } from '../../risk_engine/risk_engine_privileges'; +type Handler = ( + context: SecuritySolutionRequestHandlerContext, + request: KibanaRequest<unknown, unknown, RiskScoresEntityCalculationRequest>, + response: KibanaResponseFactory +) => Promise<IKibanaResponse>; + +const handler: (logger: Logger) => Handler = (logger) => async (context, request, response) => { + const securityContext = await context.securitySolution; + + securityContext.getAuditLogger()?.log({ + message: 'User triggered custom manual scoring', + event: { + action: RiskScoreAuditActions.RISK_ENGINE_ENTITY_MANUAL_SCORING, + category: AUDIT_CATEGORY.DATABASE, + type: AUDIT_TYPE.CHANGE, + outcome: AUDIT_OUTCOME.UNKNOWN, + }, + }); + + const coreContext = await context.core; + const securityConfig = await securityContext.getConfig(); + const siemResponse = buildSiemResponse(response); + const soClient = coreContext.savedObjects.client; + + const riskScoreService = buildRiskScoreServiceForRequest(securityContext, coreContext, logger); + + const { identifier_type: identifierType, identifier, refresh } = request.body; + + try { + const entityAnalyticsConfig = await riskScoreService.getConfigurationWithDefaults( + securityConfig.entityAnalytics + ); + + if (entityAnalyticsConfig == null) { + return siemResponse.error({ + statusCode: 400, + body: 'No Risk engine configuration found', + }); + } + + const { + dataViewId, + enabled, + range: configuredRange, + pageSize, + alertSampleSizePerShard, + filter: userFilter, + } = entityAnalyticsConfig; + + if (!enabled) { + return siemResponse.error({ + statusCode: 400, + body: 'Risk engine is disabled', + }); + } + + const { index, runtimeMappings } = await getRiskInputsIndex({ + dataViewId, + logger, + soClient, + }); + + const range = convertRangeToISO(configuredRange); + + const afterKeys: AfterKeys = {}; + + const identifierFilter = { + term: { [getFieldForIdentifier(identifierType)]: identifier }, + }; + + const filter = isEmpty(userFilter) ? [identifierFilter] : [userFilter, identifierFilter]; + + const result: RiskScoresCalculationResponse = await riskScoreService.calculateAndPersistScores({ + pageSize, + identifierType, + index, + filter: { + bool: { + filter, + }, + }, + range, + runtimeMappings, + weights: [], + alertSampleSizePerShard, + afterKeys, + returnScores: true, + refresh, + }); + + if (result.errors.length) { + return siemResponse.error({ + statusCode: 500, + body: { + message: 'Error calculating the risk score for an entity.', + full_error: JSON.stringify(result.errors), + }, + bypassErrorFormat: true, + }); + } + + if (result.scores_written > 0) { + await riskScoreService.scheduleLatestTransformNow(); + } + + const score = result.scores_written === 1 ? result.scores?.[identifierType]?.[0] : undefined; + + return response.ok({ + body: { + success: true, + score, + }, + }); + } catch (e) { + const error = transformError(e); + + return siemResponse.error({ + statusCode: error.statusCode, + body: { message: error.message, full_error: JSON.stringify(e) }, + bypassErrorFormat: true, + }); + } +}; + +/** + * @deprecated + * It will be deleted on a future Serverless release. + */ +export const deprecatedRiskScoreEntityCalculationRoute = ( + router: EntityAnalyticsRoutesDeps['router'], + getStartServices: EntityAnalyticsRoutesDeps['getStartServices'], + logger: Logger +) => { + router.versioned + .post({ + path: '/api/risk_scores/calculation/entity', + access: 'internal', + options: { + tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + }, + }) + .addVersion( + { + version: '1', + validate: { + request: { + body: buildRouteValidationWithZod(RiskScoresEntityCalculationRequest), + }, + }, + }, + withRiskEnginePrivilegeCheck(getStartServices, handler(logger)) + ); +}; + export const riskScoreEntityCalculationRoute = ( router: EntityAnalyticsRoutesDeps['router'], getStartServices: EntityAnalyticsRoutesDeps['getStartServices'], @@ -45,128 +205,6 @@ export const riskScoreEntityCalculationRoute = ( }, }, }, - withRiskEnginePrivilegeCheck(getStartServices, async (context, request, response) => { - const securityContext = await context.securitySolution; - - securityContext.getAuditLogger()?.log({ - message: 'User triggered custom manual scoring', - event: { - action: RiskScoreAuditActions.RISK_ENGINE_ENTITY_MANUAL_SCORING, - category: AUDIT_CATEGORY.DATABASE, - type: AUDIT_TYPE.CHANGE, - outcome: AUDIT_OUTCOME.UNKNOWN, - }, - }); - - const coreContext = await context.core; - const securityConfig = await securityContext.getConfig(); - const siemResponse = buildSiemResponse(response); - const soClient = coreContext.savedObjects.client; - - const riskScoreService = buildRiskScoreServiceForRequest( - securityContext, - coreContext, - logger - ); - - const { identifier_type: identifierType, identifier, refresh } = request.body; - - try { - const entityAnalyticsConfig = await riskScoreService.getConfigurationWithDefaults( - securityConfig.entityAnalytics - ); - - if (entityAnalyticsConfig == null) { - return siemResponse.error({ - statusCode: 400, - body: 'No Risk engine configuration found', - }); - } - - const { - dataViewId, - enabled, - range: configuredRange, - pageSize, - alertSampleSizePerShard, - filter: userFilter, - } = entityAnalyticsConfig; - - if (!enabled) { - return siemResponse.error({ - statusCode: 400, - body: 'Risk engine is disabled', - }); - } - - const { index, runtimeMappings } = await getRiskInputsIndex({ - dataViewId, - logger, - soClient, - }); - - const range = convertRangeToISO(configuredRange); - - const afterKeys: AfterKeys = {}; - - const identifierFilter = { - term: { [getFieldForIdentifier(identifierType)]: identifier }, - }; - - const filter = isEmpty(userFilter) ? [identifierFilter] : [userFilter, identifierFilter]; - - const result: RiskScoresCalculationResponse = - await riskScoreService.calculateAndPersistScores({ - pageSize, - identifierType, - index, - filter: { - bool: { - filter, - }, - }, - range, - runtimeMappings, - weights: [], - alertSampleSizePerShard, - afterKeys, - returnScores: true, - refresh, - }); - - if (result.errors.length) { - return siemResponse.error({ - statusCode: 500, - body: { - message: 'Error calculating the risk score for an entity.', - full_error: JSON.stringify(result.errors), - }, - bypassErrorFormat: true, - }); - } - - if (result.scores_written > 0) { - await riskScoreService.scheduleLatestTransformNow(); - } - - const score = - result.scores_written === 1 ? result.scores?.[identifierType]?.[0] : undefined; - - return response.ok({ - body: { - success: true, - score, - }, - }); - } catch (e) { - const error = transformError(e); - - return siemResponse.error({ - statusCode: error.statusCode, - body: { message: error.message, full_error: JSON.stringify(e) }, - bypassErrorFormat: true, - }); - } - }) + withRiskEnginePrivilegeCheck(getStartServices, handler(logger)) ); }; diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/register_risk_score_routes.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/register_risk_score_routes.ts index 015b12c5d8ee1..1b32ce0bf52b0 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/register_risk_score_routes.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/register_risk_score_routes.ts @@ -5,9 +5,11 @@ * 2.0. */ import { riskScorePreviewRoute } from './preview'; -import { riskScoreCalculationRoute } from './calculation'; import type { EntityAnalyticsRoutesDeps } from '../../types'; -import { riskScoreEntityCalculationRoute } from './entity_calculation'; +import { + deprecatedRiskScoreEntityCalculationRoute, + riskScoreEntityCalculationRoute, +} from './entity_calculation'; export const registerRiskScoreRoutes = ({ router, @@ -15,6 +17,6 @@ export const registerRiskScoreRoutes = ({ logger, }: EntityAnalyticsRoutesDeps) => { riskScorePreviewRoute(router, logger); - riskScoreCalculationRoute(router, logger); riskScoreEntityCalculationRoute(router, getStartServices, logger); + deprecatedRiskScoreEntityCalculationRoute(router, getStartServices, logger); }; diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts index c46d3bd027873..ede67662e2398 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/users/managed_details/index.ts @@ -15,6 +15,7 @@ import { buildManagedUserDetailsQuery } from './query.managed_user_details.dsl'; import type { UsersQueries } from '../../../../../../common/search_strategy/security_solution/users'; import type { + ManagedUserHit, ManagedUserHits, ManagedUserDetailsStrategyResponse, ManagedUserFields, @@ -43,7 +44,7 @@ export const managedUserDetails: SecuritySolutionFactory<UsersQueries.managedDet ); const managedUsers = buckets.reduce<ManagedUserHits>((acc, bucket) => { - acc[bucket.key] = bucket.latest_hit.hits.hits[0]; + acc[bucket.key] = bucket.latest_hit.hits.hits[0] as ManagedUserHit; return acc; }, {}); diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts index f3401a25db190..2d253633b7231 100644 --- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts +++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts @@ -87,14 +87,40 @@ export class EndpointMeteringService { sort: 'event.ingested', size: METERING_SERVICE_BATCH_SIZE, query: { - range: { - 'event.ingested': { - gt: since.toISOString(), + bool: { + must: { + range: { + 'event.ingested': { + gt: since.toISOString(), + }, + }, }, + should: [ + { + term: { + billable: true, + }, + }, + { + bool: { + must_not: [ + { + exists: { + field: 'billable', + }, + }, + ], + }, + }, + ], + minimum_should_match: 1, }, }, }, - { signal: abortController.signal, ignore: [404] } + { + signal: abortController.signal, + ignore: [404], + } ); } diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/api_key.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/api_key.tsx index e79926fd4c970..849b54c01de8a 100644 --- a/x-pack/plugins/serverless_search/public/application/components/api_key/api_key.tsx +++ b/x-pack/plugins/serverless_search/public/application/components/api_key/api_key.tsx @@ -8,7 +8,6 @@ import { EuiBadge, EuiButton, - EuiCodeBlock, EuiFlexGroup, EuiFlexItem, EuiIcon, @@ -21,14 +20,27 @@ import { import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { css } from '@emotion/react'; -import { ApiKey } from '@kbn/security-plugin/common'; +import { ApiKey } from '@kbn/security-plugin-types-common'; import { useQuery } from '@tanstack/react-query'; -import React, { useState } from 'react'; +import React, { useEffect, useState } from 'react'; +import { ApiKeySelectableTokenField } from '@kbn/security-api-key-management'; +import { + SecurityCreateApiKeyResponse, + SecurityUpdateApiKeyResponse, +} from '@elastic/elasticsearch/lib/api/types'; import { useKibanaServices } from '../../hooks/use_kibana'; import { MANAGEMENT_API_KEYS } from '../../../../common/routes'; import { CreateApiKeyFlyout } from './create_api_key_flyout'; import './api_key.scss'; -import { CreateApiKeyResponse } from '../../hooks/api/use_create_api_key'; + +function isCreatedResponse( + value: SecurityCreateApiKeyResponse | SecurityUpdateApiKeyResponse +): value is SecurityCreateApiKeyResponse { + if ((value as SecurityCreateApiKeyResponse).id) { + return true; + } + return false; +} export const ApiKeyPanel = ({ setClientApiKey }: { setClientApiKey: (value: string) => void }) => { const { http, user } = useKibanaServices(); @@ -37,19 +49,30 @@ export const ApiKeyPanel = ({ setClientApiKey }: { setClientApiKey: (value: stri queryKey: ['apiKey'], queryFn: () => http.fetch<{ apiKeys: ApiKey[] }>('/internal/serverless_search/api_keys'), }); - const [apiKey, setApiKey] = useState<CreateApiKeyResponse | undefined>(undefined); - const saveApiKey = (value: CreateApiKeyResponse) => { + const [apiKey, setApiKey] = useState<SecurityCreateApiKeyResponse | undefined>(undefined); + const saveApiKey = (value: SecurityCreateApiKeyResponse) => { setApiKey(value); - if (value.encoded) setClientApiKey(value.encoded); }; + useEffect(() => { + if (apiKey) { + setClientApiKey(apiKey.encoded); + setIsFlyoutOpen(false); + } + // eslint-disable-next-line react-hooks/exhaustive-deps + }, [apiKey]); + return ( <> {isFlyoutOpen && ( <CreateApiKeyFlyout onClose={() => setIsFlyoutOpen(false)} - setApiKey={saveApiKey} - username={user?.full_name || user?.username || ''} + setApiKey={(value) => { + if (isCreatedResponse(value)) { + saveApiKey(value); + } + }} + user={user} /> )} {apiKey ? ( @@ -74,9 +97,7 @@ export const ApiKeyPanel = ({ setClientApiKey }: { setClientApiKey: (value: stri })} </EuiText> <EuiSpacer size="s" /> - <EuiCodeBlock isCopyable data-test-subj="api-key-created-key-codeblock"> - {JSON.stringify(apiKey, undefined, 2)} - </EuiCodeBlock> + <ApiKeySelectableTokenField createdApiKey={apiKey} /> </EuiStep> </EuiPanel> ) : ( diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/basic_setup_form.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/basic_setup_form.tsx deleted file mode 100644 index c6ec0469168f3..0000000000000 --- a/x-pack/plugins/serverless_search/public/application/components/api_key/basic_setup_form.tsx +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - EuiIcon, - EuiText, - EuiForm, - EuiFieldText, - EuiFormRow, - EuiFieldNumber, - EuiRadioGroup, - EuiFlexGroup, - EuiFlexItem, -} from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; -import { FormattedDate, FormattedMessage } from '@kbn/i18n-react'; -import React from 'react'; - -interface BasicSetupFormProps { - isLoading: boolean; - name: string; - user: string; - expires: string | null; - onChangeName: (name: string) => void; - onChangeExpires: (expires: string | null) => void; -} -export const DEFAULT_EXPIRES_VALUE = '60'; - -export const BasicSetupForm: React.FC<BasicSetupFormProps> = ({ - isLoading, - name, - user, - expires, - onChangeName, - onChangeExpires, -}) => { - let expirationDate: Date | undefined; - if (expires) { - expirationDate = new Date(); - expirationDate.setDate(expirationDate.getDate() + parseInt(expires, 10)); - } - return ( - <EuiForm> - <EuiFormRow - fullWidth - isInvalid={!name} - helpText={i18n.translate('xpack.serverlessSearch.apiKey.nameFieldHelpText', { - defaultMessage: 'A good name makes it clear what your API key does.', - })} - label={i18n.translate('xpack.serverlessSearch.apiKey.nameFieldLabel', { - defaultMessage: 'Name', - })} - > - <EuiFieldText - fullWidth - isLoading={isLoading} - value={name} - onChange={(e) => onChangeName(e.currentTarget.value)} - data-test-subj="create-api-key-name" - /> - </EuiFormRow> - <EuiFormRow - fullWidth - helpText={i18n.translate('xpack.serverlessSearch.apiKey.userFieldHelpText', { - defaultMessage: 'ID of the user creating the API key.', - })} - label={i18n.translate('xpack.serverlessSearch.apiKey.userFieldLabel', { - defaultMessage: 'User', - })} - > - <EuiFieldText - data-test-subj="serverlessSearchBasicSetupFormFieldText" - fullWidth - disabled={true} - value={user} - onChange={() => {}} - /> - </EuiFormRow> - <EuiFormRow - fullWidth - labelAppend={ - <EuiFlexGroup gutterSize="s" justifyContent="flexEnd" alignItems="center"> - <EuiFlexItem grow={false}> - <EuiIcon type="warning" size="s" color="subdued" /> - </EuiFlexItem> - <EuiFlexItem grow={false}> - <EuiText color="subdued" size="xs"> - {i18n.translate('xpack.serverlessSearch.apiKey.expiresFieldHelpText', { - defaultMessage: 'API keys should be rotated regularly.', - })} - </EuiText> - </EuiFlexItem> - </EuiFlexGroup> - } - label={i18n.translate('xpack.serverlessSearch.apiKey.expiresFieldLabel', { - defaultMessage: 'Expires', - })} - > - <EuiRadioGroup - options={[ - { - id: 'never', - label: i18n.translate('xpack.serverlessSearch.apiKey.expiresField.neverLabel', { - defaultMessage: 'Never', - }), - 'data-test-subj': 'create-api-key-expires-never-radio', - }, - { - id: 'days', - label: i18n.translate('xpack.serverlessSearch.apiKey.expiresField.daysLabel', { - defaultMessage: 'in days', - }), - 'data-test-subj': 'create-api-key-expires-days-radio', - }, - ]} - idSelected={expires === null ? 'never' : 'days'} - onChange={(id) => onChangeExpires(id === 'never' ? null : DEFAULT_EXPIRES_VALUE)} - data-test-subj="create-api-key-expires-radio" - /> - </EuiFormRow> - {expires !== null && ( - <EuiFormRow - fullWidth - helpText={ - <FormattedMessage - id="xpack.serverlessSearch.apiKey.expiresHelpText" - defaultMessage="This API Key will expire on {expirationDate}" - values={{ - expirationDate: ( - <strong> - <FormattedDate - year="numeric" - month="long" - day="numeric" - value={expirationDate!} - /> - </strong> - ), - }} - /> - } - > - <EuiFieldNumber - fullWidth - disabled={isLoading} - append={i18n.translate('xpack.serverlessSearch.apiKey.expiresFieldUnit', { - defaultMessage: 'days', - })} - placeholder="1" - defaultValue={expires} - min={1} - onChange={(e) => onChangeExpires(e.currentTarget.value)} - data-test-subj="create-api-key-expires-days-number-field" - /> - </EuiFormRow> - )} - </EuiForm> - ); -}; diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/create_api_key_flyout.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/create_api_key_flyout.tsx index 04d8e366df858..3af41e709aff9 100644 --- a/x-pack/plugins/serverless_search/public/application/components/api_key/create_api_key_flyout.tsx +++ b/x-pack/plugins/serverless_search/public/application/components/api_key/create_api_key_flyout.tsx @@ -4,44 +4,14 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import React, { useEffect, useState } from 'react'; -import { css } from '@emotion/react'; +import React from 'react'; +import { ApiKeyFlyout } from '@kbn/security-api-key-management'; import { - useEuiTheme, - EuiAccordion, - EuiBadge, - EuiButton, - EuiButtonEmpty, - EuiCallOut, - EuiFlexGroup, - EuiFlexItem, - EuiFlyout, - EuiFlyoutBody, - EuiFlyoutFooter, - EuiFlyoutHeader, - EuiIcon, - EuiPanel, - EuiSpacer, - EuiSwitch, - EuiSwitchEvent, - EuiText, - EuiTitle, -} from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; - -import { - CANCEL_LABEL, - DISABLED_LABEL, - ENABLED_LABEL, - INVALID_JSON_ERROR, - REQUIRED_LABEL, -} from '../../../../common/i18n_string'; -import { isApiError } from '../../../utils/api'; -import { BasicSetupForm, DEFAULT_EXPIRES_VALUE } from './basic_setup_form'; -import { MetadataForm } from './metadata_form'; -import { SecurityPrivilegesForm } from './security_privileges_form'; -import { CreateApiKeyResponse, useCreateApiKey } from '../../hooks/api/use_create_api_key'; + SecurityCreateApiKeyResponse, + SecurityUpdateApiKeyResponse, +} from '@elastic/elasticsearch/lib/api/types'; +import { AuthenticatedUser } from '@kbn/core/public'; const DEFAULT_ROLE_DESCRIPTORS = `{ "serverless_search": { @@ -59,308 +29,24 @@ const DEFAULT_METADATA = `{ interface CreateApiKeyFlyoutProps { onClose: () => void; - setApiKey: (apiKey: CreateApiKeyResponse) => void; - username: string; + setApiKey: (apiKey: SecurityCreateApiKeyResponse | SecurityUpdateApiKeyResponse) => void; + user?: AuthenticatedUser; } -const parseCreateError = (error: unknown): string | undefined => { - if (!error) return undefined; - if (isApiError(error)) { - return error.body.message; - } - if (error instanceof Error) { - return error.message; - } - return JSON.stringify(error); -}; - export const CreateApiKeyFlyout: React.FC<CreateApiKeyFlyoutProps> = ({ onClose, - username, setApiKey, + user, }) => { - const { euiTheme } = useEuiTheme(); - const [name, setName] = useState(''); - const [expires, setExpires] = useState<string | null>(DEFAULT_EXPIRES_VALUE); - const [roleDescriptors, setRoleDescriptors] = useState(DEFAULT_ROLE_DESCRIPTORS); - const [roleDescriptorsError, setRoleDescriptorsError] = useState<string | undefined>(undefined); - const [metadata, setMetadata] = useState(DEFAULT_METADATA); - const [metadataError, setMetadataError] = useState<string | undefined>(undefined); - const [privilegesEnabled, setPrivilegesEnabled] = useState<boolean>(false); - const [privilegesOpen, setPrivilegesOpen] = useState<'open' | 'closed'>('closed'); - const [metadataEnabled, setMetadataEnabled] = useState<boolean>(false); - const [metadataOpen, setMetadataOpen] = useState<'open' | 'closed'>('closed'); - - const togglePrivileges = (e: EuiSwitchEvent) => { - const enabled = e.target.checked; - setPrivilegesEnabled(enabled); - setPrivilegesOpen(enabled ? 'open' : 'closed'); - // Reset role descriptors to default - if (enabled) setRoleDescriptors(DEFAULT_ROLE_DESCRIPTORS); - }; - const toggleMetadata = (e: EuiSwitchEvent) => { - const enabled = e.target.checked; - setMetadataEnabled(enabled); - setMetadataOpen(enabled ? 'open' : 'closed'); - // Reset metadata to default - if (enabled) setMetadata(DEFAULT_METADATA); - }; - const onCreateClick = () => { - let parsedRoleDescriptors: Record<string, any> | undefined; - if (privilegesEnabled) { - try { - parsedRoleDescriptors = - roleDescriptors.length > 0 ? JSON.parse(roleDescriptors) : undefined; - } catch (e) { - setRoleDescriptorsError(INVALID_JSON_ERROR); - return; - } - } - if (roleDescriptorsError) setRoleDescriptorsError(undefined); - let parsedMetadata: Record<string, any> | undefined; - if (metadataEnabled) { - try { - parsedMetadata = metadata.length > 0 ? JSON.parse(metadata) : undefined; - } catch (e) { - setMetadataError(INVALID_JSON_ERROR); - return; - } - } - if (metadataError) setMetadataError(undefined); - const expiration = expires !== null ? `${expires}d` : undefined; - - mutate({ - expiration, - metadata: parsedMetadata, - name, - role_descriptors: parsedRoleDescriptors, - }); - }; - - const { data, isLoading, isError, isSuccess, error, mutate } = useCreateApiKey(); - - useEffect(() => { - if (isSuccess) { - setApiKey(data); - onClose(); - } - }); - - const createError = parseCreateError(error); return ( - <EuiFlyout - onClose={onClose} - css={css` - max-width: calc(${euiTheme.size.xxxxl} * 10); - `} - > - <EuiFlyoutHeader hasBorder={true}> - <EuiTitle size="m"> - <h2> - {i18n.translate('xpack.serverlessSearch.apiKey.flyoutTitle', { - defaultMessage: 'Create an API key', - })} - </h2> - </EuiTitle> - </EuiFlyoutHeader> - <EuiFlyoutBody> - {isError && createError && ( - <EuiCallOut - color="danger" - iconType="warning" - title={i18n.translate('xpack.serverlessSearch.apiKey.flyout.errorTitle', { - defaultMessage: 'Error creating API key', - })} - data-test-subj="create-api-key-error-callout" - > - {createError} - </EuiCallOut> - )} - <EuiPanel hasBorder> - <EuiAccordion - id="apiKey.setup" - paddingSize="l" - initialIsOpen - buttonContent={ - <div> - <EuiFlexGroup justifyContent="flexStart" alignItems="center" gutterSize="s"> - <EuiFlexItem grow={false}> - <EuiIcon type="gear" /> - </EuiFlexItem> - <EuiFlexItem> - <EuiTitle size="xs"> - <h4> - {i18n.translate('xpack.serverlessSearch.apiKey.setup.title', { - defaultMessage: 'Setup', - })} - </h4> - </EuiTitle> - </EuiFlexItem> - </EuiFlexGroup> - <EuiSpacer size="xs" /> - <EuiText color="subdued" size="xs"> - <p> - {i18n.translate('xpack.serverlessSearch.apiKey.setup.description', { - defaultMessage: 'Basic configuration details to create your API key.', - })} - </p> - </EuiText> - </div> - } - extraAction={<EuiBadge color="hollow">{REQUIRED_LABEL}</EuiBadge>} - > - <EuiSpacer size="s" /> - <BasicSetupForm - isLoading={isLoading} - name={name} - user={username} - expires={expires} - onChangeName={(newName: string) => setName(newName)} - onChangeExpires={(newExpires: string | null) => setExpires(newExpires)} - /> - </EuiAccordion> - </EuiPanel> - <EuiSpacer size="l" /> - <EuiPanel hasBorder> - <EuiAccordion - id="apiKey.privileges" - paddingSize="l" - buttonContent={ - <div style={{ paddingRight: euiTheme.size.s }}> - <EuiFlexGroup justifyContent="flexStart" alignItems="center" gutterSize="s"> - <EuiFlexItem grow={false}> - <EuiIcon type="lock" /> - </EuiFlexItem> - <EuiFlexItem> - <EuiTitle size="xs"> - <h4> - {i18n.translate('xpack.serverlessSearch.apiKey.privileges.title', { - defaultMessage: 'Security Privileges', - })} - </h4> - </EuiTitle> - </EuiFlexItem> - </EuiFlexGroup> - <EuiSpacer size="xs" /> - <EuiText color="subdued" size="xs"> - <p> - {i18n.translate('xpack.serverlessSearch.apiKey.privileges.description', { - defaultMessage: - 'Control access to specific Elasticsearch APIs and resources using predefined roles or custom privileges per API key.', - })} - </p> - </EuiText> - </div> - } - extraAction={ - <EuiSwitch - label={privilegesEnabled ? ENABLED_LABEL : DISABLED_LABEL} - checked={privilegesEnabled} - onChange={togglePrivileges} - data-test-subj="create-api-role-descriptors-switch" - /> - } - forceState={privilegesOpen} - onToggle={(isOpen) => { - if (privilegesEnabled) { - setPrivilegesOpen(isOpen ? 'open' : 'closed'); - } - }} - > - <EuiSpacer size="s" /> - <SecurityPrivilegesForm - roleDescriptors={roleDescriptors} - onChangeRoleDescriptors={setRoleDescriptors} - error={roleDescriptorsError} - /> - </EuiAccordion> - </EuiPanel> - <EuiSpacer size="l" /> - <EuiPanel hasBorder> - <EuiAccordion - id="apiKey.metadata" - paddingSize="l" - buttonContent={ - <div style={{ paddingRight: euiTheme.size.s }}> - <EuiFlexGroup justifyContent="flexStart" alignItems="center" gutterSize="s"> - <EuiFlexItem grow={false}> - <EuiIcon type="visVega" /> - </EuiFlexItem> - <EuiFlexItem> - <EuiTitle size="xs"> - <h4> - {i18n.translate('xpack.serverlessSearch.apiKey.metadata.title', { - defaultMessage: 'Metadata', - })} - </h4> - </EuiTitle> - </EuiFlexItem> - </EuiFlexGroup> - <EuiSpacer size="xs" /> - <EuiText color="subdued" size="xs"> - <p> - {i18n.translate('xpack.serverlessSearch.apiKey.metadata.description', { - defaultMessage: - 'Use configurable key-value pairs to add information about the API key or customize Elasticsearch resource access.', - })} - </p> - </EuiText> - </div> - } - extraAction={ - <EuiSwitch - label={metadataEnabled ? ENABLED_LABEL : DISABLED_LABEL} - checked={metadataEnabled} - onChange={toggleMetadata} - data-test-subj="create-api-metadata-switch" - /> - } - forceState={metadataOpen} - onToggle={(isOpen) => { - if (metadataEnabled) { - setMetadataOpen(isOpen ? 'open' : 'closed'); - } - }} - > - <EuiSpacer size="s" /> - <MetadataForm - metadata={metadata} - onChangeMetadata={setMetadata} - error={metadataError} - /> - </EuiAccordion> - </EuiPanel> - </EuiFlyoutBody> - <EuiFlyoutFooter> - <EuiFlexGroup justifyContent="spaceBetween"> - <EuiFlexItem grow={false}> - <EuiButtonEmpty - isDisabled={isLoading} - onClick={onClose} - data-test-subj="create-api-key-cancel" - > - {CANCEL_LABEL} - </EuiButtonEmpty> - </EuiFlexItem> - <EuiFlexItem grow={false}> - <EuiFlexGroup justifyContent="flexEnd"> - <EuiFlexItem> - <EuiButton - fill - disabled={!name} - isLoading={isLoading} - onClick={onCreateClick} - data-test-subj="create-api-key-submit" - > - {i18n.translate('xpack.serverlessSearch.apiKey.flyOutCreateLabel', { - defaultMessage: 'Create API Key', - })} - </EuiButton> - </EuiFlexItem> - </EuiFlexGroup> - </EuiFlexItem> - </EuiFlexGroup> - </EuiFlyoutFooter> - </EuiFlyout> + <ApiKeyFlyout + onCancel={onClose} + onSuccess={setApiKey} + apiKey={undefined} + currentUser={user} + defaultRoleDescriptors={DEFAULT_ROLE_DESCRIPTORS} + defaultMetadata={DEFAULT_METADATA} + defaultExpiration="60" + /> ); }; diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/metadata_form.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/metadata_form.tsx deleted file mode 100644 index ef6705c90b0a0..0000000000000 --- a/x-pack/plugins/serverless_search/public/application/components/api_key/metadata_form.tsx +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { EuiText, EuiLink, EuiSpacer } from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; -import { CodeEditorField } from '@kbn/code-editor'; -import React from 'react'; -import { docLinks } from '../../../../common/doc_links'; - -interface MetadataFormProps { - metadata: string; - onChangeMetadata: (metadata: string) => void; - error?: React.ReactNode | React.ReactNode[]; -} - -export const MetadataForm: React.FC<MetadataFormProps> = ({ - metadata, - onChangeMetadata, - error, -}) => { - return ( - <div data-test-subj="create-api-metadata-code-editor-container"> - <EuiLink - data-test-subj="serverlessSearchMetadataFormLearnHowToStructureRoleMetadataLink" - href={docLinks.metadata} - target="_blank" - > - {i18n.translate('xpack.serverlessSearch.apiKey.metadataLinkLabel', { - defaultMessage: 'Learn how to structure role metadata', - })} - </EuiLink> - <EuiSpacer /> - {error && ( - <EuiText size="s" color="danger"> - <p>{error}</p> - </EuiText> - )} - <CodeEditorField - allowFullScreen - fullWidth - height="600px" - languageId="json" - isCopyable - onChange={(e) => onChangeMetadata(e)} - value={metadata} - /> - </div> - ); -}; diff --git a/x-pack/plugins/serverless_search/public/application/components/api_key/security_privileges_form.tsx b/x-pack/plugins/serverless_search/public/application/components/api_key/security_privileges_form.tsx deleted file mode 100644 index c647471f90e71..0000000000000 --- a/x-pack/plugins/serverless_search/public/application/components/api_key/security_privileges_form.tsx +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - EuiText, - EuiLink, - EuiSpacer, - EuiPanel, - EuiFlexItem, - EuiFlexGroup, - EuiButtonEmpty, -} from '@elastic/eui'; -import { i18n } from '@kbn/i18n'; -import { CodeEditorField } from '@kbn/code-editor'; -import React from 'react'; -import { docLinks } from '../../../../common/doc_links'; -const READ_ONLY_BOILERPLATE = `{ - "read-only-role": { - "cluster": [], - "indices": [ - { - "names": ["*"], - "privileges": ["read"] - } - ] - } -}`; -const WRITE_ONLY_BOILERPLATE = `{ - "write-only-role": { - "cluster": [], - "indices": [ - { - "names": ["*"], - "privileges": ["write"] - } - ] - } -}`; -interface SecurityPrivilegesFormProps { - onChangeRoleDescriptors: (roleDescriptors: string) => void; - error?: React.ReactNode | React.ReactNode[]; - roleDescriptors: string; -} - -export const SecurityPrivilegesForm: React.FC<SecurityPrivilegesFormProps> = ({ - onChangeRoleDescriptors, - error, - roleDescriptors, -}) => { - return ( - <div data-test-subj="create-api-role-descriptors-code-editor-container"> - <EuiLink - data-test-subj="serverlessSearchSecurityPrivilegesFormLearnHowToStructureRoleDescriptorsLink" - href={docLinks.roleDescriptors} - target="_blank" - > - {i18n.translate('xpack.serverlessSearch.apiKey.roleDescriptorsLinkLabel', { - defaultMessage: 'Learn how to structure role descriptors', - })} - </EuiLink> - <EuiSpacer /> - {error && ( - <EuiText size="s" color="danger"> - <p>{error}</p> - </EuiText> - )} - <EuiPanel hasShadow={false} color="subdued"> - <EuiFlexGroup gutterSize="none" justifyContent="flexEnd" alignItems="baseline"> - <EuiFlexItem grow={false}> - <EuiText size="xs"> - <h4> - {i18n.translate('xpack.serverlessSearch.apiKey.privileges.boilerplate.label', { - defaultMessage: 'Replace with boilerplate:', - })} - </h4> - </EuiText> - </EuiFlexItem> - - <EuiFlexItem grow={false}> - <EuiButtonEmpty - data-test-subj="serverlessSearchSecurityPrivilegesFormReadOnlyButton" - onClick={() => onChangeRoleDescriptors(READ_ONLY_BOILERPLATE)} - > - {i18n.translate( - 'xpack.serverlessSearch.apiKey.privileges.boilerplate.readOnlyLabel', - { - defaultMessage: 'Read-only', - } - )} - </EuiButtonEmpty> - </EuiFlexItem> - <EuiFlexItem grow={false}> - <EuiButtonEmpty - data-test-subj="serverlessSearchSecurityPrivilegesFormWriteOnlyButton" - onClick={() => onChangeRoleDescriptors(WRITE_ONLY_BOILERPLATE)} - > - {i18n.translate( - 'xpack.serverlessSearch.apiKey.privileges.boilerplate.writeOnlyLabel', - { - defaultMessage: 'Write-only', - } - )} - </EuiButtonEmpty> - </EuiFlexItem> - </EuiFlexGroup> - </EuiPanel> - <CodeEditorField - allowFullScreen - fullWidth - height="600px" - languageId="json" - isCopyable - onChange={(e) => onChangeRoleDescriptors(e)} - value={roleDescriptors} - /> - </div> - ); -}; diff --git a/x-pack/plugins/serverless_search/tsconfig.json b/x-pack/plugins/serverless_search/tsconfig.json index 418dcb5fc6f5c..c19ec3af2f4fc 100644 --- a/x-pack/plugins/serverless_search/tsconfig.json +++ b/x-pack/plugins/serverless_search/tsconfig.json @@ -40,7 +40,6 @@ "@kbn/index-management-plugin", "@kbn/usage-collection-plugin", "@kbn/es-types", - "@kbn/code-editor", "@kbn/console-plugin", "@kbn/core-chrome-browser", "@kbn/core-logging-server-mocks", @@ -49,7 +48,9 @@ "@kbn/index-management", "@kbn/react-kibana-context-render", "@kbn/search-playground", + "@kbn/security-api-key-management", "@kbn/search-inference-endpoints", "@kbn/search-homepage", + "@kbn/security-plugin-types-common", ] } diff --git a/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts b/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts index d312d02a30981..4167c0d972a48 100644 --- a/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts +++ b/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts @@ -53,8 +53,8 @@ export const snapshotListSchema = schema.object({ }); export const policySchema = schema.object({ - name: schema.string(), - snapshotName: schema.string(), + name: schema.string({ maxLength: 1000 }), + snapshotName: schema.string({ maxLength: 1000 }), schedule: schema.string(), repository: schema.string(), config: schema.maybe(snapshotConfigSchema), @@ -66,7 +66,7 @@ export const policySchema = schema.object({ const fsRepositorySettings = schema.object({ location: schema.string() }, { unknowns: 'allow' }); const fsRepositorySchema = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), type: schema.string(), settings: fsRepositorySettings, }); @@ -76,7 +76,7 @@ const readOnlyRepositorySettings = schema.object({ }); const readOnlyRepository = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), type: schema.string(), settings: readOnlyRepositorySettings, }); @@ -85,7 +85,7 @@ const readOnlyRepository = schema.object({ const s3RepositorySettings = schema.object({ bucket: schema.string() }, { unknowns: 'allow' }); const s3Repository = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), type: schema.string(), settings: s3RepositorySettings, }); @@ -100,7 +100,7 @@ const hdsRepositorySettings = schema.object( ); const hdsfRepository = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), type: schema.string(), settings: hdsRepositorySettings, }); @@ -108,7 +108,7 @@ const hdsfRepository = schema.object({ const azureRepositorySettings = schema.object({}, { unknowns: 'allow' }); const azureRepository = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), type: schema.string(), settings: azureRepositorySettings, }); @@ -117,13 +117,13 @@ const azureRepository = schema.object({ const gcsRepositorySettings = schema.object({ bucket: schema.string() }, { unknowns: 'allow' }); const gcsRepository = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), type: schema.string(), settings: gcsRepositorySettings, }); const sourceRepository = schema.object({ - name: schema.string(), + name: schema.string({ maxLength: 1000 }), type: schema.string(), settings: schema.oneOf([ fsRepositorySettings, diff --git a/x-pack/plugins/spaces/public/constants.ts b/x-pack/plugins/spaces/public/constants.ts index 27c6f04225d4f..64781228d4f43 100644 --- a/x-pack/plugins/spaces/public/constants.ts +++ b/x-pack/plugins/spaces/public/constants.ts @@ -22,5 +22,3 @@ export const getSpacesFeatureDescription = () => { export const DEFAULT_OBJECT_NOUN = i18n.translate('xpack.spaces.shareToSpace.objectNoun', { defaultMessage: 'object', }); - -export const SOLUTION_NAV_FEATURE_FLAG_NAME = 'solutionNavEnabled'; diff --git a/x-pack/plugins/spaces/public/experiments/index.ts b/x-pack/plugins/spaces/public/experiments/index.ts new file mode 100644 index 0000000000000..454fb8980a6d7 --- /dev/null +++ b/x-pack/plugins/spaces/public/experiments/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export { isSolutionNavEnabled } from './is_solution_nav_enabled'; diff --git a/x-pack/plugins/spaces/public/experiments/is_solution_nav_enabled.ts b/x-pack/plugins/spaces/public/experiments/is_solution_nav_enabled.ts new file mode 100644 index 0000000000000..5351c20c99d0f --- /dev/null +++ b/x-pack/plugins/spaces/public/experiments/is_solution_nav_enabled.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { CloudExperimentsPluginStart } from '@kbn/cloud-experiments-plugin/common'; +import type { CloudStart } from '@kbn/cloud-plugin/public'; + +const SOLUTION_NAV_FEATURE_FLAG_NAME = 'solutionNavEnabled'; + +export const isSolutionNavEnabled = ( + cloud?: CloudStart, + cloudExperiments?: CloudExperimentsPluginStart +) => { + return Boolean(cloud?.isCloudEnabled) && cloudExperiments + ? cloudExperiments.getVariation(SOLUTION_NAV_FEATURE_FLAG_NAME, false) + : Promise.resolve(false); +}; diff --git a/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.test.tsx b/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.test.tsx index 68e8421449cf8..2bcf35ccc6cc4 100644 --- a/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.test.tsx +++ b/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.test.tsx @@ -10,7 +10,6 @@ import { EuiButton } from '@elastic/eui'; import { waitFor } from '@testing-library/react'; import type { ReactWrapper } from 'enzyme'; import React from 'react'; -import { of } from 'rxjs'; import { DEFAULT_APP_CATEGORIES } from '@kbn/core/public'; import { notificationServiceMock, scopedHistoryMock } from '@kbn/core/public/mocks'; @@ -124,7 +123,7 @@ describe('ManageSpacePage', () => { spaces: { manage: true }, }} allowFeatureVisibility - isSolutionNavEnabled$={of(true)} + solutionNavExperiment={Promise.resolve(true)} /> ); @@ -180,7 +179,7 @@ describe('ManageSpacePage', () => { spaces: { manage: true }, }} allowFeatureVisibility - isSolutionNavEnabled$={of(false)} + solutionNavExperiment={Promise.resolve(false)} /> ); diff --git a/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.tsx b/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.tsx index 8ea38d4fcc316..86d1c13884321 100644 --- a/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.tsx +++ b/x-pack/plugins/spaces/public/management/edit_space/manage_space_page.tsx @@ -18,7 +18,6 @@ import { } from '@elastic/eui'; import { difference } from 'lodash'; import React, { Component } from 'react'; -import type { Observable, Subscription } from 'rxjs'; import type { Capabilities, NotificationsStart, ScopedHistory } from '@kbn/core/public'; import { SectionLoading } from '@kbn/es-ui-shared-plugin/public'; @@ -56,7 +55,7 @@ interface Props { capabilities: Capabilities; history: ScopedHistory; allowFeatureVisibility: boolean; - isSolutionNavEnabled$?: Observable<boolean>; + solutionNavExperiment?: Promise<boolean>; } interface State { @@ -76,7 +75,6 @@ interface State { export class ManageSpacePage extends Component<Props, State> { private readonly validator: SpaceValidator; private initialSpaceState: State['space'] | null = null; - private subscription: Subscription | null = null; constructor(props: Props) { super(props); @@ -115,11 +113,9 @@ export class ManageSpacePage extends Component<Props, State> { }); } - if (this.props.isSolutionNavEnabled$) { - this.subscription = this.props.isSolutionNavEnabled$.subscribe((isEnabled) => { - this.setState({ isSolutionNavEnabled: isEnabled }); - }); - } + this.props.solutionNavExperiment?.then((isEnabled) => { + this.setState({ isSolutionNavEnabled: isEnabled }); + }); } public async componentDidUpdate(previousProps: Props) { @@ -128,12 +124,6 @@ export class ManageSpacePage extends Component<Props, State> { } } - public componentWillUnmount() { - if (this.subscription) { - this.subscription.unsubscribe(); - } - } - public render() { if (!this.props.capabilities.spaces.manage) { return ( diff --git a/x-pack/plugins/spaces/public/management/management_service.test.ts b/x-pack/plugins/spaces/public/management/management_service.test.ts index 23c669ded0f4b..2eaacfda7c3a9 100644 --- a/x-pack/plugins/spaces/public/management/management_service.test.ts +++ b/x-pack/plugins/spaces/public/management/management_service.test.ts @@ -38,6 +38,7 @@ describe('ManagementService', () => { spacesManager: spacesManagerMock.create(), config, getRolesAPIClient: getRolesAPIClientMock, + solutionNavExperiment: Promise.resolve(false), }); expect(mockKibanaSection.registerApp).toHaveBeenCalledTimes(1); @@ -58,6 +59,7 @@ describe('ManagementService', () => { spacesManager: spacesManagerMock.create(), config, getRolesAPIClient: getRolesAPIClientMock, + solutionNavExperiment: Promise.resolve(false), }); }); }); @@ -79,6 +81,7 @@ describe('ManagementService', () => { spacesManager: spacesManagerMock.create(), config, getRolesAPIClient: jest.fn(), + solutionNavExperiment: Promise.resolve(false), }); service.stop(); diff --git a/x-pack/plugins/spaces/public/management/management_service.tsx b/x-pack/plugins/spaces/public/management/management_service.tsx index e4836da797182..143aebba39d96 100644 --- a/x-pack/plugins/spaces/public/management/management_service.tsx +++ b/x-pack/plugins/spaces/public/management/management_service.tsx @@ -20,6 +20,7 @@ interface SetupDeps { spacesManager: SpacesManager; config: ConfigType; getRolesAPIClient: () => Promise<RolesAPIClient>; + solutionNavExperiment: Promise<boolean>; } export class ManagementService { @@ -31,9 +32,16 @@ export class ManagementService { spacesManager, config, getRolesAPIClient, + solutionNavExperiment, }: SetupDeps) { this.registeredSpacesManagementApp = management.sections.section.kibana.registerApp( - spacesManagementApp.create({ getStartServices, spacesManager, config, getRolesAPIClient }) + spacesManagementApp.create({ + getStartServices, + spacesManager, + config, + getRolesAPIClient, + solutionNavExperiment, + }) ); } diff --git a/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.test.tsx b/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.test.tsx index 59d4f1414e03a..ee0bda60373a7 100644 --- a/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.test.tsx +++ b/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.test.tsx @@ -88,6 +88,72 @@ describe('SpacesGridPage', () => { wrapper.update(); expect(wrapper.find('EuiInMemoryTable').prop('items')).toBe(spaces); + expect(wrapper.find('EuiInMemoryTable').prop('columns')).not.toContainEqual({ + field: 'solution', + name: 'Solution View', + sortable: true, + render: expect.any(Function), + }); + }); + + it('renders the list of spaces with solution column', async () => { + const httpStart = httpServiceMock.createStartContract(); + httpStart.get.mockResolvedValue([]); + const spacesWithSolution = [ + { + id: 'default', + name: 'Default', + disabledFeatures: [], + _reserved: true, + }, + { + id: 'custom-1', + name: 'Custom 1', + disabledFeatures: [], + solution: 'es', + }, + { + id: 'custom-2', + name: 'Custom 2', + initials: 'LG', + color: '#ABCDEF', + description: 'my description here', + disabledFeatures: [], + solution: 'security', + }, + ]; + + spacesManager.getSpaces = jest.fn().mockResolvedValue(spacesWithSolution); + + const wrapper = shallowWithIntl( + <SpacesGridPage + spacesManager={spacesManager as unknown as SpacesManager} + getFeatures={featuresStart.getFeatures} + notifications={notificationServiceMock.createStartContract()} + getUrlForApp={getUrlForApp} + history={history} + capabilities={{ + navLinks: {}, + management: {}, + catalogue: {}, + spaces: { manage: true }, + }} + maxSpaces={1000} + solutionNavExperiment={Promise.resolve(true)} + /> + ); + + // allow spacesManager to load spaces and lazy-load SpaceAvatar + await act(async () => {}); + wrapper.update(); + + expect(wrapper.find('EuiInMemoryTable').prop('items')).toBe(spacesWithSolution); + expect(wrapper.find('EuiInMemoryTable').prop('columns')).toContainEqual({ + field: 'solution', + name: 'Solution View', + sortable: true, + render: expect.any(Function), + }); }); it('renders a create spaces button', async () => { diff --git a/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.tsx b/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.tsx index 6d2cd1a9bd05d..c6a321b3bf484 100644 --- a/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.tsx +++ b/x-pack/plugins/spaces/public/management/spaces_grid/spaces_grid_page.tsx @@ -5,6 +5,7 @@ * 2.0. */ +import type { EuiBasicTableColumn } from '@elastic/eui'; import { EuiButton, EuiButtonIcon, @@ -35,6 +36,7 @@ import { isReservedSpace } from '../../../common'; import { DEFAULT_SPACE_ID } from '../../../common/constants'; import { getSpacesFeatureDescription } from '../../constants'; import { getSpaceAvatarComponent } from '../../space_avatar'; +import { SpaceSolutionBadge } from '../../space_solution_badge'; import type { SpacesManager } from '../../spaces_manager'; import { ConfirmDeleteModal, UnauthorizedPrompt } from '../components'; import { getEnabledFeatures } from '../lib/feature_utils'; @@ -52,6 +54,7 @@ interface Props { history: ScopedHistory; getUrlForApp: ApplicationStart['getUrlForApp']; maxSpaces: number; + solutionNavExperiment?: Promise<boolean>; } interface State { @@ -60,6 +63,7 @@ interface State { loading: boolean; showConfirmDeleteModal: boolean; selectedSpace: Space | null; + isSolutionNavEnabled: boolean; } export class SpacesGridPage extends Component<Props, State> { @@ -71,6 +75,7 @@ export class SpacesGridPage extends Component<Props, State> { loading: true, showConfirmDeleteModal: false, selectedSpace: null, + isSolutionNavEnabled: false, }; } @@ -78,6 +83,10 @@ export class SpacesGridPage extends Component<Props, State> { if (this.props.capabilities.spaces.manage) { this.loadGrid(); } + + this.props.solutionNavExperiment?.then((isEnabled) => { + this.setState({ isSolutionNavEnabled: isEnabled }); + }); } public render() { @@ -233,7 +242,7 @@ export class SpacesGridPage extends Component<Props, State> { }; public getColumnConfig() { - return [ + const config: Array<EuiBasicTableColumn<Space>> = [ { field: 'initials', name: '', @@ -320,49 +329,65 @@ export class SpacesGridPage extends Component<Props, State> { return id; }, }, - { - name: i18n.translate('xpack.spaces.management.spacesGridPage.actionsColumnName', { - defaultMessage: 'Actions', - }), - actions: [ - { - render: (record: Space) => ( - <EuiButtonIcon - data-test-subj={`${record.name}-editSpace`} - aria-label={i18n.translate( - 'xpack.spaces.management.spacesGridPage.editSpaceActionName', - { - defaultMessage: `Edit {spaceName}.`, - values: { spaceName: record.name }, - } - )} - color={'primary'} - iconType={'pencil'} - {...reactRouterNavigate(this.props.history, this.getEditSpacePath(record))} - /> - ), - }, - { - available: (record: Space) => !isReservedSpace(record), - render: (record: Space) => ( - <EuiButtonIcon - data-test-subj={`${record.name}-deleteSpace`} - aria-label={i18n.translate( - 'xpack.spaces.management.spacesGridPage.deleteActionName', - { - defaultMessage: `Delete {spaceName}.`, - values: { spaceName: record.name }, - } - )} - color={'danger'} - iconType={'trash'} - onClick={() => this.onDeleteSpaceClick(record)} - /> - ), - }, - ], - }, ]; + + if (this.state.isSolutionNavEnabled) { + config.push({ + field: 'solution', + name: i18n.translate('xpack.spaces.management.spacesGridPage.solutionColumnName', { + defaultMessage: 'Solution View', + }), + sortable: true, + render: (solution: Space['solution'], record: Space) => ( + <SpaceSolutionBadge solution={solution} data-test-subj={`${record.id}-solution`} /> + ), + }); + } + + config.push({ + name: i18n.translate('xpack.spaces.management.spacesGridPage.actionsColumnName', { + defaultMessage: 'Actions', + }), + actions: [ + { + render: (record: Space) => ( + <EuiButtonIcon + data-test-subj={`${record.name}-editSpace`} + aria-label={i18n.translate( + 'xpack.spaces.management.spacesGridPage.editSpaceActionName', + { + defaultMessage: `Edit {spaceName}.`, + values: { spaceName: record.name }, + } + )} + color={'primary'} + iconType={'pencil'} + {...reactRouterNavigate(this.props.history, this.getEditSpacePath(record))} + /> + ), + }, + { + available: (record: Space) => !isReservedSpace(record), + render: (record: Space) => ( + <EuiButtonIcon + data-test-subj={`${record.name}-deleteSpace`} + aria-label={i18n.translate( + 'xpack.spaces.management.spacesGridPage.deleteActionName', + { + defaultMessage: `Delete {spaceName}.`, + values: { spaceName: record.name }, + } + )} + color={'danger'} + iconType={'trash'} + onClick={() => this.onDeleteSpaceClick(record)} + /> + ), + }, + ], + }); + + return config; } private getEditSpacePath = (space: Space) => `edit/${encodeURIComponent(space.id)}`; diff --git a/x-pack/plugins/spaces/public/management/spaces_management_app.test.tsx b/x-pack/plugins/spaces/public/management/spaces_management_app.test.tsx index b29d13bbd51a2..e953c324be285 100644 --- a/x-pack/plugins/spaces/public/management/spaces_management_app.test.tsx +++ b/x-pack/plugins/spaces/public/management/spaces_management_app.test.tsx @@ -53,6 +53,7 @@ async function mountApp(basePath: string, pathname: string, spaceId?: string) { getStartServices: async () => [coreStart, pluginsStart as PluginsStart, {}], config, getRolesAPIClient: jest.fn(), + solutionNavExperiment: Promise.resolve(false), }) .mount({ basePath, @@ -74,6 +75,7 @@ describe('spacesManagementApp', () => { getStartServices: coreMock.createSetup().getStartServices as any, config, getRolesAPIClient: jest.fn(), + solutionNavExperiment: Promise.resolve(false), }) ).toMatchInlineSnapshot(` Object { @@ -98,7 +100,7 @@ describe('spacesManagementApp', () => { css="You have tried to stringify object returned from \`css\` function. It isn't supposed to be used directly (e.g. as value of the \`className\` prop), but rather handed to emotion so it can handle it (e.g. as value of \`css\` prop)." data-test-subj="kbnRedirectAppLink" > - Spaces Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"history":{"action":"PUSH","length":1,"location":{"pathname":"/","search":"","hash":""}},"maxSpaces":1000} + Spaces Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"history":{"action":"PUSH","length":1,"location":{"pathname":"/","search":"","hash":""}},"maxSpaces":1000,"solutionNavExperiment":{}} </div> </div> `); @@ -125,7 +127,7 @@ describe('spacesManagementApp', () => { css="You have tried to stringify object returned from \`css\` function. It isn't supposed to be used directly (e.g. as value of the \`className\` prop), but rather handed to emotion so it can handle it (e.g. as value of \`css\` prop)." data-test-subj="kbnRedirectAppLink" > - Spaces Edit Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"history":{"action":"PUSH","length":1,"location":{"pathname":"/create","search":"","hash":""}},"allowFeatureVisibility":true,"isSolutionNavEnabled$":{}} + Spaces Edit Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"history":{"action":"PUSH","length":1,"location":{"pathname":"/create","search":"","hash":""}},"allowFeatureVisibility":true,"solutionNavExperiment":{}} </div> </div> `); @@ -158,7 +160,7 @@ describe('spacesManagementApp', () => { css="You have tried to stringify object returned from \`css\` function. It isn't supposed to be used directly (e.g. as value of the \`className\` prop), but rather handed to emotion so it can handle it (e.g. as value of \`css\` prop)." data-test-subj="kbnRedirectAppLink" > - Spaces Edit Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"spaceId":"some-space","history":{"action":"PUSH","length":1,"location":{"pathname":"/edit/some-space","search":"","hash":""}},"allowFeatureVisibility":true,"isSolutionNavEnabled$":{}} + Spaces Edit Page: {"capabilities":{"catalogue":{},"management":{},"navLinks":{}},"notifications":{"toasts":{}},"spacesManager":{"onActiveSpaceChange$":{}},"spaceId":"some-space","history":{"action":"PUSH","length":1,"location":{"pathname":"/edit/some-space","search":"","hash":""}},"allowFeatureVisibility":true,"solutionNavExperiment":{}} </div> </div> `); diff --git a/x-pack/plugins/spaces/public/management/spaces_management_app.tsx b/x-pack/plugins/spaces/public/management/spaces_management_app.tsx index eafefd93f4464..c551b47cde9c6 100644 --- a/x-pack/plugins/spaces/public/management/spaces_management_app.tsx +++ b/x-pack/plugins/spaces/public/management/spaces_management_app.tsx @@ -8,7 +8,6 @@ import React from 'react'; import { render, unmountComponentAtNode } from 'react-dom'; import { useParams } from 'react-router-dom'; -import { from, of, shareReplay } from 'rxjs'; import type { StartServicesAccessor } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; @@ -21,7 +20,6 @@ import { Route, Router, Routes } from '@kbn/shared-ux-router'; import type { Space } from '../../common'; import type { ConfigType } from '../config'; -import { SOLUTION_NAV_FEATURE_FLAG_NAME } from '../constants'; import type { PluginsStart } from '../plugin'; import type { SpacesManager } from '../spaces_manager'; @@ -30,11 +28,12 @@ interface CreateParams { spacesManager: SpacesManager; config: ConfigType; getRolesAPIClient: () => Promise<RolesAPIClient>; + solutionNavExperiment: Promise<boolean>; } export const spacesManagementApp = Object.freeze({ id: 'spaces', - create({ getStartServices, spacesManager, config }: CreateParams) { + create({ getStartServices, spacesManager, config, solutionNavExperiment }: CreateParams) { const title = i18n.translate('xpack.spaces.displayName', { defaultMessage: 'Spaces', }); @@ -45,15 +44,8 @@ export const spacesManagementApp = Object.freeze({ title, async mount({ element, setBreadcrumbs, history }) { - const [ - [coreStart, { features, cloud, cloudExperiments }], - { SpacesGridPage }, - { ManageSpacePage }, - ] = await Promise.all([ - getStartServices(), - import('./spaces_grid'), - import('./edit_space'), - ]); + const [[coreStart, { features }], { SpacesGridPage }, { ManageSpacePage }] = + await Promise.all([getStartServices(), import('./spaces_grid'), import('./edit_space')]); const spacesFirstBreadcrumb = { text: title, @@ -63,17 +55,6 @@ export const spacesManagementApp = Object.freeze({ chrome.docTitle.change(title); - const onCloud = Boolean(cloud?.isCloudEnabled); - const isSolutionNavEnabled$ = - // Only available on Cloud and if the Launch Darkly flag is turned on - onCloud && cloudExperiments - ? from( - cloudExperiments - .getVariation(SOLUTION_NAV_FEATURE_FLAG_NAME, false) - .catch(() => false) - ).pipe(shareReplay(1)) - : of(false); - const SpacesGridPageWithBreadcrumbs = () => { setBreadcrumbs([{ ...spacesFirstBreadcrumb, href: undefined }]); return ( @@ -85,6 +66,7 @@ export const spacesManagementApp = Object.freeze({ history={history} getUrlForApp={application.getUrlForApp} maxSpaces={config.maxSpaces} + solutionNavExperiment={solutionNavExperiment} /> ); }; @@ -107,7 +89,7 @@ export const spacesManagementApp = Object.freeze({ spacesManager={spacesManager} history={history} allowFeatureVisibility={config.allowFeatureVisibility} - isSolutionNavEnabled$={isSolutionNavEnabled$} + solutionNavExperiment={solutionNavExperiment} /> ); }; @@ -134,7 +116,7 @@ export const spacesManagementApp = Object.freeze({ onLoadSpace={onLoadSpace} history={history} allowFeatureVisibility={config.allowFeatureVisibility} - isSolutionNavEnabled$={isSolutionNavEnabled$} + solutionNavExperiment={solutionNavExperiment} /> ); }; diff --git a/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx b/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx index 337e7373618c4..fab2158cb1c7d 100644 --- a/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx +++ b/x-pack/plugins/spaces/public/nav_control/components/spaces_menu.tsx @@ -31,6 +31,7 @@ import { ManageSpacesButton } from './manage_spaces_button'; import type { Space } from '../../../common'; import { addSpaceIdToPath, ENTER_SPACE_PATH, SPACE_SEARCH_COUNT_THRESHOLD } from '../../../common'; import { getSpaceAvatarComponent } from '../../space_avatar'; +import { SpaceSolutionBadge } from '../../space_solution_badge'; const LazySpaceAvatar = lazy(() => getSpaceAvatarComponent().then((component) => ({ default: component })) @@ -46,6 +47,7 @@ interface Props { navigateToApp: ApplicationStart['navigateToApp']; navigateToUrl: ApplicationStart['navigateToUrl']; readonly activeSpace: Space | null; + isSolutionNavEnabled: boolean; } class SpacesMenuUI extends Component<Props> { public render() { @@ -99,7 +101,7 @@ class SpacesMenuUI extends Component<Props> { noMatchesMessage={noSpacesMessage} options={spaceOptions} singleSelection={'always'} - style={{ width: 300 }} + style={{ minWidth: 300, maxWidth: 320 }} onChange={this.spaceSelectionChange} listProps={{ rowHeight: 40, @@ -136,6 +138,9 @@ class SpacesMenuUI extends Component<Props> { <LazySpaceAvatar space={space} size={'s'} announceSpaceName={false} /> </Suspense> ), + ...(this.props.isSolutionNavEnabled && { + append: <SpaceSolutionBadge solution={space.solution} />, + }), checked: this.props.activeSpace?.id === space.id ? 'on' : undefined, 'data-test-subj': `${space.id}-selectableSpaceItem`, className: 'selectableSpaceItem', diff --git a/x-pack/plugins/spaces/public/nav_control/nav_control.tsx b/x-pack/plugins/spaces/public/nav_control/nav_control.tsx index 732be89eacd7b..7e104e56c6548 100644 --- a/x-pack/plugins/spaces/public/nav_control/nav_control.tsx +++ b/x-pack/plugins/spaces/public/nav_control/nav_control.tsx @@ -14,7 +14,11 @@ import { KibanaRenderContextProvider } from '@kbn/react-kibana-context-render'; import type { SpacesManager } from '../spaces_manager'; -export function initSpacesNavControl(spacesManager: SpacesManager, core: CoreStart) { +export function initSpacesNavControl( + spacesManager: SpacesManager, + core: CoreStart, + solutionNavExperiment: Promise<boolean> +) { core.chrome.navControls.registerLeft({ order: 1000, mount(targetDomElement: HTMLElement) { @@ -38,6 +42,7 @@ export function initSpacesNavControl(spacesManager: SpacesManager, core: CoreSta capabilities={core.application.capabilities} navigateToApp={core.application.navigateToApp} navigateToUrl={core.application.navigateToUrl} + solutionNavExperiment={solutionNavExperiment} /> </Suspense> </KibanaRenderContextProvider>, diff --git a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.test.tsx b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.test.tsx index 420730ea696ac..528103c5ccbc2 100644 --- a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.test.tsx +++ b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.test.tsx @@ -21,6 +21,7 @@ import { mountWithIntl } from '@kbn/test-jest-helpers'; import { NavControlPopover } from './nav_control_popover'; import type { Space } from '../../common'; import { SpaceAvatarInternal } from '../space_avatar/space_avatar_internal'; +import { SpaceSolutionBadge } from '../space_solution_badge'; import type { SpacesManager } from '../spaces_manager'; import { spacesManagerMock } from '../spaces_manager/mocks'; @@ -44,7 +45,7 @@ const mockSpaces = [ ]; describe('NavControlPopover', () => { - async function setup(spaces: Space[]) { + async function setup(spaces: Space[], isSolutionNavEnabled = false) { const spacesManager = spacesManagerMock.create(); spacesManager.getSpaces = jest.fn().mockResolvedValue(spaces); @@ -56,6 +57,7 @@ describe('NavControlPopover', () => { capabilities={{ navLinks: {}, management: {}, catalogue: {}, spaces: { manage: true } }} navigateToApp={jest.fn()} navigateToUrl={jest.fn()} + solutionNavExperiment={Promise.resolve(isSolutionNavEnabled)} /> ); @@ -77,6 +79,7 @@ describe('NavControlPopover', () => { capabilities={{ navLinks: {}, management: {}, catalogue: {}, spaces: { manage: true } }} navigateToApp={jest.fn()} navigateToUrl={jest.fn()} + solutionNavExperiment={Promise.resolve(false)} /> ); expect(baseElement).toMatchSnapshot(); @@ -101,6 +104,7 @@ describe('NavControlPopover', () => { capabilities={{ navLinks: {}, management: {}, catalogue: {}, spaces: { manage: true } }} navigateToApp={jest.fn()} navigateToUrl={jest.fn()} + solutionNavExperiment={Promise.resolve(false)} /> ); @@ -222,4 +226,31 @@ describe('NavControlPopover', () => { expect(wrapper.find(EuiPopover).props().isOpen).toEqual(false); }); + + it('should render solution for spaces', async () => { + const spaces: Space[] = [ + { + id: 'space-1', + name: 'Space-1', + disabledFeatures: [], + solution: 'classic', + }, + { + id: 'space-2', + name: 'Space 2', + disabledFeatures: [], + solution: 'security', + }, + ]; + + const wrapper = await setup(spaces, true /** isSolutionEnabled **/); + + await act(async () => { + wrapper.find(EuiHeaderSectionItemButton).find('button').simulate('click'); + }); + + wrapper.update(); + + expect(wrapper.find(SpaceSolutionBadge)).toHaveLength(2); + }); }); diff --git a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx index ceedb99c60d18..6f40db60bfd4f 100644 --- a/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx +++ b/x-pack/plugins/spaces/public/nav_control/nav_control_popover.tsx @@ -37,6 +37,7 @@ interface Props { navigateToUrl: ApplicationStart['navigateToUrl']; serverBasePath: string; theme: WithEuiThemeProps['theme']; + solutionNavExperiment: Promise<boolean>; } interface State { @@ -44,6 +45,7 @@ interface State { loading: boolean; activeSpace: Space | null; spaces: Space[]; + isSolutionNavEnabled: boolean; } const popoutContentId = 'headerSpacesMenuContent'; @@ -58,6 +60,7 @@ class NavControlPopoverUI extends Component<Props, State> { loading: false, activeSpace: null, spaces: [], + isSolutionNavEnabled: false, }; } @@ -69,12 +72,14 @@ class NavControlPopoverUI extends Component<Props, State> { }); }, }); + + this.props.solutionNavExperiment.then((isEnabled) => { + this.setState({ isSolutionNavEnabled: isEnabled }); + }); } public componentWillUnmount() { - if (this.activeSpace$) { - this.activeSpace$.unsubscribe(); - } + this.activeSpace$?.unsubscribe(); } public render() { @@ -103,6 +108,7 @@ class NavControlPopoverUI extends Component<Props, State> { navigateToApp={this.props.navigateToApp} navigateToUrl={this.props.navigateToUrl} activeSpace={this.state.activeSpace} + isSolutionNavEnabled={this.state.isSolutionNavEnabled} /> ); } diff --git a/x-pack/plugins/spaces/public/plugin.tsx b/x-pack/plugins/spaces/public/plugin.tsx index 01e9eacaddaea..268daa47c6678 100644 --- a/x-pack/plugins/spaces/public/plugin.tsx +++ b/x-pack/plugins/spaces/public/plugin.tsx @@ -15,6 +15,7 @@ import type { SecurityPluginStart } from '@kbn/security-plugin-types-public'; import type { ConfigType } from './config'; import { createSpacesFeatureCatalogueEntry } from './create_feature_catalogue_entry'; +import { isSolutionNavEnabled } from './experiments'; import { ManagementService } from './management'; import { initSpacesNavControl } from './nav_control'; import { spaceSelectorApp } from './space_selector'; @@ -52,6 +53,7 @@ export class SpacesPlugin implements Plugin<SpacesPluginSetup, SpacesPluginStart private managementService?: ManagementService; private readonly config: ConfigType; private readonly isServerless: boolean; + private solutionNavExperiment = Promise.resolve(false); constructor(private readonly initializerContext: PluginInitializerContext) { this.config = this.initializerContext.config.get<ConfigType>(); @@ -71,6 +73,15 @@ export class SpacesPlugin implements Plugin<SpacesPluginSetup, SpacesPluginStart hasOnlyDefaultSpace, }; + this.solutionNavExperiment = core + .getStartServices() + .then(([, { cloud, cloudExperiments }]) => isSolutionNavEnabled(cloud, cloudExperiments)) + .catch((err) => { + this.initializerContext.logger.get().error(`Failed to retrieve cloud experiment: ${err}`); + + return false; + }); + if (!this.isServerless) { const getRolesAPIClient = async () => { const { security } = await core.plugins.onSetup<{ security: SecurityPluginStart }>( @@ -96,6 +107,7 @@ export class SpacesPlugin implements Plugin<SpacesPluginSetup, SpacesPluginStart spacesManager: this.spacesManager, config: this.config, getRolesAPIClient, + solutionNavExperiment: this.solutionNavExperiment, }); } @@ -111,7 +123,7 @@ export class SpacesPlugin implements Plugin<SpacesPluginSetup, SpacesPluginStart public start(core: CoreStart) { if (!this.isServerless) { - initSpacesNavControl(this.spacesManager, core); + initSpacesNavControl(this.spacesManager, core, this.solutionNavExperiment); } return this.spacesApi; diff --git a/x-pack/plugins/spaces/public/space_solution_badge/__snapshots__/badge.test.tsx.snap b/x-pack/plugins/spaces/public/space_solution_badge/__snapshots__/badge.test.tsx.snap new file mode 100644 index 0000000000000..f12741ed8700b --- /dev/null +++ b/x-pack/plugins/spaces/public/space_solution_badge/__snapshots__/badge.test.tsx.snap @@ -0,0 +1,247 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`it renders without crashing with solution provided 1`] = ` +<EuiBadge + color="hollow" + iconType="logoSecurity" + intl={ + Object { + "$t": [Function], + "defaultFormats": Object { + "date": Object { + "full": Object { + "day": "numeric", + "month": "long", + "weekday": "long", + "year": "numeric", + }, + "long": Object { + "day": "numeric", + "month": "long", + "year": "numeric", + }, + "medium": Object { + "day": "numeric", + "month": "short", + "year": "numeric", + }, + "short": Object { + "day": "numeric", + "month": "numeric", + "year": "2-digit", + }, + }, + "number": Object { + "currency": Object { + "style": "currency", + }, + "percent": Object { + "style": "percent", + }, + }, + "relative": Object { + "days": Object { + "style": "long", + }, + "hours": Object { + "style": "long", + }, + "minutes": Object { + "style": "long", + }, + "months": Object { + "style": "long", + }, + "seconds": Object { + "style": "long", + }, + "years": Object { + "style": "long", + }, + }, + "time": Object { + "full": Object { + "hour": "numeric", + "minute": "numeric", + "second": "numeric", + "timeZoneName": "short", + }, + "long": Object { + "hour": "numeric", + "minute": "numeric", + "second": "numeric", + "timeZoneName": "short", + }, + "medium": Object { + "hour": "numeric", + "minute": "numeric", + "second": "numeric", + }, + "short": Object { + "hour": "numeric", + "minute": "numeric", + }, + }, + }, + "defaultLocale": "en", + "fallbackOnEmptyString": true, + "formatDate": [Function], + "formatDateTimeRange": [Function], + "formatDateToParts": [Function], + "formatDisplayName": [Function], + "formatList": [Function], + "formatListToParts": [Function], + "formatMessage": [Function], + "formatNumber": [Function], + "formatNumberToParts": [Function], + "formatPlural": [Function], + "formatRelativeTime": [Function], + "formatTime": [Function], + "formatTimeToParts": [Function], + "formats": Object {}, + "formatters": Object { + "getDateTimeFormat": [Function], + "getDisplayNames": [Function], + "getListFormat": [Function], + "getMessageFormat": [Function], + "getNumberFormat": [Function], + "getPluralRules": [Function], + "getRelativeTimeFormat": [Function], + }, + "locale": "en", + "messages": Object {}, + "onError": [Function], + "onWarn": [Function], + "timeZone": undefined, + } + } +> + <MemoizedFormattedMessage + defaultMessage="Security" + id="xpack.spaces.spaceSolutionBadge.security" + /> +</EuiBadge> +`; + +exports[`it renders without crashing without solution 1`] = ` +<EuiBadge + color="hollow" + iconType="logoElasticStack" + intl={ + Object { + "$t": [Function], + "defaultFormats": Object { + "date": Object { + "full": Object { + "day": "numeric", + "month": "long", + "weekday": "long", + "year": "numeric", + }, + "long": Object { + "day": "numeric", + "month": "long", + "year": "numeric", + }, + "medium": Object { + "day": "numeric", + "month": "short", + "year": "numeric", + }, + "short": Object { + "day": "numeric", + "month": "numeric", + "year": "2-digit", + }, + }, + "number": Object { + "currency": Object { + "style": "currency", + }, + "percent": Object { + "style": "percent", + }, + }, + "relative": Object { + "days": Object { + "style": "long", + }, + "hours": Object { + "style": "long", + }, + "minutes": Object { + "style": "long", + }, + "months": Object { + "style": "long", + }, + "seconds": Object { + "style": "long", + }, + "years": Object { + "style": "long", + }, + }, + "time": Object { + "full": Object { + "hour": "numeric", + "minute": "numeric", + "second": "numeric", + "timeZoneName": "short", + }, + "long": Object { + "hour": "numeric", + "minute": "numeric", + "second": "numeric", + "timeZoneName": "short", + }, + "medium": Object { + "hour": "numeric", + "minute": "numeric", + "second": "numeric", + }, + "short": Object { + "hour": "numeric", + "minute": "numeric", + }, + }, + }, + "defaultLocale": "en", + "fallbackOnEmptyString": true, + "formatDate": [Function], + "formatDateTimeRange": [Function], + "formatDateToParts": [Function], + "formatDisplayName": [Function], + "formatList": [Function], + "formatListToParts": [Function], + "formatMessage": [Function], + "formatNumber": [Function], + "formatNumberToParts": [Function], + "formatPlural": [Function], + "formatRelativeTime": [Function], + "formatTime": [Function], + "formatTimeToParts": [Function], + "formats": Object {}, + "formatters": Object { + "getDateTimeFormat": [Function], + "getDisplayNames": [Function], + "getListFormat": [Function], + "getMessageFormat": [Function], + "getNumberFormat": [Function], + "getPluralRules": [Function], + "getRelativeTimeFormat": [Function], + }, + "locale": "en", + "messages": Object {}, + "onError": [Function], + "onWarn": [Function], + "timeZone": undefined, + } + } +> + <MemoizedFormattedMessage + defaultMessage="Classic" + id="xpack.spaces.spaceSolutionBadge.classic" + /> +</EuiBadge> +`; diff --git a/x-pack/plugins/spaces/public/space_solution_badge/badge.test.tsx b/x-pack/plugins/spaces/public/space_solution_badge/badge.test.tsx new file mode 100644 index 0000000000000..21d57ebf2e219 --- /dev/null +++ b/x-pack/plugins/spaces/public/space_solution_badge/badge.test.tsx @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; + +import { shallowWithIntl } from '@kbn/test-jest-helpers'; + +import { SpaceSolutionBadge } from './badge'; + +test('it renders without crashing with solution provided', () => { + const component = shallowWithIntl(<SpaceSolutionBadge solution="security" />); + expect(component).toMatchSnapshot(); +}); + +test('it renders without crashing without solution', () => { + const component = shallowWithIntl(<SpaceSolutionBadge />); + expect(component).toMatchSnapshot(); +}); diff --git a/x-pack/plugins/spaces/public/space_solution_badge/badge.tsx b/x-pack/plugins/spaces/public/space_solution_badge/badge.tsx new file mode 100644 index 0000000000000..e9c6a15d3bd90 --- /dev/null +++ b/x-pack/plugins/spaces/public/space_solution_badge/badge.tsx @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import type { EuiBadgeProps } from '@elastic/eui'; +import { EuiBadge } from '@elastic/eui'; +import React, { useMemo } from 'react'; + +import { FormattedMessage } from '@kbn/i18n-react'; + +import type { Space } from '../../common'; + +const SolutionOptions: Record< + NonNullable<Space['solution']>, + { iconType: string; label: JSX.Element } +> = { + es: { + iconType: 'logoElasticsearch', + label: ( + <FormattedMessage + id="xpack.spaces.spaceSolutionBadge.elasticsearch" + defaultMessage="Search" + /> + ), + }, + security: { + iconType: 'logoSecurity', + label: ( + <FormattedMessage id="xpack.spaces.spaceSolutionBadge.security" defaultMessage="Security" /> + ), + }, + oblt: { + iconType: 'logoObservability', + label: ( + <FormattedMessage + id="xpack.spaces.spaceSolutionBadge.observability" + defaultMessage="Observability" + /> + ), + }, + classic: { + iconType: 'logoElasticStack', + label: ( + <FormattedMessage id="xpack.spaces.spaceSolutionBadge.classic" defaultMessage="Classic" /> + ), + }, +}; + +export type SpaceSolutionBadgeProps = Omit<EuiBadgeProps, 'iconType'> & { + solution?: Space['solution']; +}; + +export const SpaceSolutionBadge = ({ solution, ...badgeProps }: SpaceSolutionBadgeProps) => { + const { iconType, label } = useMemo(() => { + if (!solution || !SolutionOptions[solution]) { + return SolutionOptions.classic; + } + + return SolutionOptions[solution]; + }, [solution]); + + return ( + <EuiBadge {...(badgeProps as EuiBadgeProps)} iconType={iconType} color="hollow"> + {label} + </EuiBadge> + ); +}; diff --git a/x-pack/plugins/spaces/public/space_solution_badge/index.ts b/x-pack/plugins/spaces/public/space_solution_badge/index.ts new file mode 100644 index 0000000000000..50f037f508f66 --- /dev/null +++ b/x-pack/plugins/spaces/public/space_solution_badge/index.ts @@ -0,0 +1,7 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +export { SpaceSolutionBadge } from './badge'; diff --git a/x-pack/plugins/stack_alerts/server/rule_types/geo_containment/lib/get_shape_filters.ts b/x-pack/plugins/stack_alerts/server/rule_types/geo_containment/lib/get_shape_filters.ts index 54931a524d4e6..e2626b565dcda 100644 --- a/x-pack/plugins/stack_alerts/server/rule_types/geo_containment/lib/get_shape_filters.ts +++ b/x-pack/plugins/stack_alerts/server/rule_types/geo_containment/lib/get_shape_filters.ts @@ -92,7 +92,7 @@ export async function getShapeFilters( const filters: Record<string, unknown> = {}; const shapesIdsNamesMap: Record<string, unknown> = {}; for (let i = 0; i < hits.length; i++) { - const boundaryHit: BoundaryHit = hits[i]; + const boundaryHit = hits[i] as BoundaryHit; filters[boundaryHit._id] = { geo_shape: { [geoField]: { diff --git a/x-pack/plugins/stack_connectors/common/bedrock/constants.ts b/x-pack/plugins/stack_connectors/common/bedrock/constants.ts index 053ca82e0e274..e2414f46dd985 100644 --- a/x-pack/plugins/stack_connectors/common/bedrock/constants.ts +++ b/x-pack/plugins/stack_connectors/common/bedrock/constants.ts @@ -24,6 +24,6 @@ export enum SUB_ACTION { export const DEFAULT_TIMEOUT_MS = 120000; export const DEFAULT_TOKEN_LIMIT = 8191; -export const DEFAULT_BEDROCK_MODEL = 'anthropic.claude-3-sonnet-20240229-v1:0'; +export const DEFAULT_BEDROCK_MODEL = 'anthropic.claude-3-5-sonnet-20240620-v1:0'; export const DEFAULT_BEDROCK_URL = `https://bedrock-runtime.us-east-1.amazonaws.com` as const; diff --git a/x-pack/plugins/stack_connectors/common/gemini/constants.ts b/x-pack/plugins/stack_connectors/common/gemini/constants.ts index e0c1c6f56c65a..bbad177547033 100644 --- a/x-pack/plugins/stack_connectors/common/gemini/constants.ts +++ b/x-pack/plugins/stack_connectors/common/gemini/constants.ts @@ -25,5 +25,5 @@ export enum SUB_ACTION { export const DEFAULT_TOKEN_LIMIT = 8192; export const DEFAULT_TIMEOUT_MS = 60000; export const DEFAULT_GCP_REGION = 'us-central1'; -export const DEFAULT_GEMINI_MODEL = 'gemini-1.5-pro-preview-0409'; +export const DEFAULT_GEMINI_MODEL = 'gemini-1.5-pro-001'; export const DEFAULT_GEMINI_URL = `https://us-central1-aiplatform.googleapis.com` as const; diff --git a/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.test.tsx b/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.test.tsx index 33f4fe3923b88..b7a6d4e914168 100644 --- a/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.test.tsx +++ b/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.test.tsx @@ -36,32 +36,16 @@ describe('Credentials', () => { expect(await screen.findByText(value)).toBeInTheDocument(); }); - /** - * Test for the intermediate release process - */ - it('does not show the component if the value is undefined', async () => { - render( - <IntlProvider locale="en"> - <AdditionalFields {...props} value={undefined} /> - </IntlProvider> - ); - - expect(screen.queryByTestId('additional_fieldsJsonEditor')).not.toBeInTheDocument(); - }); - it('changes the value correctly', async () => { const newValue = JSON.stringify({ bar: 'test' }); render( <IntlProvider locale="en"> - <AdditionalFields {...props} /> + <AdditionalFields {...props} value={undefined} /> </IntlProvider> ); - const editor = await screen.findByTestId('additional_fieldsJsonEditor'); - - userEvent.clear(editor); - userEvent.paste(editor, newValue); + userEvent.paste(await screen.findByTestId('additional_fieldsJsonEditor'), newValue); await waitFor(() => { expect(onChange).toHaveBeenCalledWith(newValue); @@ -75,7 +59,7 @@ describe('Credentials', () => { render( <IntlProvider locale="en"> - <AdditionalFields {...props} /> + <AdditionalFields {...props} value={undefined} /> </IntlProvider> ); diff --git a/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.tsx b/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.tsx index b9d3602112c53..7b14dbca7462e 100644 --- a/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.tsx +++ b/x-pack/plugins/stack_connectors/public/connector_types/lib/servicenow/additional_fields.tsx @@ -25,16 +25,6 @@ export const AdditionalFieldsComponent: React.FC<AdditionalFieldsProps> = ({ messageVariables, onChange, }) => { - /** - * Hide the component if the value is not defined. - * This is needed for the intermediate release process. - * Users will not be able to use the field if they have never set it. - * On the next Serverless release the check will be removed. - */ - if (value === undefined) { - return null; - } - return ( <JsonEditorWithMessageVariables messageVariables={messageVariables} diff --git a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts index 24564488ddf57..ce85e27a8eb43 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/bedrock/bedrock.test.ts @@ -94,7 +94,7 @@ describe('BedrockConnector', () => { 'Content-Type': 'application/json', }, host: 'bedrock-runtime.us-east-1.amazonaws.com', - path: '/model/anthropic.claude-3-sonnet-20240229-v1:0/invoke', + path: '/model/anthropic.claude-3-5-sonnet-20240620-v1:0/invoke', service: 'bedrock', }, { accessKeyId: '123', secretAccessKey: 'secret' } @@ -181,7 +181,7 @@ describe('BedrockConnector', () => { 'x-amzn-bedrock-accept': '*/*', }, host: 'bedrock-runtime.us-east-1.amazonaws.com', - path: '/model/anthropic.claude-3-sonnet-20240229-v1:0/invoke-with-response-stream', + path: '/model/anthropic.claude-3-5-sonnet-20240620-v1:0/invoke-with-response-stream', service: 'bedrock', }, { accessKeyId: '123', secretAccessKey: 'secret' } diff --git a/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts b/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts index 9fa41b0c45665..6c372ce0fc453 100644 --- a/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts +++ b/x-pack/plugins/task_manager/server/monitoring/workload_statistics.ts @@ -173,7 +173,9 @@ export function createWorkloadAggregator( field: 'task.runAt', ranges: [ { + // @ts-expect-error type regression introduced by https://github.com/elastic/elasticsearch-specification/pull/2552 from: `now`, + // @ts-expect-error type regression introduced by https://github.com/elastic/elasticsearch-specification/pull/2552 to: `now+${asInterval(scheduleDensityBuckets * pollInterval)}`, }, ], diff --git a/x-pack/plugins/task_manager/server/task_store.ts b/x-pack/plugins/task_manager/server/task_store.ts index 3cc50a05259a5..b922d10ee5cf1 100644 --- a/x-pack/plugins/task_manager/server/task_store.ts +++ b/x-pack/plugins/task_manager/server/task_store.ts @@ -504,9 +504,9 @@ export class TaskStore { for (const task of tasks) { if (task._seq_no == null || task._primary_term == null) continue; - const esId = task._id.startsWith('task:') ? task._id.slice(5) : task._id; + const esId = task._id!.startsWith('task:') ? task._id!.slice(5) : task._id!; versionMap.set(esId, { - esId: task._id, + esId: task._id!, seqNo: task._seq_no, primaryTerm: task._primary_term, }); diff --git a/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts b/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts index 32b5ec4e4162e..81b681dfd812b 100644 --- a/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts +++ b/x-pack/plugins/timelines/common/search_strategy/index_fields/index.ts @@ -76,17 +76,14 @@ export interface IndexFieldsStrategyResponse extends IEsSearchResponse { */ export interface BrowserField { aggregatable: boolean; - category: string; - description: string | null; - example: string | number | null; - fields: Record<string, Partial<BrowserField>>; + fields: Record<string, Partial<BrowserField>>; // FIXME: missing in FieldSpec format: string; - indexes: string[]; + indexes: string[]; // FIXME: missing in FieldSpec name: string; searchable: boolean; type: string; esTypes?: string[]; - subType?: IFieldSubType; + subType?: IFieldSubType; // not sure readFromDocValues: boolean; runtimeField?: RuntimeField; } diff --git a/x-pack/plugins/timelines/public/mock/browser_fields.ts b/x-pack/plugins/timelines/public/mock/browser_fields.ts index d852c0002e83b..eb7acfd9484c0 100644 --- a/x-pack/plugins/timelines/public/mock/browser_fields.ts +++ b/x-pack/plugins/timelines/public/mock/browser_fields.ts @@ -23,9 +23,6 @@ export const mocksSource = { indexFields: [ { category: 'base', - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', @@ -35,9 +32,6 @@ export const mocksSource = { }, { category: 'agent', - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.ephemeral_id', @@ -47,8 +41,6 @@ export const mocksSource = { }, { category: 'agent', - description: null, - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.hostname', @@ -58,9 +50,6 @@ export const mocksSource = { }, { category: 'agent', - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.id', @@ -70,9 +59,6 @@ export const mocksSource = { }, { category: 'agent', - description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', - example: 'foo', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.name', @@ -82,8 +68,6 @@ export const mocksSource = { }, { category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a0', @@ -93,8 +77,6 @@ export const mocksSource = { }, { category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a1', @@ -104,8 +86,6 @@ export const mocksSource = { }, { category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a2', @@ -115,9 +95,6 @@ export const mocksSource = { }, { category: 'client', - description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.address', @@ -127,8 +104,6 @@ export const mocksSource = { }, { category: 'client', - description: 'Bytes sent from the client to the server.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.bytes', @@ -138,8 +113,6 @@ export const mocksSource = { }, { category: 'client', - description: 'Client domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.domain', @@ -149,8 +122,6 @@ export const mocksSource = { }, { category: 'client', - description: 'Country ISO code.', - example: 'CA', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.geo.country_iso_code', @@ -160,9 +131,6 @@ export const mocksSource = { }, { category: 'cloud', - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', @@ -172,8 +140,6 @@ export const mocksSource = { }, { category: 'cloud', - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.availability_zone', @@ -183,8 +149,6 @@ export const mocksSource = { }, { category: 'container', - description: 'Unique container id.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.id', @@ -194,8 +158,6 @@ export const mocksSource = { }, { category: 'container', - description: 'Name of the image the container was built on.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.name', @@ -205,8 +167,6 @@ export const mocksSource = { }, { category: 'container', - description: 'Container image tag.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.tag', @@ -216,9 +176,6 @@ export const mocksSource = { }, { category: 'destination', - description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.address', @@ -228,8 +185,6 @@ export const mocksSource = { }, { category: 'destination', - description: 'Bytes sent from the destination to the source.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.bytes', @@ -239,8 +194,6 @@ export const mocksSource = { }, { category: 'destination', - description: 'Destination domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.domain', @@ -251,8 +204,6 @@ export const mocksSource = { { aggregatable: true, category: 'destination', - description: 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.ip', @@ -262,8 +213,6 @@ export const mocksSource = { { aggregatable: true, category: 'destination', - description: 'Port of the destination.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.port', @@ -273,8 +222,6 @@ export const mocksSource = { { aggregatable: true, category: 'source', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.ip', @@ -284,8 +231,6 @@ export const mocksSource = { { aggregatable: true, category: 'source', - description: 'Port of the source.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.port', @@ -295,9 +240,6 @@ export const mocksSource = { { aggregatable: true, category: 'event', - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: null, format: '', indexes: DEFAULT_INDEX_PATTERN, name: 'event.end', @@ -307,8 +249,6 @@ export const mocksSource = { { aggregatable: false, category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.firstAttributes', @@ -323,8 +263,6 @@ export const mocksSource = { { aggregatable: false, category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.secondAttributes', @@ -372,10 +310,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'agent.ephemeral_id': { aggregatable: true, - category: 'agent', - description: - 'Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not.', - example: '8a4f500f', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.ephemeral_id', @@ -384,9 +318,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.hostname': { aggregatable: true, - category: 'agent', - description: null, - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.hostname', @@ -395,10 +326,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.id': { aggregatable: true, - category: 'agent', - description: - 'Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id.', - example: '8a4f500d', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.id', @@ -407,10 +334,6 @@ export const mockBrowserFields: BrowserFields = { }, 'agent.name': { aggregatable: true, - category: 'agent', - description: - 'Name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. If no name is given, the name is often left empty.', - example: 'foo', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'agent.name', @@ -423,9 +346,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'auditd.data.a0': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a0', @@ -434,9 +354,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a1': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a1', @@ -445,9 +362,6 @@ export const mockBrowserFields: BrowserFields = { }, 'auditd.data.a2': { aggregatable: true, - category: 'auditd', - description: null, - example: null, format: '', indexes: ['auditbeat'], name: 'auditd.data.a2', @@ -460,10 +374,6 @@ export const mockBrowserFields: BrowserFields = { fields: { '@timestamp': { aggregatable: true, - category: 'base', - description: - 'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.', - example: '2016-05-23T08:05:34.853Z', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: '@timestamp', @@ -471,9 +381,6 @@ export const mockBrowserFields: BrowserFields = { type: 'date', }, _id: { - category: 'base', - description: 'Each document has an _id that uniquely identifies it', - example: 'Y-6TfmcB0WOhS6qyMv3s', name: '_id', type: 'string', searchable: true, @@ -481,10 +388,6 @@ export const mockBrowserFields: BrowserFields = { indexes: ['auditbeat', 'filebeat', 'packetbeat'], }, message: { - category: 'base', - description: - 'For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message.', - example: 'Hello World', name: 'message', type: 'string', searchable: true, @@ -498,10 +401,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'client.address': { aggregatable: true, - category: 'client', - description: - 'Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.address', @@ -510,9 +409,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.bytes': { aggregatable: true, - category: 'client', - description: 'Bytes sent from the client to the server.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.bytes', @@ -521,9 +417,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.domain': { aggregatable: true, - category: 'client', - description: 'Client domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.domain', @@ -532,9 +425,6 @@ export const mockBrowserFields: BrowserFields = { }, 'client.geo.country_iso_code': { aggregatable: true, - category: 'client', - description: 'Country ISO code.', - example: 'CA', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'client.geo.country_iso_code', @@ -547,10 +437,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'cloud.account.id': { aggregatable: true, - category: 'cloud', - description: - 'The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.', - example: '666777888999', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.account.id', @@ -559,9 +445,6 @@ export const mockBrowserFields: BrowserFields = { }, 'cloud.availability_zone': { aggregatable: true, - category: 'cloud', - description: 'Availability zone in which this host is running.', - example: 'us-east-1c', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'cloud.availability_zone', @@ -574,9 +457,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'container.id': { aggregatable: true, - category: 'container', - description: 'Unique container id.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.id', @@ -585,9 +465,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.name': { aggregatable: true, - category: 'container', - description: 'Name of the image the container was built on.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.name', @@ -596,9 +473,6 @@ export const mockBrowserFields: BrowserFields = { }, 'container.image.tag': { aggregatable: true, - category: 'container', - description: 'Container image tag.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'container.image.tag', @@ -611,10 +485,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'destination.address': { aggregatable: true, - category: 'destination', - description: - 'Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.address', @@ -623,9 +493,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.bytes': { aggregatable: true, - category: 'destination', - description: 'Bytes sent from the destination to the source.', - example: '184', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.bytes', @@ -634,9 +501,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.domain': { aggregatable: true, - category: 'destination', - description: 'Destination domain.', - example: null, format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.domain', @@ -645,10 +509,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.ip': { aggregatable: true, - category: 'destination', - description: - 'IP address of the destination. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.ip', @@ -657,9 +517,6 @@ export const mockBrowserFields: BrowserFields = { }, 'destination.port': { aggregatable: true, - category: 'destination', - description: 'Port of the destination.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'destination.port', @@ -671,10 +528,6 @@ export const mockBrowserFields: BrowserFields = { event: { fields: { 'event.end': { - category: 'event', - description: - 'event.end contains the date when the event ended or when the activity was last observed.', - example: null, format: '', indexes: DEFAULT_INDEX_PATTERN, name: 'event.end', @@ -683,10 +536,6 @@ export const mockBrowserFields: BrowserFields = { aggregatable: true, }, 'event.action': { - category: 'event', - description: - 'The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer.', - example: 'user-password-change', name: 'event.action', type: 'string', searchable: true, @@ -695,10 +544,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.category': { - category: 'event', - description: - 'This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories.', - example: 'authentication', name: 'event.category', type: 'string', searchable: true, @@ -707,10 +552,6 @@ export const mockBrowserFields: BrowserFields = { indexes: DEFAULT_INDEX_PATTERN, }, 'event.severity': { - category: 'event', - description: - "The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`.", - example: 7, name: 'event.severity', type: 'number', format: 'number', @@ -723,9 +564,6 @@ export const mockBrowserFields: BrowserFields = { host: { fields: { 'host.name': { - category: 'host', - description: - 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.', name: 'host.name', type: 'string', searchable: true, @@ -739,9 +577,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'source.ip': { aggregatable: true, - category: 'source', - description: 'IP address of the source. Can be one or multiple IPv4 or IPv6 addresses.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.ip', @@ -750,9 +585,6 @@ export const mockBrowserFields: BrowserFields = { }, 'source.port': { aggregatable: true, - category: 'source', - description: 'Port of the source.', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'source.port', @@ -764,9 +596,6 @@ export const mockBrowserFields: BrowserFields = { user: { fields: { 'user.name': { - category: 'user', - description: 'Short name or login of the user.', - example: 'albert', name: 'user.name', type: 'string', searchable: true, @@ -780,9 +609,6 @@ export const mockBrowserFields: BrowserFields = { fields: { 'nestedField.firstAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.firstAttributes', @@ -796,9 +622,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.secondAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.secondAttributes', @@ -812,9 +635,6 @@ export const mockBrowserFields: BrowserFields = { }, 'nestedField.thirdAttributes': { aggregatable: false, - category: 'nestedField', - description: '', - example: '', format: '', indexes: ['auditbeat', 'filebeat', 'packetbeat'], name: 'nestedField.thirdAttributes', diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/build_ecs_objects.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/build_ecs_objects.ts index 0f24be8526d05..3b9891e79d9ab 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/build_ecs_objects.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/build_ecs_objects.ts @@ -27,6 +27,7 @@ export const buildEcsObjects = (hit: EventHit): Ecs => { } return acc; }, - { _id: hit._id, timestamp: getTimestamp(hit), _index: hit._index } + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + { _id: hit._id!, timestamp: getTimestamp(hit), _index: hit._index } ); }; diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts index 6899222946fb3..f56cfd32391d4 100644 --- a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts +++ b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/helpers/format_timeline_data.ts @@ -22,9 +22,11 @@ export const formatTimelineData = async ( uniq([...ecsFields, ...dataFields]).reduce<Promise<TimelineEdges>>( async (acc, fieldName) => { const flattenedFields: TimelineEdges = await acc; - flattenedFields.node._id = hit._id; + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + flattenedFields.node._id = hit._id!; flattenedFields.node._index = hit._index; - flattenedFields.node.ecs._id = hit._id; + // eslint-disable-next-line @typescript-eslint/no-non-null-assertion + flattenedFields.node.ecs._id = hit._id!; flattenedFields.node.ecs.timestamp = getTimestamp(hit); flattenedFields.node.ecs._index = hit._index; if (hit.sort && hit.sort.length > 1) { diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 3702b46aebd4f..0c30130edc267 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -1192,8 +1192,6 @@ "dashboard.actions.downloadOptionsUnsavedFilename": "sans titre", "dashboard.actions.toggleExpandPanelMenuItem.expandedDisplayName": "Minimiser", "dashboard.actions.toggleExpandPanelMenuItem.notExpandedDisplayName": "Maximiser le panneau", - "dashboard.addPanelMenuTrigger.description": "Une nouvelle action apparaîtra dans le menu Ajouter un panneau du tableau de bord", - "dashboard.addPanelMenuTrigger.title": "Menu Ajouter un panneau", "dashboard.appLeaveConfirmModal.cancelButtonLabel": "Annuler", "dashboard.appLeaveConfirmModal.unsavedChangesSubtitle": "Quitter Dashboard sans enregistrer ?", "dashboard.appLeaveConfirmModal.unsavedChangesTitle": "Modifications non enregistrées", @@ -1215,7 +1213,6 @@ "dashboard.editingToolbar.controlsButtonTitle": "Contrôles", "dashboard.editingToolbar.editControlGroupButtonTitle": "Paramètres", "dashboard.editingToolbar.onlyOneTimeSliderControlMsg": "Le groupe de contrôle contient déjà un contrôle de curseur temporel.", - "dashboard.editorMenu.aggBasedGroupTitle": "Basé sur une agrégation", "dashboard.editorMenu.deprecatedTag": "Déclassé", "dashboard.embeddableApi.showSettings.flyout.applyButtonTitle": "Appliquer", "dashboard.embeddableApi.showSettings.flyout.cancelButtonTitle": "Annuler", @@ -2396,12 +2393,7 @@ "discover.fieldChooser.discoverField.removeFieldTooltip": "Supprimer le champ du tableau", "discover.globalSearch.esqlSearchTitle": "Créer des recherches ES|QL", "discover.goToDiscoverButtonText": "Aller à Discover", - "unifiedDocViewer.flyout.documentNavigation": "Navigation dans le document", - "unifiedDocViewer.flyout.toastColumnAdded": "La colonne \"{columnName}\" a été ajoutée.", - "unifiedDocViewer.flyout.toastColumnRemoved": "La colonne \"{columnName}\" a été supprimée.", "discover.grid.tableRow.actionsLabel": "Actions", - "unifiedDocViewer.flyout.docViewerDetailHeading": "Document", - "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "Ligne", "discover.grid.tableRow.mobileFlyoutActionsButton": "Actions", "discover.grid.tableRow.moreFlyoutActionsButton": "Plus d'actions", "discover.grid.tableRow.esqlDetailHeading": "Ligne développée", @@ -2494,6 +2486,46 @@ "discover.viewAlert.searchSourceErrorTitle": "Erreur lors de la récupération de la source de recherche", "discover.viewModes.document.label": "Documents", "discover.viewModes.fieldStatistics.label": "Statistiques de champ", + "unifiedDocViewer.flyout.documentNavigation": "Navigation dans le document", + "unifiedDocViewer.flyout.toastColumnAdded": "La colonne \"{columnName}\" a été ajoutée.", + "unifiedDocViewer.flyout.toastColumnRemoved": "La colonne \"{columnName}\" a été supprimée.", + "unifiedDocViewer.flyout.docViewerDetailHeading": "Document", + "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "Ligne", + "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "Une ou plusieurs valeurs dans ce champ sont trop longues et ne peuvent pas être recherchées ni filtrées.", + "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "Ce champ comporte une ou plusieurs valeurs mal formées qui ne peuvent pas être recherchées ni filtrées.", + "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "Une ou plusieurs valeurs dans ce champ ont été ignorées par Elasticsearch et ne peuvent pas être recherchées ni filtrées.", + "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "La valeur dans ce champ est trop longue et ne peut pas être recherchée ni filtrée.", + "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "La valeur dans ce champ est mal formée et ne peut pas être recherchée ni filtrée.", + "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "La valeur dans ce champ a été ignorée par Elasticsearch et ne peut pas être recherchée ni filtrée.", + "unifiedDocViewer.docView.table.searchPlaceHolder": "Rechercher les noms de champs", + "unifiedDocViewer.docViews.json.jsonTitle": "JSON", + "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "Filtrer sur le champ", + "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "Filtrer sur le champ", + "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "Filtrer sur la valeur", + "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "Filtrer sur la valeur", + "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "Exclure la valeur", + "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "Exclure la valeur", + "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "Contient des valeurs ignorées", + "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "Valeur ignorée", + "unifiedDocViewer.docViews.table.pinFieldLabel": "Épingler le champ", + "unifiedDocViewer.docViews.table.tableTitle": "Tableau", + "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "Afficher/Masquer la colonne dans le tableau", + "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "Afficher/Masquer la colonne dans le tableau", + "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "Impossible de filtrer sur les champs méta", + "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "Impossible de filtrer sur les champs scriptés", + "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "Les champs non indexés ou les valeurs ignorées ne peuvent pas être recherchés", + "unifiedDocViewer.docViews.table.unpinFieldLabel": "Désépingler le champ", + "unifiedDocViewer.fieldChooser.discoverField.actions": "Actions", + "unifiedDocViewer.fieldChooser.discoverField.multiField": "champ multiple", + "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "Les champs multiples peuvent avoir plusieurs valeurs.", + "unifiedDocViewer.fieldChooser.discoverField.name": "Champ", + "unifiedDocViewer.fieldChooser.discoverField.value": "Valeur", + "unifiedDocViewer.json.codeEditorAriaLabel": "Affichage JSON en lecture seule d’un document Elasticsearch", + "unifiedDocViewer.json.copyToClipboardLabel": "Copier dans le presse-papiers", + "unifiedDocViewer.loadingJSON": "Chargement de JSON", + "unifiedDocViewer.sourceViewer.errorMessage": "Impossible de récupérer les données pour le moment. Actualisez l'onglet et réessayez.", + "unifiedDocViewer.sourceViewer.errorMessageTitle": "Une erreur s'est produite.", + "unifiedDocViewer.sourceViewer.refresh": "Actualiser", "textBasedLanguages.advancedSettings.enableESQL.discussLinkText": "discuss.elastic.co/c/elastic-stack/kibana", "textBasedLanguages.advancedSettings.enableESQLTitle": "Activer ES|QL", "domDragDrop.announce.cancelled": "Mouvement annulé. {label} revenu à sa position initiale", @@ -29937,8 +29969,6 @@ "xpack.observability.rulePage.logsTabTitle": "Logs", "xpack.observability.rulePage.rulesTabTitle": "Règles", "xpack.observability.rules.addRuleButtonLabel": "Créer une règle", - "xpack.observability.rules.createRule.errorNotification.descriptionText": "Échec de création de la règle", - "xpack.observability.rules.createRule.successNotification.descriptionText": "Règle créée", "xpack.observability.rules.deleteConfirmationModal.cancelButtonLabel": "Annuler", "xpack.observability.rules.deleteConfirmationModal.errorNotification.descriptionText": "Impossible de supprimer la règle", "xpack.observability.rules.deleteConfirmationModal.successNotification.descriptionText": "Règle supprimée", @@ -35662,7 +35692,6 @@ "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "Déclenchement arrêté", "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "Applications de confiance", "xpack.securitySolution.endpoint.updateCases.emptyComment": "Aucun commentaire fourni", - "xpack.securitySolution.endpointActionFailureMessage.unknownFailure": "Action en échec", "xpack.securitySolution.endpointActionResponseCodes.execute.diskQuotaError": "Les fichiers zip de sortie d'exécution de commande en attente sont trop nombreux.", "xpack.securitySolution.endpointActionResponseCodes.execute.failure": "Échec inconnu lors de l'exécution de la commande.", "xpack.securitySolution.endpointActionResponseCodes.execute.outputUploadTimeout": "Impossible de charger le fichier zip de sortie d'exécution de la commande Le chargement a expiré", @@ -37742,7 +37771,6 @@ "xpack.securitySolutionServerless.rules.endpointSecurity.endpointExceptions.cardTitle": "Toujours plus avec Security !", "xpack.securitySolutionServerless.threatIntelligence.paywall.title": "Toujours plus avec Security !", "xpack.serverlessSearch.apiKey.activeKeys": "Vous avez {number} clés actives.", - "xpack.serverlessSearch.apiKey.expiresHelpText": "Cette clé d'API expirera le {expirationDate}", "xpack.serverlessSearch.connectors.config.apiKeyDescription": "Vous pouvez limiter la clé d'API du connecteur pour n'avoir accès qu'à l'index ci-dessus. Une fois créée, utilisez cette clé pour déterminer la variable {apiKey} dans votre fichier {config}.", "xpack.serverlessSearch.connectors.config.createIndexLabel": "Le connecteur créera l'index {searchValue}", "xpack.serverlessSearch.connectors.deleteModal.syncsWarning.connectorNameDescription": "Cette action ne peut pas être annulée. Veuillez saisir {connectorName} pour confirmer.", @@ -37759,31 +37787,11 @@ "xpack.serverlessSearch.apiKey.apiKeyStepDescription": "Cette clé ne s’affichera qu’une fois, conservez-la donc en lieu sûr. Nous ne conservons pas vos clés d’API, vous devrez donc générer une clé de remplacement si vous la perdez.", "xpack.serverlessSearch.apiKey.apiKeyStepTitle": "Stocker cette clé d'API", "xpack.serverlessSearch.apiKey.description": "Une clé d'API est un identifiant privé et unique destiné à l'authentification et l'autorisation. Il vous faut une clé d'API pour vous connecter à votre projet en toute sécurité.", - "xpack.serverlessSearch.apiKey.expiresField.daysLabel": "en jours", - "xpack.serverlessSearch.apiKey.expiresField.neverLabel": "Jamais", - "xpack.serverlessSearch.apiKey.expiresFieldHelpText": "Les clés d’API doivent être changées régulièrement.", - "xpack.serverlessSearch.apiKey.expiresFieldLabel": "Expire", - "xpack.serverlessSearch.apiKey.expiresFieldUnit": "jours", - "xpack.serverlessSearch.apiKey.flyout.errorTitle": "Erreur lors de la création d’une clé d’API", - "xpack.serverlessSearch.apiKey.flyOutCreateLabel": "Créer une clé d'API", - "xpack.serverlessSearch.apiKey.flyoutTitle": "Créer une clé d'API", "xpack.serverlessSearch.apiKey.manageLabel": "Gérer", - "xpack.serverlessSearch.apiKey.metadata.description": "Utilisez des paires clé-valeur configurables pour ajouter des informations au sujet de la clé d’API ou personnaliser l’accès aux ressources Elasticsearch.", - "xpack.serverlessSearch.apiKey.metadata.title": "Métadonnées", - "xpack.serverlessSearch.apiKey.metadataLinkLabel": "Découvrez comment structurer les métadonnées de rôle", - "xpack.serverlessSearch.apiKey.nameFieldHelpText": "Un bon nom permet de savoir clairement à quoi sert votre clé d’API.", - "xpack.serverlessSearch.apiKey.nameFieldLabel": "Nom", "xpack.serverlessSearch.apiKey.newButtonLabel": "Nouveauté", "xpack.serverlessSearch.apiKey.panel.description": "Utilisez une clé existante ou créez-en une nouvelle et copiez-la dans un endroit sûr.", "xpack.serverlessSearch.apiKey.panel.title": "Ajouter une clé d'API", - "xpack.serverlessSearch.apiKey.privileges.description": "Contrôlez l'accès aux ressources et API Elasticsearch spécifiques à l’aide de rôles prédéfinis ou de privilèges personnalisés par clé d’API.", - "xpack.serverlessSearch.apiKey.privileges.title": "Privilèges de sécurité", - "xpack.serverlessSearch.apiKey.roleDescriptorsLinkLabel": "Découvrir comment structurer les descripteurs de rôles", - "xpack.serverlessSearch.apiKey.setup.description": "Les détails de la configuration de base pour créer votre clé d’API.", - "xpack.serverlessSearch.apiKey.setup.title": "Configuration", "xpack.serverlessSearch.apiKey.title": "Clé d'API", - "xpack.serverlessSearch.apiKey.userFieldHelpText": "Identifiant de l’utilisateur créant la clé d’API.", - "xpack.serverlessSearch.apiKey.userFieldLabel": "Utilisateur", "xpack.serverlessSearch.app.connectors.title": "Connecteurs", "xpack.serverlessSearch.app.elasticsearch.title": "Elasticsearch", "xpack.serverlessSearch.back": "Retour", @@ -44223,41 +44231,8 @@ "uiActions.errors.incompatibleAction": "Action non compatible", "uiActions.triggers.rowClickkDescription": "Un clic sur une ligne de tableau", "uiActions.triggers.rowClickTitle": "Clic sur ligne de tableau", - "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "Une ou plusieurs valeurs dans ce champ sont trop longues et ne peuvent pas être recherchées ni filtrées.", - "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "Ce champ comporte une ou plusieurs valeurs mal formées qui ne peuvent pas être recherchées ni filtrées.", - "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "Une ou plusieurs valeurs dans ce champ ont été ignorées par Elasticsearch et ne peuvent pas être recherchées ni filtrées.", - "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "La valeur dans ce champ est trop longue et ne peut pas être recherchée ni filtrée.", - "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "La valeur dans ce champ est mal formée et ne peut pas être recherchée ni filtrée.", - "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "La valeur dans ce champ a été ignorée par Elasticsearch et ne peut pas être recherchée ni filtrée.", - "unifiedDocViewer.docView.table.searchPlaceHolder": "Rechercher les noms de champs", - "unifiedDocViewer.docViews.json.jsonTitle": "JSON", - "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "Filtrer sur le champ", - "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "Filtrer sur le champ", - "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "Filtrer sur la valeur", - "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "Filtrer sur la valeur", - "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "Exclure la valeur", - "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "Exclure la valeur", - "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "Contient des valeurs ignorées", - "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "Valeur ignorée", - "unifiedDocViewer.docViews.table.pinFieldLabel": "Épingler le champ", - "unifiedDocViewer.docViews.table.tableTitle": "Tableau", - "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "Afficher/Masquer la colonne dans le tableau", - "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "Afficher/Masquer la colonne dans le tableau", - "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "Impossible de filtrer sur les champs méta", - "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "Impossible de filtrer sur les champs scriptés", - "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "Les champs non indexés ou les valeurs ignorées ne peuvent pas être recherchés", - "unifiedDocViewer.docViews.table.unpinFieldLabel": "Désépingler le champ", - "unifiedDocViewer.fieldChooser.discoverField.actions": "Actions", - "unifiedDocViewer.fieldChooser.discoverField.multiField": "champ multiple", - "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "Les champs multiples peuvent avoir plusieurs valeurs.", - "unifiedDocViewer.fieldChooser.discoverField.name": "Champ", - "unifiedDocViewer.fieldChooser.discoverField.value": "Valeur", - "unifiedDocViewer.json.codeEditorAriaLabel": "Affichage JSON en lecture seule d’un document Elasticsearch", - "unifiedDocViewer.json.copyToClipboardLabel": "Copier dans le presse-papiers", - "unifiedDocViewer.loadingJSON": "Chargement de JSON", - "unifiedDocViewer.sourceViewer.errorMessage": "Impossible de récupérer les données pour le moment. Actualisez l'onglet et réessayez.", - "unifiedDocViewer.sourceViewer.errorMessageTitle": "Une erreur s'est produite.", - "unifiedDocViewer.sourceViewer.refresh": "Actualiser", + "uiActions.triggers.dashboard.addPanelMenu.description": "Une nouvelle action apparaîtra dans le menu Ajouter un panneau du tableau de bord", + "uiActions.triggers.dashboard.addPanelMenu.title": "Menu Ajouter un panneau", "unsavedChangesBadge.contextMenu.openButton": "Afficher les actions disponibles", "unsavedChangesBadge.contextMenu.revertChangesButton": "Restaurer les modifications", "unsavedChangesBadge.contextMenu.revertingChangesButtonStatus": "Annuler les modifications", @@ -44610,4 +44585,4 @@ "xpack.serverlessObservability.nav.projectSettings": "Paramètres de projet", "xpack.serverlessObservability.nav.synthetics": "Synthetics" } -} \ No newline at end of file +} diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 521ed09cc7acf..38cccd34c8e09 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -1192,8 +1192,6 @@ "dashboard.actions.downloadOptionsUnsavedFilename": "無題", "dashboard.actions.toggleExpandPanelMenuItem.expandedDisplayName": "最小化", "dashboard.actions.toggleExpandPanelMenuItem.notExpandedDisplayName": "パネルを最大化", - "dashboard.addPanelMenuTrigger.description": "新しいアクションは、ダッシュボードのパネルの追加メニューに表示されます", - "dashboard.addPanelMenuTrigger.title": "パネルの追加メニュー", "dashboard.appLeaveConfirmModal.cancelButtonLabel": "キャンセル", "dashboard.appLeaveConfirmModal.unsavedChangesSubtitle": "作業を保存せずにダッシュボードから移動しますか?", "dashboard.appLeaveConfirmModal.unsavedChangesTitle": "保存されていない変更", @@ -1215,7 +1213,6 @@ "dashboard.editingToolbar.controlsButtonTitle": "コントロール", "dashboard.editingToolbar.editControlGroupButtonTitle": "設定", "dashboard.editingToolbar.onlyOneTimeSliderControlMsg": "コントロールグループには、すでに時間スライダーコントロールがあります。", - "dashboard.editorMenu.aggBasedGroupTitle": "アグリゲーションに基づく", "dashboard.editorMenu.deprecatedTag": "非推奨", "dashboard.embeddableApi.showSettings.flyout.applyButtonTitle": "適用", "dashboard.embeddableApi.showSettings.flyout.cancelButtonTitle": "キャンセル", @@ -2393,12 +2390,7 @@ "discover.fieldChooser.discoverField.removeFieldTooltip": "フィールドを表から削除", "discover.globalSearch.esqlSearchTitle": "ES|QLクエリを作成", "discover.goToDiscoverButtonText": "Discoverに移動", - "unifiedDocViewer.flyout.documentNavigation": "ドキュメントナビゲーション", - "unifiedDocViewer.flyout.toastColumnAdded": "列'{columnName}'が追加されました", - "unifiedDocViewer.flyout.toastColumnRemoved": "列'{columnName}'が削除されました", "discover.grid.tableRow.actionsLabel": "アクション", - "unifiedDocViewer.flyout.docViewerDetailHeading": "ドキュメント", - "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "行", "discover.grid.tableRow.mobileFlyoutActionsButton": "アクション", "discover.grid.tableRow.moreFlyoutActionsButton": "さらにアクションを表示", "discover.grid.tableRow.esqlDetailHeading": "展開された行", @@ -2491,6 +2483,46 @@ "discover.viewAlert.searchSourceErrorTitle": "検索ソースの取得エラー", "discover.viewModes.document.label": "ドキュメント", "discover.viewModes.fieldStatistics.label": "フィールド統計情報", + "unifiedDocViewer.flyout.documentNavigation": "ドキュメントナビゲーション", + "unifiedDocViewer.flyout.toastColumnAdded": "列'{columnName}'が追加されました", + "unifiedDocViewer.flyout.toastColumnRemoved": "列'{columnName}'が削除されました", + "unifiedDocViewer.flyout.docViewerDetailHeading": "ドキュメント", + "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "行", + "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "このフィールドの1つ以上の値が長すぎるため、検索またはフィルタリングできません。", + "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "このフィールドは、検索またはフィルタリングできない正しくない形式の値が1つ以上あります。", + "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "このフィールドの1つ以上の値がElasticsearchによって無視されたため、検索またはフィルタリングできません。", + "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "このフィールドの値が長すぎるため、検索またはフィルタリングできません。", + "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "このフィールドの値の形式が正しくないため、検索またはフィルタリングできません。", + "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "このフィールドの値はElasticsearchによって無視されたため、検索またはフィルタリングできません。", + "unifiedDocViewer.docView.table.searchPlaceHolder": "検索フィールド名", + "unifiedDocViewer.docViews.json.jsonTitle": "JSON", + "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "フィールド表示のフィルター", + "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "フィールド表示のフィルター", + "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "値でフィルター", + "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "値でフィルター", + "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "値を除外", + "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "値を除外", + "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "無視された値を含む", + "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "無視された値", + "unifiedDocViewer.docViews.table.pinFieldLabel": "フィールドを固定", + "unifiedDocViewer.docViews.table.tableTitle": "表", + "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "表の列を切り替える", + "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "表の列を切り替える", + "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "メタフィールドの有無でフィルタリングできません", + "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "スクリプトフィールドの有無でフィルタリングできません", + "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "インデックスがないフィールドまたは無視された値は検索できません", + "unifiedDocViewer.docViews.table.unpinFieldLabel": "フィールドを固定解除", + "unifiedDocViewer.fieldChooser.discoverField.actions": "アクション", + "unifiedDocViewer.fieldChooser.discoverField.multiField": "複数フィールド", + "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "複数フィールドにはフィールドごとに複数の値を入力できます", + "unifiedDocViewer.fieldChooser.discoverField.name": "フィールド", + "unifiedDocViewer.fieldChooser.discoverField.value": "値", + "unifiedDocViewer.json.codeEditorAriaLabel": "Elasticsearch ドキュメントの JSON ビューのみを読み込む", + "unifiedDocViewer.json.copyToClipboardLabel": "クリップボードにコピー", + "unifiedDocViewer.loadingJSON": "JSONを読み込んでいます", + "unifiedDocViewer.sourceViewer.errorMessage": "現在データを取得できませんでした。タブを更新して、再試行してください。", + "unifiedDocViewer.sourceViewer.errorMessageTitle": "エラーが発生しました", + "unifiedDocViewer.sourceViewer.refresh": "更新", "textBasedLanguages.advancedSettings.enableESQL.discussLinkText": "discuss.elastic.co/c/elastic-stack/kibana", "textBasedLanguages.advancedSettings.enableESQLTitle": "ES|QLを有効化", "domDragDrop.announce.cancelled": "移動がキャンセルされました。{label}は初期位置に戻りました", @@ -29915,8 +29947,6 @@ "xpack.observability.rulePage.logsTabTitle": "ログ", "xpack.observability.rulePage.rulesTabTitle": "ルール", "xpack.observability.rules.addRuleButtonLabel": "ルールを作成", - "xpack.observability.rules.createRule.errorNotification.descriptionText": "ルールの作成に失敗しました", - "xpack.observability.rules.createRule.successNotification.descriptionText": "ルールが作成されました", "xpack.observability.rules.deleteConfirmationModal.cancelButtonLabel": "キャンセル", "xpack.observability.rules.deleteConfirmationModal.errorNotification.descriptionText": "ルールを削除できませんでした", "xpack.observability.rules.deleteConfirmationModal.successNotification.descriptionText": "削除されたルール", @@ -35637,7 +35667,6 @@ "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "トリガーを中断しました", "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "信頼できるアプリケーション", "xpack.securitySolution.endpoint.updateCases.emptyComment": "コメントがありません", - "xpack.securitySolution.endpointActionFailureMessage.unknownFailure": "アクションが失敗しました", "xpack.securitySolution.endpointActionResponseCodes.execute.diskQuotaError": "保留中のコマンド実行出力zipファイルが多すぎます。", "xpack.securitySolution.endpointActionResponseCodes.execute.failure": "コマンドの実行中に不明な障害が発生しました。", "xpack.securitySolution.endpointActionResponseCodes.execute.outputUploadTimeout": "コマンド実行出力zipファイルをアップロードできませんでした。アップロードがタイムアウトしました", @@ -37716,7 +37745,6 @@ "xpack.securitySolutionServerless.rules.endpointSecurity.endpointExceptions.cardTitle": "Securityではさまざまなことが可能です!", "xpack.securitySolutionServerless.threatIntelligence.paywall.title": "Securityではさまざまなことが可能です!", "xpack.serverlessSearch.apiKey.activeKeys": "{number}のアクティブなキーがあります。", - "xpack.serverlessSearch.apiKey.expiresHelpText": "このAPIキーは{expirationDate}に有効期限切れになります", "xpack.serverlessSearch.connectors.config.apiKeyDescription": "上記のインデックスにのみアクセスできるように、コネクターのAPIキーを制限できます。作成したら、このキーを使って{config}ファイルの{apiKey}変数を設定します。", "xpack.serverlessSearch.connectors.config.createIndexLabel": "コネクターはインデックス{searchValue}を作成します", "xpack.serverlessSearch.connectors.deleteModal.syncsWarning.connectorNameDescription": "この操作は元に戻すことができません。{connectorName}を入力して確認してください。", @@ -37733,31 +37761,11 @@ "xpack.serverlessSearch.apiKey.apiKeyStepDescription": "このキーは一度しか表示されないため、安全な場所に保存しておいてください。当社はお客様のAPIキーを保存しません。キーを紛失した場合は、代替キーを生成する必要があります。", "xpack.serverlessSearch.apiKey.apiKeyStepTitle": "このAPIキーを保存", "xpack.serverlessSearch.apiKey.description": "APIキーは、認証と認可のための非公開の一意の識別子です。プロジェクトに安全に接続するには、APIキーが必要です。", - "xpack.serverlessSearch.apiKey.expiresField.daysLabel": "日", - "xpack.serverlessSearch.apiKey.expiresField.neverLabel": "なし", - "xpack.serverlessSearch.apiKey.expiresFieldHelpText": "APIキーは定期的にローテーションしてください。", - "xpack.serverlessSearch.apiKey.expiresFieldLabel": "有効期限", - "xpack.serverlessSearch.apiKey.expiresFieldUnit": "日", - "xpack.serverlessSearch.apiKey.flyout.errorTitle": "APIキーの作成エラー", - "xpack.serverlessSearch.apiKey.flyOutCreateLabel": "APIキーを作成", - "xpack.serverlessSearch.apiKey.flyoutTitle": "APIキーを作成する", "xpack.serverlessSearch.apiKey.manageLabel": "管理", - "xpack.serverlessSearch.apiKey.metadata.description": "設定可能なキーと値のペアを使用して、APIキーに関する情報を追加したり、Elasticsearchリソースへのアクセスをカスタマイズしたりします。", - "xpack.serverlessSearch.apiKey.metadata.title": "メタデータ", - "xpack.serverlessSearch.apiKey.metadataLinkLabel": "ロールメタデータを構成する方法", - "xpack.serverlessSearch.apiKey.nameFieldHelpText": "良い名前は、APIキーの目的を明確に示します。", - "xpack.serverlessSearch.apiKey.nameFieldLabel": "名前", "xpack.serverlessSearch.apiKey.newButtonLabel": "新規", "xpack.serverlessSearch.apiKey.panel.description": "既存のキーを使用するか、新しいキーを作成して安全な場所にコピーしてください。", "xpack.serverlessSearch.apiKey.panel.title": "APIキーを追加", - "xpack.serverlessSearch.apiKey.privileges.description": "APIキーごとに定義済みのロールやカスタム権限を使用して、特定のElasticsearch APIやリソースへのアクセスを制御します。", - "xpack.serverlessSearch.apiKey.privileges.title": "セキュリティ権限", - "xpack.serverlessSearch.apiKey.roleDescriptorsLinkLabel": "ロール記述子を構造化する方法をご覧ください", - "xpack.serverlessSearch.apiKey.setup.description": "APIキーを作成するための基本構成詳細情報。", - "xpack.serverlessSearch.apiKey.setup.title": "セットアップ", "xpack.serverlessSearch.apiKey.title": "API キー", - "xpack.serverlessSearch.apiKey.userFieldHelpText": "APIキーを作成するユーザーのID。", - "xpack.serverlessSearch.apiKey.userFieldLabel": "ユーザー", "xpack.serverlessSearch.app.connectors.title": "コネクター", "xpack.serverlessSearch.app.elasticsearch.title": "Elasticsearch", "xpack.serverlessSearch.back": "戻る", @@ -44197,43 +44205,10 @@ "uiActions.actionPanel.more": "詳細", "uiActions.actionPanel.title": "オプション", "uiActions.errors.incompatibleAction": "操作に互換性がありません", + "uiActions.triggers.dashboard.addPanelMenu.description": "新しいアクションは、ダッシュボードのパネルの追加メニューに表示されます", + "uiActions.triggers.dashboard.addPanelMenu.title": "パネルの追加メニュー", "uiActions.triggers.rowClickkDescription": "テーブル行をクリック", "uiActions.triggers.rowClickTitle": "テーブル行クリック", - "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "このフィールドの1つ以上の値が長すぎるため、検索またはフィルタリングできません。", - "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "このフィールドは、検索またはフィルタリングできない正しくない形式の値が1つ以上あります。", - "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "このフィールドの1つ以上の値がElasticsearchによって無視されたため、検索またはフィルタリングできません。", - "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "このフィールドの値が長すぎるため、検索またはフィルタリングできません。", - "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "このフィールドの値の形式が正しくないため、検索またはフィルタリングできません。", - "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "このフィールドの値はElasticsearchによって無視されたため、検索またはフィルタリングできません。", - "unifiedDocViewer.docView.table.searchPlaceHolder": "検索フィールド名", - "unifiedDocViewer.docViews.json.jsonTitle": "JSON", - "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "フィールド表示のフィルター", - "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "フィールド表示のフィルター", - "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "値でフィルター", - "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "値でフィルター", - "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "値を除外", - "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "値を除外", - "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "無視された値を含む", - "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "無視された値", - "unifiedDocViewer.docViews.table.pinFieldLabel": "フィールドを固定", - "unifiedDocViewer.docViews.table.tableTitle": "表", - "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "表の列を切り替える", - "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "表の列を切り替える", - "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "メタフィールドの有無でフィルタリングできません", - "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "スクリプトフィールドの有無でフィルタリングできません", - "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "インデックスがないフィールドまたは無視された値は検索できません", - "unifiedDocViewer.docViews.table.unpinFieldLabel": "フィールドを固定解除", - "unifiedDocViewer.fieldChooser.discoverField.actions": "アクション", - "unifiedDocViewer.fieldChooser.discoverField.multiField": "複数フィールド", - "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "複数フィールドにはフィールドごとに複数の値を入力できます", - "unifiedDocViewer.fieldChooser.discoverField.name": "フィールド", - "unifiedDocViewer.fieldChooser.discoverField.value": "値", - "unifiedDocViewer.json.codeEditorAriaLabel": "Elasticsearch ドキュメントの JSON ビューのみを読み込む", - "unifiedDocViewer.json.copyToClipboardLabel": "クリップボードにコピー", - "unifiedDocViewer.loadingJSON": "JSONを読み込んでいます", - "unifiedDocViewer.sourceViewer.errorMessage": "現在データを取得できませんでした。タブを更新して、再試行してください。", - "unifiedDocViewer.sourceViewer.errorMessageTitle": "エラーが発生しました", - "unifiedDocViewer.sourceViewer.refresh": "更新", "unsavedChangesBadge.contextMenu.openButton": "使用可能なアクションを表示", "unsavedChangesBadge.contextMenu.revertChangesButton": "変更を元に戻す", "unsavedChangesBadge.contextMenu.revertingChangesButtonStatus": "変更を元に戻しています...", @@ -44586,4 +44561,4 @@ "xpack.serverlessObservability.nav.projectSettings": "プロジェクト設定", "xpack.serverlessObservability.nav.synthetics": "Synthetics" } -} \ No newline at end of file +} diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 51315fd4ef8ca..99c3441cddc6b 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -1194,8 +1194,6 @@ "dashboard.actions.downloadOptionsUnsavedFilename": "未命名", "dashboard.actions.toggleExpandPanelMenuItem.expandedDisplayName": "最小化", "dashboard.actions.toggleExpandPanelMenuItem.notExpandedDisplayName": "最大化面板", - "dashboard.addPanelMenuTrigger.description": "一个新操作将在仪表板的添加面板菜单中显示出来", - "dashboard.addPanelMenuTrigger.title": "添加面板菜单", "dashboard.appLeaveConfirmModal.cancelButtonLabel": "取消", "dashboard.appLeaveConfirmModal.unsavedChangesSubtitle": "离开有未保存工作的仪表板?", "dashboard.appLeaveConfirmModal.unsavedChangesTitle": "未保存的更改", @@ -1217,7 +1215,6 @@ "dashboard.editingToolbar.controlsButtonTitle": "控件", "dashboard.editingToolbar.editControlGroupButtonTitle": "设置", "dashboard.editingToolbar.onlyOneTimeSliderControlMsg": "控件组已包含时间滑块控件。", - "dashboard.editorMenu.aggBasedGroupTitle": "基于聚合", "dashboard.editorMenu.deprecatedTag": "(已过时)", "dashboard.embeddableApi.showSettings.flyout.applyButtonTitle": "应用", "dashboard.embeddableApi.showSettings.flyout.cancelButtonTitle": "取消", @@ -2397,12 +2394,7 @@ "discover.fieldChooser.discoverField.removeFieldTooltip": "从表中移除字段", "discover.globalSearch.esqlSearchTitle": "创建 ES|QL 查询", "discover.goToDiscoverButtonText": "前往 Discover", - "unifiedDocViewer.flyout.documentNavigation": "文档导航", - "unifiedDocViewer.flyout.toastColumnAdded": "已添加列“{columnName}”", - "unifiedDocViewer.flyout.toastColumnRemoved": "已移除列“{columnName}”", "discover.grid.tableRow.actionsLabel": "操作", - "unifiedDocViewer.flyout.docViewerDetailHeading": "文档", - "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "行", "discover.grid.tableRow.mobileFlyoutActionsButton": "操作", "discover.grid.tableRow.moreFlyoutActionsButton": "更多操作", "discover.grid.tableRow.esqlDetailHeading": "已展开行", @@ -2495,6 +2487,46 @@ "discover.viewAlert.searchSourceErrorTitle": "提取搜索源时出错", "discover.viewModes.document.label": "文档", "discover.viewModes.fieldStatistics.label": "字段统计信息", + "unifiedDocViewer.flyout.documentNavigation": "文档导航", + "unifiedDocViewer.flyout.toastColumnAdded": "已添加列“{columnName}”", + "unifiedDocViewer.flyout.toastColumnRemoved": "已移除列“{columnName}”", + "unifiedDocViewer.flyout.docViewerDetailHeading": "文档", + "unifiedDocViewer.flyout.docViewerEsqlDetailHeading": "行", + "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "此字段中的一个或多个值过长,无法搜索或筛选。", + "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "此字段包含一个或多个格式错误的值,无法搜索或筛选。", + "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "此字段中的一个或多个值被 Elasticsearch 忽略,无法搜索或筛选。", + "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "此字段中的值过长,无法搜索或筛选。", + "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "此字段中的值格式错误,无法搜索或筛选。", + "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "此字段中的值被 Elasticsearch 忽略,无法搜索或筛选。", + "unifiedDocViewer.docView.table.searchPlaceHolder": "搜索字段名称", + "unifiedDocViewer.docViews.json.jsonTitle": "JSON", + "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "筛留存在的字段", + "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "字段是否存在筛选", + "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "筛留值", + "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "筛留值", + "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "筛除值", + "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "筛除值", + "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "包含被忽略的值", + "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "被忽略的值", + "unifiedDocViewer.docViews.table.pinFieldLabel": "固定字段", + "unifiedDocViewer.docViews.table.tableTitle": "表", + "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "在表中切换列", + "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "在表中切换列", + "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "无法筛选元数据字段是否存在", + "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "无法筛选脚本字段是否存在", + "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "无法搜索未编入索引的字段或被忽略的值", + "unifiedDocViewer.docViews.table.unpinFieldLabel": "取消固定字段", + "unifiedDocViewer.fieldChooser.discoverField.actions": "操作", + "unifiedDocViewer.fieldChooser.discoverField.multiField": "多字段", + "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "多字段的每个字段可以有多个值", + "unifiedDocViewer.fieldChooser.discoverField.name": "字段", + "unifiedDocViewer.fieldChooser.discoverField.value": "值", + "unifiedDocViewer.json.codeEditorAriaLabel": "Elasticsearch 文档的只读 JSON 视图", + "unifiedDocViewer.json.copyToClipboardLabel": "复制到剪贴板", + "unifiedDocViewer.loadingJSON": "正在加载 JSON", + "unifiedDocViewer.sourceViewer.errorMessage": "当前无法获取数据。请刷新选项卡以重试。", + "unifiedDocViewer.sourceViewer.errorMessageTitle": "发生错误", + "unifiedDocViewer.sourceViewer.refresh": "刷新", "textBasedLanguages.advancedSettings.enableESQL.discussLinkText": "discuss.elastic.co/c/elastic-stack/kibana", "textBasedLanguages.advancedSettings.enableESQLTitle": "启用 ES|QL", "domDragDrop.announce.cancelled": "移动已取消。{label} 将返回至其初始位置", @@ -29955,8 +29987,6 @@ "xpack.observability.rulePage.logsTabTitle": "日志", "xpack.observability.rulePage.rulesTabTitle": "规则", "xpack.observability.rules.addRuleButtonLabel": "创建规则", - "xpack.observability.rules.createRule.errorNotification.descriptionText": "无法创建规则", - "xpack.observability.rules.createRule.successNotification.descriptionText": "已创建规则", "xpack.observability.rules.deleteConfirmationModal.cancelButtonLabel": "取消", "xpack.observability.rules.deleteConfirmationModal.errorNotification.descriptionText": "无法删除规则", "xpack.observability.rules.deleteConfirmationModal.successNotification.descriptionText": "已删除规则", @@ -35680,7 +35710,6 @@ "xpack.securitySolution.endpoint.resolver.terminatedTrigger": "已终止触发器", "xpack.securitySolution.endpoint.trustedApps.fleetIntegration.title": "受信任的应用程序", "xpack.securitySolution.endpoint.updateCases.emptyComment": "未提供注释", - "xpack.securitySolution.endpointActionFailureMessage.unknownFailure": "操作失败", "xpack.securitySolution.endpointActionResponseCodes.execute.diskQuotaError": "待处理的命令执行输出 zip 文件过多。", "xpack.securitySolution.endpointActionResponseCodes.execute.failure": "执行命令时出现未知故障。", "xpack.securitySolution.endpointActionResponseCodes.execute.outputUploadTimeout": "无法上传命令执行输出 zip 文件。上传超时", @@ -37760,7 +37789,6 @@ "xpack.securitySolutionServerless.rules.endpointSecurity.endpointExceptions.cardTitle": "Security 让您事半功倍!", "xpack.securitySolutionServerless.threatIntelligence.paywall.title": "Security 让您事半功倍!", "xpack.serverlessSearch.apiKey.activeKeys": "您有 {number} 个活动密钥。", - "xpack.serverlessSearch.apiKey.expiresHelpText": "此 API 密钥将于 {expirationDate}到期", "xpack.serverlessSearch.connectors.config.apiKeyDescription": "您可以将连接器的 API 密钥限定为仅有权访问以上索引。创建后,请使用此密钥在 {config} 文件中设置 {apiKey} 变量。", "xpack.serverlessSearch.connectors.config.createIndexLabel": "连接器将创建索引 {searchValue}", "xpack.serverlessSearch.connectors.deleteModal.syncsWarning.connectorNameDescription": "此操作无法撤消。请尝试 {connectorName} 以确认。", @@ -37777,31 +37805,11 @@ "xpack.serverlessSearch.apiKey.apiKeyStepDescription": "此密钥仅显示一次,因此请将其保存到某个安全位置。我们不存储您的 API 密钥,因此,如果您丢失了密钥,则需要生成替代密钥。", "xpack.serverlessSearch.apiKey.apiKeyStepTitle": "存储此 API 密钥", "xpack.serverlessSearch.apiKey.description": "API 密钥是用于身份验证和授权的专用唯一标识符。您需要 API 密钥以便安全连接到您的项目。", - "xpack.serverlessSearch.apiKey.expiresField.daysLabel": "以天为单位", - "xpack.serverlessSearch.apiKey.expiresField.neverLabel": "永不", - "xpack.serverlessSearch.apiKey.expiresFieldHelpText": "应定期轮换 API 密钥。", - "xpack.serverlessSearch.apiKey.expiresFieldLabel": "过期", - "xpack.serverlessSearch.apiKey.expiresFieldUnit": "天", - "xpack.serverlessSearch.apiKey.flyout.errorTitle": "创建 API 密钥时出错", - "xpack.serverlessSearch.apiKey.flyOutCreateLabel": "创建 API 密钥", - "xpack.serverlessSearch.apiKey.flyoutTitle": "创建 API 密钥", "xpack.serverlessSearch.apiKey.manageLabel": "管理", - "xpack.serverlessSearch.apiKey.metadata.description": "使用可配置的键值对添加有关 API 密钥的信息,或定制 Elasticsearch 资源访问权限。", - "xpack.serverlessSearch.apiKey.metadata.title": "元数据", - "xpack.serverlessSearch.apiKey.metadataLinkLabel": "了解如何构造角色元数据", - "xpack.serverlessSearch.apiKey.nameFieldHelpText": "适当的名称便于用户清楚了解 API 密钥的用途。", - "xpack.serverlessSearch.apiKey.nameFieldLabel": "名称", "xpack.serverlessSearch.apiKey.newButtonLabel": "新建", "xpack.serverlessSearch.apiKey.panel.description": "使用现有密钥,或创建新密钥并将其复制到某个安全位置。", "xpack.serverlessSearch.apiKey.panel.title": "添加 API 密钥", - "xpack.serverlessSearch.apiKey.privileges.description": "使用每个 API 密钥的预定义角色或定制权限控制对特定 Elasticsearch API 和资源的访问。", - "xpack.serverlessSearch.apiKey.privileges.title": "安全权限", - "xpack.serverlessSearch.apiKey.roleDescriptorsLinkLabel": "了解如何构造角色描述符", - "xpack.serverlessSearch.apiKey.setup.description": "用于创建 API 密钥的基本配置详情。", - "xpack.serverlessSearch.apiKey.setup.title": "设置", "xpack.serverlessSearch.apiKey.title": "API 密钥", - "xpack.serverlessSearch.apiKey.userFieldHelpText": "创建 API 密钥的用户的 ID。", - "xpack.serverlessSearch.apiKey.userFieldLabel": "用户", "xpack.serverlessSearch.app.connectors.title": "连接器", "xpack.serverlessSearch.app.elasticsearch.title": "Elasticsearch", "xpack.serverlessSearch.back": "返回", @@ -44245,43 +44253,10 @@ "uiActions.actionPanel.more": "更多", "uiActions.actionPanel.title": "选项", "uiActions.errors.incompatibleAction": "操作不兼容", + "uiActions.triggers.dashboard.addPanelMenu.description": "一个新操作将在仪表板的添加面板菜单中显示出来", + "uiActions.triggers.dashboard.addPanelMenu.title": "添加面板菜单", "uiActions.triggers.rowClickkDescription": "表格行的单击", "uiActions.triggers.rowClickTitle": "表格行单击", - "unifiedDocViewer.docView.table.ignored.multiAboveTooltip": "此字段中的一个或多个值过长,无法搜索或筛选。", - "unifiedDocViewer.docView.table.ignored.multiMalformedTooltip": "此字段包含一个或多个格式错误的值,无法搜索或筛选。", - "unifiedDocViewer.docView.table.ignored.multiUnknownTooltip": "此字段中的一个或多个值被 Elasticsearch 忽略,无法搜索或筛选。", - "unifiedDocViewer.docView.table.ignored.singleAboveTooltip": "此字段中的值过长,无法搜索或筛选。", - "unifiedDocViewer.docView.table.ignored.singleMalformedTooltip": "此字段中的值格式错误,无法搜索或筛选。", - "unifiedDocViewer.docView.table.ignored.singleUnknownTooltip": "此字段中的值被 Elasticsearch 忽略,无法搜索或筛选。", - "unifiedDocViewer.docView.table.searchPlaceHolder": "搜索字段名称", - "unifiedDocViewer.docViews.json.jsonTitle": "JSON", - "unifiedDocViewer.docViews.table.filterForFieldPresentButtonAriaLabel": "筛留存在的字段", - "unifiedDocViewer.docViews.table.filterForFieldPresentButtonTooltip": "字段是否存在筛选", - "unifiedDocViewer.docViews.table.filterForValueButtonAriaLabel": "筛留值", - "unifiedDocViewer.docViews.table.filterForValueButtonTooltip": "筛留值", - "unifiedDocViewer.docViews.table.filterOutValueButtonAriaLabel": "筛除值", - "unifiedDocViewer.docViews.table.filterOutValueButtonTooltip": "筛除值", - "unifiedDocViewer.docViews.table.ignored.multiValueLabel": "包含被忽略的值", - "unifiedDocViewer.docViews.table.ignored.singleValueLabel": "被忽略的值", - "unifiedDocViewer.docViews.table.pinFieldLabel": "固定字段", - "unifiedDocViewer.docViews.table.tableTitle": "表", - "unifiedDocViewer.docViews.table.toggleColumnInTableButtonAriaLabel": "在表中切换列", - "unifiedDocViewer.docViews.table.toggleColumnInTableButtonTooltip": "在表中切换列", - "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfMetaFieldsTooltip": "无法筛选元数据字段是否存在", - "unifiedDocViewer.docViews.table.unableToFilterForPresenceOfScriptedFieldsTooltip": "无法筛选脚本字段是否存在", - "unifiedDocViewer.docViews.table.unindexedFieldsCanNotBeSearchedTooltip": "无法搜索未编入索引的字段或被忽略的值", - "unifiedDocViewer.docViews.table.unpinFieldLabel": "取消固定字段", - "unifiedDocViewer.fieldChooser.discoverField.actions": "操作", - "unifiedDocViewer.fieldChooser.discoverField.multiField": "多字段", - "unifiedDocViewer.fieldChooser.discoverField.multiFieldTooltipContent": "多字段的每个字段可以有多个值", - "unifiedDocViewer.fieldChooser.discoverField.name": "字段", - "unifiedDocViewer.fieldChooser.discoverField.value": "值", - "unifiedDocViewer.json.codeEditorAriaLabel": "Elasticsearch 文档的只读 JSON 视图", - "unifiedDocViewer.json.copyToClipboardLabel": "复制到剪贴板", - "unifiedDocViewer.loadingJSON": "正在加载 JSON", - "unifiedDocViewer.sourceViewer.errorMessage": "当前无法获取数据。请刷新选项卡以重试。", - "unifiedDocViewer.sourceViewer.errorMessageTitle": "发生错误", - "unifiedDocViewer.sourceViewer.refresh": "刷新", "unsavedChangesBadge.contextMenu.openButton": "查看可用操作", "unsavedChangesBadge.contextMenu.revertChangesButton": "恢复更改", "unsavedChangesBadge.contextMenu.revertingChangesButtonStatus": "正在恢复更改......", @@ -44634,4 +44609,4 @@ "xpack.serverlessObservability.nav.projectSettings": "项目设置", "xpack.serverlessObservability.nav.synthetics": "Synthetics" } -} \ No newline at end of file +} diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_notify_when.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_notify_when.tsx index c1a34bdd146e5..ce9ddfcad2be1 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_notify_when.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_notify_when.tsx @@ -7,9 +7,9 @@ import { RuleAction, RuleNotifyWhen } from '@kbn/alerting-plugin/common'; import React, { useState, useEffect, useCallback, useMemo } from 'react'; +import { css } from '@emotion/css'; // We can't use @emotion/react - this component gets used with plugins that use both styled-components and Emotion import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import { euiStyled } from '@kbn/kibana-react-plugin/common'; import { EuiFlexGroup, EuiFlexItem, @@ -23,6 +23,7 @@ import { EuiButtonEmpty, EuiContextMenuPanel, EuiContextMenuItem, + useEuiTheme, } from '@elastic/eui'; import { some, filter, map } from 'fp-ts/lib/Option'; import { pipe } from 'fp-ts/lib/pipeable'; @@ -242,28 +243,39 @@ export const ActionNotifyWhen = ({ [onSummaryChange, selectedOptionDoesNotExist, onNotifyWhenChange, getDefaultNotifyWhenOption] ); + const { euiTheme } = useEuiTheme(); + const summaryContextMenuOptionStyles = useMemo( + () => css` + min-width: 300px; + padding: ${euiTheme.size.s}; + `, + [euiTheme] + ); + const summaryOptions = useMemo( () => [ - <SummaryContextMenuOption + <EuiContextMenuItem key="summary" onClick={() => selectSummaryOption(true)} icon={frequency.summary ? 'check' : 'empty'} id="actionNotifyWhen-option-summary" data-test-subj="actionNotifyWhen-option-summary" + className={summaryContextMenuOptionStyles} > {SUMMARY_OF_ALERTS} - </SummaryContextMenuOption>, - <SummaryContextMenuOption + </EuiContextMenuItem>, + <EuiContextMenuItem key="for_each" onClick={() => selectSummaryOption(false)} icon={!frequency.summary ? 'check' : 'empty'} id="actionNotifyWhen-option-for_each" data-test-subj="actionNotifyWhen-option-for_each" + className={summaryContextMenuOptionStyles} > {FOR_EACH_ALERT} - </SummaryContextMenuOption>, + </EuiContextMenuItem>, ], - [frequency.summary, selectSummaryOption] + [frequency.summary, selectSummaryOption, summaryContextMenuOptionStyles] ); const summaryOrPerRuleSelect = ( @@ -387,8 +399,3 @@ const SUMMARY_OF_ALERTS = i18n.translate( 'xpack.triggersActionsUI.sections.ruleForm.actionNotifyWhen.summaryOption', { defaultMessage: 'Summary of alerts' } ); - -const SummaryContextMenuOption = euiStyled(EuiContextMenuItem)` - min-width: 300px; - padding: ${({ theme }) => theme.eui.euiSizeS}; -`; diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_type_form.test.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_type_form.test.tsx index 0a71603a5b55a..cbf6c17e78481 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_type_form.test.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/action_connector_form/action_type_form.test.tsx @@ -18,7 +18,6 @@ import { } from '../../../types'; import { act } from 'react-dom/test-utils'; import { EuiFieldText } from '@elastic/eui'; -import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common'; import { I18nProvider, __IntlProvider as IntlProvider } from '@kbn/i18n-react'; import { render, waitFor, screen } from '@testing-library/react'; import { DEFAULT_FREQUENCY } from '../../../common/constants'; @@ -414,21 +413,19 @@ describe('action_type_form', () => { frequency: DEFAULT_FREQUENCY, }; const wrapper = render( - <EuiThemeProvider> - <IntlProvider locale="en"> - {getActionTypeForm({ - index: 1, - actionItem, - setActionFrequencyProperty: () => { - actionItem.frequency = { - notifyWhen: RuleNotifyWhen.ACTIVE, - throttle: null, - summary: true, - }; - }, - })} - </IntlProvider> - </EuiThemeProvider> + <IntlProvider locale="en"> + {getActionTypeForm({ + index: 1, + actionItem, + setActionFrequencyProperty: () => { + actionItem.frequency = { + notifyWhen: RuleNotifyWhen.ACTIVE, + throttle: null, + summary: true, + }; + }, + })} + </IntlProvider> ); const summaryOrPerRuleSelect = wrapper.getByTestId('summaryOrPerRuleSelect'); diff --git a/x-pack/plugins/watcher/common/lib/get_moment/get_moment.ts b/x-pack/plugins/watcher/common/lib/get_moment/get_moment.ts index c47443dd66773..39f8222fb4e8b 100644 --- a/x-pack/plugins/watcher/common/lib/get_moment/get_moment.ts +++ b/x-pack/plugins/watcher/common/lib/get_moment/get_moment.ts @@ -7,7 +7,7 @@ import moment from 'moment'; -export function getMoment(date?: string | number | null) { +export function getMoment(date?: string | number | null | Date) { if (!date) { return null; } diff --git a/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/bedrock_simulation.ts b/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/bedrock_simulation.ts index f235c2ea07a9d..7bd23fcd9b46c 100644 --- a/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/bedrock_simulation.ts +++ b/x-pack/test/alerting_api_integration/common/plugins/actions_simulators/server/bedrock_simulation.ts @@ -30,7 +30,7 @@ export class BedrockSimulator extends Simulator { } if ( - request.url === '/model/anthropic.claude-3-sonnet-20240229-v1:0/invoke-with-response-stream' + request.url === '/model/anthropic.claude-3-5-sonnet-20240620-v1:0/invoke-with-response-stream' ) { return BedrockSimulator.sendStreamResponse(response); } diff --git a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/plugin.ts b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/plugin.ts index 5ecb376a95ca8..4cafa57d3d480 100644 --- a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/plugin.ts +++ b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/plugin.ts @@ -92,6 +92,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu 'test.patternFiringAad', 'test.waitingRule', 'test.patternFiringAutoRecoverFalse', + 'test.severity', ], privileges: { all: { @@ -123,6 +124,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu 'test.patternFiringAad', 'test.waitingRule', 'test.patternFiringAutoRecoverFalse', + 'test.severity', ], }, }, @@ -157,6 +159,7 @@ export class FixturePlugin implements Plugin<void, void, FixtureSetupDeps, Fixtu 'test.patternFiringAad', 'test.waitingRule', 'test.patternFiringAutoRecoverFalse', + 'test.severity', ], }, }, diff --git a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts index 109f01f6b6d57..498020cb4b7d2 100644 --- a/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts +++ b/x-pack/test/alerting_api_integration/common/plugins/alerts/server/rule_types.ts @@ -1032,6 +1032,78 @@ function getWaitingRuleType(logger: Logger) { return result; } +function getSeverityRuleType() { + const paramsSchema = schema.object({ + pattern: schema.arrayOf( + schema.oneOf([schema.literal('low'), schema.literal('medium'), schema.literal('high')]) + ), + }); + type ParamsType = TypeOf<typeof paramsSchema>; + interface State extends RuleTypeState { + patternIndex?: number; + } + const result: RuleType< + ParamsType, + never, + State, + {}, + {}, + 'low' | 'medium' | 'high', + 'recovered', + { patternIndex: number; instancePattern: boolean[] } + > = { + id: 'test.severity', + name: 'Test: Rule type with severity', + actionGroups: [ + { id: 'low', name: 'Low', severity: { level: 0 } }, + { id: 'medium', name: 'Medium', severity: { level: 1 } }, + { id: 'high', name: 'High', severity: { level: 2 } }, + ], + category: 'management', + producer: 'alertsFixture', + defaultActionGroupId: 'low', + minimumLicenseRequired: 'basic', + isExportable: true, + doesSetRecoveryContext: true, + validate: { params: paramsSchema }, + async executor(executorOptions) { + const { services, state, params } = executorOptions; + const pattern = params.pattern; + if (!Array.isArray(pattern)) throw new Error('pattern is not an array'); + + const alertsClient = services.alertsClient; + if (!alertsClient) { + throw new Error(`Expected alertsClient to be defined but it is not`); + } + + // get the pattern index, return if past it + const patternIndex = state.patternIndex ?? 0; + if (patternIndex >= pattern.length) { + return { state: { patternIndex } }; + } + + alertsClient.report({ id: '*', actionGroup: pattern[patternIndex] }); + + // set recovery payload + for (const recoveredAlert of alertsClient.getRecoveredAlerts()) { + alertsClient.setAlertData({ id: recoveredAlert.alert.getId() }); + } + + return { + state: { + patternIndex: patternIndex + 1, + }, + }; + }, + alerts: { + context: 'test.severity', + shouldWrite: true, + mappings: { fieldMap: {} }, + }, + }; + return result; +} + async function sendSignal( logger: Logger, es: ElasticsearchClient, @@ -1325,4 +1397,5 @@ export function defineRuleTypes( alerting.registerType(getPatternFiringAutoRecoverFalseRuleType()); alerting.registerType(getPatternFiringAlertsAsDataRuleType()); alerting.registerType(getWaitingRuleType(logger)); + alerting.registerType(getSeverityRuleType()); } diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts index d5207718d844a..edd3d8d2ae072 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/group1/tests/alerting/backfill/schedule.ts @@ -896,24 +896,24 @@ export default function scheduleBackfillTests({ getService }: FtrProviderContext // error scheduling due to unsupported rule type expect(result[2]).to.eql({ error: { - error: 'Bad Request', message: `Rule type "test.noop" for rule ${lifecycleRuleId} is not supported`, + rule: { id: lifecycleRuleId, name: 'abc' }, }, }); // error scheduling due to disabled rule expect(result[3]).to.eql({ error: { - error: 'Bad Request', message: `Rule ${disabledRuleId} is disabled`, + rule: { id: disabledRuleId, name: 'abc' }, }, }); // error scheduling due to deleted rule expect(result[4]).to.eql({ error: { - error: 'Not Found', message: `Saved object [alert/${deletedRuleId}] not found`, + rule: { id: deletedRuleId }, }, }); diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/bedrock.ts b/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/bedrock.ts index a802ec201f839..93c8cd40fb37f 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/bedrock.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/group2/tests/actions/connector_types/bedrock.ts @@ -31,7 +31,7 @@ const secrets = { }; const defaultConfig = { - defaultModel: 'anthropic.claude-3-sonnet-20240229-v1:0', + defaultModel: 'anthropic.claude-3-5-sonnet-20240620-v1:0', }; // eslint-disable-next-line import/no-default-export diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alert_severity.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alert_severity.ts new file mode 100644 index 0000000000000..533bd593e3588 --- /dev/null +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alert_severity.ts @@ -0,0 +1,138 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import type { Alert } from '@kbn/alerts-as-data-utils'; +import { SearchHit } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { + ALERT_ACTION_GROUP, + ALERT_SEVERITY_IMPROVING, + ALERT_PREVIOUS_ACTION_GROUP, +} from '@kbn/rule-data-utils'; +import { FtrProviderContext } from '../../../../common/ftr_provider_context'; +import { getEventLog, getUrlPrefix, getTestRuleData, ObjectRemover } from '../../../../common/lib'; +import { Spaces } from '../../../scenarios'; + +// eslint-disable-next-line import/no-default-export +export default function createAlertSeverityTests({ getService }: FtrProviderContext) { + const es = getService('es'); + const retry = getService('retry'); + const supertest = getService('supertest'); + const space = Spaces.default; + + const alertsAsDataIndex = '.alerts-test.severity.alerts-default'; + + describe('improving alert severity', () => { + const objectRemover = new ObjectRemover(supertest); + + afterEach(async () => { + await objectRemover.removeAll(); + }); + after(async () => { + await es.deleteByQuery({ + index: alertsAsDataIndex, + query: { match_all: {} }, + conflicts: 'proceed', + }); + }); + + it('should correctly set severity_improving and previous_action_group data in alert document', async () => { + const pattern = [ + 'low', + 'low', + 'medium', + 'high', + 'high', + 'low', + 'high', + 'medium', + 'medium', + 'low', + ]; + const { body: createdRule } = await supertest + .post(`${getUrlPrefix(space.id)}/api/alerting/rule`) + .set('kbn-xsrf', 'foo') + .send( + getTestRuleData({ + rule_type_id: 'test.severity', + schedule: { interval: '1d' }, + throttle: null, + params: { + pattern, + }, + }) + ) + .expect(200); + const ruleId = createdRule.id; + objectRemover.add(space.id, ruleId, 'rule', 'alerting'); + + const allAlertDocs: Alert[] = []; + for (let i = 0; i < pattern.length; i++) { + // Wait for execution to finish + await waitForEventLogDocs(ruleId, new Map([['execute', { equal: i + 1 }]])); + + // Get alert after last execution + const alertDocs = await queryForAlertDocs<Alert>(); + expect(alertDocs.length).to.eql(1); + allAlertDocs.push(alertDocs[0]._source!); + + // Run another execution + await supertest + .post(`${getUrlPrefix(space.id)}/internal/alerting/rule/${ruleId}/_run_soon`) + .set('kbn-xsrf', 'foo') + .expect(204); + } + + // Verify action group and previous action group are set as expected + for (let i = 0; i < pattern.length; i++) { + expect(allAlertDocs[i][ALERT_ACTION_GROUP]).to.eql(pattern[i]); + + if (i >= 1) { + expect(allAlertDocs[i][ALERT_PREVIOUS_ACTION_GROUP]).to.eql(pattern[i - 1]); + } else { + expect(allAlertDocs[i][ALERT_PREVIOUS_ACTION_GROUP]).to.be(undefined); + } + } + + // Verify severity_improving is set correctly + expect(allAlertDocs[0][ALERT_SEVERITY_IMPROVING]).to.eql(false); + expect(allAlertDocs[1][ALERT_SEVERITY_IMPROVING]).to.be(undefined); + expect(allAlertDocs[2][ALERT_SEVERITY_IMPROVING]).to.eql(false); + expect(allAlertDocs[3][ALERT_SEVERITY_IMPROVING]).to.eql(false); + expect(allAlertDocs[4][ALERT_SEVERITY_IMPROVING]).to.be(undefined); + expect(allAlertDocs[5][ALERT_SEVERITY_IMPROVING]).to.eql(true); + expect(allAlertDocs[6][ALERT_SEVERITY_IMPROVING]).to.eql(false); + expect(allAlertDocs[7][ALERT_SEVERITY_IMPROVING]).to.eql(true); + expect(allAlertDocs[8][ALERT_SEVERITY_IMPROVING]).to.be(undefined); + expect(allAlertDocs[9][ALERT_SEVERITY_IMPROVING]).to.eql(true); + }); + }); + + async function queryForAlertDocs<T>(): Promise<Array<SearchHit<T>>> { + const searchResult = await es.search({ + index: alertsAsDataIndex, + body: { query: { match_all: {} } }, + }); + return searchResult.hits.hits as Array<SearchHit<T>>; + } + + async function waitForEventLogDocs( + id: string, + actions: Map<string, { gte: number } | { equal: number }> + ) { + return await retry.try(async () => { + return await getEventLog({ + getService, + spaceId: space.id, + type: 'alert', + id, + provider: 'alerting', + actions, + }); + }); + } +} diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data.ts index 99464a5f4069d..1604fa24bfe79 100644 --- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data.ts +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data.ts @@ -17,6 +17,8 @@ import { ALERT_FLAPPING, ALERT_FLAPPING_HISTORY, ALERT_INSTANCE_ID, + ALERT_SEVERITY_IMPROVING, + ALERT_PREVIOUS_ACTION_GROUP, ALERT_RULE_CATEGORY, ALERT_RULE_CONSUMER, ALERT_RULE_EXECUTION_TIMESTAMP, @@ -62,6 +64,8 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F 'kibana.alert.flapping_history', 'kibana.alert.rule.execution.uuid', 'kibana.alert.rule.execution.timestamp', + 'kibana.alert.severity_improving', + 'kibana.alert.previous_action_group', ]; describe('alerts as data', () => { @@ -169,6 +173,9 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F // tags should equal rule tags because rule type doesn't set any tags expect(source.tags).to.eql(['foo']); + + // new alerts automatically get severity_improving set to false + expect(source[ALERT_SEVERITY_IMPROVING]).to.equal(false); } let alertDoc: SearchHit<PatternFiringAlert> | undefined = alertDocsRun1.find( @@ -256,6 +263,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F expect(alertADocRun2[ALERT_WORKFLOW_STATUS]).to.eql(alertADocRun1[ALERT_WORKFLOW_STATUS]); expect(alertADocRun2[ALERT_TIME_RANGE]?.gte).to.equal(alertADocRun1[ALERT_TIME_RANGE]?.gte); + // no severity levels for this rule type + expect(alertADocRun2[ALERT_SEVERITY_IMPROVING]).to.be(undefined); + expect(alertADocRun2[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('default'); + // alertB, run 2 // status is updated to recovered, duration is updated, end time is set alertDoc = alertDocsRun2.find((doc) => doc._source![ALERT_INSTANCE_ID] === 'alertB'); @@ -295,6 +306,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F // time_range.lte should be set to end time expect(alertBDocRun2[ALERT_TIME_RANGE]?.lte).to.equal(alertBDocRun2[ALERT_END]); + // recovered alerts automatically get severity_improving set to true + expect(alertBDocRun2[ALERT_SEVERITY_IMPROVING]).to.equal(true); + expect(alertBDocRun2[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('default'); + // alertC, run 2 // status is updated to recovered, duration is updated, end time is set alertDoc = alertDocsRun2.find((doc) => doc._source![ALERT_INSTANCE_ID] === 'alertC'); @@ -334,6 +349,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F // time_range.lte should be set to end time expect(alertCDocRun2[ALERT_TIME_RANGE]?.lte).to.equal(alertCDocRun2[ALERT_END]); + // recovered alerts automatically get severity_improving set to true + expect(alertBDocRun2[ALERT_SEVERITY_IMPROVING]).to.equal(true); + expect(alertCDocRun2[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('default'); + // -------------------------- // RUN 3 - 1 re-active (alertC), 1 still recovered (alertB), 1 ongoing (alertA) // -------------------------- @@ -401,6 +420,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F expect(alertADocRun3[ALERT_WORKFLOW_STATUS]).to.eql(alertADocRun2[ALERT_WORKFLOW_STATUS]); expect(alertADocRun3[ALERT_TIME_RANGE]?.gte).to.equal(alertADocRun2[ALERT_TIME_RANGE]?.gte); + // no severity levels for this rule type + expect(alertADocRun3[ALERT_SEVERITY_IMPROVING]).to.be(undefined); + expect(alertADocRun3[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('default'); + // alertB doc should be unchanged from prior run because it is still recovered // but its flapping history should be updated alertDoc = alertDocsRun3.find((doc) => doc._source![ALERT_INSTANCE_ID] === 'alertB'); @@ -420,6 +443,9 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F false, ]); + expect(alertBDocRun3[ALERT_SEVERITY_IMPROVING]).to.be(undefined); + expect(alertBDocRun3[ALERT_PREVIOUS_ACTION_GROUP]).to.equal('recovered'); + // alertC should have 2 docs const alertCDocs = alertDocsRun3.filter( (doc) => doc._source![ALERT_INSTANCE_ID] === 'alertC' @@ -462,6 +488,10 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F expect(alertCDocRun3[EVENT_KIND]).to.eql('signal'); expect(alertCDocRun3[ALERT_WORKFLOW_STATUS]).to.eql('open'); expect(alertCDocRun3[ALERT_TIME_RANGE]?.gte).to.equal(alertCDocRun3[ALERT_START]); + + // new alerts automatically get severity_improving set to false + expect(alertCDocRun3[ALERT_SEVERITY_IMPROVING]).to.equal(false); + expect(alertCDocRun3[ALERT_PREVIOUS_ACTION_GROUP]).to.be(undefined); }); }); diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data_conflicts.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data_conflicts.ts index 95132afc0122c..59fd7eeb5d6fa 100644 --- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data_conflicts.ts +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/alerts_as_data/alerts_as_data_conflicts.ts @@ -99,7 +99,7 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F await esTestIndexTool.waitForDocs(source, 'rule-starting-2'); log(`ad-hoc update the alert doc`); - await adHocUpdate(es, aadIndex, initialDocs[0]._id); + await adHocUpdate(es, aadIndex, initialDocs[0]._id!); log(`signal the rule to finish`); await esTestIndexTool.indexDoc(source, 'rule-complete-2'); @@ -157,8 +157,8 @@ export default function createAlertsAsDataInstallResourcesTest({ getService }: F await esTestIndexTool.waitForDocs(source, 'rule-starting-2'); log(`ad-hoc update the 2nd and 4th alert docs`); - await adHocUpdate(es, aadIndex, initialDocs[1]._id); - await adHocUpdate(es, aadIndex, initialDocs[3]._id); + await adHocUpdate(es, aadIndex, initialDocs[1]._id!); + await adHocUpdate(es, aadIndex, initialDocs[3]._id!); log(`signal the rule to finish`); await esTestIndexTool.indexDoc(source, 'rule-complete-2'); @@ -287,6 +287,8 @@ const SkipFields = [ 'kibana.alert.workflow_tags', 'kibana.alert.workflow_status', 'kibana.alert.consecutive_matches', + 'kibana.alert.severity_improving', + 'kibana.alert.previous_action_group', ]; function log(message: string) { diff --git a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/index.ts b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/index.ts index 86c239250d109..79dae86b6a8d5 100644 --- a/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/index.ts +++ b/x-pack/test/alerting_api_integration/spaces_only/tests/alerting/group4/index.ts @@ -30,6 +30,7 @@ export default function alertingTests({ loadTestFile, getService }: FtrProviderC loadTestFile(require.resolve('./flapping_history')); loadTestFile(require.resolve('./check_registered_rule_types')); loadTestFile(require.resolve('./alert_delay')); + loadTestFile(require.resolve('./alert_severity')); loadTestFile(require.resolve('./generate_alert_schemas')); // Do not place test files here, due to https://github.com/elastic/kibana/issues/123059 diff --git a/x-pack/test/api_integration/apis/aiops/test_data.ts b/x-pack/test/api_integration/apis/aiops/test_data.ts index 21f628d832c7d..72d791248e9b2 100644 --- a/x-pack/test/api_integration/apis/aiops/test_data.ts +++ b/x-pack/test/api_integration/apis/aiops/test_data.ts @@ -32,11 +32,11 @@ export const getLogRateAnalysisTestData = <T extends ApiVersion>(): Array<TestDa testName: 'ecommerce', esArchive: 'x-pack/test/functional/es_archives/ml/ecommerce', requestBody: { - baselineMax: 1561719083292, - baselineMin: 1560954147006, - deviationMax: 1562254538692, - deviationMin: 1561986810992, - end: 2147483647000, + baselineMax: 1687949483292, + baselineMin: 1687184547006, + deviationMax: 1688484938692, + deviationMin: 1688217210992, + end: 2273714047000, index: 'ft_ecommerce', searchQuery: '{"match_all":{}}', start: 0, diff --git a/x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts b/x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts deleted file mode 100644 index af9d3d0d206a4..0000000000000 --- a/x-pack/test/api_integration/apis/asset_manager/config_when_disabled.ts +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const baseIntegrationTestsConfig = await readConfigFile(require.resolve('../../config.ts')); - - return { - ...baseIntegrationTestsConfig.getAll(), - testFiles: [require.resolve('./tests/when_disabled.ts')], - }; -} diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/basics.ts b/x-pack/test/api_integration/apis/asset_manager/tests/basics.ts deleted file mode 100644 index d0d44b88f68c1..0000000000000 --- a/x-pack/test/api_integration/apis/asset_manager/tests/basics.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from '@kbn/expect'; -import { FtrProviderContext } from '../../../ftr_provider_context'; - -export default function ({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - const esSupertest = getService('esSupertest'); - - describe('during basic startup', () => { - describe('ping endpoint', () => { - it('returns a successful response', async () => { - const response = await supertest.get('/api/asset-manager/ping').expect(200); - expect(response.body).to.eql({ message: 'Asset Manager OK' }); - }); - }); - - describe('assets index templates', () => { - it('should always be installed', async () => { - await esSupertest.get('/_index_template/assets').expect(200); - }); - }); - }); -} diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/helpers.ts b/x-pack/test/api_integration/apis/asset_manager/tests/helpers.ts deleted file mode 100644 index 94ab2f5b99ffe..0000000000000 --- a/x-pack/test/api_integration/apis/asset_manager/tests/helpers.ts +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { AssetWithoutTimestamp } from '@kbn/assetManager-plugin/common/types_api'; -import type { WriteSamplesPostBody } from '@kbn/assetManager-plugin/server'; -import { apm, infra, timerange } from '@kbn/apm-synthtrace-client'; -import expect from '@kbn/expect'; -import { Agent as SuperTestAgent } from 'supertest'; - -const SAMPLE_ASSETS_ENDPOINT = '/api/asset-manager/assets/sample'; - -export type KibanaSupertest = SuperTestAgent; - -// NOTE: In almost every case in tests, you want { refresh: true } -// in the options of this function, so it is defaulted to that value. -// Otherwise, it's likely whatever action you are testing after you -// create the sample asset docs will fail to find them. -// This refresh key passes through to the underlying ES -// query via the refresh option, see: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-refresh.html -export async function createSampleAssets( - supertest: KibanaSupertest, - options: WriteSamplesPostBody = {} -) { - if (options === null) { - options = {}; - } - if (!('refresh' in options)) { - options.refresh = true; - } - return supertest.post(SAMPLE_ASSETS_ENDPOINT).set('kbn-xsrf', 'xxx').send(options).expect(200); -} - -export async function deleteSampleAssets(supertest: KibanaSupertest) { - return await supertest.delete(SAMPLE_ASSETS_ENDPOINT).set('kbn-xsrf', 'xxx').expect(200); -} - -export async function viewSampleAssetDocs(supertest: KibanaSupertest) { - const response = await supertest.get(SAMPLE_ASSETS_ENDPOINT).expect(200); - expect(response).to.have.property('body'); - expect(response.body).to.have.property('results'); - return response.body.results as AssetWithoutTimestamp[]; -} - -export function generateServicesData({ - from, - to, - count = 1, -}: { - from: string; - to: string; - count: number; -}) { - const range = timerange(from, to); - - const services = Array(count) - .fill(0) - .map((_, idx) => - apm - .service({ - name: `service-${idx}`, - environment: 'production', - agentName: 'nodejs', - }) - .instance(`my-host-${idx}`) - ); - - return range - .interval('1m') - .rate(1) - .generator((timestamp, index) => - services.map((service) => - service - .transaction({ transactionName: 'GET /foo' }) - .timestamp(timestamp) - .duration(500) - .success() - ) - ); -} - -export function generateHostsData({ - from, - to, - count = 1, -}: { - from: string; - to: string; - count: number; -}) { - const range = timerange(from, to); - - const hosts = Array(count) - .fill(0) - .map((_, idx) => infra.host(`my-host-${idx}`)); - - return range - .interval('1m') - .rate(1) - .generator((timestamp, index) => hosts.map((host) => host.cpu().timestamp(timestamp))); -} diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/index.ts b/x-pack/test/api_integration/apis/asset_manager/tests/index.ts deleted file mode 100644 index e32e37c8ac020..0000000000000 --- a/x-pack/test/api_integration/apis/asset_manager/tests/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import { FtrProviderContext } from '../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Asset Manager API Endpoints', () => { - loadTestFile(require.resolve('./basics')); - loadTestFile(require.resolve('./sample_assets')); - }); -} diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/sample_assets.ts b/x-pack/test/api_integration/apis/asset_manager/tests/sample_assets.ts deleted file mode 100644 index a9e7ebab188e8..0000000000000 --- a/x-pack/test/api_integration/apis/asset_manager/tests/sample_assets.ts +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { Asset } from '@kbn/assetManager-plugin/common/types_api'; -import expect from '@kbn/expect'; -import { FtrProviderContext } from '../../../ftr_provider_context'; -import { createSampleAssets, deleteSampleAssets, viewSampleAssetDocs } from './helpers'; - -export default function ({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - const esSupertest = getService('esSupertest'); - - async function countSampleDocs() { - const sampleAssetDocs = await viewSampleAssetDocs(supertest); - return sampleAssetDocs.length; - } - - // This function performs the direct ES search using esSupertest, - // so we don't use the assets API to test the assets API - interface SearchESForAssetsOptions { - size?: number; - from?: string; - to?: string; - } - async function searchESForSampleAssets({ - size = 0, - from = 'now-24h', - to = 'now', - }: SearchESForAssetsOptions = {}) { - const queryPostBody = { - size, - query: { - range: { - '@timestamp': { - gte: from, - lte: to, - }, - }, - }, - }; - - return await esSupertest.post('/assets-*-sample_data/_search').send(queryPostBody).expect(200); - } - - describe('Sample Assets API', () => { - // Clear out the asset indices before each test - beforeEach(async () => { - await deleteSampleAssets(supertest); - }); - - // Clear out the asset indices one last time after the last test - after(async () => { - await deleteSampleAssets(supertest); - }); - - it('should return the sample asset documents', async () => { - const sampleAssetDocs = await viewSampleAssetDocs(supertest); - expect(sampleAssetDocs.length).to.be.greaterThan(0); - }); - - it('should find no sample assets in ES at first', async () => { - const initialResponse = await searchESForSampleAssets(); - expect(initialResponse.body.hits?.total?.value).to.equal(0); - }); - - it('should successfully create sample assets', async () => { - const nSampleDocs = await countSampleDocs(); - - const postResponse = await createSampleAssets(supertest, { refresh: true }); - expect(postResponse.status).to.equal(200); - expect(postResponse.body?.items?.length).to.equal(nSampleDocs); - - // using 'within the past 5 minutes' to approximate whatever the 'now' time was plus query and test lag - const searchResponse = await searchESForSampleAssets({ from: 'now-5m' }); - - expect(searchResponse.body.hits?.total?.value).to.equal(nSampleDocs); - }); - - it('should delete all sample data', async () => { - const nSampleDocs = await countSampleDocs(); - await createSampleAssets(supertest, { refresh: true }); - - const responseBeforeDelete = await searchESForSampleAssets(); - expect(responseBeforeDelete.body.hits?.total?.value).to.equal(nSampleDocs); - - await deleteSampleAssets(supertest); - - const responseAfterDelete = await searchESForSampleAssets(); - expect(responseAfterDelete.body.hits?.total?.value).to.equal(0); - }); - - it('should create sample data with a timestamp in the past', async () => { - const nSampleDocs = await countSampleDocs(); - - // Create sample documents dated three days prior to now - const now = new Date(); - const threeDaysAgo = new Date(now.getTime() - 1000 * 60 * 60 * 24 * 3); - const response = await createSampleAssets(supertest, { - refresh: true, - baseDateTime: threeDaysAgo.toISOString(), - }); - - // Expect that all of the sample docs have been indexed - expect(response.body?.items?.length).to.equal(nSampleDocs); - - // Searching only within the past day, we don't expect to find any of the asset documents - const oneDayAgoResponse = await searchESForSampleAssets({ size: 1, from: 'now-1d' }); - expect(oneDayAgoResponse.body.hits?.total?.value).to.equal(0); - - // Searching within the past 5 days, we should find all of the asset documents - const fiveDaysAgoResponse = await searchESForSampleAssets({ from: 'now-5d' }); - expect(fiveDaysAgoResponse.body.hits?.total?.value).to.equal(nSampleDocs); - }); - - it('should create sample data but exclude some documents via provided Elastic Asset Name values', async () => { - const sampleAssetDocs = await viewSampleAssetDocs(supertest); - const nSampleDocs = sampleAssetDocs.length; - - // We will remove the first and the last sample document, just for a test. - // Note: This test will continue to work without any hard-coded EAN values, and - // regardless of how those EAN values may change or expand. - const first = sampleAssetDocs.shift(); - const last = sampleAssetDocs.pop(); - const included = sampleAssetDocs.map((doc) => doc['asset.ean']); - - if (!first || !last) { - throw new Error('Sample asset documents were incorrectly returned'); - } - - const excluded = [first['asset.ean'], last['asset.ean']]; - const createResponse = await createSampleAssets(supertest, { - refresh: true, - excludeEans: excluded, - }); - - // We expect the created response should reference all sample docs, minus the 2 we excluded - expect(createResponse.body.items.length).to.equal(nSampleDocs - 2); - - // In Elasticsearch, we should also find 2 less asset documents than the total sample docs - const searchResponse = await searchESForSampleAssets({ size: nSampleDocs }); - expect(searchResponse.body.hits?.total?.value).to.equal(nSampleDocs - 2); - - // Lastly, we should confirm that the EAN values found in the sample docs are all - // included in the asset documents returned from ES, minus the two we excluded - const returnedAssetEans = searchResponse.body.hits.hits.map( - (doc: { _source: Asset }) => doc._source['asset.ean'] - ); - - included.forEach((ean) => { - expect(returnedAssetEans).to.contain(ean); - }); - - excluded.forEach((ean) => { - expect(returnedAssetEans).to.not.contain(ean); - }); - }); - }); -} diff --git a/x-pack/test/api_integration/apis/asset_manager/tests/when_disabled.ts b/x-pack/test/api_integration/apis/asset_manager/tests/when_disabled.ts deleted file mode 100644 index d8b556a959f8d..0000000000000 --- a/x-pack/test/api_integration/apis/asset_manager/tests/when_disabled.ts +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../ftr_provider_context'; - -export default function ({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - const esSupertest = getService('esSupertest'); - - describe('Asset Manager API Endpoints - when NOT enabled', () => { - describe('basic ping endpoint', () => { - it('returns a 404 response', async () => { - await supertest.get('/api/asset-manager/ping').expect(404); - }); - }); - - describe('assets index templates', () => { - it('should not be installed', async () => { - await esSupertest.get('/_index_template/assets').expect(404); - }); - }); - }); -} diff --git a/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts b/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts index c3d3406f61eb2..564c68c8e5c32 100644 --- a/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts +++ b/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts @@ -70,6 +70,17 @@ export default function ({ getService }: FtrProviderContext) { message: `There is already a pipeline with name '${name}'.`, }); }); + + it(`doesn't allow to create a pipeline with a too long name`, async () => { + const pipelineRequestBody = { + name: 'testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest1', + }; + await supertest + .post(ingestPipelines.fixtures.apiBasePath) + .set('kbn-xsrf', 'xxx') + .send(pipelineRequestBody) + .expect(400); + }); }); describe('Update', () => { diff --git a/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts b/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts index 421d59d3d7b50..1c23805e264d1 100644 --- a/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts +++ b/x-pack/test/api_integration/apis/ml/annotations/delete_annotations.ts @@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => { const annotationsForJob = await ml.api.getAnnotations(jobIds[0]); expect(annotationsForJob).to.have.length(1); - const annotationIdToDelete = annotationsForJob[0]._id; + const annotationIdToDelete = annotationsForJob[0]._id!; const { body, status } = await supertest .delete(`/internal/ml/annotations/delete/${annotationIdToDelete}`) @@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => { const annotationsForJob = await ml.api.getAnnotations(jobIds[1]); expect(annotationsForJob).to.have.length(1); - const annotationIdToDelete = annotationsForJob[0]._id; + const annotationIdToDelete = annotationsForJob[0]._id!; const { body, status } = await supertest .delete(`/internal/ml/annotations/delete/${annotationIdToDelete}`) @@ -75,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => { const annotationsForJob = await ml.api.getAnnotations(jobIds[2]); expect(annotationsForJob).to.have.length(1); - const annotationIdToDelete = annotationsForJob[0]._id; + const annotationIdToDelete = annotationsForJob[0]._id!; const { body, status } = await supertest .delete(`/internal/ml/annotations/delete/${annotationIdToDelete}`) diff --git a/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts b/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts index dd7ff75374490..6b7c437eb77ca 100644 --- a/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts +++ b/x-pack/test/api_integration/apis/ml/annotations/update_annotations.ts @@ -69,7 +69,7 @@ export default ({ getService }: FtrProviderContext) => { expect(body._id).to.eql(originalAnnotation._id); expect(body.result).to.eql('updated'); - const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id); + const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!); if (updatedAnnotation) { Object.keys(commonAnnotationUpdateRequestBody).forEach((key) => { @@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => { expect(body._id).to.eql(originalAnnotation._id); expect(body.result).to.eql('updated'); - const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id); + const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!); if (updatedAnnotation) { Object.keys(commonAnnotationUpdateRequestBody).forEach((key) => { const field = key as keyof Annotation; @@ -131,7 +131,7 @@ export default ({ getService }: FtrProviderContext) => { expect(body.error).to.eql('Forbidden'); expect(body.message).to.eql('Forbidden'); - const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id); + const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!); expect(updatedAnnotation).to.eql(originalAnnotation._source); }); @@ -157,7 +157,7 @@ export default ({ getService }: FtrProviderContext) => { .send(annotationUpdateRequestBodyWithMissingFields); ml.api.assertResponseStatusCode(200, status, body); - const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id); + const updatedAnnotation = await ml.api.getAnnotationById(originalAnnotation._id!); if (updatedAnnotation) { Object.keys(annotationUpdateRequestBodyWithMissingFields).forEach((key) => { if (key !== '_id') { diff --git a/x-pack/test/api_integration/apis/ml/fields_service/field_cardinality.ts b/x-pack/test/api_integration/apis/ml/fields_service/field_cardinality.ts index e6b7af719a73c..fdd505ccaa6e2 100644 --- a/x-pack/test/api_integration/apis/ml/fields_service/field_cardinality.ts +++ b/x-pack/test/api_integration/apis/ml/fields_service/field_cardinality.ts @@ -42,8 +42,8 @@ export default ({ getService }: FtrProviderContext) => { fieldNames: ['geoip.city_name', 'geoip.continent_name', 'geoip.country_iso_code'], query: { bool: { must: [{ match_all: {} }] } }, timeFieldName: 'order_date', - earliestMs: 1560556800000, // June 15, 2019 12:00:00 AM GMT - latestMs: 1560643199000, // June 15, 2019 11:59:59 PM GMT + earliestMs: 1686787200000, // June 15, 2023 12:00:00 AM GMT + latestMs: 1686873599000, // June 15, 2023 11:59:59 PM GMT }, expected: { statusCode: 200, @@ -62,8 +62,8 @@ export default ({ getService }: FtrProviderContext) => { fieldNames: ['manufacturer'], query: { bool: { must: [{ match_all: {} }] } }, timeFieldName: 'order_date', - earliestMs: 1560556800000, // June 15, 2019 12:00:00 AM GMT - latestMs: 1560643199000, // June 15, 2019 11:59:59 PM GMT + earliestMs: 1686787200000, // June 15, 2023 12:00:00 AM GMT + latestMs: 1686873599000, // June 15, 2023 11:59:59 PM GMT }, expected: { statusCode: 200, diff --git a/x-pack/test/api_integration/apis/ml/fields_service/time_field_range.ts b/x-pack/test/api_integration/apis/ml/fields_service/time_field_range.ts index 6f55439b8e11f..7960935e1b4f9 100644 --- a/x-pack/test/api_integration/apis/ml/fields_service/time_field_range.ts +++ b/x-pack/test/api_integration/apis/ml/fields_service/time_field_range.ts @@ -28,8 +28,8 @@ export default ({ getService }: FtrProviderContext) => { expected: { responseCode: 200, responseBody: { - start: 1560297859000, - end: 1562975136000, + start: 1686528259000, + end: 1689205536000, success: true, }, }, @@ -51,8 +51,8 @@ export default ({ getService }: FtrProviderContext) => { expected: { responseCode: 200, responseBody: { - start: 1560298982000, - end: 1562973754000, + start: 1686529382000, + end: 1689204154000, success: true, }, }, diff --git a/x-pack/test/api_integration/apis/ml/job_validation/bucket_span_estimator.ts b/x-pack/test/api_integration/apis/ml/job_validation/bucket_span_estimator.ts index e6c058acc3695..562ec3a4ec0da 100644 --- a/x-pack/test/api_integration/apis/ml/job_validation/bucket_span_estimator.ts +++ b/x-pack/test/api_integration/apis/ml/job_validation/bucket_span_estimator.ts @@ -23,7 +23,7 @@ export default ({ getService }: FtrProviderContext) => { user: USER.ML_POWERUSER, requestBody: { aggTypes: ['avg'], - duration: { start: 1560297859000, end: 1562975136000 }, + duration: { start: 1686528259000, end: 1689205536000 }, fields: ['taxless_total_price'], index: 'ft_ecommerce', query: { bool: { must: [{ match_all: {} }] } }, @@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => { user: USER.ML_POWERUSER, requestBody: { aggTypes: ['avg', 'sum'], - duration: { start: 1560297859000, end: 1562975136000 }, + duration: { start: 1686528259000, end: 1689205536000 }, fields: ['products.base_price', 'products.base_unit_price'], index: 'ft_ecommerce', query: { bool: { must: [{ match_all: {} }] } }, @@ -55,7 +55,7 @@ export default ({ getService }: FtrProviderContext) => { user: USER.ML_POWERUSER, requestBody: { aggTypes: ['avg'], - duration: { start: 1560297859000, end: 1562975136000 }, + duration: { start: 1686528259000, end: 1689205536000 }, fields: ['taxless_total_price'], index: 'ft_ecommerce', query: { bool: { must: [{ match_all: {} }] } }, @@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => { user: USER.ML_POWERUSER, requestBody: { aggTypes: ['avg'], - duration: { start: 1560297859000, end: 1562975136000 }, + duration: { start: 1686528259000, end: 1689205536000 }, fields: ['taxless_total_price'], filters: [], index: 'ft_ecommerce', diff --git a/x-pack/test/api_integration/apis/ml/job_validation/validate.ts b/x-pack/test/api_integration/apis/ml/job_validation/validate.ts index 8a7cb38f8dba8..02088af0b12e1 100644 --- a/x-pack/test/api_integration/apis/ml/job_validation/validate.ts +++ b/x-pack/test/api_integration/apis/ml/job_validation/validate.ts @@ -32,7 +32,7 @@ export default ({ getService }: FtrProviderContext) => { it(`should recognize a valid job configuration`, async () => { const requestBody = { - duration: { start: 1560297859000, end: 1562975136000 }, + duration: { start: 1686528259000, end: 1689205536000 }, job: { job_id: 'test', description: '', @@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => { it('should recognize a basic invalid job configuration and skip advanced checks', async () => { const requestBody = { - duration: { start: 1560297859000, end: 1562975136000 }, + duration: { start: 1686528259000, end: 1689205536000 }, job: { job_id: '-(*&^', description: '', @@ -126,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => { it('should recognize non-basic issues in job configuration', async () => { const requestBody = { - duration: { start: 1560297859000, end: 1562975136000 }, + duration: { start: 1686528259000, end: 1689205536000 }, job: { job_id: 'test', description: '', @@ -204,7 +204,7 @@ export default ({ getService }: FtrProviderContext) => { it('should not validate configuration in case request payload is invalid', async () => { const requestBody = { - duration: { start: 1560297859000, end: 1562975136000 }, + duration: { start: 1686528259000, end: 1689205536000 }, job: { job_id: 'test', description: '', diff --git a/x-pack/test/cases_api_integration/common/lib/api/index.ts b/x-pack/test/cases_api_integration/common/lib/api/index.ts index 6582601f0f1a9..d9aeafe6c7bf2 100644 --- a/x-pack/test/cases_api_integration/common/lib/api/index.ts +++ b/x-pack/test/cases_api_integration/common/lib/api/index.ts @@ -107,9 +107,9 @@ export const getSignalsWithES = async ({ return signals.body.hits.hits.reduce((acc, hit) => { let indexMap = acc.get(hit._index); if (indexMap === undefined) { - indexMap = new Map<string, estypes.SearchHit<SignalHit>>([[hit._id, hit]]); + indexMap = new Map<string, estypes.SearchHit<SignalHit>>([[hit._id!, hit]]); } else { - indexMap.set(hit._id, hit); + indexMap.set(hit._id!, hit); } acc.set(hit._index, indexMap); return acc; diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts index ef0e09f1a477d..fbfa4354683a5 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts @@ -262,7 +262,7 @@ export default ({ getService }: FtrProviderContext): void => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); await createAlertsIndex(supertest, log); const signals = await createSecuritySolutionAlerts(supertest, log, 2); - alerts = [signals.hits.hits[0], signals.hits.hits[1]]; + alerts = [signals.hits.hits[0] as Alerts[number], signals.hits.hits[1] as Alerts[number]]; }); afterEach(async () => { diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/migrations.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/migrations.ts index 723646a1763e6..0a3bd5ab1519d 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/migrations.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/migrations.ts @@ -569,7 +569,7 @@ export default function createGetTests({ getService }: FtrProviderContext) { const casesFromES = await getCaseSavedObjectsFromES({ es }); for (const hit of casesFromES.body.hits.hits) { - const caseID = hit._id; + const caseID = hit._id!; expect(expectedSeverityValues[caseID]).not.to.be(undefined); expect(hit._source?.cases.severity).to.eql(expectedSeverityValues[caseID]); } @@ -588,7 +588,7 @@ export default function createGetTests({ getService }: FtrProviderContext) { const casesFromES = await getCaseSavedObjectsFromES({ es }); for (const hit of casesFromES.body.hits.hits) { - const caseID = hit._id; + const caseID = hit._id!; expect(expectedStatusValues[caseID]).not.to.be(undefined); expect(hit._source?.cases.status).to.eql(expectedStatusValues[caseID]); } diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts index 07349749f0a2a..07cb4cee269bb 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts @@ -1742,7 +1742,7 @@ export default ({ getService }: FtrProviderContext): void => { supertest, caseId: postedCase.id, params: { - alertId: alert._id, + alertId: alert._id!, index: alert._index, rule: { id: 'id', @@ -1774,7 +1774,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQueryAlertIds([alert._id])) + .send(getQueryAlertIds([alert._id!])) .expect(200); expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql( @@ -1805,7 +1805,7 @@ export default ({ getService }: FtrProviderContext): void => { supertest, caseId: postedCase.id, params: { - alertId: alert._id, + alertId: alert._id!, index: alert._index, type: AttachmentType.alert, rule: { @@ -1832,7 +1832,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQueryAlertIds([alert._id])) + .send(getQueryAlertIds([alert._id!])) .expect(200); expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql('open'); @@ -1861,7 +1861,7 @@ export default ({ getService }: FtrProviderContext): void => { supertest, caseId: postedCase.id, params: { - alertId: alert._id, + alertId: alert._id!, index: alert._index, rule: { id: 'id', @@ -1906,7 +1906,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQueryAlertIds([alert._id])) + .send(getQueryAlertIds([alert._id!])) .expect(200); expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql( @@ -1933,7 +1933,7 @@ export default ({ getService }: FtrProviderContext): void => { supertest, caseId: postedCase.id, params: { - alertId: alert._id, + alertId: alert._id!, index: alert._index, type: AttachmentType.alert, rule: { @@ -1975,7 +1975,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: updatedAlert } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQueryAlertIds([alert._id])) + .send(getQueryAlertIds([alert._id!])) .expect(200); expect(updatedAlert.hits.hits[0]._source['kibana.alert.workflow_status']).eql('open'); diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts index 6a7426dd95104..8f78bad67249b 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts @@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext): void => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); await createAlertsIndex(supertest, log); const signals = await createSecuritySolutionAlerts(supertest, log, 2); - alerts = [signals.hits.hits[0], signals.hits.hits[1]]; + alerts = [signals.hits.hits[0] as Alerts[number], signals.hits.hits[1] as Alerts[number]]; }); afterEach(async () => { diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts index 3a73f14aca9b0..5607a8d61e6c8 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts @@ -129,7 +129,7 @@ export default ({ getService }: FtrProviderContext): void => { await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); await createAlertsIndex(supertest, log); const signals = await createSecuritySolutionAlerts(supertest, log, 2); - alerts = [signals.hits.hits[0], signals.hits.hits[1]]; + alerts = [signals.hits.hits[0] as Alerts[number], signals.hits.hits[1] as Alerts[number]]; }); afterEach(async () => { diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts index 1d2f58fed13f3..a9689575fb524 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts @@ -632,13 +632,13 @@ export default ({ getService }: FtrProviderContext): void => { await createCommentAndRefreshIndex({ caseId: postedCase.id, - alertId: alert._id, + alertId: alert._id!, alertIndex: alert._index, expectedHttpCode: attachmentExpectedHttpCode, auth: attachmentAuth, }); - const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id]); + const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id!]); expect(updatedAlert.hits.hits[0]._source?.[ALERT_WORKFLOW_STATUS]).eql( expectedAlertStatus @@ -661,12 +661,12 @@ export default ({ getService }: FtrProviderContext): void => { for (const theCase of cases) { await createCommentAndRefreshIndex({ caseId: theCase.id, - alertId: alert._id, + alertId: alert._id!, alertIndex: alert._index, }); } - const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id]); + const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id!]); const caseIds = cases.map((theCase) => theCase.id); expect(updatedAlert.hits.hits[0]._source?.[ALERT_CASE_IDS]).eql(caseIds); @@ -741,11 +741,11 @@ export default ({ getService }: FtrProviderContext): void => { await createCommentAndRefreshIndex({ caseId: postedCase.id, - alertId: alert._id, + alertId: alert._id!, alertIndex: alert._index, }); - const updatedAlertSecondTime = await getSecuritySolutionAlerts(supertest, [alert._id]); + const updatedAlertSecondTime = await getSecuritySolutionAlerts(supertest, [alert._id!]); expect(updatedAlertSecondTime.hits.hits[0]._source?.[ALERT_CASE_IDS]).eql([ postedCase.id, ]); @@ -762,7 +762,7 @@ export default ({ getService }: FtrProviderContext): void => { await createCommentAndRefreshIndex({ caseId: postedCase.id, - alertId: alert._id, + alertId: alert._id!, alertIndex: alert._index, expectedHttpCode: 400, }); @@ -784,7 +784,7 @@ export default ({ getService }: FtrProviderContext): void => { await createCommentAndRefreshIndex({ caseId: postedCase.id, - alertId: alert._id, + alertId: alert._id!, alertIndex: alert._index, expectedHttpCode: 200, auth: { user: secOnlyReadAlerts, space: 'space1' }, @@ -807,7 +807,7 @@ export default ({ getService }: FtrProviderContext): void => { await createCommentAndRefreshIndex({ caseId: postedCase.id, - alertId: alert._id, + alertId: alert._id!, alertIndex: alert._index, expectedHttpCode: 403, auth: { user: obsSec, space: 'space1' }, @@ -830,7 +830,7 @@ export default ({ getService }: FtrProviderContext): void => { await createCommentAndRefreshIndex({ caseId: postedCase.id, - alertId: alert._id, + alertId: alert._id!, alertIndex: alert._index, expectedHttpCode: 200, auth: { user: secSolutionOnlyReadNoIndexAlerts, space: 'space1' }, diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts index 1e460515e9f84..7a2cce01af0dd 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts @@ -883,12 +883,12 @@ export default ({ getService }: FtrProviderContext): void => { expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open'); alerts.push({ - id: alert._id, + id: alert._id!, index: alert._index, }); indices.push(alert._index); - ids.push(alert._id); + ids.push(alert._id!); }); await bulkCreateAttachmentsAndRefreshIndex({ @@ -921,13 +921,13 @@ export default ({ getService }: FtrProviderContext): void => { for (const theCase of cases) { await bulkCreateAttachmentsAndRefreshIndex({ caseId: theCase.id, - alerts: [{ id: alert._id, index: alert._index }], + alerts: [{ id: alert._id!, index: alert._index }], }); } await es.indices.refresh({ index: alert._index }); - const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id]); + const updatedAlert = await getSecuritySolutionAlerts(supertest, [alert._id!]); const caseIds = cases.map((theCase) => theCase.id); expect(updatedAlert.hits.hits[0]._source?.[ALERT_CASE_IDS]).eql(caseIds); @@ -1002,10 +1002,10 @@ export default ({ getService }: FtrProviderContext): void => { await bulkCreateAttachmentsAndRefreshIndex({ caseId: postedCase.id, - alerts: [{ id: alert._id, index: alert._index }], + alerts: [{ id: alert._id!, index: alert._index }], }); - const updatedAlertSecondTime = await getSecuritySolutionAlerts(supertest, [alert._id]); + const updatedAlertSecondTime = await getSecuritySolutionAlerts(supertest, [alert._id!]); expect(updatedAlertSecondTime.hits.hits[0]._source?.[ALERT_CASE_IDS]).eql([ postedCase.id, ]); @@ -1022,7 +1022,7 @@ export default ({ getService }: FtrProviderContext): void => { await bulkCreateAttachmentsAndRefreshIndex({ caseId: postedCase.id, - alerts: [{ id: alert._id, index: alert._index }], + alerts: [{ id: alert._id!, index: alert._index }], expectedHttpCode: 400, }); }); @@ -1043,7 +1043,7 @@ export default ({ getService }: FtrProviderContext): void => { await bulkCreateAttachmentsAndRefreshIndex({ caseId: postedCase.id, - alerts: [{ id: alert._id, index: alert._index }], + alerts: [{ id: alert._id!, index: alert._index }], expectedHttpCode: 200, auth: { user: secOnlyReadAlerts, space: 'space1' }, }); @@ -1065,7 +1065,7 @@ export default ({ getService }: FtrProviderContext): void => { await bulkCreateAttachmentsAndRefreshIndex({ caseId: postedCase.id, - alerts: [{ id: alert._id, index: alert._index }], + alerts: [{ id: alert._id!, index: alert._index }], expectedHttpCode: 403, auth: { user: obsSec, space: 'space1' }, }); @@ -1087,7 +1087,7 @@ export default ({ getService }: FtrProviderContext): void => { await bulkCreateAttachmentsAndRefreshIndex({ caseId: postedCase.id, - alerts: [{ id: alert._id, index: alert._index }], + alerts: [{ id: alert._id!, index: alert._index }], expectedHttpCode: 200, auth: { user: secSolutionOnlyReadNoIndexAlerts, space: 'space1' }, }); diff --git a/x-pack/test/cloud_security_posture_functional/pages/cis_integrations/kspm/cis_integration_eks.ts b/x-pack/test/cloud_security_posture_functional/pages/cis_integrations/kspm/cis_integration_eks.ts index cd63bc117224d..ec4a7c61239ea 100644 --- a/x-pack/test/cloud_security_posture_functional/pages/cis_integrations/kspm/cis_integration_eks.ts +++ b/x-pack/test/cloud_security_posture_functional/pages/cis_integrations/kspm/cis_integration_eks.ts @@ -35,7 +35,8 @@ export default function (providerContext: FtrProviderContext) { await cisIntegration.navigateToAddIntegrationKspmPage(); }); - describe('KSPM EKS Assume Role', async () => { + // FLAKY: https://github.com/elastic/kibana/issues/186306 + describe.skip('KSPM EKS Assume Role', async () => { it('KSPM EKS Assume Role workflow', async () => { const roleArn = 'RoleArnTestValue'; await cisIntegration.clickOptionButton(CIS_EKS_OPTION_TEST_ID); diff --git a/x-pack/test/cloud_security_posture_functional/pages/findings.ts b/x-pack/test/cloud_security_posture_functional/pages/findings.ts index 841799dd115f6..76ea64f6e6195 100644 --- a/x-pack/test/cloud_security_posture_functional/pages/findings.ts +++ b/x-pack/test/cloud_security_posture_functional/pages/findings.ts @@ -17,7 +17,6 @@ import type { FtrProviderContext } from '../ftr_provider_context'; // eslint-disable-next-line import/no-default-export export default function ({ getPageObjects, getService }: FtrProviderContext) { - const queryBar = getService('queryBar'); const filterBar = getService('filterBar'); const testSubjects = getService('testSubjects'); const retry = getService('retry'); @@ -100,9 +99,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }, ]; - const ruleName1 = data[0].rule.name; - const ruleName2 = data[1].rule.name; - const getCspBenchmarkRules = async (benchmarkId: string): Promise<CspBenchmarkRule[]> => { const cspBenchmarkRules = await kibanaServer.savedObjects.find<CspBenchmarkRule>({ type: CSP_BENCHMARK_RULE_SAVED_OBJECT_TYPE, @@ -151,39 +147,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await findings.index.remove(); }); - // FLAKY: https://github.com/elastic/kibana/issues/174472 - describe.skip('SearchBar', () => { - it('add filter', async () => { - // Filter bar uses the field's customLabel in the DataView - await filterBar.addFilter({ field: 'Rule Name', operation: 'is', value: ruleName1 }); - - expect(await filterBar.hasFilter('rule.name', ruleName1)).to.be(true); - expect(await latestFindingsTable.hasColumnValue('rule.name', ruleName1)).to.be(true); - }); - - it('remove filter', async () => { - await filterBar.removeFilter('rule.name'); - - expect(await filterBar.hasFilter('rule.name', ruleName1)).to.be(false); - expect(await latestFindingsTable.getRowsCount()).to.be(data.length); - }); - - it('set search query', async () => { - await queryBar.setQuery(ruleName1); - await queryBar.submitQuery(); - - expect(await latestFindingsTable.hasColumnValue('rule.name', ruleName1)).to.be(true); - expect(await latestFindingsTable.hasColumnValue('rule.name', ruleName2)).to.be(false); - - await queryBar.setQuery(''); - await queryBar.submitQuery(); - - expect(await latestFindingsTable.getRowsCount()).to.be(data.length); - }); - }); - - // FLAKY: https://github.com/elastic/kibana/issues/152913 - describe.skip('Table Sort', () => { + describe('Table Sort', () => { type SortingMethod = (a: string, b: string) => number; type SortDirection = 'asc' | 'desc'; // Sort by lexical order will sort by the first character of the string (case-sensitive) diff --git a/x-pack/test/cloud_security_posture_functional/pages/findings_alerts.ts b/x-pack/test/cloud_security_posture_functional/pages/findings_alerts.ts index ddd1c080b308d..1c345b68caf7b 100644 --- a/x-pack/test/cloud_security_posture_functional/pages/findings_alerts.ts +++ b/x-pack/test/cloud_security_posture_functional/pages/findings_alerts.ts @@ -143,8 +143,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { pageObjects.header.waitUntilLoadingHasFinished(); }); - // FLAKY: https://github.com/elastic/kibana/issues/168991 - describe.skip('Create detection rule', () => { + describe('Create detection rule', () => { it('Creates a detection rule from the Take Action button and navigates to rule page', async () => { await latestFindingsTable.openFlyoutAt(0); await misconfigurationsFlyout.clickTakeActionCreateRuleButton(); @@ -167,6 +166,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await testSubjects.click('csp:toast-success-link'); + await pageObjects.header.waitUntilLoadingHasFinished(); const rulePageTitle = await testSubjects.find('header-page-title'); expect(await rulePageTitle.getVisibleText()).to.be(ruleName1); }); @@ -193,7 +193,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { expect(await toastMessageTitle.getVisibleText()).to.be(ruleName1); await testSubjects.click('csp:toast-success-link'); - + await pageObjects.header.waitUntilLoadingHasFinished(); const rulePageTitle = await testSubjects.find('header-page-title'); expect(await rulePageTitle.getVisibleText()).to.be(ruleName1); }); @@ -204,7 +204,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await misconfigurationsFlyout.clickTakeActionCreateRuleButton(); await testSubjects.click('csp:toast-success-link'); - + await pageObjects.header.waitUntilLoadingHasFinished(); const rulePageDescription = await testSubjects.find( 'stepAboutRuleDetailsToggleDescriptionText' ); @@ -223,7 +223,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await misconfigurationsFlyout.clickTakeActionCreateRuleButton(); const flyout = await misconfigurationsFlyout.getElement(); await (await flyout.findByTestSubject('csp:findings-flyout-detection-rule-count')).click(); - + await pageObjects.header.waitUntilLoadingHasFinished(); expect(await (await testSubjects.find('ruleName')).getVisibleText()).to.be(ruleName1); }); it('Clicking on count of Alerts should navigate to the alerts page', async () => { @@ -231,7 +231,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await misconfigurationsFlyout.clickTakeActionCreateRuleButton(); const flyout = await misconfigurationsFlyout.getElement(); await (await flyout.findByTestSubject('csp:findings-flyout-alert-count')).click(); - + await pageObjects.header.waitUntilLoadingHasFinished(); expect(await (await testSubjects.find('header-page-title')).getVisibleText()).to.be( 'Alerts' ); diff --git a/x-pack/test/fleet_api_integration/apis/epm/custom_ingest_pipeline.ts b/x-pack/test/fleet_api_integration/apis/epm/custom_ingest_pipeline.ts index 6c93e3e6eb14d..93476c0d252fc 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/custom_ingest_pipeline.ts +++ b/x-pack/test/fleet_api_integration/apis/epm/custom_ingest_pipeline.ts @@ -55,7 +55,7 @@ export default function (providerContext: FtrProviderContext) { for (const hit of res.hits.hits) { await es.delete({ - id: hit._id, + id: hit._id!, index: hit._index, }); } diff --git a/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts b/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts index 0aedab4496616..e5cf4c241767a 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts +++ b/x-pack/test/fleet_api_integration/apis/epm/final_pipeline.ts @@ -69,7 +69,7 @@ export default function (providerContext: FtrProviderContext) { for (const hit of res.hits.hits) { await es.delete({ - id: hit._id, + id: hit._id!, index: hit._index, }); } diff --git a/x-pack/test/fleet_api_integration/apis/epm/routing_rules.ts b/x-pack/test/fleet_api_integration/apis/epm/routing_rules.ts index c030913bfbcb6..33ef065ee7d49 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/routing_rules.ts +++ b/x-pack/test/fleet_api_integration/apis/epm/routing_rules.ts @@ -56,7 +56,7 @@ export default function (providerContext: FtrProviderContext) { for (const hit of res.hits.hits) { await es.delete({ - id: hit._id, + id: hit._id!, index: hit._index, }); } diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts index 4b166d040625b..c14f87447e154 100644 --- a/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/api_helper.ts @@ -20,6 +20,7 @@ import { PostEnrollmentAPIKeyResponse, PostEnrollmentAPIKeyRequest, GetEnrollmentSettingsResponse, + GetInfoResponse, } from '@kbn/fleet-plugin/common/types'; import { GetUninstallTokenResponse, @@ -173,4 +174,53 @@ export class SpaceTestApiClient { return res; } + // Package install + async getPackage( + { pkgName, pkgVersion }: { pkgName: string; pkgVersion: string }, + spaceId?: string + ): Promise<GetInfoResponse> { + const { body: res } = await this.supertest + .get(`${this.getBaseUrl(spaceId)}/api/fleet/epm/packages/${pkgName}/${pkgVersion}`) + .expect(200); + + return res; + } + async installPackage( + { pkgName, pkgVersion, force }: { pkgName: string; pkgVersion: string; force?: boolean }, + spaceId?: string + ) { + const { body: res } = await this.supertest + .post(`${this.getBaseUrl(spaceId)}/api/fleet/epm/packages/${pkgName}/${pkgVersion}`) + .set('kbn-xsrf', 'xxxx') + .send({ force }) + .expect(200); + + return res; + } + async deletePackageKibanaAssets( + { pkgName, pkgVersion }: { pkgName: string; pkgVersion: string }, + spaceId?: string + ) { + const { body: res } = await this.supertest + .delete( + `${this.getBaseUrl(spaceId)}/api/fleet/epm/packages/${pkgName}/${pkgVersion}/kibana_assets` + ) + .set('kbn-xsrf', 'xxxx') + .expect(200); + + return res; + } + async installPackageKibanaAssets( + { pkgName, pkgVersion }: { pkgName: string; pkgVersion: string }, + spaceId?: string + ) { + const { body: res } = await this.supertest + .post( + `${this.getBaseUrl(spaceId)}/api/fleet/epm/packages/${pkgName}/${pkgVersion}/kibana_assets` + ) + .set('kbn-xsrf', 'xxxx') + .expect(200); + + return res; + } } diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/index.js b/x-pack/test/fleet_api_integration/apis/space_awareness/index.js index 3a3d9ea907150..9733668cd913d 100644 --- a/x-pack/test/fleet_api_integration/apis/space_awareness/index.js +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/index.js @@ -12,5 +12,6 @@ export default function loadTests({ loadTestFile }) { loadTestFile(require.resolve('./agent_policies')); loadTestFile(require.resolve('./agents')); loadTestFile(require.resolve('./enrollment_settings')); + loadTestFile(require.resolve('./package_install')); }); } diff --git a/x-pack/test/fleet_api_integration/apis/space_awareness/package_install.ts b/x-pack/test/fleet_api_integration/apis/space_awareness/package_install.ts new file mode 100644 index 0000000000000..ed464bd8d9f31 --- /dev/null +++ b/x-pack/test/fleet_api_integration/apis/space_awareness/package_install.ts @@ -0,0 +1,233 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import { FtrProviderContext } from '../../../api_integration/ftr_provider_context'; +import { skipIfNoDockerRegistry } from '../../helpers'; +import { SpaceTestApiClient } from './api_helper'; +import { cleanFleetIndices } from './helpers'; +import { setupTestSpaces, TEST_SPACE_1 } from './space_helpers'; + +export default function (providerContext: FtrProviderContext) { + const { getService } = providerContext; + const supertest = getService('supertest'); + const esClient = getService('es'); + const kibanaServer = getService('kibanaServer'); + + describe('package install', async function () { + skipIfNoDockerRegistry(providerContext); + const apiClient = new SpaceTestApiClient(supertest); + + before(async () => { + await kibanaServer.savedObjects.cleanStandardList(); + await kibanaServer.savedObjects.cleanStandardList({ + space: TEST_SPACE_1, + }); + await cleanFleetIndices(esClient); + }); + + after(async () => { + await kibanaServer.savedObjects.cleanStandardList(); + await kibanaServer.savedObjects.cleanStandardList({ + space: TEST_SPACE_1, + }); + await cleanFleetIndices(esClient); + }); + + setupTestSpaces(providerContext); + + describe('kibana_assets', () => { + describe('with package installed in default space', () => { + before(async () => { + await kibanaServer.savedObjects.cleanStandardList(); + await kibanaServer.savedObjects.cleanStandardList({ + space: TEST_SPACE_1, + }); + await cleanFleetIndices(esClient); + await apiClient.installPackage({ + pkgName: 'nginx', + pkgVersion: '1.20.0', + force: true, // To avoid package verification + }); + }); + + after(async () => { + await kibanaServer.savedObjects.cleanStandardList(); + await kibanaServer.savedObjects.cleanStandardList({ + space: TEST_SPACE_1, + }); + await cleanFleetIndices(esClient); + }); + + it('should not allow to install kibana assets for a non installed package', async () => { + let err: Error | undefined; + try { + await apiClient.installPackageKibanaAssets({ pkgName: 'test', pkgVersion: '1.0.0' }); + } catch (_err) { + err = _err; + } + expect(err).to.be.an(Error); + expect(err?.message).to.match(/404 "Not Found"/); + }); + + it('should not allow to install kibana assets for a non installed package version', async () => { + let err: Error | undefined; + try { + await apiClient.installPackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.19.0' }); + } catch (_err) { + err = _err; + } + expect(err).to.be.an(Error); + expect(err?.message).to.match(/404 "Not Found"/); + }); + + it('should allow to install kibana assets in default space', async () => { + await apiClient.installPackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.20.0' }); + + const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' }); + if (!('installationInfo' in res.item)) { + throw new Error('not installed'); + } + + expect(res.item.installationInfo?.installed_kibana_space_id).eql('default'); + expect(res.item.installationInfo?.additional_spaces_installed_kibana).eql(undefined); + }); + + it('should allow to install kibana assets in another space', async () => { + await apiClient.installPackageKibanaAssets( + { pkgName: 'nginx', pkgVersion: '1.20.0' }, + TEST_SPACE_1 + ); + + const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' }); + if (!('installationInfo' in res.item)) { + throw new Error('not installed'); + } + + expect(res.item.installationInfo?.installed_kibana_space_id).eql('default'); + expect( + Object.keys(res.item.installationInfo?.additional_spaces_installed_kibana ?? {}) + ).eql([TEST_SPACE_1]); + + const dashboard = res.item.installationInfo!.additional_spaces_installed_kibana?.[ + TEST_SPACE_1 + ]!.find((asset) => asset.originId === 'nginx-046212a0-a2a1-11e7-928f-5dbe6f6f5519'); + expect(dashboard).not.eql(undefined); + }); + + it('should not allow to delete kibana assets from default space', async () => { + let err: Error | undefined; + try { + await apiClient.deletePackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.20.0' }); + } catch (_err) { + err = _err; + } + expect(err).to.be.an(Error); + expect(err?.message).to.match(/400 "Bad Request"/); + }); + + it('should allow to delete kibana assets from test space', async () => { + await apiClient.deletePackageKibanaAssets( + { pkgName: 'nginx', pkgVersion: '1.20.0' }, + TEST_SPACE_1 + ); + + const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' }); + if (!('installationInfo' in res.item)) { + throw new Error('not installed'); + } + expect( + Object.keys(res.item.installationInfo?.additional_spaces_installed_kibana ?? {}) + ).eql([]); + }); + }); + + describe('with package installed in test space', () => { + before(async () => { + await kibanaServer.savedObjects.cleanStandardList(); + await kibanaServer.savedObjects.cleanStandardList({ + space: TEST_SPACE_1, + }); + await cleanFleetIndices(esClient); + await apiClient.installPackage( + { + pkgName: 'nginx', + pkgVersion: '1.20.0', + force: true, // To avoid package verification + }, + TEST_SPACE_1 + ); + }); + + after(async () => { + await kibanaServer.savedObjects.cleanStandardList(); + await kibanaServer.savedObjects.cleanStandardList({ + space: TEST_SPACE_1, + }); + await cleanFleetIndices(esClient); + }); + + it('should not allow to install kibana assets for a non installed package', async () => { + let err: Error | undefined; + try { + await apiClient.installPackageKibanaAssets({ pkgName: 'test', pkgVersion: '1.0.0' }); + } catch (_err) { + err = _err; + } + expect(err).to.be.an(Error); + expect(err?.message).to.match(/404 "Not Found"/); + }); + + it('should not allow to install kibana assets for a non installed package version', async () => { + let err: Error | undefined; + try { + await apiClient.installPackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.19.0' }); + } catch (_err) { + err = _err; + } + expect(err).to.be.an(Error); + expect(err?.message).to.match(/404 "Not Found"/); + }); + + it('should allow to install kibana assets in test space', async () => { + await apiClient.installPackageKibanaAssets( + { pkgName: 'nginx', pkgVersion: '1.20.0' }, + TEST_SPACE_1 + ); + + const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' }); + if (!('installationInfo' in res.item)) { + throw new Error('not installed'); + } + + expect(res.item.installationInfo?.installed_kibana_space_id).eql(TEST_SPACE_1); + expect(res.item.installationInfo?.additional_spaces_installed_kibana).eql(undefined); + }); + + it('should allow to install kibana assets in default space', async () => { + await apiClient.installPackageKibanaAssets({ pkgName: 'nginx', pkgVersion: '1.20.0' }); + + const res = await apiClient.getPackage({ pkgName: 'nginx', pkgVersion: '1.20.0' }); + if (!('installationInfo' in res.item)) { + throw new Error('not installed'); + } + + expect(res.item.installationInfo?.installed_kibana_space_id).eql(TEST_SPACE_1); + expect( + Object.keys(res.item.installationInfo?.additional_spaces_installed_kibana ?? {}) + ).eql(['default']); + + const dashboard = + res.item.installationInfo!.additional_spaces_installed_kibana?.default!.find( + (asset) => asset.originId === 'nginx-046212a0-a2a1-11e7-928f-5dbe6f6f5519' + ); + expect(dashboard).not.eql(undefined); + }); + }); + }); + }); +} diff --git a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/artificial_log_data_view_test_data.ts b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/artificial_log_data_view_test_data.ts index d2c3f1987667b..e92f6aa7121a3 100644 --- a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/artificial_log_data_view_test_data.ts +++ b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/artificial_log_data_view_test_data.ts @@ -151,7 +151,16 @@ export const getArtificialLogDataViewTestData = ({ analysisGroupsTable: getAnalysisGroupsTable(), filteredAnalysisGroupsTable: getFilteredAnalysisGroupsTable(), analysisTable: getAnalysisTable(), - columnSelectorPopover: ['Log rate', 'Doc count', 'p-value', 'Impact', 'Actions'], + columnSelectorPopover: [ + 'Log rate', + 'Doc count', + 'p-value', + 'Impact', + 'Baseline rate', + 'Deviation rate', + 'Log rate change', + 'Actions', + ], fieldSelectorPopover: getFieldSelectorPopover(), globalState: { refreshInterval: { pause: true, value: 60000 }, diff --git a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data.ts b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data.ts index 84e5cbed3e400..9ad71506c82cf 100644 --- a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data.ts +++ b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data.ts @@ -25,7 +25,16 @@ export const farequoteDataViewTestData: TestData = { expected: { totalDocCountFormatted: '86,374', sampleProbabilityFormatted: '0.5', - columnSelectorPopover: ['Log rate', 'Doc count', 'p-value', 'Impact', 'Actions'], + columnSelectorPopover: [ + 'Log rate', + 'Doc count', + 'p-value', + 'Impact', + 'Baseline rate', + 'Deviation rate', + 'Log rate change', + 'Actions', + ], fieldSelectorPopover: ['airline', 'custom_field.keyword'], globalState: { refreshInterval: { pause: true, value: 60000 }, diff --git a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data_with_query.ts b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data_with_query.ts index 42fddac191988..9a0295f2b55bb 100644 --- a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data_with_query.ts +++ b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/farequote_data_view_test_data_with_query.ts @@ -44,7 +44,16 @@ export const farequoteDataViewTestDataWithQuery: TestData = { impact: 'High', }, ], - columnSelectorPopover: ['Log rate', 'Doc count', 'p-value', 'Impact', 'Actions'], + columnSelectorPopover: [ + 'Log rate', + 'Doc count', + 'p-value', + 'Impact', + 'Baseline rate', + 'Deviation rate', + 'Log rate change', + 'Actions', + ], fieldSelectorPopover: ['airline', 'custom_field.keyword'], globalState: { refreshInterval: { pause: true, value: 60000 }, diff --git a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/kibana_logs_data_view_test_data.ts b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/kibana_logs_data_view_test_data.ts index 9645863ed1e82..9759cc149bf9f 100644 --- a/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/kibana_logs_data_view_test_data.ts +++ b/x-pack/test/functional/apps/aiops/log_rate_analysis/test_data/kibana_logs_data_view_test_data.ts @@ -70,7 +70,16 @@ export const kibanaLogsDataViewTestData: TestData = { logRate: 'Chart type:bar chart', impact: 'High', })), - columnSelectorPopover: ['Log rate', 'Doc count', 'p-value', 'Impact', 'Actions'], + columnSelectorPopover: [ + 'Log rate', + 'Doc count', + 'p-value', + 'Impact', + 'Baseline rate', + 'Deviation rate', + 'Log rate change', + 'Actions', + ], fieldSelectorPopover: [ 'agent.keyword', 'clientip', diff --git a/x-pack/test/functional/apps/dashboard/group2/dashboard_maps_by_value.ts b/x-pack/test/functional/apps/dashboard/group2/dashboard_maps_by_value.ts index 61fc8319cb907..6cfdc7356a4b5 100644 --- a/x-pack/test/functional/apps/dashboard/group2/dashboard_maps_by_value.ts +++ b/x-pack/test/functional/apps/dashboard/group2/dashboard_maps_by_value.ts @@ -33,6 +33,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await PageObjects.dashboard.switchToEditMode(); } await dashboardAddPanel.clickEditorMenuButton(); + await testSubjects.setValue('dashboardPanelSelectionFlyout__searchInput', 'maps'); await dashboardAddPanel.clickVisType('maps'); await PageObjects.maps.clickSaveAndReturnButton(); } diff --git a/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts b/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts index f58cd84517860..f422518a8fe9a 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/logs_security.ts @@ -12,7 +12,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const kibanaServer = getService('kibanaServer'); const security = getService('security'); const PageObjects = getPageObjects(['common', 'error', 'infraHome', 'security']); - const testSubjects = getService('testSubjects'); const appsMenu = getService('appsMenu'); const globalNav = getService('globalNav'); @@ -64,15 +63,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }); describe('logs landing page without data', () => { - it(`shows the 'No data' page`, async () => { - await PageObjects.common.navigateToUrlWithBrowserHistory('infraLogs', '', undefined, { - ensureCurrentUrl: true, - shouldLoginIfPrompted: false, - }); - await testSubjects.existOrFail('~infraLogsPage'); - await testSubjects.existOrFail('~noDataPage'); - }); - it(`doesn't show read-only badge`, async () => { await globalNav.badgeMissingOrFail(); }); @@ -125,21 +115,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); expect(navLinks).to.contain('Logs'); }); - - describe('logs landing page without data', () => { - it(`Shows the 'No data' page`, async () => { - await PageObjects.common.navigateToUrlWithBrowserHistory('infraLogs', '', undefined, { - ensureCurrentUrl: true, - shouldLoginIfPrompted: false, - }); - await testSubjects.existOrFail('~infraLogsPage'); - await testSubjects.existOrFail('~noDataPage'); - }); - - it(`shows read-only badge`, async () => { - await globalNav.badgeExistsOrFail('Read only'); - }); - }); }); describe('global logs no privileges', () => { diff --git a/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts b/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts index 570515a2d9614..3a66fb3326341 100644 --- a/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts +++ b/x-pack/test/functional/apps/infra/feature_controls/logs_spaces.ts @@ -12,7 +12,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const kibanaServer = getService('kibanaServer'); const spacesService = getService('spaces'); const PageObjects = getPageObjects(['common', 'infraHome', 'security', 'spaceSelector']); - const testSubjects = getService('testSubjects'); const appsMenu = getService('appsMenu'); describe('logs spaces', () => { @@ -41,18 +40,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); expect(navLinks).to.contain('Logs'); }); - - describe('logs landing page without data', () => { - it(`shows 'No data' page`, async () => { - await PageObjects.common.navigateToUrlWithBrowserHistory('infraLogs', '', undefined, { - basePath: '/s/custom_space', - ensureCurrentUrl: true, - shouldLoginIfPrompted: false, - }); - await testSubjects.existOrFail('~infraLogsPage'); - await testSubjects.existOrFail('~noDataPage'); - }); - }); }); describe('space with Logs disabled', () => { diff --git a/x-pack/test/functional/apps/infra/logs/log_stream_date_nano.ts b/x-pack/test/functional/apps/infra/logs/log_stream_date_nano.ts index f01e5fd0a06f5..ed1f85248b303 100644 --- a/x-pack/test/functional/apps/infra/logs/log_stream_date_nano.ts +++ b/x-pack/test/functional/apps/infra/logs/log_stream_date_nano.ts @@ -6,13 +6,11 @@ */ import expect from '@kbn/expect'; -import { URL } from 'url'; import { FtrProviderContext } from '../../../ftr_provider_context'; import { DATES } from '../constants'; export default ({ getPageObjects, getService }: FtrProviderContext) => { const retry = getService('retry'); - const browser = getService('browser'); const esArchiver = getService('esArchiver'); const logsUi = getService('logsUi'); const find = getService('find'); @@ -63,15 +61,6 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { expect(entryTimestamp).to.be('19:43:22.111'); }); - it('should properly sync logPosition in url', async () => { - const currentUrl = await browser.getCurrentUrl(); - const parsedUrl = new URL(currentUrl); - - expect(parsedUrl.searchParams.get('logPosition')).to.contain( - `time:\'2018-10-17T19:46:22.333333333Z\'` - ); - }); - it('should properly render timestamp in flyout with nano precision', async () => { await logsUi.logStreamPage.navigateTo({ logFilter }); diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/advanced_job.ts b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/advanced_job.ts index db5be20f2e978..9ebc7d8ddc827 100644 --- a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/advanced_job.ts +++ b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/advanced_job.ts @@ -94,7 +94,7 @@ export default function ({ getService }: FtrProviderContext) { memoryStatus: 'ok', jobState: 'closed', datafeedState: 'stopped', - latestTimestamp: '2019-07-12 23:45:36', + latestTimestamp: '2023-07-12 23:45:36', }, counts: { processed_record_count: '4,675', @@ -107,10 +107,10 @@ export default function ({ getService }: FtrProviderContext) { empty_bucket_count: '0', sparse_bucket_count: '0', bucket_count: '743', - earliest_record_timestamp: '2019-06-12 00:04:19', - latest_record_timestamp: '2019-07-12 23:45:36', + earliest_record_timestamp: '2023-06-12 00:04:19', + latest_record_timestamp: '2023-07-12 23:45:36', input_record_count: '4,675', - latest_bucket_timestamp: '2019-07-12 23:00:00', + latest_bucket_timestamp: '2023-07-12 23:00:00', }, modelSizeStats: { result_type: 'model_size_stats', @@ -120,7 +120,7 @@ export default function ({ getService }: FtrProviderContext) { total_partition_field_count: '8', bucket_allocation_failures_count: '0', memory_status: 'ok', - timestamp: '2019-07-12 22:00:00', + timestamp: '2023-07-12 22:00:00', }, }, }, diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/convert_jobs_to_advanced_job.ts b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/convert_jobs_to_advanced_job.ts index 74ac24987926d..082ec7762bb98 100644 --- a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/convert_jobs_to_advanced_job.ts +++ b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/convert_jobs_to_advanced_job.ts @@ -284,8 +284,8 @@ export default function ({ getService }: FtrProviderContext) { await ml.testExecution.logTestStep('job creation sets the time range'); await ml.jobWizardCommon.clickUseFullDataButton( - 'Jun 12, 2019 @ 00:04:19.000', - 'Jul 12, 2019 @ 23:45:36.000' + 'Jun 12, 2023 @ 00:04:19.000', + 'Jul 12, 2023 @ 23:45:36.000' ); await ml.testExecution.logTestStep( @@ -501,8 +501,8 @@ export default function ({ getService }: FtrProviderContext) { await ml.testExecution.logTestStep('job creation sets the time range'); await ml.jobWizardCommon.clickUseFullDataButton( - 'Jun 12, 2019 @ 00:04:19.000', - 'Jul 12, 2019 @ 23:45:36.000' + 'Jun 12, 2023 @ 00:04:19.000', + 'Jul 12, 2023 @ 23:45:36.000' ); await ml.testExecution.logTestStep('population job creation displays the event rate chart'); diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/geo_job.ts b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/geo_job.ts index 35d6d40cdbe27..a95ba4782c413 100644 --- a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/geo_job.ts +++ b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/geo_job.ts @@ -40,7 +40,7 @@ export default function ({ getService }: FtrProviderContext) { memoryStatus: 'ok', jobState: 'closed', datafeedState: 'stopped', - latestTimestamp: '2019-07-12 23:45:36', + latestTimestamp: '2023-07-12 23:45:36', }; } @@ -57,10 +57,10 @@ export default function ({ getService }: FtrProviderContext) { empty_bucket_count: '492', sparse_bucket_count: '0', bucket_count: '2,975', - earliest_record_timestamp: '2019-06-12 00:04:19', - latest_record_timestamp: '2019-07-12 23:45:36', + earliest_record_timestamp: '2023-06-12 00:04:19', + latest_record_timestamp: '2023-07-12 23:45:36', input_record_count: '4,675', - latest_bucket_timestamp: '2019-07-12 23:45:00', + latest_bucket_timestamp: '2023-07-12 23:45:00', }; } @@ -74,7 +74,7 @@ export default function ({ getService }: FtrProviderContext) { total_partition_field_count: '3', bucket_allocation_failures_count: '0', memory_status: 'ok', - timestamp: '2019-07-12 23:30:00', + timestamp: '2023-07-12 23:30:00', }; } @@ -117,8 +117,8 @@ export default function ({ getService }: FtrProviderContext) { await ml.testExecution.logTestStep('job creation sets the time range'); await ml.jobWizardCommon.clickUseFullDataButton( - 'Jun 12, 2019 @ 00:04:19.000', - 'Jul 12, 2019 @ 23:45:36.000' + 'Jun 12, 2023 @ 00:04:19.000', + 'Jul 12, 2023 @ 23:45:36.000' ); await ml.testExecution.logTestStep('job creation displays the event rate chart'); @@ -245,8 +245,8 @@ export default function ({ getService }: FtrProviderContext) { await ml.testExecution.logTestStep('job cloning sets the time range'); await ml.jobWizardCommon.clickUseFullDataButton( - 'Jun 12, 2019 @ 00:04:19.000', - 'Jul 12, 2019 @ 23:45:36.000' + 'Jun 12, 2023 @ 00:04:19.000', + 'Jul 12, 2023 @ 23:45:36.000' ); await ml.testExecution.logTestStep('job cloning displays the event rate chart'); diff --git a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/population_job.ts b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/population_job.ts index 3095f49d2d7c5..1dd7801fa334c 100644 --- a/x-pack/test/functional/apps/ml/anomaly_detection_jobs/population_job.ts +++ b/x-pack/test/functional/apps/ml/anomaly_detection_jobs/population_job.ts @@ -54,7 +54,7 @@ export default function ({ getService }: FtrProviderContext) { memoryStatus: 'ok', jobState: 'closed', datafeedState: 'stopped', - latestTimestamp: '2019-07-12 23:45:36', + latestTimestamp: '2023-07-12 23:45:36', }; } @@ -71,10 +71,10 @@ export default function ({ getService }: FtrProviderContext) { empty_bucket_count: '0', sparse_bucket_count: '0', bucket_count: '371', - earliest_record_timestamp: '2019-06-12 00:04:19', - latest_record_timestamp: '2019-07-12 23:45:36', + earliest_record_timestamp: '2023-06-12 00:04:19', + latest_record_timestamp: '2023-07-12 23:45:36', input_record_count: '4,675', - latest_bucket_timestamp: '2019-07-12 22:00:00', + latest_bucket_timestamp: '2023-07-12 22:00:00', }; } @@ -88,7 +88,7 @@ export default function ({ getService }: FtrProviderContext) { total_partition_field_count: '3', bucket_allocation_failures_count: '0', memory_status: 'ok', - timestamp: '2019-07-12 20:00:00', + timestamp: '2023-07-12 20:00:00', }; } @@ -132,8 +132,8 @@ export default function ({ getService }: FtrProviderContext) { await ml.testExecution.logTestStep('job creation sets the time range'); await ml.jobWizardCommon.clickUseFullDataButton( - 'Jun 12, 2019 @ 00:04:19.000', - 'Jul 12, 2019 @ 23:45:36.000' + 'Jun 12, 2023 @ 00:04:19.000', + 'Jul 12, 2023 @ 23:45:36.000' ); await ml.testExecution.logTestStep('job creation displays the event rate chart'); @@ -285,8 +285,8 @@ export default function ({ getService }: FtrProviderContext) { await ml.testExecution.logTestStep('job cloning sets the time range'); await ml.jobWizardCommon.clickUseFullDataButton( - 'Jun 12, 2019 @ 00:04:19.000', - 'Jul 12, 2019 @ 23:45:36.000' + 'Jun 12, 2023 @ 00:04:19.000', + 'Jul 12, 2023 @ 23:45:36.000' ); await ml.testExecution.logTestStep('job cloning displays the event rate chart'); diff --git a/x-pack/test/functional/apps/slo/embeddables/overview_embeddable.ts b/x-pack/test/functional/apps/slo/embeddables/overview_embeddable.ts index a9671b6e350d6..5a531d6cf5bb5 100644 --- a/x-pack/test/functional/apps/slo/embeddables/overview_embeddable.ts +++ b/x-pack/test/functional/apps/slo/embeddables/overview_embeddable.ts @@ -39,7 +39,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { describe('Single SLO', function () { it('should open SLO configuration flyout', async () => { await dashboardAddPanel.clickEditorMenuButton(); - await dashboardAddPanel.clickEmbeddableFactoryGroupButton('slos'); + await dashboardAddPanel.verifyEmbeddableFactoryGroupExists('slos'); await dashboardAddPanel.clickAddNewPanelFromUIActionLink('SLO Overview'); await sloUi.common.assertSloOverviewConfigurationExists(); }); @@ -67,7 +67,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { describe('Group of SLOs', function () { it('can select Group Overview mode in the Flyout configuration', async () => { await dashboardAddPanel.clickEditorMenuButton(); - await dashboardAddPanel.clickEmbeddableFactoryGroupButton('slos'); + await dashboardAddPanel.verifyEmbeddableFactoryGroupExists('slos'); await dashboardAddPanel.clickAddNewPanelFromUIActionLink('SLO Overview'); await sloUi.common.clickOverviewMode(); await sloUi.common.assertSloConfigurationGroupOverviewModeIsSelected(); diff --git a/x-pack/test/functional/apps/transform/creation/index_pattern/continuous_transform.ts b/x-pack/test/functional/apps/transform/creation/index_pattern/continuous_transform.ts index 24a3874eddec0..2dac3b5da9545 100644 --- a/x-pack/test/functional/apps/transform/creation/index_pattern/continuous_transform.ts +++ b/x-pack/test/functional/apps/transform/creation/index_pattern/continuous_transform.ts @@ -211,11 +211,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { transformPreview: { column: 0, values: [ - 'July 12th 2019, 22:16:19', - 'July 12th 2019, 22:50:53', - 'July 12th 2019, 23:06:43', - 'July 12th 2019, 23:15:22', - 'July 12th 2019, 23:31:12', + 'July 12th 2023, 22:16:19', + 'July 12th 2023, 22:50:53', + 'July 12th 2023, 23:06:43', + 'July 12th 2023, 23:15:22', + 'July 12th 2023, 23:31:12', ], }, discoverQueryHits: '10', diff --git a/x-pack/test/functional/apps/transform/creation/index_pattern/creation_index_pattern.ts b/x-pack/test/functional/apps/transform/creation/index_pattern/creation_index_pattern.ts index f72e3f666c362..dbc62293f035f 100644 --- a/x-pack/test/functional/apps/transform/creation/index_pattern/creation_index_pattern.ts +++ b/x-pack/test/functional/apps/transform/creation/index_pattern/creation_index_pattern.ts @@ -124,8 +124,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { numFailureRetries: '7', expected: { fullTimeRange: { - start: 'Jun 12, 2019 @ 00:04:19.000', - end: 'Jul 12, 2019 @ 23:45:36.000', + start: 'Jun 12, 2023 @ 00:04:19.000', + end: 'Jul 12, 2023 @ 23:45:36.000', }, pivotAdvancedEditorValueArr: ['{', ' "group_by": {', ' "category": {'], pivotAdvancedEditorValue: { @@ -327,8 +327,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { numFailureRetries: '-1', expected: { fullTimeRange: { - start: 'Jun 12, 2019 @ 00:04:19.000', - end: 'Jul 12, 2019 @ 23:45:36.000', + start: 'Jun 12, 2023 @ 00:04:19.000', + end: 'Jul 12, 2023 @ 23:45:36.000', }, pivotAdvancedEditorValueArr: ['{', ' "group_by": {', ' "geoip.country_iso_code": {'], pivotAdvancedEditorValue: { @@ -406,8 +406,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { numFailureRetries: '0', expected: { fullTimeRange: { - start: 'Jun 12, 2019 @ 00:04:19.000', - end: 'Jul 12, 2019 @ 23:45:36.000', + start: 'Jun 12, 2023 @ 00:04:19.000', + end: 'Jul 12, 2023 @ 23:45:36.000', }, pivotAdvancedEditorValueArr: ['{', ' "group_by": {', ' "customer_gender": {'], pivotAdvancedEditorValue: { @@ -472,8 +472,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { numFailureRetries: '101', expected: { fullTimeRange: { - start: 'Jun 12, 2019 @ 00:04:19.000', - end: 'Jul 12, 2019 @ 23:45:36.000', + start: 'Jun 12, 2023 @ 00:04:19.000', + end: 'Jul 12, 2023 @ 23:45:36.000', }, latestPreview: { column: 0, @@ -492,11 +492,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { transformPreview: { column: 0, values: [ - 'July 12th 2019, 22:16:19', - 'July 12th 2019, 22:50:53', - 'July 12th 2019, 23:06:43', - 'July 12th 2019, 23:15:22', - 'July 12th 2019, 23:31:12', + 'July 12th 2023, 22:16:19', + 'July 12th 2023, 22:50:53', + 'July 12th 2023, 23:06:43', + 'July 12th 2023, 23:15:22', + 'July 12th 2023, 23:31:12', ], }, discoverQueryHits: '10', diff --git a/x-pack/test/functional/apps/transform/edit_clone/cloning.ts b/x-pack/test/functional/apps/transform/edit_clone/cloning.ts index 3146548b8bbcc..a8539cfcaf28b 100644 --- a/x-pack/test/functional/apps/transform/edit_clone/cloning.ts +++ b/x-pack/test/functional/apps/transform/edit_clone/cloning.ts @@ -383,9 +383,9 @@ export default function ({ getService }: FtrProviderContext) { transformPreview: { column: 0, values: [ - 'July 12th 2019, 23:06:43', - 'July 12th 2019, 23:31:12', - 'July 12th 2019, 23:45:36', + 'July 12th 2023, 23:06:43', + 'July 12th 2023, 23:31:12', + 'July 12th 2023, 23:45:36', ], }, retentionPolicySwitchEnabled: false, diff --git a/x-pack/test/functional/es_archives/ml/ecommerce/data.json.gz b/x-pack/test/functional/es_archives/ml/ecommerce/data.json.gz index 071622842c8e8..e4f2705ec02b1 100644 Binary files a/x-pack/test/functional/es_archives/ml/ecommerce/data.json.gz and b/x-pack/test/functional/es_archives/ml/ecommerce/data.json.gz differ diff --git a/x-pack/test/functional/services/ml/dashboard_embeddables.ts b/x-pack/test/functional/services/ml/dashboard_embeddables.ts index 9a5428276479e..b22622ead61d0 100644 --- a/x-pack/test/functional/services/ml/dashboard_embeddables.ts +++ b/x-pack/test/functional/services/ml/dashboard_embeddables.ts @@ -124,9 +124,9 @@ export function MachineLearningDashboardEmbeddablesProvider( }; await retry.tryForTime(60 * 1000, async () => { await dashboardAddPanel.clickEditorMenuButton(); - await testSubjects.existOrFail('dashboardEditorContextMenu', { timeout: 2000 }); + await testSubjects.existOrFail('dashboardPanelSelectionFlyout', { timeout: 2000 }); - await dashboardAddPanel.clickEmbeddableFactoryGroupButton('ml'); + await dashboardAddPanel.verifyEmbeddableFactoryGroupExists('ml'); await dashboardAddPanel.clickAddNewPanelFromUIActionLink(name[mlEmbeddableType]); await testSubjects.existOrFail('mlAnomalyJobSelectionControls', { timeout: 2000 }); diff --git a/x-pack/test/functional_with_es_ssl/apps/discover_ml_uptime/ml/alert_flyout.ts b/x-pack/test/functional_with_es_ssl/apps/discover_ml_uptime/ml/alert_flyout.ts index 7802a25f53e2f..58c72ef9d1a27 100644 --- a/x-pack/test/functional_with_es_ssl/apps/discover_ml_uptime/ml/alert_flyout.ts +++ b/x-pack/test/functional_with_es_ssl/apps/discover_ml_uptime/ml/alert_flyout.ts @@ -67,8 +67,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { let testJobId = ''; - // Failing: See https://github.com/elastic/kibana/issues/186261 - describe.skip('anomaly detection alert', function () { + describe('anomaly detection alert', function () { before(async () => { await esArchiver.loadIfNeeded('x-pack/test/functional/es_archives/ml/ecommerce'); await ml.testResources.createDataViewIfNeeded('ft_ecommerce', 'order_date'); diff --git a/x-pack/test/observability_ai_assistant_api_integration/common/create_llm_proxy.ts b/x-pack/test/observability_ai_assistant_api_integration/common/create_llm_proxy.ts index 4952135c3d623..cce12d2c1b958 100644 --- a/x-pack/test/observability_ai_assistant_api_integration/common/create_llm_proxy.ts +++ b/x-pack/test/observability_ai_assistant_api_integration/common/create_llm_proxy.ts @@ -98,7 +98,7 @@ export class LlmProxy { waitForIntercept: () => Promise<LlmResponseSimulator>; } : { - complete: () => Promise<void>; + waitAndComplete: () => Promise<void>; } { const waitForInterceptPromise = Promise.race([ new Promise<LlmResponseSimulator>((outerResolve) => { @@ -149,7 +149,7 @@ export class LlmProxy { }); }), new Promise<LlmResponseSimulator>((_, reject) => { - setTimeout(() => reject(new Error(`Interceptor "${name}" timed out after 5000ms`)), 5000); + setTimeout(() => reject(new Error(`Interceptor "${name}" timed out after 20000ms`)), 20000); }), ]); @@ -162,7 +162,7 @@ export class LlmProxy { : responseChunks.split(' ').map((token, i) => (i === 0 ? token : ` ${token}`)); return { - complete: async () => { + waitAndComplete: async () => { const simulator = await waitForInterceptPromise; for (const chunk of parsedChunks) { await simulator.next(chunk); diff --git a/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts b/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts index eb5ed07d3ea08..6be64a1daf3ff 100644 --- a/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts +++ b/x-pack/test/observability_ai_assistant_api_integration/tests/complete/complete.spec.ts @@ -414,11 +414,11 @@ export default function ApiTest({ getService }: FtrProviderContext) { }, }, ]) - .complete(); + .waitAndComplete(); proxy .intercept('conversation', (body) => !isFunctionTitleRequest(body), 'Good morning, sir!') - .complete(); + .waitAndComplete(); const createResponse = await observabilityAIAssistantAPIClient .editorUser({ @@ -450,7 +450,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { proxy .intercept('conversation', (body) => !isFunctionTitleRequest(body), 'Good night, sir!') - .complete(); + .waitAndComplete(); const updatedResponse = await observabilityAIAssistantAPIClient .editorUser({ diff --git a/x-pack/test/observability_ai_assistant_functional/common/ui/index.ts b/x-pack/test/observability_ai_assistant_functional/common/ui/index.ts index b7234648c8464..d0a45f61e17be 100644 --- a/x-pack/test/observability_ai_assistant_functional/common/ui/index.ts +++ b/x-pack/test/observability_ai_assistant_functional/common/ui/index.ts @@ -44,6 +44,7 @@ const pages = { saveButton: 'create-connector-flyout-save-btn', }, contextualInsights: { + container: 'obsAiAssistantInsightContainer', button: 'obsAiAssistantInsightButton', text: 'obsAiAssistantInsightResponse', }, diff --git a/x-pack/test/observability_ai_assistant_functional/tests/contextual_insights/index.spec.ts b/x-pack/test/observability_ai_assistant_functional/tests/contextual_insights/index.spec.ts index 4a6992b6362e6..aff0d91173dd3 100644 --- a/x-pack/test/observability_ai_assistant_functional/tests/contextual_insights/index.spec.ts +++ b/x-pack/test/observability_ai_assistant_functional/tests/contextual_insights/index.spec.ts @@ -17,14 +17,13 @@ import { FtrProviderContext } from '../../ftr_provider_context'; export default function ApiTest({ getService, getPageObjects }: FtrProviderContext) { const ui = getService('observabilityAIAssistantUI'); + const find = getService('find'); const testSubjects = getService('testSubjects'); const supertest = getService('supertest'); const retry = getService('retry'); const log = getService('log'); - const browser = getService('browser'); - const deployment = getService('deployment'); const apmSynthtraceEsClient = getService('apmSynthtraceEsClient'); - const { common } = getPageObjects(['header', 'common']); + const { header, common } = getPageObjects(['header', 'common']); async function createSynthtraceErrors() { const start = moment().subtract(5, 'minutes').valueOf(); @@ -45,7 +44,11 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte .transaction({ transactionName: 'GET /banana' }) .errors( serviceInstance - .error({ message: 'Some exception', type: 'exception' }) + .error({ + message: 'Some exception', + type: 'exception', + groupingKey: 'some-expection-key', + }) .timestamp(timestamp) ) .duration(10) @@ -87,9 +90,22 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte } async function navigateToError() { - await common.navigateToApp('apm'); - await browser.get(`${deployment.getHostPort()}/app/apm/services/opbeans-go/errors/`); - await testSubjects.click('errorGroupId'); + await common.navigateToUrl('apm', 'services/opbeans-go/errors/some-expection-key', { + shouldUseHashForSubUrl: false, + }); + await header.waitUntilLoadingHasFinished(); + } + + // open contextual insights component and ensure it was opened + async function openContextualInsights() { + await retry.tryForTime(5 * 1000, async () => { + await testSubjects.click(ui.pages.contextualInsights.button); + const isOpen = + (await ( + await find.byCssSelector(`[aria-controls="${ui.pages.contextualInsights.container}"]`) + ).getAttribute('aria-expanded')) === 'true'; + expect(isOpen).to.be(true); + }); } describe('Contextual insights for APM errors', () => { @@ -113,16 +129,14 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte ]); }); - // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/184029 - describe.skip('when there are no connectors', () => { + describe('when there are no connectors', () => { it('should not show the contextual insight component', async () => { await navigateToError(); await testSubjects.missingOrFail(ui.pages.contextualInsights.button); }); }); - // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/184071 - describe.skip('when there are connectors', () => { + describe('when there are connectors', () => { let proxy: LlmProxy; before(async () => { @@ -137,17 +151,17 @@ export default function ApiTest({ getService, getPageObjects }: FtrProviderConte it('should show the contextual insight component on the APM error details page', async () => { await navigateToError(); - proxy - .intercept( - 'conversation', - (body) => !isFunctionTitleRequest(body), - 'This error is nothing to worry about. Have a nice day!' - ) - .complete(); + const interceptor = proxy.intercept( + 'conversation', + (body) => !isFunctionTitleRequest(body), + 'This error is nothing to worry about. Have a nice day!' + ); + + await openContextualInsights(); - await testSubjects.click(ui.pages.contextualInsights.button); + await interceptor.waitAndComplete(); - await retry.try(async () => { + await retry.tryForTime(5 * 1000, async () => { const llmResponse = await testSubjects.getVisibleText(ui.pages.contextualInsights.text); expect(llmResponse).to.contain('This error is nothing to worry about. Have a nice day!'); }); diff --git a/x-pack/test/security_functional/tests/oidc/url_capture.ts b/x-pack/test/security_functional/tests/oidc/url_capture.ts index 6553ef193fc3b..359034681b6d3 100644 --- a/x-pack/test/security_functional/tests/oidc/url_capture.ts +++ b/x-pack/test/security_functional/tests/oidc/url_capture.ts @@ -16,7 +16,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const testSubjects = getService('testSubjects'); const PageObjects = getPageObjects(['common']); - describe('URL capture', function () { + // Failing: See https://github.com/elastic/kibana/issues/186780 + describe.skip('URL capture', function () { this.tags('includeFirefox'); before(async () => { diff --git a/x-pack/test/security_functional/tests/saml/url_capture.ts b/x-pack/test/security_functional/tests/saml/url_capture.ts index 0193d3d870701..71b62eb2b2aa3 100644 --- a/x-pack/test/security_functional/tests/saml/url_capture.ts +++ b/x-pack/test/security_functional/tests/saml/url_capture.ts @@ -16,7 +16,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const testSubjects = getService('testSubjects'); const PageObjects = getPageObjects(['common']); - describe('URL capture', function () { + // Failing: See https://github.com/elastic/kibana/issues/186675 + describe.skip('URL capture', function () { this.tags('includeFirefox'); before(async () => { diff --git a/x-pack/test/security_solution_api_integration/README.md b/x-pack/test/security_solution_api_integration/README.md index eeb0682c1358e..450558737b1e9 100644 --- a/x-pack/test/security_solution_api_integration/README.md +++ b/x-pack/test/security_solution_api_integration/README.md @@ -111,7 +111,43 @@ In this project, you can run various commands to execute tests and workflows, ea ```shell npm run initialize-server:dr:default exceptions/workflows ess ``` - 5. **Run tests for "exception_workflows" using the ess runner in the "essEnv" environment:** + 5. **Run tests for "exception_workflows" using the ess runner in the "essEnv" environment:** ```shell npm run run-tests:dr:default exceptions/workflows ess essEnv - ``` \ No newline at end of file + ``` + +## Testing with serverless roles + +The `supertest` service is logged with the `admin` role by default on serverless. Ideally, every test that runs on serverless should use the most appropriate role. + +The `securitySolutionUtils` helper exports the `createSuperTest` function, which accepts the role as a parameter. +You need to call `createSuperTest` from a lifecycle hook and wait for it to return the `supertest` instance. +All API calls using the returned instance will inject the required auth headers. + +**On ESS, `createSuperTest` returns a basic `supertest` instance without headers.* + +```js +import TestAgent from 'supertest/lib/agent'; + +export default ({ getService }: FtrProviderContext) => { + const utils = getService('securitySolutionUtils'); + + describe('@ess @serverless my_test', () => { + let supertest: TestAgent; + + before(async () => { + supertest = await utils.createSuperTest('admin'); + }); + ... +``` + +If you need to use multiple roles in a single test, you can instantiate multiple `supertest` versions. +```js +before(async () => { + adminSupertest = await utils.createSuperTest('admin'); + viewerSupertest = await utils.createSuperTest('viewer'); +}); +... +``` + +The helper keeps track of only one active session per role. So, if you instantiate `supertest` twice for the same role, the first instance will have an invalid API key. diff --git a/x-pack/test/security_solution_api_integration/config/ess/config.base.ts b/x-pack/test/security_solution_api_integration/config/ess/config.base.ts index 0fbe6b12a7ade..7256432174e3c 100644 --- a/x-pack/test/security_solution_api_integration/config/ess/config.base.ts +++ b/x-pack/test/security_solution_api_integration/config/ess/config.base.ts @@ -7,7 +7,7 @@ import { CA_CERT_PATH } from '@kbn/dev-utils'; import { FtrConfigProviderContext, kbnTestConfig, kibanaTestUser } from '@kbn/test'; -import { services } from '../../../api_integration/services'; +import { services } from './services'; import { PRECONFIGURED_ACTION_CONNECTORS } from '../shared'; interface CreateTestConfigOptions { diff --git a/x-pack/test/security_solution_api_integration/config/ess/services.ts b/x-pack/test/security_solution_api_integration/config/ess/services.ts index d6a3c415f29df..e5f66d5c1928a 100644 --- a/x-pack/test/security_solution_api_integration/config/ess/services.ts +++ b/x-pack/test/security_solution_api_integration/config/ess/services.ts @@ -7,8 +7,10 @@ import { SpacesServiceProvider } from '../../../common/services/spaces'; import { services as essServices } from '../../../api_integration/services'; +import { SecuritySolutionESSUtils } from '../services/security_solution_ess_utils'; export const services = { ...essServices, spaces: SpacesServiceProvider, + securitySolutionUtils: SecuritySolutionESSUtils, }; diff --git a/x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts b/x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts index 55a7957ae20d6..3b4a220a1c0bc 100644 --- a/x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts +++ b/x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts @@ -11,7 +11,7 @@ export interface CreateTestConfigOptions { kbnTestServerArgs?: string[]; kbnTestServerEnv?: Record<string, string>; } -import { services } from '../../../../test_serverless/api_integration/services'; +import { services } from './services'; export function createTestConfig(options: CreateTestConfigOptions) { return async ({ readConfigFile }: FtrConfigProviderContext) => { diff --git a/x-pack/test/security_solution_api_integration/config/serverless/services.ts b/x-pack/test/security_solution_api_integration/config/serverless/services.ts index c033d11d1d2a4..c57007f774541 100644 --- a/x-pack/test/security_solution_api_integration/config/serverless/services.ts +++ b/x-pack/test/security_solution_api_integration/config/serverless/services.ts @@ -8,9 +8,13 @@ import { SpacesServiceProvider } from '../../../common/services/spaces'; import { BsearchSecureService } from '../../../../test_serverless/shared/services/bsearch_secure'; import { services as serverlessServices } from '../../../../test_serverless/api_integration/services'; +import { SecuritySolutionServerlessUtils } from '../services/security_solution_serverless_utils'; +import { SecuritySolutionServerlessSuperTest } from '../services/security_solution_serverless_supertest'; export const services = { ...serverlessServices, spaces: SpacesServiceProvider, secureBsearch: BsearchSecureService, + securitySolutionUtils: SecuritySolutionServerlessUtils, + supertest: SecuritySolutionServerlessSuperTest, }; diff --git a/x-pack/test/security_solution_api_integration/config/services/security_solution_ess_utils.ts b/x-pack/test/security_solution_api_integration/config/services/security_solution_ess_utils.ts new file mode 100644 index 0000000000000..4a69d1db5e253 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/config/services/security_solution_ess_utils.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../ftr_provider_context'; +import { SecuritySolutionUtils } from './types'; + +export function SecuritySolutionESSUtils({ + getService, +}: FtrProviderContext): SecuritySolutionUtils { + const config = getService('config'); + const supertest = getService('supertest'); + + return { + getUsername: (_role?: string) => + Promise.resolve(config.get('servers.kibana.username') as string), + createSuperTest: (_role?: string) => Promise.resolve(supertest), + }; +} diff --git a/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_supertest.ts b/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_supertest.ts new file mode 100644 index 0000000000000..8341396ee3c2d --- /dev/null +++ b/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_supertest.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../ftr_provider_context'; + +// It is wrapper around supertest that injects Serverless auth headers for the admin user. +export async function SecuritySolutionServerlessSuperTest({ getService }: FtrProviderContext) { + const { createSuperTest } = getService('securitySolutionUtils'); + + return await createSuperTest('admin'); +} diff --git a/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_utils.ts b/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_utils.ts new file mode 100644 index 0000000000000..6af51abccc79c --- /dev/null +++ b/x-pack/test/security_solution_api_integration/config/services/security_solution_serverless_utils.ts @@ -0,0 +1,68 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import supertest from 'supertest'; +import { format as formatUrl } from 'url'; +import { RoleCredentials } from '../../../../test_serverless/shared/services'; +import { FtrProviderContext } from '../../ftr_provider_context'; +import { SecuritySolutionUtils } from './types'; + +export function SecuritySolutionServerlessUtils({ + getService, +}: FtrProviderContext): SecuritySolutionUtils { + const svlUserManager = getService('svlUserManager'); + const lifecycle = getService('lifecycle'); + const svlCommonApi = getService('svlCommonApi'); + const config = getService('config'); + const log = getService('log'); + + const rolesCredentials = new Map<string, RoleCredentials>(); + const commonRequestHeader = svlCommonApi.getCommonRequestHeader(); + const kbnUrl = formatUrl({ + ...config.get('servers.kibana'), + auth: false, + }); + const agentWithCommonHeaders = supertest.agent(kbnUrl).set(commonRequestHeader); + + async function invalidateApiKey(credentials: RoleCredentials) { + await svlUserManager.invalidateApiKeyForRole(credentials); + } + + async function cleanCredentials(role: string) { + if (rolesCredentials.has(role)) { + log.debug(`Invalidating API key for role [${role}]`); + await invalidateApiKey(rolesCredentials.get(role)!); + rolesCredentials.delete(role); + } + } + + // Invalidate API keys when all tests have finished. + lifecycle.cleanup.add(async () => { + rolesCredentials.forEach((credential, role) => { + log.debug(`Invalidating API key for role [${role}]`); + invalidateApiKey(credential); + }); + }); + + return { + getUsername: async (role = 'admin') => { + const { username } = await svlUserManager.getUserData(role); + + return username; + }, + /** + * Only one API key for each role can be active at a time. + */ + createSuperTest: async (role = 'admin') => { + cleanCredentials(role); + const credentials = await svlUserManager.createApiKeyForRole(role); + rolesCredentials.set(role, credentials); + + return agentWithCommonHeaders.set(credentials.apiKeyHeader); + }, + }; +} diff --git a/x-pack/test/security_solution_api_integration/config/services/types.ts b/x-pack/test/security_solution_api_integration/config/services/types.ts new file mode 100644 index 0000000000000..b0a22e8f3a12e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/config/services/types.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import TestAgent from 'supertest/lib/agent'; + +export interface SecuritySolutionUtils { + getUsername: (role?: string) => Promise<string>; + createSuperTest: (role?: string) => Promise<TestAgent<any>>; +} diff --git a/x-pack/test/security_solution_api_integration/scripts/mki_api_ftr_execution.ts b/x-pack/test/security_solution_api_integration/scripts/mki_api_ftr_execution.ts index 3dff7e2c1d071..7241d28f9c29b 100644 --- a/x-pack/test/security_solution_api_integration/scripts/mki_api_ftr_execution.ts +++ b/x-pack/test/security_solution_api_integration/scripts/mki_api_ftr_execution.ts @@ -118,6 +118,9 @@ export const cli = () => { // Creating project for the test to run const project = await cloudHandler.createSecurityProject(PROJECT_NAME, productTypes); + // Check if proxy service is used to define which org executes the tests. + const proxyOrg = cloudHandler instanceof ProxyHandler ? project?.proxy_org_name : undefined; + log.info(`Proxy Organization used id : ${proxyOrg}`); if (!project) { log.error('Failed to create project.'); @@ -161,6 +164,8 @@ export const cli = () => { TEST_CLOUD: testCloud.toString(), TEST_ES_URL: testEsUrl, TEST_KIBANA_URL: testKibanaUrl, + TEST_CLOUD_HOST_NAME: new URL(BASE_ENV_URL).hostname, + ROLES_FILENAME_OVERRIDE: proxyOrg ? `${proxyOrg}.json` : undefined, }; statusCode = await executeCommand(command, envVars, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts index 0f9f863161e35..1a26ae97e3817 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts @@ -152,7 +152,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alertsOpen = await getAlertsByIds(supertest, log, [id]); - const alertIds = alertsOpen.hits.hits.map((alert) => alert._id); + const alertIds = alertsOpen.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) @@ -182,7 +182,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alertsOpen = await getAlertsByIds(supertest, log, [id]); - const alertIds = alertsOpen.hits.hits.map((alert) => alert._id); + const alertIds = alertsOpen.hits.hits.map((alert) => alert._id!); // set all of the alerts to the state of closed. There is no reason to use a waitUntil here // as this route intentionally has a waitFor within it and should only return when the query has diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status_ess.ts index 1b25b5b499e9c..9541badc5e6de 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status_ess.ts @@ -97,7 +97,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alertsOpen = await getAlertsByIds(supertest, log, [id]); - const alertIds = alertsOpen.hits.hits.map((alert) => alert._id); + const alertIds = alertsOpen.hits.hits.map((alert) => alert._id!); // set all of the alerts to the state of closed. There is no reason to use a waitUntil here // as this route intentionally has a waitFor within it and should only return when the query has @@ -141,7 +141,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 1, [id]); const alertsOpen = await getAlertsByIds(supertest, log, [id]); - const alertIds = alertsOpen.hits.hits.map((alert) => alert._id); + const alertIds = alertsOpen.hits.hits.map((alert) => alert._id!); // Try to set all of the alerts to the state of closed. // This should not be possible with the given user. diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/create_index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/create_index.ts index a66daa964ce82..8ed33f1b763f1 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/create_index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/create_index.ts @@ -38,12 +38,6 @@ export default ({ getService }: FtrProviderContext) => { await esArchiver.unload('x-pack/test/functional/es_archives/signals/index_alias_clash'); }); - // Skipped: see https://github.com/elastic/kibana/issues/179208 - it.skip('should report that alerts index does not exist', async () => { - const { body } = await supertest.get(DETECTION_ENGINE_INDEX_URL).send().expect(404); - expect(body).to.eql({ message: 'index for this space does not exist', status_code: 404 }); - }); - it('should return 200 for create_index', async () => { const { body } = await supertest .post(DETECTION_ENGINE_INDEX_URL) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/set_alert_tags.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/set_alert_tags.ts index 961150d0908c2..f3a0206a58abf 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/set_alert_tags.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/set_alert_tags.ts @@ -99,7 +99,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_TAGS_URL) @@ -133,7 +133,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_TAGS_URL) @@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_TAGS_URL) @@ -225,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_TAGS_URL) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts index 0a2e64df60534..b445c6f81f99c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts @@ -118,7 +118,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); const alertId = alertIds[0]; await supertest @@ -153,7 +153,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL) @@ -190,7 +190,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); const alertId = alertIds[0]; // Assign users @@ -242,7 +242,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); // Assign users await supertest @@ -293,7 +293,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL) @@ -330,7 +330,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL) @@ -376,7 +376,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL) @@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL) @@ -474,7 +474,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERT_ASSIGNEES_URL) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts index 3ec8bbf7bdbfc..569934bea4985 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts @@ -65,7 +65,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); const userAndRole = ROLES.reader; await createUserAndRole(getService, userAndRole); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts index 7282f0f7f7dcc..1cb5121069f23 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts @@ -63,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccess({ supertest, log, id }); await waitForAlertsToBePresent(supertest, log, 10, [id]); const alerts = await getAlertsByIds(supertest, log, [id]); - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); // Try to set all of the alerts to the state of closed. // This should not be possible with the given user. diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/create_rule_exceptions.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/create_rule_exceptions.ts index 21147663a630d..8b13aa64ac6b2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/create_rule_exceptions.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/basic_license_essentials_tier/create_rule_exceptions.ts @@ -45,8 +45,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@serverless @serverlessQA @ess create "rule_default" exceptions', () => { before(async () => { @@ -61,7 +60,7 @@ export default ({ getService }: FtrProviderContext) => { it('creates and associates a `rule_default` exception list to a rule if one not already found', async () => { const rule = await createRule(supertest, log, getSimpleRule('rule-2')); - + const username = await utils.getUsername(); const { body: items } = await supertest .post(`${DETECTION_ENGINE_RULES_URL}/${rule.id}/exceptions`) .set('kbn-xsrf', 'true') @@ -82,7 +81,7 @@ export default ({ getService }: FtrProviderContext) => { expect(itemsWithoutServerGeneratedValues).to.eql([ { comments: [], - created_by: ELASTICSEARCH_USERNAME, + created_by: username, description: 'Exception item for rule default exception list', entries: [ { @@ -98,13 +97,14 @@ export default ({ getService }: FtrProviderContext) => { os_types: [], tags: [], type: 'simple', - updated_by: ELASTICSEARCH_USERNAME, + updated_by: username, }, ]); expect(udpatedRule.exceptions_list.some((list) => list.type === 'rule_default')).to.eql(true); }); it('creates and associates a `rule_default` exception list to a rule even when rule has non existent default list attached', async () => { + const username = await utils.getUsername(); // create a rule that has a non existent default exception list const rule = await createRule(supertest, log, { ...getSimpleRule('rule-5'), @@ -146,7 +146,7 @@ export default ({ getService }: FtrProviderContext) => { expect(itemsWithoutServerGeneratedValues).to.eql([ { comments: [], - created_by: ELASTICSEARCH_USERNAME, + created_by: username, description: 'Exception item for rule default exception list', entries: [ { @@ -162,12 +162,13 @@ export default ({ getService }: FtrProviderContext) => { os_types: [], tags: [], type: 'simple', - updated_by: ELASTICSEARCH_USERNAME, + updated_by: username, }, ]); }); it('adds exception items to rule default exception list', async () => { + const username = await utils.getUsername(); // create default exception list const exceptionList: CreateExceptionListSchema = { ...getCreateExceptionListMinimalSchemaMock(), @@ -208,7 +209,7 @@ export default ({ getService }: FtrProviderContext) => { ); expect(itemsWithoutServerGeneratedValues[0]).to.eql({ comments: [], - created_by: ELASTICSEARCH_USERNAME, + created_by: username, description: 'Exception item for rule default exception list', entries: [ { @@ -224,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => { os_types: [], tags: [], type: 'simple', - updated_by: ELASTICSEARCH_USERNAME, + updated_by: username, }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/custom_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/custom_query.ts index e2009873d4af6..692f986e6e6a6 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/custom_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/custom_query.ts @@ -951,7 +951,7 @@ export default ({ getService }: FtrProviderContext) => { // Close the alert. Subsequent rule executions should ignore this closed alert // for suppression purposes. - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERTS_STATUS_URL) .set('kbn-xsrf', 'true') diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppression.ts index b0a0e3f8b66ba..33ece3e69cb8c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppression.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql_alert_suppression.ts @@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => { // Close the alert. Subsequent rule executions should ignore this closed alert // for suppression purposes. - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERTS_STATUS_URL) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts index 1bdf089844746..cbc7f43cfe6cc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql.ts @@ -37,8 +37,7 @@ export default ({ getService }: FtrProviderContext) => { const es = getService('es'); const log = getService('log'); const kibanaServer = getService('kibanaServer'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); const { indexEnhancedDocuments, indexListOfDocuments, indexGeneratedDocuments } = dataGeneratorFactory({ @@ -66,6 +65,7 @@ export default ({ getService }: FtrProviderContext) => { // First test creates a real rule - remaining tests use preview API it('should generate 1 alert with during actual rule execution', async () => { const id = uuidv4(); + const username = await utils.getUsername(); const interval: [string, string] = ['2020-10-28T06:00:00.000Z', '2020-10-28T06:10:00.000Z']; const doc1 = { agent: { name: 'test-1' } }; const doc2 = { agent: { name: 'test-2' } }; @@ -140,7 +140,7 @@ export default ({ getService }: FtrProviderContext) => { 'kibana.alert.risk_score': 55, 'kibana.alert.rule.actions': [], 'kibana.alert.rule.author': [], - 'kibana.alert.rule.created_by': ELASTICSEARCH_USERNAME, + 'kibana.alert.rule.created_by': username, 'kibana.alert.rule.description': 'Detecting root and admin users', 'kibana.alert.rule.enabled': true, 'kibana.alert.rule.exceptions_list': [], @@ -157,7 +157,7 @@ export default ({ getService }: FtrProviderContext) => { 'kibana.alert.rule.threat': [], 'kibana.alert.rule.to': 'now', 'kibana.alert.rule.type': 'esql', - 'kibana.alert.rule.updated_by': ELASTICSEARCH_USERNAME, + 'kibana.alert.rule.updated_by': username, 'kibana.alert.rule.version': 1, 'kibana.alert.workflow_tags': [], 'kibana.alert.workflow_assignee_ids': [], diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts index 39724206cfab3..90fd1463f15dd 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/esql_suppression.ts @@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => { expect(alerts.hits.hits).toHaveLength(1); // Close the alert. Subsequent rule executions should ignore this closed alert // for suppression purposes. - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERTS_STATUS_URL) .set('kbn-xsrf', 'true') diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match.ts index a999b430a521a..81b41ee1b0d5f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match.ts @@ -158,7 +158,7 @@ export default ({ getService }: FtrProviderContext) => { // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); const audibeatHostsPath = dataPathBuilder.getPath('auditbeat/hosts'); const threatIntelPath = dataPathBuilder.getPath('filebeat/threat_intel'); @@ -186,6 +186,7 @@ export default ({ getService }: FtrProviderContext) => { // First 2 test creates a real rule - remaining tests use preview API it('should be able to execute and get all alerts when doing a specific query (terms query)', async () => { + const username = await utils.getUsername(); const rule: ThreatMatchRuleCreateProps = createThreatMatchRule(); const createdRule = await createRule(supertest, log, rule); @@ -320,7 +321,7 @@ export default ({ getService }: FtrProviderContext) => { author: [], category: 'Indicator Match Rule', consumer: 'siem', - created_by: ELASTICSEARCH_USERNAME, + created_by: username, description: 'Detecting root and admin users', enabled: true, exceptions_list: [], @@ -342,13 +343,14 @@ export default ({ getService }: FtrProviderContext) => { to: 'now', type: 'threat_match', updated_at: fullAlert[ALERT_RULE_UPDATED_AT], - updated_by: ELASTICSEARCH_USERNAME, + updated_by: username, uuid: fullAlert[ALERT_RULE_UUID], version: 1, }), }); }); it('should be able to execute and get all alerts when doing a specific query (match query)', async () => { + const username = await utils.getUsername(); const rule: ThreatMatchRuleCreateProps = createThreatMatchRule({ threat_mapping: [ // We match host.name against host.name @@ -499,7 +501,7 @@ export default ({ getService }: FtrProviderContext) => { author: [], category: 'Indicator Match Rule', consumer: 'siem', - created_by: ELASTICSEARCH_USERNAME, + created_by: username, description: 'Detecting root and admin users', enabled: true, exceptions_list: [], @@ -521,7 +523,7 @@ export default ({ getService }: FtrProviderContext) => { to: 'now', type: 'threat_match', updated_at: fullAlert[ALERT_RULE_UPDATED_AT], - updated_by: ELASTICSEARCH_USERNAME, + updated_by: username, uuid: fullAlert[ALERT_RULE_UUID], version: 1, }), diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match_alert_suppression.ts index 1868fbdef1555..833a54cd9042a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match_alert_suppression.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/indicator_match_alert_suppression.ts @@ -326,7 +326,7 @@ export default ({ getService }: FtrProviderContext) => { // Close the alert. Subsequent rule executions should ignore this closed alert // for suppression purposes. - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERTS_STATUS_URL) .set('kbn-xsrf', 'true') diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms.ts index 9e2638981a9e8..ec0602290b935 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms.ts @@ -46,8 +46,8 @@ export default ({ getService }: FtrProviderContext) => { log, }); // TODO: add a new service for loading archiver files similar to "getService('es')" + const utils = getService('securitySolutionUtils'); const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); const path = dataPathBuilder.getPath('auditbeat/hosts'); @@ -99,6 +99,7 @@ export default ({ getService }: FtrProviderContext) => { // suricata-sensor-san-francisco appears in a document at 2019-02-19T20:42:08.230Z, but also appears // in earlier documents so is not new. An alert should not be generated for that term. it('should generate 1 alert with 1 selected field', async () => { + const username = await utils.getUsername(); const rule: NewTermsRuleCreateProps = { ...getCreateNewTermsRulesSchemaMock('rule-1', true), new_terms_fields: ['host.name'], @@ -214,7 +215,7 @@ export default ({ getService }: FtrProviderContext) => { }, 'kibana.alert.rule.actions': [], 'kibana.alert.rule.author': [], - 'kibana.alert.rule.created_by': ELASTICSEARCH_USERNAME, + 'kibana.alert.rule.created_by': username, 'kibana.alert.rule.description': 'Detecting root and admin users', 'kibana.alert.rule.enabled': true, 'kibana.alert.rule.exceptions_list': [], @@ -232,7 +233,7 @@ export default ({ getService }: FtrProviderContext) => { 'kibana.alert.rule.threat': [], 'kibana.alert.rule.to': 'now', 'kibana.alert.rule.type': 'new_terms', - 'kibana.alert.rule.updated_by': ELASTICSEARCH_USERNAME, + 'kibana.alert.rule.updated_by': username, 'kibana.alert.rule.version': 1, 'kibana.alert.rule.risk_score': 55, 'kibana.alert.rule.severity': 'high', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms_alert_suppression.ts index 4a2644a9737a6..11bda2226c786 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms_alert_suppression.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/new_terms_alert_suppression.ts @@ -231,7 +231,7 @@ export default ({ getService }: FtrProviderContext) => { expect(alerts.hits.hits).toHaveLength(1); // Close the alert. Subsequent rule executions should ignore this closed alert // for suppression purposes. - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERTS_STATUS_URL) .set('kbn-xsrf', 'true') diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/threshold_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/threshold_alert_suppression.ts index d97bd0d517314..85e0bd504fb36 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/threshold_alert_suppression.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/threshold_alert_suppression.ts @@ -193,7 +193,7 @@ export default ({ getService }: FtrProviderContext) => { // Close the alert. Subsequent rule executions should ignore this closed alert // for suppression purposes. - const alertIds = alerts.hits.hits.map((alert) => alert._id); + const alertIds = alerts.hits.hits.map((alert) => alert._id!); await supertest .post(DETECTION_ENGINE_ALERTS_STATUS_URL) .set('kbn-xsrf', 'true') diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/manual_rule_run.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/manual_rule_run.ts index e26c66622e02a..8a6167fc69301 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/manual_rule_run.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_gaps/trial_license_complete_tier/manual_rule_run.ts @@ -108,8 +108,8 @@ export default ({ getService }: FtrProviderContext) => { expect(results).toEqual([ { error: { - error: 'Bad Request', message: `Rule ${createdRule.id} is disabled`, + rule: { id: `${createdRule.id}`, name: 'Custom query rule' }, }, }, ]); @@ -231,8 +231,8 @@ export default ({ getService }: FtrProviderContext) => { }), { error: { - error: 'Not Found', message: `Saved object [alert/${nonExistingRuleId}] not found`, + rule: { id: nonExistingRuleId }, }, }, ]) @@ -272,8 +272,8 @@ export default ({ getService }: FtrProviderContext) => { expect.arrayContaining([ { error: { - error: 'Bad Request', message: `Rule ${createdRule1.id} is disabled`, + rule: { id: `${createdRule1.id}`, name: 'Custom query rule' }, }, }, expect.objectContaining({ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts index 091707df88d0a..8a1bd6cf4ecfd 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts @@ -48,9 +48,7 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const log = getService('log'); const esArchiver = getService('esArchiver'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); const postBulkAction = () => supertest @@ -218,7 +216,7 @@ export default ({ getService }: FtrProviderContext): void => { const [ruleJson, connectorsJson, exportDetailsJson] = body.toString().split(/\n/); const rule = removeServerGeneratedProperties(JSON.parse(ruleJson)); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(rule).toEqual({ ...expectedRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts index fe89747eaa375..a8c70f1518f92 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts @@ -25,9 +25,9 @@ export default ({ getService }: FtrProviderContext) => { const es = getService('es'); // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); + const utils = getService('securitySolutionUtils'); const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts'); describe('create_ml_rules', () => { @@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleMlRule(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleMlRule(), await utils.getUsername()); expect(bodyToCompare).toEqual(expect.objectContaining(expectedRule)); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts index 2f5ffd07e7d00..5bad760d3f91c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts @@ -32,9 +32,9 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); + const utils = getService('securitySolutionUtils'); // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts'); @@ -64,7 +64,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).toEqual(expectedRule); }); @@ -159,7 +159,7 @@ export default ({ getService }: FtrProviderContext) => { version: 1, revision: 0, }, - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).toEqual(expectedRule); @@ -173,7 +173,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).toEqual(expectedRule); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts index 4356c8b82b8b4..529c3615e9e8e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts @@ -33,10 +33,10 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless create_rules_bulk', () => { describe('creating rules in bulk', () => { @@ -63,7 +63,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body[0]); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).toEqual(expectedRule); }); @@ -114,7 +114,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).toEqual(expectedRule); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts index e6e4e4697d099..c3bdc9b4661d4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts @@ -48,9 +48,7 @@ export default ({ getService }: FtrProviderContext) => { const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@serverless @ess create_rules', () => { describe('rule creation', () => { @@ -75,6 +73,7 @@ export default ({ getService }: FtrProviderContext) => { describe('elastic admin', () => { it('creates a custom query rule', async () => { + const username = await utils.getUsername(); const { body } = await securitySolutionApi .createRule({ body: getCustomQueryRuleParams() }) .expect(200); @@ -82,13 +81,14 @@ export default ({ getService }: FtrProviderContext) => { expect(body).toEqual( expect.objectContaining({ ...getCustomQueryRuleParams(), - created_by: ELASTICSEARCH_USERNAME, - updated_by: ELASTICSEARCH_USERNAME, + created_by: username, + updated_by: username, }) ); }); it('creates a saved query rule', async () => { + const username = await utils.getUsername(); const savedQueryRuleParams = getSavedQueryRuleParams({ data_view_id: 'my-data-view', type: 'saved_query', @@ -102,8 +102,8 @@ export default ({ getService }: FtrProviderContext) => { expect(body).toEqual( expect.objectContaining({ ...savedQueryRuleParams, - created_by: ELASTICSEARCH_USERNAME, - updated_by: ELASTICSEARCH_USERNAME, + created_by: username, + updated_by: username, }) ); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts index f7dd02061f429..75e3be0d825ee 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts @@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext): void => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless delete_rules', () => { describe('deleting rules', () => { @@ -52,7 +51,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -68,7 +67,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -85,7 +84,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts index 0a3c419b6f1c4..bfde40d8b0db7 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts @@ -30,8 +30,7 @@ export default ({ getService }: FtrProviderContext): void => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless delete_rules_bulk', () => { describe('deleting rules bulk using DELETE', () => { @@ -53,7 +52,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body[0]); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -69,7 +68,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -86,7 +85,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -136,7 +135,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect([bodyToCompare, body[1]]).to.eql([ @@ -175,7 +174,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body[0]); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -194,7 +193,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -214,7 +213,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -271,7 +270,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect([bodyToCompare, body[1]]).to.eql([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts index a4161baa54547..4e2628f196c22 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts @@ -29,9 +29,7 @@ export default ({ getService }: FtrProviderContext): void => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless delete_rules', () => { describe('deleting rules', () => { @@ -53,7 +51,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -69,7 +67,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -86,7 +84,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts index cd4deb8cff7d8..361dfbef8c642 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts @@ -35,9 +35,7 @@ export default ({ getService }: FtrProviderContext): void => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation describe('@ess @skipInServerlesMKI delete_rules_bulk', () => { @@ -74,7 +72,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body[0]); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -90,7 +88,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -107,7 +105,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -157,7 +155,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect([bodyToCompare, body[1]]).to.eql([ @@ -196,7 +194,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body[0]); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -214,7 +212,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -235,7 +233,7 @@ export default ({ getService }: FtrProviderContext): void => { const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -292,7 +290,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect([bodyToCompare, body[1]]).to.eql([ expectedRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts index a2658ed2fb285..475446b90d905 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts @@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless patch_rules', () => { describe('patch rules', () => { @@ -54,7 +53,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); @@ -128,7 +127,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutputWithoutRuleId(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); expect(bodyToCompare).toEqual(expectedRule); @@ -145,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); @@ -161,7 +160,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.enabled = false; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); @@ -179,7 +178,7 @@ export default ({ getService }: FtrProviderContext) => { outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); @@ -205,7 +204,7 @@ export default ({ getService }: FtrProviderContext) => { outputRule.timeline_title = 'some title'; outputRule.timeline_id = 'some id'; outputRule.revision = 2; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts index a04245eac5517..207456d48f430 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts @@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless patch_rules_bulk', () => { describe('patch rules bulk', () => { @@ -55,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); expect(bodyToCompare).toEqual(expectedRule); }); @@ -104,6 +103,7 @@ export default ({ getService }: FtrProviderContext) => { it('should patch two rule properties of name using the two rules rule_id', async () => { await createRule(supertest, log, getSimpleRule('rule-1')); await createRule(supertest, log, getSimpleRule('rule-2')); + const username = await utils.getUsername(); // patch both rule names const { body } = await securitySolutionApi @@ -118,12 +118,12 @@ export default ({ getService }: FtrProviderContext) => { const outputRule1 = getSimpleRuleOutput(); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const expectedRule1 = updateUsername(outputRule1, ELASTICSEARCH_USERNAME); + const expectedRule1 = updateUsername(outputRule1, username); const outputRule2 = getSimpleRuleOutput('rule-2'); outputRule2.name = 'some other name'; outputRule2.revision = 1; - const expectedRule2 = updateUsername(outputRule2, ELASTICSEARCH_USERNAME); + const expectedRule2 = updateUsername(outputRule2, username); const bodyToCompare1 = removeServerGeneratedProperties(body[0]); const bodyToCompare2 = removeServerGeneratedProperties(body[1]); @@ -142,7 +142,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); }); @@ -150,6 +150,7 @@ export default ({ getService }: FtrProviderContext) => { it('should patch two rule properties of name using the two rules id', async () => { const createRule1 = await createRule(supertest, log, getSimpleRule('rule-1')); const createRule2 = await createRule(supertest, log, getSimpleRule('rule-2')); + const username = await utils.getUsername(); // patch both rule names const { body } = await securitySolutionApi @@ -164,12 +165,12 @@ export default ({ getService }: FtrProviderContext) => { const outputRule1 = getSimpleRuleOutputWithoutRuleId('rule-1'); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const expectedRule = updateUsername(outputRule1, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule1, username); const outputRule2 = getSimpleRuleOutputWithoutRuleId('rule-2'); outputRule2.name = 'some other name'; outputRule2.revision = 1; - const expectedRule2 = updateUsername(outputRule2, ELASTICSEARCH_USERNAME); + const expectedRule2 = updateUsername(outputRule2, username); const bodyToCompare1 = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const bodyToCompare2 = removeServerGeneratedPropertiesIncludingRuleId(body[1]); @@ -188,7 +189,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -204,7 +205,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.enabled = false; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -222,7 +223,7 @@ export default ({ getService }: FtrProviderContext) => { outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -248,7 +249,7 @@ export default ({ getService }: FtrProviderContext) => { outputRule.timeline_title = 'some title'; outputRule.timeline_id = 'some id'; outputRule.revision = 2; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -301,7 +302,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect([bodyToCompare, body[1]]).toEqual([ @@ -332,7 +333,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect([bodyToCompare, body[1]]).toEqual([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts index 4a69f208c3bd5..a6a64857f6721 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts @@ -43,9 +43,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless @skipInServerlessMKI patch_rules', () => { describe('patch rules', () => { @@ -69,7 +67,7 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', name: 'some other name' }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -88,7 +86,7 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', machine_learning_job_id: 'some_job_id' }) .expect(200); - const outputRule = updateUsername(getSimpleMlRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).to.eql(outputRule); @@ -105,7 +103,7 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', name: 'some other name' }) .expect(200); - const outputRule = updateUsername(getSimpleMlRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -128,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); outputRule.name = 'some other name'; @@ -147,7 +145,7 @@ export default ({ getService }: FtrProviderContext) => { .set('elastic-api-version', '2023-10-31') .send({ id: createdBody.id, name: 'some other name' }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -166,7 +164,7 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', enabled: false }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.enabled = false; @@ -185,7 +183,7 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', severity: 'low', enabled: false }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; @@ -213,7 +211,7 @@ export default ({ getService }: FtrProviderContext) => { .send({ rule_id: 'rule-1', name: 'some other name' }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.timeline_title = 'some title'; outputRule.timeline_id = 'some id'; @@ -436,7 +434,7 @@ export default ({ getService }: FtrProviderContext) => { ); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; @@ -466,7 +464,7 @@ export default ({ getService }: FtrProviderContext) => { ); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; @@ -505,7 +503,7 @@ export default ({ getService }: FtrProviderContext) => { const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; @@ -533,7 +531,7 @@ export default ({ getService }: FtrProviderContext) => { ); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; @@ -564,7 +562,7 @@ export default ({ getService }: FtrProviderContext) => { const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; expectedRule.actions = someActionsWithFrequencies.map((action) => ({ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts index 88ca9c4ffe289..7e496ea73194d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts @@ -39,9 +39,7 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation describe('@ess @skipInServerless patch_rules_bulk', () => { @@ -81,7 +79,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -92,6 +90,7 @@ export default ({ getService }: FtrProviderContext) => { it('should patch two rule properties of name using the two rules rule_id', async () => { await createRule(supertest, log, getSimpleRule('rule-1')); await createRule(supertest, log, getSimpleRule('rule-2')); + const username = await utils.getUsername(); // patch both rule names const { body } = await securitySolutionApi @@ -103,12 +102,12 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - const outputRule1 = updateUsername(getSimpleRuleOutput('rule-1'), ELASTICSEARCH_USERNAME); + const outputRule1 = updateUsername(getSimpleRuleOutput('rule-1'), username); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), ELASTICSEARCH_USERNAME); + const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), username); outputRule2.name = 'some other name'; outputRule2.revision = 1; @@ -127,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkPatchRules({ body: [{ id: createRuleBody.id, name: 'some other name' }] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -137,6 +136,7 @@ export default ({ getService }: FtrProviderContext) => { it('should patch two rule properties of name using the two rules id', async () => { const createRule1 = await createRule(supertest, log, getSimpleRule('rule-1')); const createRule2 = await createRule(supertest, log, getSimpleRule('rule-2')); + const username = await utils.getUsername(); // patch both rule names const { body } = await securitySolutionApi @@ -148,18 +148,12 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - const outputRule1 = updateUsername( - getSimpleRuleOutputWithoutRuleId('rule-1'), - ELASTICSEARCH_USERNAME - ); + const outputRule1 = updateUsername(getSimpleRuleOutputWithoutRuleId('rule-1'), username); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const outputRule2 = updateUsername( - getSimpleRuleOutputWithoutRuleId('rule-2'), - ELASTICSEARCH_USERNAME - ); + const outputRule2 = updateUsername(getSimpleRuleOutputWithoutRuleId('rule-2'), username); outputRule2.name = 'some other name'; outputRule2.revision = 1; @@ -210,13 +204,11 @@ export default ({ getService }: FtrProviderContext) => { const sidecarActionsPostResults = await getLegacyActionSO(es); expect(sidecarActionsPostResults.hits.hits.length).to.eql(0); + const username = await utils.getUsername(); // @ts-expect-error body.forEach((response) => { const bodyToCompare = removeServerGeneratedProperties(response); - const outputRule = updateUsername( - getSimpleRuleOutput(response.rule_id, false), - ELASTICSEARCH_USERNAME - ); + const outputRule = updateUsername(getSimpleRuleOutput(response.rule_id, false), username); outputRule.actions = [ { @@ -244,7 +236,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkPatchRules({ body: [{ id: createdBody.id, name: 'some other name' }] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -259,7 +251,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkPatchRules({ body: [{ rule_id: 'rule-1', enabled: false }] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.enabled = false; @@ -275,7 +267,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkPatchRules({ body: [{ rule_id: 'rule-1', severity: 'low', enabled: false }] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.enabled = false; outputRule.severity = 'low'; @@ -300,7 +292,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.timeline_title = 'some title'; @@ -355,7 +347,7 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -386,7 +378,7 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_ess.ts index 5efab4bb9e533..30398cd2cd1e9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_ess.ts @@ -35,9 +35,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess patch_rules - ESS specific logic', () => { describe('patch rules', () => { @@ -80,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(patchResponse.body); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.actions = [ { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts index 20da65ab16fdb..d21c78a68f5c4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts @@ -22,8 +22,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless find_rules', () => { beforeEach(async () => { @@ -48,7 +47,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(body).to.eql({ data: [expectedRule], @@ -66,7 +65,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; - const expectedRule = updateUsername(getComplexRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getComplexRuleOutput(), await utils.getUsername()); expect(body).to.eql({ data: [expectedRule], page: 1, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts index 35b45cc1faa46..21b31c702a7dc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts @@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless read_rules', () => { describe('reading rules', () => { @@ -51,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -64,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -79,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts index fb9c9341a7529..2ef2890eeffa8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts @@ -23,9 +23,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless find_rules', () => { beforeEach(async () => { @@ -50,7 +48,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(body).to.eql({ data: [expectedRule], @@ -68,7 +66,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; - const expectedRule = updateUsername(getComplexRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getComplexRuleOutput(), await utils.getUsername()); expect(body).to.eql({ data: [expectedRule], @@ -104,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => { // query the single rule from _find const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = { ...expectedRule, actions: [ @@ -151,7 +149,7 @@ export default ({ getService }: FtrProviderContext): void => { // query the single rule from _find const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = { ...expectedRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules_ess.ts index ccebf86486879..70d0758a390ec 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules_ess.ts @@ -32,9 +32,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess find_rules - ESS specific logic', () => { beforeEach(async () => { @@ -86,7 +84,7 @@ export default ({ getService }: FtrProviderContext): void => { .send() .expect(200); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = { ...expectedRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts index 2dc3e8168a24f..2e40bdb4d42a4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts @@ -29,9 +29,7 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless read_rules', () => { describe('reading rules', () => { @@ -52,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -65,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); expect(bodyToCompare).to.eql(expectedRule); }); @@ -80,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expect(bodyToCompare).to.eql(expectedRule); @@ -135,7 +133,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = { ...expectedRule, @@ -180,7 +178,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = { ...expectedRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules_ess.ts index 78bbcadac71eb..1e6ccbdf0ef76 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules_ess.ts @@ -35,9 +35,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess read_rules - ESS specific logic', () => { describe('reading rules', () => { @@ -97,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeServerGeneratedProperties(body); - const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType<typeof getSimpleRuleOutput> = { ...expectedRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts index 33505f9d150d6..06729d7ef31fa 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts @@ -31,8 +31,7 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless update_rules', () => { describe('update rules', () => { @@ -59,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); @@ -136,7 +135,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutputWithoutRuleId(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); expect(bodyToCompare).toEqual(expectedRule); @@ -156,7 +155,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); @@ -176,7 +175,7 @@ export default ({ getService }: FtrProviderContext) => { outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); @@ -201,7 +200,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 2; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare).toEqual(expectedRule); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts index effc64a241cc5..6708fe5a5e39d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts @@ -30,8 +30,7 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless update_rules_bulk', () => { describe('update rules bulk', () => { @@ -58,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -119,15 +118,16 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); + const username = await utils.getUsername(); const outputRule1 = getSimpleRuleOutput(); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const expectedRule = updateUsername(outputRule1, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule1, username); const outputRule2 = getSimpleRuleOutput('rule-2'); outputRule2.name = 'some other name'; outputRule2.revision = 1; - const expectedRule2 = updateUsername(outputRule2, ELASTICSEARCH_USERNAME); + const expectedRule2 = updateUsername(outputRule2, username); const bodyToCompare1 = removeServerGeneratedProperties(body[0]); const bodyToCompare2 = removeServerGeneratedProperties(body[1]); @@ -151,7 +151,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -176,15 +176,16 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); + const username = await utils.getUsername(); const outputRule1 = getSimpleRuleOutputWithoutRuleId('rule-1'); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const expectedRule = updateUsername(outputRule1, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule1, username); const outputRule2 = getSimpleRuleOutputWithoutRuleId('rule-2'); outputRule2.name = 'some other name'; outputRule2.revision = 1; - const expectedRule2 = updateUsername(outputRule2, ELASTICSEARCH_USERNAME); + const expectedRule2 = updateUsername(outputRule2, username); const bodyToCompare1 = removeServerGeneratedPropertiesIncludingRuleId(body[0]); const bodyToCompare2 = removeServerGeneratedPropertiesIncludingRuleId(body[1]); @@ -208,7 +209,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -230,7 +231,7 @@ export default ({ getService }: FtrProviderContext) => { outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -257,7 +258,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 2; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect(bodyToCompare).toEqual(expectedRule); @@ -319,7 +320,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect([bodyToCompare, body[1]]).toEqual([ @@ -355,7 +356,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; outputRule.revision = 1; - const expectedRule = updateUsername(outputRule, ELASTICSEARCH_USERNAME); + const expectedRule = updateUsername(outputRule, await utils.getUsername()); const bodyToCompare = removeServerGeneratedProperties(body[0]); expect([bodyToCompare, body[1]]).toEqual([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts index 6d120a7944759..af9929f87832d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts @@ -46,9 +46,7 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless @skipInServerlessMKI update_rules', () => { describe('update rules', () => { @@ -72,7 +70,7 @@ export default ({ getService }: FtrProviderContext) => { const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -91,7 +89,7 @@ export default ({ getService }: FtrProviderContext) => { const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); - const outputRule = updateUsername(getSimpleMlRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername()); // @ts-expect-error type narrowing is lost due to Omit<> outputRule.machine_learning_job_id = ['legacy_job_id']; @@ -111,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => { const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); - const outputRule = updateUsername(getSimpleMlRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body); @@ -133,7 +131,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); outputRule.name = 'some other name'; @@ -182,7 +180,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -203,7 +201,7 @@ export default ({ getService }: FtrProviderContext) => { const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -221,7 +219,7 @@ export default ({ getService }: FtrProviderContext) => { const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.enabled = false; outputRule.severity = 'low'; @@ -247,7 +245,7 @@ export default ({ getService }: FtrProviderContext) => { // update a simple rule's name const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate2 }).expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; outputRule.revision = 2; @@ -579,7 +577,7 @@ export default ({ getService }: FtrProviderContext) => { ); const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; @@ -610,7 +608,7 @@ export default ({ getService }: FtrProviderContext) => { const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; expectedRule.actions = actionsWithoutFrequencies.map((action) => ({ @@ -648,7 +646,7 @@ export default ({ getService }: FtrProviderContext) => { const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; expectedRule.actions = actionsWithFrequencies; @@ -676,7 +674,7 @@ export default ({ getService }: FtrProviderContext) => { const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; expectedRule.actions = someActionsWithFrequencies.map((action) => ({ @@ -706,7 +704,7 @@ export default ({ getService }: FtrProviderContext) => { const expectedRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); expectedRule.revision = 1; expectedRule.actions = someActionsWithFrequencies.map((action) => ({ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts index 2dead22fd358a..68886130e6cc3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts @@ -49,12 +49,15 @@ export default ({ getService }: FtrProviderContext) => { const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); + let username: string; // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation describe('@ess update_rules_bulk', () => { + before(async () => { + username = await utils.getUsername(); + }); + describe('deprecations', () => { afterEach(async () => { await deleteAllRules(supertest, log); @@ -95,7 +98,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [updatedRule] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -119,11 +122,11 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); - const outputRule1 = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule1 = updateUsername(getSimpleRuleOutput(), username); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), ELASTICSEARCH_USERNAME); + const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), username); outputRule2.name = 'some other name'; outputRule2.revision = 1; @@ -187,10 +190,7 @@ export default ({ getService }: FtrProviderContext) => { body.forEach((response) => { const bodyToCompare = removeServerGeneratedProperties(response); - const outputRule = updateUsername( - getSimpleRuleOutput(response.rule_id), - ELASTICSEARCH_USERNAME - ); + const outputRule = updateUsername(getSimpleRuleOutput(response.rule_id), username); outputRule.name = 'some other name'; outputRule.revision = 1; outputRule.actions = [ @@ -250,10 +250,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); body.forEach((response) => { - const outputRule = updateUsername( - getSimpleRuleOutput(response.rule_id), - ELASTICSEARCH_USERNAME - ); + const outputRule = updateUsername(getSimpleRuleOutput(response.rule_id), username); outputRule.name = 'some other name'; outputRule.revision = 1; outputRule.actions = []; @@ -275,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [updatedRule1] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -301,11 +298,11 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); - const outputRule1 = updateUsername(getSimpleRuleOutput('rule-1'), ELASTICSEARCH_USERNAME); + const outputRule1 = updateUsername(getSimpleRuleOutput('rule-1'), username); outputRule1.name = 'some other name'; outputRule1.revision = 1; - const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), ELASTICSEARCH_USERNAME); + const outputRule2 = updateUsername(getSimpleRuleOutput('rule-2'), username); outputRule2.name = 'some other name'; outputRule2.revision = 1; @@ -328,7 +325,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [updatedRule1] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; outputRule.revision = 1; const bodyToCompare = removeServerGeneratedProperties(body[0]); @@ -347,7 +344,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [updatedRule1] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.enabled = false; outputRule.severity = 'low'; outputRule.revision = 1; @@ -374,7 +371,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [ruleUpdate2] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; outputRule.revision = 2; @@ -435,7 +432,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [ruleUpdate, ruleUpdate2] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -470,7 +467,7 @@ export default ({ getService }: FtrProviderContext) => { .bulkUpdateRules({ body: [rule1, rule2] }) .expect(200); - const outputRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME); + const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; outputRule.revision = 1; @@ -629,10 +626,7 @@ export default ({ getService }: FtrProviderContext) => { actionsWithoutFrequencies ); - const expectedRule = updateUsername( - getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME - ); + const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username); expectedRule.revision = 1; expectedRule.actions = actionsWithoutFrequencies.map((action) => ({ ...action, @@ -660,10 +654,7 @@ export default ({ getService }: FtrProviderContext) => { actionsWithoutFrequencies ); - const expectedRule = updateUsername( - getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME - ); + const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username); expectedRule.revision = 1; expectedRule.actions = actionsWithoutFrequencies.map((action) => ({ ...action, @@ -698,10 +689,7 @@ export default ({ getService }: FtrProviderContext) => { actionsWithFrequencies ); - const expectedRule = updateUsername( - getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME - ); + const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username); expectedRule.revision = 1; expectedRule.actions = actionsWithFrequencies; @@ -726,10 +714,7 @@ export default ({ getService }: FtrProviderContext) => { someActionsWithFrequencies ); - const expectedRule = updateUsername( - getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME - ); + const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username); expectedRule.revision = 1; expectedRule.actions = someActionsWithFrequencies.map((action) => ({ ...action, @@ -756,10 +741,7 @@ export default ({ getService }: FtrProviderContext) => { someActionsWithFrequencies ); - const expectedRule = updateUsername( - getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME - ); + const expectedRule = updateUsername(getSimpleRuleOutputWithoutRuleId(), username); expectedRule.revision = 1; expectedRule.actions = someActionsWithFrequencies.map((action) => ({ ...action, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts index b6c4862ccf298..4272345759f0e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts @@ -37,8 +37,7 @@ export default ({ getService }: FtrProviderContext) => { const log = getService('log'); const es = getService('es'); // TODO: add a new service for pulling kibana username, similar to getService('es') - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess update_rules - ESS specific logic', () => { describe('update rules', () => { @@ -97,7 +96,7 @@ export default ({ getService }: FtrProviderContext) => { const outputRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), - ELASTICSEARCH_USERNAME + await utils.getUsername() ); outputRule.name = 'some other name'; outputRule.revision = 1; diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/index.ts index e2af055597f99..4ccce93c790f9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/index.ts @@ -10,7 +10,6 @@ import { FtrProviderContext } from '../../../../ftr_provider_context'; export default function ({ loadTestFile }: FtrProviderContext) { describe('Entity Analytics - Risk Engine', function () { loadTestFile(require.resolve('./init_and_status_apis')); - loadTestFile(require.resolve('./risk_score_calculation')); loadTestFile(require.resolve('./risk_score_preview')); loadTestFile(require.resolve('./risk_scoring_task/task_execution')); loadTestFile(require.resolve('./risk_scoring_task/task_execution_nondefault_spaces')); diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_score_calculation.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_score_calculation.ts deleted file mode 100644 index 29451ef9dacbe..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_score_calculation.ts +++ /dev/null @@ -1,374 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from '@kbn/expect'; -import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common'; - -import { RISK_SCORE_CALCULATION_URL } from '@kbn/security-solution-plugin/common/constants'; -import { v4 as uuidv4 } from 'uuid'; -import { EntityRiskScoreRecord } from '@kbn/security-solution-plugin/common/api/entity_analytics/common'; -import { dataGeneratorFactory } from '../../../detections_response/utils'; -import { deleteAllAlerts, deleteAllRules } from '../../../../../common/utils/security_solution'; -import { - buildDocument, - createAndSyncRuleAndAlertsFactory, - deleteAllRiskScores, - readRiskScores, - normalizeScores, - waitForRiskScoresToBePresent, - assetCriticalityRouteHelpersFactory, - cleanAssetCriticality, - waitForAssetCriticalityToBePresent, - getLatestRiskScoreIndexMapping, - riskEngineRouteHelpersFactory, - cleanRiskEngine, - enableAssetCriticalityAdvancedSetting, -} from '../../utils'; -import { FtrProviderContext } from '../../../../ftr_provider_context'; - -export default ({ getService }: FtrProviderContext): void => { - const supertest = getService('supertest'); - - const esArchiver = getService('esArchiver'); - const es = getService('es'); - const log = getService('log'); - const kibanaServer = getService('kibanaServer'); - - const riskEngineRoutes = riskEngineRouteHelpersFactory(supertest); - - const createAndSyncRuleAndAlerts = createAndSyncRuleAndAlertsFactory({ supertest, log }); - - const calculateRiskScores = async ({ - body, - }: { - body: object; - }): Promise<{ scores: EntityRiskScoreRecord[] }> => { - const { body: result } = await supertest - .post(RISK_SCORE_CALCULATION_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(body) - .expect(200); - return result; - }; - - const calculateRiskScoreAfterRuleCreationAndExecution = async ( - documentId: string, - { - alerts = 1, - riskScore = 21, - maxSignals = 100, - }: { alerts?: number; riskScore?: number; maxSignals?: number } = {} - ) => { - await createAndSyncRuleAndAlerts({ query: `id: ${documentId}`, alerts, riskScore, maxSignals }); - - return await calculateRiskScores({ - body: { - data_view_id: '.alerts-security.alerts-default', - range: { start: 'now-30d', end: 'now' }, - identifier_type: 'host', - }, - }); - }; - - describe('@ess @serverless Risk Scoring Calculation API', () => { - before(async () => { - enableAssetCriticalityAdvancedSetting(kibanaServer, log); - }); - - context('with auditbeat data', () => { - const { indexListOfDocuments } = dataGeneratorFactory({ - es, - index: 'ecs_compliant', - log, - }); - - before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/security_solution/ecs_compliant'); - }); - - after(async () => { - await esArchiver.unload( - 'x-pack/test/functional/es_archives/security_solution/ecs_compliant' - ); - }); - - beforeEach(async () => { - await deleteAllAlerts(supertest, log, es); - await deleteAllRules(supertest, log); - - await cleanRiskEngine({ kibanaServer, es, log }); - await riskEngineRoutes.init(); - }); - - afterEach(async () => { - await deleteAllRiskScores(log, es); - await deleteAllAlerts(supertest, log, es); - await deleteAllRules(supertest, log); - - await cleanRiskEngine({ kibanaServer, es, log }); - }); - - it('calculates and persists risk score', async () => { - const documentId = uuidv4(); - await indexListOfDocuments([buildDocument({ host: { name: 'host-1' } }, documentId)]); - - const results = await calculateRiskScoreAfterRuleCreationAndExecution(documentId); - expect(results).to.eql({ - after_keys: { - host: { - 'host.name': 'host-1', - }, - }, - errors: [], - scores_written: 1, - }); - - await waitForRiskScoresToBePresent({ es, log }); - const scores = await readRiskScores(es); - - expect(scores.length).to.eql(1); - const [score] = normalizeScores(scores); - - expect(score).to.eql({ - calculated_level: 'Unknown', - calculated_score: 21, - calculated_score_norm: 8.10060175898781, - category_1_score: 8.10060175898781, - category_1_count: 1, - id_field: 'host.name', - id_value: 'host-1', - }); - }); - - it('upgrades latest risk score index dynamic setting before persisting risk scores', async () => { - const documentId = uuidv4(); - await indexListOfDocuments([buildDocument({ host: { name: 'host-1' } }, documentId)]); - - await calculateRiskScoreAfterRuleCreationAndExecution(documentId); - - const unmodifiedIndexMapping = await getLatestRiskScoreIndexMapping(es); - // by default, the dynamic mapping is set to false. - expect(unmodifiedIndexMapping?.dynamic).to.eql('false'); - - // set the 'dynamic' configuration to an undesirable value - await es.indices.putMapping({ - index: 'risk-score.risk-score-latest-default', - dynamic: 'strict', - }); - - expect((await getLatestRiskScoreIndexMapping(es))?.dynamic).to.eql('strict'); - - // before re-running risk score persistence, the dynamic configuration should be reset to the desired value - await calculateRiskScoreAfterRuleCreationAndExecution(documentId); - - const finalIndexMapping = await getLatestRiskScoreIndexMapping(es); - - expect(finalIndexMapping?.dynamic).to.eql('false'); - - // after all processing is complete, the mapping should be exactly the same as before - expect(unmodifiedIndexMapping).to.eql(finalIndexMapping); - }); - - describe('paging through calculations', () => { - let documentId: string; - beforeEach(async () => { - documentId = uuidv4(); - const baseEvent = buildDocument({ host: { name: 'host-1' } }, documentId); - await indexListOfDocuments( - Array(10) - .fill(baseEvent) - .map((_baseEvent, index) => ({ - ..._baseEvent, - 'host.name': `host-${index}`, - })) - ); - - await createAndSyncRuleAndAlerts({ - query: `id: ${documentId}`, - alerts: 10, - riskScore: 40, - }); - }); - - it('calculates and persists a single page of risk scores', async () => { - const results = await calculateRiskScores({ - body: { - data_view_id: '.alerts-security.alerts-default', - identifier_type: 'host', - range: { start: 'now-30d', end: 'now' }, - }, - }); - expect(results).to.eql({ - after_keys: { - host: { - 'host.name': 'host-9', - }, - }, - errors: [], - scores_written: 10, - }); - - await waitForRiskScoresToBePresent({ es, log, scoreCount: 10 }); - const scores = await readRiskScores(es); - - expect(scores.length).to.eql(10); - }); - - it('calculates and persists multiple pages of risk scores', async () => { - const results = await calculateRiskScores({ - body: { - data_view_id: '.alerts-security.alerts-default', - identifier_type: 'host', - range: { start: 'now-30d', end: 'now' }, - page_size: 5, - }, - }); - expect(results).to.eql({ - after_keys: { - host: { - 'host.name': 'host-4', - }, - }, - errors: [], - scores_written: 5, - }); - - const secondResults = await calculateRiskScores({ - body: { - after_keys: { - host: { - 'host.name': 'host-4', - }, - }, - data_view_id: '.alerts-security.alerts-default', - identifier_type: 'host', - range: { start: 'now-30d', end: 'now' }, - page_size: 5, - }, - }); - - expect(secondResults).to.eql({ - after_keys: { - host: { - 'host.name': 'host-9', - }, - }, - errors: [], - scores_written: 5, - }); - - await waitForRiskScoresToBePresent({ es, log, scoreCount: 10 }); - const scores = await readRiskScores(es); - - expect(scores.length).to.eql(10); - }); - - it('returns an appropriate response if there are no inputs left to score/persist', async () => { - const results = await calculateRiskScores({ - body: { - data_view_id: '.alerts-security.alerts-default', - identifier_type: 'host', - range: { start: 'now-30d', end: 'now' }, - page_size: 10, - }, - }); - expect(results).to.eql({ - after_keys: { - host: { - 'host.name': 'host-9', - }, - }, - errors: [], - scores_written: 10, - }); - - const noopCalculationResults = await calculateRiskScores({ - body: { - after_keys: { - host: { - 'host.name': 'host-9', - }, - }, - debug: true, - data_view_id: '.alerts-security.alerts-default', - identifier_type: 'host', - range: { start: 'now-30d', end: 'now' }, - page_size: 5, - }, - }); - - expect(noopCalculationResults).to.eql({ - after_keys: {}, - errors: [], - scores_written: 0, - }); - - await waitForRiskScoresToBePresent({ es, log, scoreCount: 10 }); - const scores = await readRiskScores(es); - - expect(scores.length).to.eql(10); - }); - }); - - describe('@skipInServerless with asset criticality data', () => { - const assetCriticalityRoutes = assetCriticalityRouteHelpersFactory(supertest); - - beforeEach(async () => { - await assetCriticalityRoutes.upsert({ - id_field: 'host.name', - id_value: 'host-1', - criticality_level: 'high_impact', - }); - }); - - afterEach(async () => { - await cleanAssetCriticality({ log, es }); - }); - - it('calculates and persists risk scores with additional criticality metadata and modifiers', async () => { - const documentId = uuidv4(); - await indexListOfDocuments([buildDocument({ host: { name: 'host-1' } }, documentId)]); - await waitForAssetCriticalityToBePresent({ es, log }); - - const results = await calculateRiskScoreAfterRuleCreationAndExecution(documentId); - expect(results).to.eql({ - after_keys: { host: { 'host.name': 'host-1' } }, - errors: [], - scores_written: 1, - }); - - await waitForRiskScoresToBePresent({ es, log }); - const scores = await readRiskScores(es); - expect(scores.length).to.eql(1); - - const [score] = normalizeScores(scores); - expect(score).to.eql({ - criticality_level: 'high_impact', - criticality_modifier: 1.5, - calculated_level: 'Unknown', - calculated_score: 21, - calculated_score_norm: 11.677912063468526, - category_1_score: 8.10060175898781, - category_1_count: 1, - id_field: 'host.name', - id_value: 'host-1', - }); - const [rawScore] = scores; - - expect( - rawScore.host?.risk.category_1_score! + rawScore.host?.risk.category_2_score! - ).to.be.within( - score.calculated_score_norm! - 0.000000000000001, - score.calculated_score_norm! + 0.000000000000001 - ); - }); - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/create_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/create_exception_list_items.ts index ad7c413a3c6a7..b5a4dc3449eb1 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/create_exception_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/create_exception_list_items.ts @@ -26,8 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless create_exception_list_items', () => { describe('validation errors', () => { @@ -65,7 +64,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -95,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql({ - ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), entries, }); }); @@ -115,7 +114,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListItemServerGeneratedProperties(body); const outputList: Partial<ExceptionListItemSchema> = { - ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), item_id: body.item_id, }; expect(bodyToCompare).to.eql(outputList); @@ -165,7 +164,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql({ - ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), expire_time: datetime, }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/delete_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/delete_exception_list_items.ts index 4d3b2be7de27f..89ff41806c97f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/delete_exception_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/delete_exception_list_items.ts @@ -26,8 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless delete_exception_list_items', () => { describe('delete exception list items', () => { @@ -62,7 +61,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -87,7 +86,7 @@ export default ({ getService }: FtrProviderContext) => { .set('kbn-xsrf', 'true') .expect(200); const outputtedList: Partial<ExceptionListItemSchema> = { - ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), item_id: body.item_id, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/find_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/find_exception_list_items.ts index 3fcbd476b7547..bd9068d989c19 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/find_exception_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/find_exception_list_items.ts @@ -28,8 +28,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless find_exception_list_items', () => { describe('find exception list items', () => { @@ -105,11 +104,12 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); body.data = [removeExceptionListItemServerGeneratedProperties(body.data[0])]; + const username = await utils.getUsername(); expect(body).to.eql({ data: [ { comments: [], - created_by: ELASTICSEARCH_USERNAME, + created_by: username, description: 'some description', entries: [ { @@ -126,7 +126,7 @@ export default ({ getService }: FtrProviderContext): void => { os_types: ['windows'], tags: [], type: 'simple', - updated_by: ELASTICSEARCH_USERNAME, + updated_by: username, }, ], page: 1, @@ -177,7 +177,7 @@ export default ({ getService }: FtrProviderContext): void => { body.data = [removeExceptionListItemServerGeneratedProperties(body.data[0])]; expect(body).to.eql({ data: [ - getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), ], page: 1, per_page: 20, diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/read_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/read_exception_list_items.ts index a2cffa490194c..d1689dcaf04b7 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/read_exception_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/read_exception_list_items.ts @@ -25,8 +25,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless read_exception_list_items', () => { describe('reading exception list items', () => { @@ -50,7 +49,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -76,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -100,7 +99,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputtedList: Partial<ExceptionListItemSchema> = { - ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), item_id: body.item_id, }; @@ -128,7 +127,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputtedList: Partial<ExceptionListItemSchema> = { - ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), item_id: body.item_id, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/update_exception_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/update_exception_list_items.ts index 6e0a1daa024e1..46766b1ace80f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/update_exception_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/items/update_exception_list_items.ts @@ -30,8 +30,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless update_exception_list_items', () => { describe('update exception list items', () => { @@ -253,7 +252,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ExceptionListItemSchema> = { - ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', }; @@ -293,7 +292,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ExceptionListItemSchema> = { - ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', item_id: body.item_id, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/create_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/create_exception_lists.ts index da066b078b0c4..0a1ecfa0b0d0a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/create_exception_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/create_exception_lists.ts @@ -21,8 +21,7 @@ import { deleteAllExceptions, removeExceptionListServerGeneratedProperties } fro export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless create_exception_lists', () => { describe('creating exception lists', () => { @@ -39,7 +38,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -52,7 +51,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListServerGeneratedProperties(body); const outputtedList: Partial<ExceptionListSchema> = { - ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), list_id: bodyToCompare.list_id, }; expect(bodyToCompare).to.eql(outputtedList); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/delete_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/delete_exception_lists.ts index ae109897fb138..98b387b1dc9bb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/delete_exception_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/delete_exception_lists.ts @@ -22,8 +22,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless delete_exception_lists', () => { describe('delete exception lists', () => { @@ -49,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -68,7 +67,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputtedList: Partial<ExceptionListSchema> = { - ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), list_id: body.list_id, }; const bodyToCompare = removeExceptionListServerGeneratedProperties(body); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/duplicate_exception_list.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/duplicate_exception_list.ts index 14a4dcfb65ec7..927cf87b93d5a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/duplicate_exception_list.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/duplicate_exception_list.ts @@ -23,8 +23,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless duplicate_exception_lists', () => { afterEach(async () => { @@ -50,7 +49,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListServerGeneratedProperties(body); expect(bodyToCompare).to.eql({ - ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), type: 'detection', list_id: body.list_id, name: `${getCreateExceptionListDetectionSchemaMock().name} [Duplicate]`, @@ -91,7 +90,7 @@ export default ({ getService }: FtrProviderContext) => { const listBodyToCompare = removeExceptionListServerGeneratedProperties(listBody); expect(listBodyToCompare).to.eql({ - ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), type: 'detection', list_id: listBody.list_id, name: `${getCreateExceptionListDetectionSchemaMock().name} [Duplicate]`, diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/find_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/find_exception_lists.ts index cb405b7b7d642..3ffcad93b568e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/find_exception_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/find_exception_lists.ts @@ -17,8 +17,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless find_exception_lists', () => { describe('find exception lists', () => { @@ -58,7 +57,7 @@ export default ({ getService }: FtrProviderContext): void => { body.data = [removeExceptionListServerGeneratedProperties(body.data[0])]; expect(body).to.eql({ - data: [getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)], + data: [getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername())], page: 1, per_page: 20, total: 1, diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/read_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/read_exception_lists.ts index b2061928e1759..89239b1a93c25 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/read_exception_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/read_exception_lists.ts @@ -22,8 +22,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless read_exception_lists', () => { describe('reading exception lists', () => { @@ -46,7 +45,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -65,7 +64,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeExceptionListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -83,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputtedList: Partial<ExceptionListSchema> = { - ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), list_id: body.list_id, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/update_exception_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/update_exception_lists.ts index 1a5aed16b128c..f399bcde87426 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/update_exception_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/exception_lists_items/trial_license_complete_tier/lists/update_exception_lists.ts @@ -23,8 +23,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless update_exception_lists', () => { describe('update exception lists', () => { @@ -53,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ExceptionListSchema> = { - ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', version: 2, }; @@ -86,7 +85,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ExceptionListSchema> = { - ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', list_id: body.list_id, version: 2, @@ -118,7 +117,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ExceptionListSchema> = { - ...getExceptionResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getExceptionResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', description: 'some other description', version: 2, diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/create_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/create_list_items.ts index f174fdff3f774..9ab6eb9361148 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/create_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/create_list_items.ts @@ -16,6 +16,7 @@ import { getCreateMinimalListItemSchemaMockWithoutId, } from '@kbn/lists-plugin/common/schemas/request/create_list_item_schema.mock'; import { getListItemResponseMockWithoutAutoGeneratedValues } from '@kbn/lists-plugin/common/schemas/response/list_item_schema.mock'; +import TestAgent from 'supertest/lib/agent'; import { createListsIndex, deleteListsIndex, @@ -25,12 +26,16 @@ import { import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { - const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless create_list_items', () => { + let supertest: TestAgent; + + before(async () => { + supertest = await utils.createSuperTest('admin'); + }); + describe('validation errors', () => { it('should give a 404 error that the list must exist first before being able to add a list item', async () => { const { body } = await supertest @@ -69,8 +74,9 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const bodyToCompare = removeListItemServerGeneratedProperties(body); + expect(bodyToCompare).to.eql( - getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -89,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/delete_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/delete_list_items.ts index f17d950a10dc1..1f224e2e2db74 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/delete_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/delete_list_items.ts @@ -22,8 +22,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless delete_list_items', () => { describe('deleting list items', () => { @@ -58,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -85,7 +84,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/find_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/find_list_items.ts index aed7d61acf7b2..d7817ea86cd23 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/find_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/find_list_items.ts @@ -79,6 +79,28 @@ export default ({ getService }: FtrProviderContext): void => { }); }); + it('should accept empty string filter', async () => { + await supertest + .post(LIST_URL) + .set('kbn-xsrf', 'true') + .send(getCreateMinimalListSchemaMock()) + .expect(200); + + const { body } = await supertest + .get(`${LIST_ITEM_URL}/_find?list_id=${LIST_ID}&filter=`) + .set('kbn-xsrf', 'true') + .send() + .expect(200); + + expect(body).toEqual({ + cursor: 'WzBd', + data: [], + page: 1, + per_page: 20, + total: 0, + }); + }); + it('should return a single list item when a single list item is loaded from a find with defaults added', async () => { const listMock = getCreateMinimalListSchemaMock(); const listItemMock = getCreateMinimalListItemSchemaMock(); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items.ts index 7fabd749bc01d..3e2949568d7b9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items.ts @@ -24,8 +24,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless import_list_items', () => { describe('importing list items without an index', () => { @@ -106,7 +105,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeListServerGeneratedProperties(body); const outputtedList: Partial<ListSchema> = { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'list_items.txt', description: 'File uploaded from file system of list_items.txt', }; @@ -139,7 +138,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeListItemServerGeneratedProperties(body[0]); const outputtedList: Partial<ListItemSchema> = { - ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), list_id: 'list_items.txt', }; expect(bodyToCompare).to.eql(outputtedList); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items_migrations.ts index cd614bd07e359..abcbc8499af86 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items_migrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/import_list_items_migrations.ts @@ -22,8 +22,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess import_list_items_migrations', () => { describe('import list to legacy index and migrate it', () => { @@ -49,7 +48,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyToCompare = removeListServerGeneratedProperties(body); const outputtedList: Partial<ListSchema> = { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'list_items.txt', description: 'File uploaded from file system of list_items.txt', }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/patch_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/patch_list_items.ts index 01a9d332ba355..ac25a46b458b8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/patch_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/patch_list_items.ts @@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const retry = getService('retry'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless patch_list_items', () => { describe('patch list items', () => { @@ -70,7 +69,7 @@ export default ({ getService }: FtrProviderContext) => { .send(patchListItemPayload); const outputListItem: Partial<ListItemSchema> = { - ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), value: '192.168.0.2', }; const bodyToCompare = removeListItemServerGeneratedProperties(body); @@ -120,7 +119,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputListItem: Partial<ListItemSchema> = { - ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), value: '192.168.0.2', }; const bodyToCompare = { diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/read_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/read_list_items.ts index b0005ccb3fc0b..6b57358f68057 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/read_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/read_list_items.ts @@ -23,8 +23,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless read_list_items', () => { describe('reading list items', () => { @@ -56,7 +55,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -80,7 +79,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListItemServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/update_list_items.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/update_list_items.ts index 90d246d141866..073127cebfb3b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/update_list_items.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/items/update_list_items.ts @@ -29,8 +29,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const retry = getService('retry'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless update_list_items', () => { describe('update list items', () => { @@ -69,7 +68,7 @@ export default ({ getService }: FtrProviderContext) => { .send(updatedListItem); const outputListItem: Partial<ListItemSchema> = { - ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), value: '192.168.0.2', }; const bodyToCompare = removeListItemServerGeneratedProperties(body); @@ -119,7 +118,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputListItem: Partial<ListItemSchema> = { - ...getListItemResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListItemResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), value: '192.168.0.2', }; const bodyToCompare = { diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/create_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/create_lists.ts index 8cd7517c9efe8..d8ee7bcb7bd8a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/create_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/create_lists.ts @@ -25,8 +25,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless create_lists', () => { describe('creating lists', () => { @@ -47,7 +46,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -60,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/delete_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/delete_lists.ts index 87b54d9a2e99a..bcb02e613defc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/delete_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/delete_lists.ts @@ -33,8 +33,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless delete_lists', () => { describe('deleting lists', () => { @@ -62,7 +61,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -86,7 +85,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -106,7 +105,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -260,7 +259,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListServerGeneratedProperties(deleteListBody.body); expect(bodyToCompare).to.eql( - getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); await supertest diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists.ts index 3c47ad92eb824..f28f5252e3679 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists.ts @@ -22,8 +22,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless find_lists', () => { describe('find lists', () => { @@ -70,7 +69,7 @@ export default ({ getService }: FtrProviderContext): void => { // cursor is a constant changing value so we have to delete it as well. delete body.cursor; expect(body).to.eql({ - data: [getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)], + data: [getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername())], page: 1, per_page: 20, total: 1, diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists_by_size.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists_by_size.ts index 813293ed1e7cc..f4aacaa2f8b77 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists_by_size.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/find_lists_by_size.ts @@ -25,8 +25,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless find_lists_by_size', () => { describe('find lists by size', () => { @@ -81,11 +80,13 @@ export default ({ getService }: FtrProviderContext): void => { body.largeLists = [removeListServerGeneratedProperties(body.largeLists[0])]; // cursor is a constant changing value so we have to delete it as well. delete body.cursor; + + const username = await utils.getUsername(); expect(body).to.eql({ - smallLists: [getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME)], + smallLists: [getListResponseMockWithoutAutoGeneratedValues(username)], largeLists: [ { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(username), type: 'text', }, ], diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/patch_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/patch_lists.ts index 2586dcb23ab4f..51d9a2a9b5dab 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/patch_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/patch_lists.ts @@ -24,8 +24,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const retry = getService('retry'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless patch_lists', () => { describe('patch lists', () => { @@ -59,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ListSchema> = { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', version: 2, }; @@ -100,7 +99,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ListSchema> = { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', version: 2, }; @@ -140,7 +139,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ListSchema> = { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', version: 2, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/read_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/read_lists.ts index 025725fe01575..6750acd2f4a5a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/read_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/read_lists.ts @@ -24,8 +24,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless read_lists', () => { describe('reading lists', () => { @@ -52,7 +51,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); @@ -71,7 +70,7 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompare = removeListServerGeneratedProperties(body); expect(bodyToCompare).to.eql( - getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME) + getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()) ); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/update_lists.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/update_lists.ts index 28084f54d2abe..21d1db4ff3e94 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/update_lists.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/lists_items/trial_license_complete_tier/lists/update_lists.ts @@ -25,8 +25,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const retry = getService('retry'); - const config = getService('config'); - const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); + const utils = getService('securitySolutionUtils'); describe('@ess @serverless update_lists', () => { describe('update lists', () => { @@ -59,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ListSchema> = { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', version: 2, }; @@ -89,7 +88,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); const outputList: Partial<ListSchema> = { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', version: 2, }; @@ -188,7 +187,7 @@ export default ({ getService }: FtrProviderContext) => { const { body } = await supertest.put(LIST_URL).set('kbn-xsrf', 'true').send(updatedList); const outputList: Partial<ListSchema> = { - ...getListResponseMockWithoutAutoGeneratedValues(ELASTICSEARCH_USERNAME), + ...getListResponseMockWithoutAutoGeneratedValues(await utils.getUsername()), name: 'some other name', description: 'some other description', version: 2, diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts index 9121e524ddbb4..0f90e406682f3 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/machine_learning_rule.cy.ts @@ -4,13 +4,11 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { isArray } from 'lodash'; import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules'; import { getMachineLearningRule } from '../../../../objects/rule'; import { - CUSTOM_RULES_BTN, RISK_SCORE, RULES_MANAGEMENT_TABLE, RULE_NAME, @@ -53,13 +51,27 @@ import { login } from '../../../../tasks/login'; import { visit } from '../../../../tasks/navigation'; import { openRuleManagementPageViaBreadcrumbs } from '../../../../tasks/rules_management'; import { CREATE_RULE_URL } from '../../../../urls/navigation'; +import { forceStopAndCloseJob } from '../../../../support/machine_learning'; +import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common'; describe('Machine Learning rules', { tags: ['@ess', '@serverless'] }, () => { const expectedUrls = (getMachineLearningRule().references ?? []).join(''); const expectedFalsePositives = (getMachineLearningRule().false_positives ?? []).join(''); const expectedTags = (getMachineLearningRule().tags ?? []).join(''); const expectedMitre = formatMitreAttackDescription(getMachineLearningRule().threat ?? []); - const expectedNumberOfRules = 1; + const expectedJobText = [ + 'Unusual Linux Network Activity', + 'Anomalous Process for a Linux Population', + ].join(''); + + before(() => { + const machineLearningJobIds = ([] as string[]).concat( + getMachineLearningRule().machine_learning_job_id + ); + // ensure no ML jobs are started before the suite + machineLearningJobIds.forEach((jobId) => forceStopAndCloseJob({ jobId })); + deleteAlertsAndRules(); + }); beforeEach(() => { login(); @@ -75,9 +87,7 @@ describe('Machine Learning rules', { tags: ['@ess', '@serverless'] }, () => { createAndEnableRule(); openRuleManagementPageViaBreadcrumbs(); - cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)'); - - expectNumberOfRules(RULES_MANAGEMENT_TABLE, expectedNumberOfRules); + expectNumberOfRules(RULES_MANAGEMENT_TABLE, 1); cy.get(RULE_NAME).should('have.text', mlRule.name); cy.get(RISK_SCORE).should('have.text', mlRule.risk_score); @@ -104,15 +114,12 @@ describe('Machine Learning rules', { tags: ['@ess', '@serverless'] }, () => { getDetails(ANOMALY_SCORE_DETAILS).should('have.text', mlRule.anomaly_threshold); getDetails(RULE_TYPE_DETAILS).should('have.text', 'Machine Learning'); getDetails(TIMELINE_TEMPLATE_DETAILS).should('have.text', 'None'); - const machineLearningJobsArray = isArray(mlRule.machine_learning_job_id) - ? mlRule.machine_learning_job_id - : [mlRule.machine_learning_job_id]; // With the #1912 ML rule improvement changes we enable jobs on rule creation. // Though, in cypress jobs enabling does not work reliably and job can be started or stopped. // Thus, we disable next check till we fix the issue with enabling jobs in cypress. // Relevant ticket: https://github.com/elastic/security-team/issues/5389 // cy.get(MACHINE_LEARNING_JOB_STATUS).should('have.text', 'StoppedStopped'); - cy.get(MACHINE_LEARNING_JOB_ID).should('have.text', machineLearningJobsArray.join('')); + cy.get(MACHINE_LEARNING_JOB_ID).should('have.text', expectedJobText); }); cy.get(SCHEDULE_DETAILS).within(() => { getDetails(RUNS_EVERY_DETAILS) diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts index 28eaef22cc2e7..29e2379367c0b 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_gaps/manual_rule_run.cy.ts @@ -32,7 +32,7 @@ describe('Manual rule run', { tags: ['@ess', '@serverless', '@skipInServerlessMK ); manualRuleRunFromDetailsPage(); - cy.get(TOASTER).should('have.text', 'Successfully scheduled backfill for 1 rule'); + cy.get(TOASTER).should('have.text', 'Successfully scheduled manual run for 1 rule'); }); it('schedule from rules management table', () => { @@ -42,7 +42,7 @@ describe('Manual rule run', { tags: ['@ess', '@serverless', '@skipInServerlessMK disableAutoRefresh(); manuallyRunFirstRule(); - cy.get(TOASTER).should('have.text', 'Successfully scheduled backfill for 1 rule'); + cy.get(TOASTER).should('have.text', 'Successfully scheduled manual run for 1 rule'); } ); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/backfill_group.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/backfill_group.cy.ts index 7413b8a8f02c7..2f97e2f3c0721 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/backfill_group.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/backfill_group.cy.ts @@ -58,7 +58,7 @@ describe( interceptFindBackfills(); goToExecutionLogTab(); - cy.get(RULE_BACKFILLS_INFO_HEADEAR).contains('Backfill runs'); + cy.get(RULE_BACKFILLS_INFO_HEADEAR).contains('Manual runs'); getBackfillsTableRows().should('have.length', 2); getBackfillsTableRows().eq(0).contains('Pending'); getBackfillsTableRows().eq(0).find(RULE_BACKFILLS_COLUMN_ERROR).contains('1'); @@ -76,11 +76,11 @@ describe( getBackfillsTableRows().eq(0).find(RULE_BACKFILLS_DELETE_BUTTON).click(); - cy.get(RULE_BACKFILLS_DELETE_MODAL).contains('Are you sure you want to stop this run?'); + cy.get(RULE_BACKFILLS_DELETE_MODAL).contains('Stop this rule run'); interceptDeleteBackfill(FIRST_BACKFILL_ID, 'deleteBackfill'); cy.get(RULE_BACKFILL_DELETE_MODAL_CONFIRM_BUTTON).click(); cy.wait('@deleteBackfill'); - cy.get(TOASTER).contains('Run stopped'); + cy.get(TOASTER).contains('Rule run stopped'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts index 518980c29c908..ee229539c8dbd 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics/dashboards/upgrade_risk_score.cy.ts @@ -5,7 +5,6 @@ * 2.0. */ -import { getNewRule } from '../../../objects/rule'; import { UPGRADE_RISK_SCORE_BUTTON, USERS_TABLE, @@ -23,7 +22,6 @@ import { } from '../../../tasks/api_calls/risk_scores'; import { clickUpgradeRiskScore } from '../../../tasks/risk_scores'; -import { createRule } from '../../../tasks/api_calls/rules'; import { login } from '../../../tasks/login'; import { visitWithTimeRange } from '../../../tasks/navigation'; @@ -32,15 +30,15 @@ import { RiskScoreEntity } from '../../../tasks/risk_scores/common'; import { ENTITY_ANALYTICS_URL } from '../../../urls/navigation'; import { upgradeRiskEngine } from '../../../tasks/entity_analytics'; import { deleteRiskEngineConfiguration } from '../../../tasks/api_calls/risk_engine'; +import { deleteAlertsAndRules } from '../../../tasks/api_calls/common'; const spaceId = 'default'; -// Failing: See https://github.com/elastic/kibana/issues/185024 -describe.skip('Upgrade risk scores', { tags: ['@ess'] }, () => { +describe('Upgrade risk scores', { tags: ['@ess'] }, () => { beforeEach(() => { login(); deleteRiskEngineConfiguration(); - createRule(getNewRule({ rule_id: 'rule1' })); + deleteAlertsAndRules(); }); describe('show upgrade risk button', () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts index 45dcbd0b6c861..c0895ec187365 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/cases/creation.cy.ts @@ -48,16 +48,21 @@ import { fillCasesMandatoryfields, filterStatusOpen, } from '../../../tasks/create_new_case'; -import { login } from '../../../tasks/login'; import { visit, visitWithTimeRange } from '../../../tasks/navigation'; import { CASES_URL, OVERVIEW_URL } from '../../../urls/navigation'; import { ELASTICSEARCH_USERNAME, IS_SERVERLESS } from '../../../env_var_names_constants'; import { deleteCases } from '../../../tasks/api_calls/cases'; +import { login } from '../../../tasks/login'; -// https://github.com/elastic/kibana/issues/179231 const isServerless = Cypress.env(IS_SERVERLESS); -const username = isServerless ? 'platform_engineer' : Cypress.env(ELASTICSEARCH_USERNAME); +const getUsername = () => { + if (isServerless) { + return cy.task('getFullname'); + } else { + return cy.wrap(Cypress.env(ELASTICSEARCH_USERNAME)); + } +}; // Tracked by https://github.com/elastic/security-team/issues/7696 describe('Cases', { tags: ['@ess', '@serverless'] }, () => { @@ -109,12 +114,17 @@ describe('Cases', { tags: ['@ess', '@serverless'] }, () => { cy.get(CASE_DETAILS_PAGE_TITLE).should('have.text', this.mycase.name); cy.get(CASE_DETAILS_STATUS).should('have.text', 'Open'); cy.get(CASE_DETAILS_USER_ACTION_DESCRIPTION_EVENT).should('have.text', 'Description'); + cy.get(CASE_DETAILS_DESCRIPTION).should( 'have.text', `${this.mycase.description} ${this.mycase.timeline.title}` ); - cy.get(CASE_DETAILS_USERNAMES).eq(REPORTER).should('contain', username); - cy.get(CASE_DETAILS_USERNAMES).eq(PARTICIPANTS).should('contain', username); + + getUsername().then((username) => { + cy.get(CASE_DETAILS_USERNAMES).eq(REPORTER).should('contain', username); + cy.get(CASE_DETAILS_USERNAMES).eq(PARTICIPANTS).should('contain', username); + }); + cy.get(CASE_DETAILS_TAGS).should('have.text', expectedTags); EXPECTED_METRICS.forEach((metric) => { diff --git a/x-pack/test/security_solution_cypress/cypress/env_var_names_constants.ts b/x-pack/test/security_solution_cypress/cypress/env_var_names_constants.ts index 20f44653f72f0..697448bd0aeaa 100644 --- a/x-pack/test/security_solution_cypress/cypress/env_var_names_constants.ts +++ b/x-pack/test/security_solution_cypress/cypress/env_var_names_constants.ts @@ -5,6 +5,8 @@ * 2.0. */ +import { ROLES } from '@kbn/security-solution-plugin/common/test'; + /** * The `CYPRESS_ELASTICSEARCH_USERNAME` environment variable specifies the * username to be used when authenticating with Kibana @@ -28,3 +30,9 @@ export const IS_SERVERLESS = 'IS_SERVERLESS'; * environment is a real MKI. */ export const CLOUD_SERVERLESS = 'CLOUD_SERVERLESS'; + +/** + * The `DEFAULT_SERVERLESS_ROLE` environment variable specifies the default role used + * on serverless tests/ + */ +export const DEFAULT_SERVERLESS_ROLE = ROLES.platform_engineer; diff --git a/x-pack/test/security_solution_cypress/cypress/objects/rule.ts b/x-pack/test/security_solution_cypress/cypress/objects/rule.ts index 04ba983664952..50e358515d922 100644 --- a/x-pack/test/security_solution_cypress/cypress/objects/rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/objects/rule.ts @@ -361,8 +361,8 @@ export const getMachineLearningRule = ( ): MachineLearningRuleCreateProps => ({ type: 'machine_learning', machine_learning_job_id: [ - 'Unusual Linux Network Activity', - 'Anomalous Process for a Linux Population', + 'v3_linux_anomalous_network_activity', + 'v3_linux_anomalous_process_all_hosts', ], anomaly_threshold: 20, name: 'New ML Rule Test', diff --git a/x-pack/test/security_solution_cypress/cypress/support/machine_learning.ts b/x-pack/test/security_solution_cypress/cypress/support/machine_learning.ts new file mode 100644 index 0000000000000..e562a693865e3 --- /dev/null +++ b/x-pack/test/security_solution_cypress/cypress/support/machine_learning.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { rootRequest } from '../tasks/api_calls/common'; + +/** + * Calls the internal ML Jobs API to force stop the datafeed of, and force close + * the job with the given ID. + * + * @param jobId the ID of the ML job to stop and close + * @returns the response from the force stop and close job request + */ +export const forceStopAndCloseJob = ({ jobId }: { jobId: string }) => + rootRequest({ + headers: { + 'elastic-api-version': 1, + }, + method: 'POST', + url: '/internal/ml/jobs/force_stop_and_close_job', + failOnStatusCode: false, + body: { + jobId, + }, + }); diff --git a/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts b/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts index 4c26b46a0f62a..b1fcc4ade9cdf 100644 --- a/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts +++ b/x-pack/test/security_solution_cypress/cypress/support/saml_auth.ts @@ -9,6 +9,7 @@ import { ToolingLog } from '@kbn/tooling-log'; import { SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; import { HostOptions, SamlSessionManager } from '@kbn/test'; +import { DEFAULT_SERVERLESS_ROLE } from '../env_var_names_constants'; export const samlAuthentication = async ( on: Cypress.PluginEvents, @@ -28,10 +29,11 @@ export const samlAuthentication = async ( password: config.env.ELASTICSEARCH_PASSWORD, }; + // If config.env.PROXY_ORG is set, it means that proxy service is used to create projects. Define the proxy org filename to override the roles. + const rolesFilename = config.env.PROXY_ORG ? `${config.env.PROXY_ORG}.json` : undefined; + on('task', { getSessionCookie: async (role: string | SecurityRoleName): Promise<string> => { - // If config.env.PROXY_ORG is set, it means that proxy service is used to create projects. Define the proxy org filename to override the roles. - const rolesFilename = config.env.PROXY_ORG ? `${config.env.PROXY_ORG}.json` : undefined; const sessionManager = new SamlSessionManager( { hostOptions, @@ -42,5 +44,19 @@ export const samlAuthentication = async ( ); return sessionManager.getSessionCookieForRole(role); }, + getFullname: async ( + role: string | SecurityRoleName = DEFAULT_SERVERLESS_ROLE + ): Promise<string> => { + const sessionManager = new SamlSessionManager( + { + hostOptions, + log, + isCloud: config.env.CLOUD_SERVERLESS, + }, + rolesFilename + ); + const { full_name: fullName } = await sessionManager.getUserData(role); + return fullName; + }, }); }; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/alerts_detection_rules.ts b/x-pack/test/security_solution_cypress/cypress/tasks/alerts_detection_rules.ts index 97d6c34fdd040..7304a23f75e77 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/alerts_detection_rules.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/alerts_detection_rules.ts @@ -384,7 +384,7 @@ export const expectNumberOfRules = ( expectedNumber: number ) => { cy.log(`Expecting rules table to contain #${expectedNumber} rules`); - cy.get(tableSelector).find(RULES_ROW).should('have.length', expectedNumber); + cy.get(tableSelector).find(RULES_ROW).its('length').should('be.gte', expectedNumber); }; export const expectToContainRule = ( diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts index d9f0120ab0199..e8be51d0d3731 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts @@ -802,21 +802,20 @@ export const continueFromDefineStep = () => { getDefineContinueButton().should('exist').click({ force: true }); }; -export const fillDefineMachineLearningRuleAndContinue = (rule: MachineLearningRuleCreateProps) => { +export const fillDefineMachineLearningRule = (rule: MachineLearningRuleCreateProps) => { const jobsAsArray = isArray(rule.machine_learning_job_id) ? rule.machine_learning_job_id : [rule.machine_learning_job_id]; - const text = jobsAsArray - .map((machineLearningJob) => `${machineLearningJob}{downArrow}{enter}`) - .join(''); cy.get(MACHINE_LEARNING_DROPDOWN_INPUT).click({ force: true }); - cy.get(MACHINE_LEARNING_DROPDOWN_INPUT).type(text); - - cy.get(MACHINE_LEARNING_DROPDOWN_INPUT).type('{esc}'); + cy.get(MACHINE_LEARNING_DROPDOWN_INPUT).type(optionsToComboboxText(jobsAsArray)); cy.get(ANOMALY_THRESHOLD_INPUT).type(`{selectall}${rule.anomaly_threshold}`, { force: true, }); +}; + +export const fillDefineMachineLearningRuleAndContinue = (rule: MachineLearningRuleCreateProps) => { + fillDefineMachineLearningRule(rule); getDefineContinueButton().should('exist').click({ force: true }); }; @@ -909,9 +908,20 @@ export const enablesAndPopulatesThresholdSuppression = ( cy.get(ALERT_SUPPRESSION_DURATION_PER_TIME_INTERVAL).should('be.enabled').should('be.checked'); }; +const optionsToComboboxText = (options: string[]) => { + return options.map((o) => `${o}{downArrow}{enter}{esc}`).join(''); +}; + export const fillAlertSuppressionFields = (fields: string[]) => { - fields.forEach((field) => { - cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).type(`${field}{enter}`); + cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).should('not.be.disabled'); + cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).click(); + cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).type(optionsToComboboxText(fields)); +}; + +export const clearAlertSuppressionFields = () => { + cy.get(ALERT_SUPPRESSION_FIELDS_COMBO_BOX).should('not.be.disabled'); + cy.get(ALERT_SUPPRESSION_FIELDS).within(() => { + cy.get(COMBO_BOX_CLEAR_BTN).click(); }); }; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts index c43aaa26e3c4e..4d996af79cbc6 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts @@ -10,6 +10,7 @@ import { KNOWN_SERVERLESS_ROLE_DEFINITIONS } from '@kbn/security-solution-plugin import { LOGOUT_URL } from '../urls/navigation'; import { CLOUD_SERVERLESS, + DEFAULT_SERVERLESS_ROLE, ELASTICSEARCH_PASSWORD, ELASTICSEARCH_USERNAME, IS_SERVERLESS, @@ -45,7 +46,7 @@ export const login = (role?: SecurityRoleName): void => { if (Cypress.env(IS_SERVERLESS)) { if (!role) { - testRole = 'platform_engineer'; + testRole = DEFAULT_SERVERLESS_ROLE; } else { testRole = role; } diff --git a/x-pack/test/tsconfig.json b/x-pack/test/tsconfig.json index d7727ec005328..13e3d0634cd40 100644 --- a/x-pack/test/tsconfig.json +++ b/x-pack/test/tsconfig.json @@ -120,7 +120,6 @@ "@kbn/discover-plugin", "@kbn/files-plugin", "@kbn/shared-ux-file-types", - "@kbn/assetManager-plugin", "@kbn/guided-onboarding-plugin", "@kbn/field-formats-plugin", "@kbn/ml-anomaly-utils", diff --git a/x-pack/test_serverless/api_integration/test_suites/common/alerting/alert_documents.ts b/x-pack/test_serverless/api_integration/test_suites/common/alerting/alert_documents.ts index 3e0f400d35e78..a8106a85a9bc9 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/alerting/alert_documents.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/alerting/alert_documents.ts @@ -13,6 +13,7 @@ import { ALERT_FLAPPING, ALERT_FLAPPING_HISTORY, ALERT_INSTANCE_ID, + ALERT_SEVERITY_IMPROVING, ALERT_MAINTENANCE_WINDOW_IDS, ALERT_REASON, ALERT_RULE_CATEGORY, @@ -38,6 +39,7 @@ import { VERSION, ALERT_CONSECUTIVE_MATCHES, ALERT_RULE_EXECUTION_TIMESTAMP, + ALERT_PREVIOUS_ACTION_GROUP, } from '@kbn/rule-data-utils'; import { FtrProviderContext } from '../../../ftr_provider_context'; import { createEsQueryRule } from './helpers/alerting_api_helper'; @@ -155,6 +157,8 @@ export default function ({ getService }: FtrProviderContext) { 'kibana.alert.url', 'kibana.version', 'kibana.alert.consecutive_matches', + 'kibana.alert.severity_improving', + 'kibana.alert.previous_action_group', ]; for (const field of fields) { @@ -274,6 +278,8 @@ export default function ({ getService }: FtrProviderContext) { expect(hits2[ALERT_DURATION]).not.to.be(0); expect(hits2[ALERT_RULE_EXECUTION_TIMESTAMP]).to.eql(hits2['@timestamp']); expect(hits2[ALERT_CONSECUTIVE_MATCHES]).to.be.greaterThan(hits1[ALERT_CONSECUTIVE_MATCHES]); + expect(hits2[ALERT_PREVIOUS_ACTION_GROUP]).to.be('query matched'); + expect(hits2[ALERT_SEVERITY_IMPROVING]).to.be(undefined); // remove fields we know will be different const fields = [ @@ -285,6 +291,8 @@ export default function ({ getService }: FtrProviderContext) { 'kibana.alert.rule.execution.uuid', 'kibana.alert.rule.execution.timestamp', 'kibana.alert.consecutive_matches', + 'kibana.alert.severity_improving', + 'kibana.alert.previous_action_group', ]; for (const field of fields) { diff --git a/x-pack/test_serverless/api_integration/test_suites/common/alerting/summary_actions.ts b/x-pack/test_serverless/api_integration/test_suites/common/alerting/summary_actions.ts index 0058e15d85c97..27f27f33bd163 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/alerting/summary_actions.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/alerting/summary_actions.ts @@ -11,6 +11,7 @@ import { ALERT_ACTION_GROUP, ALERT_FLAPPING, ALERT_INSTANCE_ID, + ALERT_SEVERITY_IMPROVING, ALERT_RULE_CATEGORY, ALERT_RULE_CONSUMER, ALERT_RULE_NAME, @@ -24,6 +25,7 @@ import { ALERT_WORKFLOW_STATUS, SPACE_IDS, TAGS, + ALERT_PREVIOUS_ACTION_GROUP, } from '@kbn/rule-data-utils'; import { omit, padStart } from 'lodash'; import { FtrProviderContext } from '../../../ftr_provider_context'; @@ -194,6 +196,7 @@ export default function ({ getService }: FtrProviderContext) { [ALERT_ACTION_GROUP]: 'query matched', [ALERT_FLAPPING]: false, [ALERT_INSTANCE_ID]: 'query matched', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_RULE_CATEGORY]: 'Elasticsearch query', @@ -323,6 +326,7 @@ export default function ({ getService }: FtrProviderContext) { [ALERT_ACTION_GROUP]: 'query matched', [ALERT_FLAPPING]: false, [ALERT_INSTANCE_ID]: 'query matched', + [ALERT_SEVERITY_IMPROVING]: false, [ALERT_STATUS]: 'active', [ALERT_WORKFLOW_STATUS]: 'open', [ALERT_RULE_CATEGORY]: 'Elasticsearch query', @@ -546,6 +550,7 @@ export default function ({ getService }: FtrProviderContext) { ['kibana.alert.evaluation.threshold']: -1, ['kibana.alert.evaluation.value']: '0', [ALERT_ACTION_GROUP]: 'query matched', + [ALERT_PREVIOUS_ACTION_GROUP]: 'query matched', [ALERT_FLAPPING]: false, [ALERT_INSTANCE_ID]: 'query matched', [ALERT_STATUS]: 'active', diff --git a/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts b/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts index 58e54f8f29925..7e37b26ad83b3 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts @@ -27,8 +27,6 @@ export default function ({ getService }: FtrProviderContext) { }; describe('Data Stream', function () { - // see details: https://github.com/elastic/kibana/issues/186648 - this.tags(['failsOnMKI']); before(async () => { roleAuthc = await svlUserManager.createApiKeyForRole('admin'); internalReqHeader = svlCommonApi.getInternalRequestHeader(); @@ -62,7 +60,7 @@ export default function ({ getService }: FtrProviderContext) { await svlUserManager.invalidateApiKeyForRole(roleAuthc); }); - it('uses the datastream configuration with set ILM policy', async () => { + it('uses the datastream configuration', async () => { const { status, body } = await supertestWithoutAuth .get(`/api/index_management/data_streams/.kibana-reporting`) .set(internalReqHeader) @@ -70,29 +68,31 @@ export default function ({ getService }: FtrProviderContext) { svlCommonApi.assertResponseStatusCode(200, status, body); - expect(body).toEqual({ - _meta: { - description: 'default kibana reporting template installed by elasticsearch', - managed: true, - }, - name: '.kibana-reporting', - indexTemplateName: '.kibana-reporting', - generation: 1, - health: 'green', - hidden: true, - indices: [ - { - name: expect.any(String), - uuid: expect.any(String), - managedBy: 'Data stream lifecycle', - preferILM: true, + expect(body).toEqual( + expect.objectContaining({ + _meta: { + description: 'default kibana reporting template installed by elasticsearch', + managed: true, }, - ], - lifecycle: { enabled: true }, - nextGenerationManagedBy: 'Data stream lifecycle', - privileges: { delete_index: true, manage_data_stream_lifecycle: true }, - timeStampField: { name: '@timestamp' }, - }); + name: '.kibana-reporting', + indexTemplateName: '.kibana-reporting', + generation: 1, + health: 'green', + hidden: true, + indices: [ + { + name: expect.any(String), + uuid: expect.any(String), + managedBy: 'Data stream lifecycle', + preferILM: true, + }, + ], + lifecycle: expect.objectContaining({ enabled: true }), + nextGenerationManagedBy: 'Data stream lifecycle', + privileges: { delete_index: true, manage_data_stream_lifecycle: true }, + timeStampField: { name: '@timestamp' }, + }) + ); }); }); } diff --git a/x-pack/test_serverless/api_integration/test_suites/security/fleet/fleet.ts b/x-pack/test_serverless/api_integration/test_suites/security/fleet/fleet.ts index 547d16399bdab..19c01d0944071 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/fleet/fleet.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/fleet/fleet.ts @@ -6,6 +6,7 @@ */ import expect from 'expect'; +import { RoleCredentials } from '../../../../shared/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; import { expectDefaultElasticsearchOutput, @@ -14,13 +15,16 @@ import { export default function (ctx: FtrProviderContext) { const svlCommonApi = ctx.getService('svlCommonApi'); - const supertest = ctx.getService('supertest'); + const supertestWithoutAuth = ctx.getService('supertestWithoutAuth'); + const svlUserManager = ctx.getService('svlUserManager'); + let roleAuthc: RoleCredentials; describe('fleet', function () { let defaultFleetServerHostUrl: string = ''; let defaultEsOutputUrl: string = ''; before(async () => { + roleAuthc = await svlUserManager.createApiKeyForRole('admin'); defaultFleetServerHostUrl = await expectDefaultFleetServer(ctx); expect(defaultFleetServerHostUrl).not.toBe(''); @@ -28,10 +32,15 @@ export default function (ctx: FtrProviderContext) { expect(defaultEsOutputUrl).not.toBe(''); }); + after(async () => { + await svlUserManager.invalidateApiKeyForRole(roleAuthc); + }); + it('rejects request to create a new fleet server hosts if host url is different from default', async () => { - const { body, status } = await supertest + const { body, status } = await supertestWithoutAuth .post('/api/fleet/fleet_server_hosts') .set(svlCommonApi.getInternalRequestHeader()) + .set(roleAuthc.apiKeyHeader) .send({ name: 'test', host_urls: ['https://localhost:8221'], @@ -47,9 +56,10 @@ export default function (ctx: FtrProviderContext) { }); it('accepts request to create a new fleet server hosts if host url is same as default', async () => { - const { body, status } = await supertest + const { body, status } = await supertestWithoutAuth .post('/api/fleet/fleet_server_hosts') .set(svlCommonApi.getInternalRequestHeader()) + .set(roleAuthc.apiKeyHeader) .send({ name: 'Test Fleet server host', host_urls: [defaultFleetServerHostUrl], @@ -65,9 +75,10 @@ export default function (ctx: FtrProviderContext) { }); it('rejects request to create a new elasticsearch output if host is different from default', async () => { - const { body, status } = await supertest + const { body, status } = await supertestWithoutAuth .post('/api/fleet/outputs') .set(svlCommonApi.getInternalRequestHeader()) + .set(roleAuthc.apiKeyHeader) .send({ name: 'Test output', type: 'elasticsearch', @@ -83,9 +94,10 @@ export default function (ctx: FtrProviderContext) { }); it('accepts request to create a new elasticsearch output if host url is same as default', async () => { - const { body, status } = await supertest + const { body, status } = await supertestWithoutAuth .post('/api/fleet/outputs') .set(svlCommonApi.getInternalRequestHeader()) + .set(roleAuthc.apiKeyHeader) .send({ name: 'Test output', type: 'elasticsearch', diff --git a/x-pack/test_serverless/functional/page_objects/svl_search_landing_page.ts b/x-pack/test_serverless/functional/page_objects/svl_search_landing_page.ts index 617b0d76e2ba3..3618fed58dcf3 100644 --- a/x-pack/test_serverless/functional/page_objects/svl_search_landing_page.ts +++ b/x-pack/test_serverless/functional/page_objects/svl_search_landing_page.ts @@ -11,6 +11,7 @@ import { FtrProviderContext } from '../ftr_provider_context'; export function SvlSearchLandingPageProvider({ getService }: FtrProviderContext) { const testSubjects = getService('testSubjects'); const browser = getService('browser'); + const monacoEditor = getService('monacoEditor'); return { async assertSvlSearchSideNavExists() { @@ -32,50 +33,44 @@ export function SvlSearchLandingPageProvider({ getService }: FtrProviderContext) apiKeys: { async openCreateFlyout() { await testSubjects.click('new-api-key-button'); - await testSubjects.existOrFail('create-api-key-submit'); + await testSubjects.existOrFail('formFlyoutSubmitButton'); }, async setApiKeyName(value: string) { - await testSubjects.existOrFail('create-api-key-name'); - await testSubjects.setValue('create-api-key-name', value); + await testSubjects.existOrFail('apiKeyNameInput'); + await testSubjects.setValue('apiKeyNameInput', value); }, async selectNeverExpires() { - await ( - await ( - await testSubjects.find('create-api-key-expires-never-radio') - ).findByTagName('label') - ).click(); - await testSubjects.missingOrFail('create-api-key-expires-days-number-field'); + await (await await testSubjects.find('apiKeyCustomExpirationSwitch')).click(); + await testSubjects.missingOrFail('apiKeyCustomExpirationInput'); }, async createApiKeySubmitAndSuccess() { - await testSubjects.click('create-api-key-submit'); + await testSubjects.click('formFlyoutSubmitButton'); await testSubjects.existOrFail('api-key-create-success-panel'); }, async createApiKeySubmitAndError() { - await testSubjects.click('create-api-key-submit'); - await testSubjects.existOrFail('create-api-key-error-callout'); + await testSubjects.click('formFlyoutSubmitButton'); + await testSubjects.existOrFail('apiKeyFlyoutResponseError'); }, async createApiKeyCancel() { - await testSubjects.click('create-api-key-cancel'); + await testSubjects.click('formFlyoutCancelButton'); }, async createApiKeyToggleMetadataSwitch() { - await testSubjects.click('create-api-metadata-switch'); + await testSubjects.click('apiKeysMetadataSwitch'); }, async expectMetadataEditorToExist() { - await testSubjects.existOrFail('create-api-metadata-code-editor-container'); + await monacoEditor.getCodeEditorValue(1); }, async createApiKeyToggleRoleDescriptorsSwitch() { - await testSubjects.click('create-api-role-descriptors-switch'); + await testSubjects.click('apiKeysRoleDescriptorsSwitch'); }, async expectRoleDescriptorsEditorToExist() { - await testSubjects.existOrFail('create-api-role-descriptors-code-editor-container'); - await testSubjects.existOrFail('serverlessSearchSecurityPrivilegesFormReadOnlyButton'); - await testSubjects.existOrFail('serverlessSearchSecurityPrivilegesFormWriteOnlyButton'); + await monacoEditor.getCodeEditorValue(0); + await testSubjects.existOrFail('apiKeysReadOnlyDescriptors'); + await testSubjects.existOrFail('apiKeysWriteOnlyDescriptors'); }, async setRoleDescriptorsValue(value: string) { - await testSubjects.existOrFail('create-api-role-descriptors-code-editor-container'); - await testSubjects.setValue('kibanaCodeEditor', value, { - clearWithKeyboard: true, - }); + await monacoEditor.getCodeEditorValue(0); + await monacoEditor.setCodeEditorValue(value, 0); }, }, pipeline: { diff --git a/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts b/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts index bb875e7fac186..50b8f0919694a 100644 --- a/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts +++ b/x-pack/test_serverless/functional/test_suites/common/reporting/management.ts @@ -70,8 +70,7 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { await svlUserManager.invalidateApiKeyForRole(roleAuthc); }); - // Cant auth into the route as it's structured currently - xit(`user sees a job they've created`, async () => { + it(`user sees a job they've created`, async () => { const { job: { id: jobId }, } = await reportingAPI.createReportJobInternal( diff --git a/x-pack/test_serverless/shared/services/svl_user_manager.ts b/x-pack/test_serverless/shared/services/svl_user_manager.ts index 12fa18eee6673..14b125d046576 100644 --- a/x-pack/test_serverless/shared/services/svl_user_manager.ts +++ b/x-pack/test_serverless/shared/services/svl_user_manager.ts @@ -55,19 +55,23 @@ export function SvlUserManagerProvider({ getService }: FtrProviderContext) { } }; + const customRolesFileName: string | undefined = process.env.ROLES_FILENAME_OVERRIDE; // Sharing the instance within FTR config run means cookies are persistent for each role between tests. - const sessionManager = new SamlSessionManager({ - hostOptions: { - protocol: config.get('servers.kibana.protocol'), - hostname: config.get('servers.kibana.hostname'), - port: isCloud ? undefined : config.get('servers.kibana.port'), - username: config.get('servers.kibana.username'), - password: config.get('servers.kibana.password'), + const sessionManager = new SamlSessionManager( + { + hostOptions: { + protocol: config.get('servers.kibana.protocol'), + hostname: config.get('servers.kibana.hostname'), + port: isCloud ? undefined : config.get('servers.kibana.port'), + username: config.get('servers.kibana.username'), + password: config.get('servers.kibana.password'), + }, + log, + isCloud, + supportedRoles, }, - log, - isCloud, - supportedRoles, - }); + customRolesFileName + ); const DEFAULT_ROLE = getDefaultRole(); diff --git a/yarn.lock b/yarn.lock index d168b25927c98..29132f7435eed 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1475,6 +1475,17 @@ resolved "https://registry.yarnpkg.com/@cbor-extract/cbor-extract-win32-x64/-/cbor-extract-win32-x64-2.0.0.tgz#4d4ad91527a8313c3db1e2167a8821dfae9d6211" integrity sha512-XqVuJEnE0jpl/RkuSp04FF2UE73gY52Y4nZaIE6j9GAeSH2cHYU5CCd4TaVMDi2M18ZpZv7XhL/k+nneQzyJpQ== +"@cfaester/enzyme-adapter-react-18@^0.8.0": + version "0.8.0" + resolved "https://registry.yarnpkg.com/@cfaester/enzyme-adapter-react-18/-/enzyme-adapter-react-18-0.8.0.tgz#313814eb79658a6e74209f9f1743bcefff14a46f" + integrity sha512-3Z3ThTUouHwz8oIyhTYQljEMNRFtlVyc3VOOHCbxs47U6cnXs8K9ygi/c1tv49s7MBlTXeIcuN+Ttd9aPtILFQ== + dependencies: + enzyme-shallow-equal "^1.0.0" + function.prototype.name "^1.1.6" + has "^1.0.4" + react-is "^18.2.0" + react-shallow-renderer "^16.15.0" + "@cfworker/json-schema@^1.12.7": version "1.12.7" resolved "https://registry.yarnpkg.com/@cfworker/json-schema/-/json-schema-1.12.7.tgz#064d082a11881f684300bc7e6d3021e9d98f9a59" @@ -1658,10 +1669,10 @@ dependencies: object-hash "^1.3.0" -"@elastic/charts@66.0.3": - version "66.0.3" - resolved "https://registry.yarnpkg.com/@elastic/charts/-/charts-66.0.3.tgz#16b2290fd37d7ca4d5eb96bd63b947b59cace39d" - integrity sha512-McCg8X72U4DGqMihlQnuixsCoJEQHAt27lBKYLJWH9n6N/2EUDsdejUPIuiYqCRrEUyUOUq2XcyJMgOw4It50A== +"@elastic/charts@66.0.4": + version "66.0.4" + resolved "https://registry.yarnpkg.com/@elastic/charts/-/charts-66.0.4.tgz#aabb145687805ca7f491df22c15d7d535ca80031" + integrity sha512-fxOivMRUtcTrSOKTqxxDN5XVCzaW0lVrydCxGGHg3NoYEBtOktnF8SWATO8EYfg5cSBDcVbLGOnscqM84Q2aDA== dependencies: "@popperjs/core" "^2.11.8" bezier-easing "^2.1.0" @@ -1715,12 +1726,12 @@ "@elastic/transport" "^8.3.1" tslib "^2.4.0" -"@elastic/elasticsearch@^8.13.1": - version "8.13.1" - resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-8.13.1.tgz#0fbe8318cf7f21c599165bb901277428639d57ec" - integrity sha512-2G4Vu6OHw4+XTrp7AGIcOEezpPEoVrWg2JTK1v/exEKSLYquZkUdd+m4yOL3/UZ6bTj7hmXwrmYzW76BnLCkJQ== +"@elastic/elasticsearch@^8.14.0": + version "8.14.0" + resolved "https://registry.yarnpkg.com/@elastic/elasticsearch/-/elasticsearch-8.14.0.tgz#93b1f2a7cb6cc5cd1ceebf5060576bc690432e0a" + integrity sha512-MGrgCI4y+Ozssf5Q2IkVJlqt5bUMnKIICG2qxeOfrJNrVugMCBCAQypyesmSSocAtNm8IX3LxfJ3jQlFHmKe2w== dependencies: - "@elastic/transport" "~8.4.1" + "@elastic/transport" "^8.6.0" tslib "^2.4.0" "@elastic/ems-client@8.5.1": @@ -1895,17 +1906,17 @@ undici "^5.21.2" yaml "^2.2.2" -"@elastic/transport@^8.3.1", "@elastic/transport@~8.4.1": - version "8.4.1" - resolved "https://registry.yarnpkg.com/@elastic/transport/-/transport-8.4.1.tgz#f98c5a5e2156bcb3f01170b4aca7e7de4d8b61b8" - integrity sha512-/SXVuVnuU5b4dq8OFY4izG+dmGla185PcoqgK6+AJMpmOeY1QYVNbWtCwvSvoAANN5D/wV+EBU8+x7Vf9EphbA== +"@elastic/transport@^8.3.1", "@elastic/transport@^8.6.0": + version "8.6.0" + resolved "https://registry.yarnpkg.com/@elastic/transport/-/transport-8.6.0.tgz#8de9794c87eb0fd2bdb2c6c1e32792aeb06b32bc" + integrity sha512-/Ucpztrc+urZK8yCtFBUu2LePYJNnukgZSUUApUzGH/SxejqkH526Nph7aru8I0vZwdW5wqgCHSOIq3J7tIxGg== dependencies: debug "^4.3.4" hpagent "^1.0.0" ms "^2.1.3" secure-json-parse "^2.4.0" tslib "^2.4.0" - undici "^5.22.1" + undici "^6.12.0" "@emotion/babel-plugin-jsx-pragmatic@^0.2.1": version "0.2.1" @@ -3389,10 +3400,6 @@ version "0.0.0" uid "" -"@kbn/assetManager-plugin@link:x-pack/plugins/observability_solution/asset_manager": - version "0.0.0" - uid "" - "@kbn/assets-data-access-plugin@link:x-pack/plugins/observability_solution/assets_data_access": version "0.0.0" uid "" @@ -4765,6 +4772,10 @@ version "0.0.0" uid "" +"@kbn/entityManager-plugin@link:x-pack/plugins/observability_solution/entity_manager": + version "0.0.0" + uid "" + "@kbn/error-boundary-example-plugin@link:examples/error_boundary": version "0.0.0" uid "" @@ -6109,6 +6120,14 @@ version "0.0.0" uid "" +"@kbn/security-api-key-management@link:x-pack/packages/security/api_key_management": + version "0.0.0" + uid "" + +"@kbn/security-form-components@link:x-pack/packages/security/form_components": + version "0.0.0" + uid "" + "@kbn/security-hardening@link:packages/kbn-security-hardening": version "0.0.0" uid "" @@ -7039,20 +7058,20 @@ resolved "https://registry.yarnpkg.com/@launchdarkly/js-sdk-common/-/js-sdk-common-2.5.0.tgz#d1dc595034bf6ee09b0313add5b8901fe9b82f26" integrity sha512-sVwwUpXwAZsQowdbNN4ckprzR9DMEkurYWFuLjpyaaHtUmB6g7WnIz3lGGIXz/nE3QoUlwtC+eR8Nqb+XdonKw== -"@launchdarkly/js-server-sdk-common@2.4.3": - version "2.4.3" - resolved "https://registry.yarnpkg.com/@launchdarkly/js-server-sdk-common/-/js-server-sdk-common-2.4.3.tgz#4d2a1bb71982dadecbadb0411d1068fb7945f54a" - integrity sha512-1YQ6fMpO0gcWt2Pme5XyUdokQxU5fMcoWAUpHJwxiHAt1+ygDqRD3wuUPCnbJ8KzJprcj51fpCG/9h3KSW9mHA== +"@launchdarkly/js-server-sdk-common@2.4.4": + version "2.4.4" + resolved "https://registry.yarnpkg.com/@launchdarkly/js-server-sdk-common/-/js-server-sdk-common-2.4.4.tgz#709f193202aeadee8389526bdc816009ba084891" + integrity sha512-Y1l570HxRtGdeoaylRHWemmEIvFR33JMX3MyO8PE9TqBkFBJsLIXb+A5hdgGaT/XhTWwce6IWXmHVMotqv0zeA== dependencies: "@launchdarkly/js-sdk-common" "2.5.0" semver "7.5.4" -"@launchdarkly/node-server-sdk@^9.4.5": - version "9.4.5" - resolved "https://registry.yarnpkg.com/@launchdarkly/node-server-sdk/-/node-server-sdk-9.4.5.tgz#4a64319de7917fc149e51a9e22c1a5243d76d849" - integrity sha512-GXYhvfFG7wGgeFoyWUa7Srso4CwMHo+c/WLQzoB1A5EPQ76oVkvYJbrgCym1ZLdIpm06bNRQ75NOn2hRn1SjfQ== +"@launchdarkly/node-server-sdk@^9.4.6": + version "9.4.6" + resolved "https://registry.yarnpkg.com/@launchdarkly/node-server-sdk/-/node-server-sdk-9.4.6.tgz#e1a1614e05eab2515090c7862764498a2f9b2b1e" + integrity sha512-IcQqiaYrAgmCvh1LsfjEVRa4Wk97PWirHnbVu6fRc97kt8WCKDlVo2O+IbOcC6scJVGDJU4aXVehTkfbhUq1Lg== dependencies: - "@launchdarkly/js-server-sdk-common" "2.4.3" + "@launchdarkly/js-server-sdk-common" "2.4.4" https-proxy-agent "^5.0.1" launchdarkly-eventsource "2.0.3" @@ -8088,12 +8107,12 @@ require-from-string "^2.0.2" uri-js "^4.2.2" -"@redocly/cli@^1.12.0": - version "1.12.0" - resolved "https://registry.yarnpkg.com/@redocly/cli/-/cli-1.12.0.tgz#c2191e2d34161cdaf1fcb42d896fd4c5e3313ac8" - integrity sha512-k45WELRAvE0UbYPhEhUPq/T4WOCDx4zoCT3tLokCdnCyeUHgaDzNAzPM2qe5Y8m8k5FUYlNoPdND4PlvUhg9Wg== +"@redocly/cli@^1.16.0": + version "1.16.0" + resolved "https://registry.yarnpkg.com/@redocly/cli/-/cli-1.16.0.tgz#c8885ad46bb9993792e4266535692ce0ceb3895f" + integrity sha512-REmwkNHOd4e50vPeL6mDgHVdyUQ8e+y0cggi/cNXQzGpkZEk17Z+WFL8UFlcM+WebMWDXulJE712jT2lGYS9Zg== dependencies: - "@redocly/openapi-core" "1.12.0" + "@redocly/openapi-core" "1.16.0" abort-controller "^3.0.0" chokidar "^3.5.1" colorette "^1.2.0" @@ -8106,25 +8125,26 @@ node-fetch "^2.6.1" react "^17.0.0 || ^18.2.0" react-dom "^17.0.0 || ^18.2.0" - redoc "~2.1.3" + redoc "~2.1.5" semver "^7.5.2" simple-websocket "^9.0.0" styled-components "^6.0.7" yargs "17.0.1" -"@redocly/config@^0.2.0": - version "0.2.0" - resolved "https://registry.yarnpkg.com/@redocly/config/-/config-0.2.0.tgz#c61fd0a8ccac330de398e26e8cac1a3fedbf9165" - integrity sha512-r0TqTPVXrxdvhpbOntWnJofOx0rC7u+A+tfC0KFwMtw38QCNb3pwodVjeLa7MT5Uu+fcPxfO119yLBj0QHvBuQ== +"@redocly/config@^0.6.0": + version "0.6.1" + resolved "https://registry.yarnpkg.com/@redocly/config/-/config-0.6.1.tgz#931da21d6cbf8e73a873ca12ae690902d848cbb5" + integrity sha512-p4mlj+CD3Byec3wOxDlDln0B0gOcNvEkpl4jn3/e9y8h11ogzXnWxnlJAtE5Kcr1ByujS/7Mbt01df9z1xfMbg== -"@redocly/openapi-core@1.12.0", "@redocly/openapi-core@^1.0.0-rc.2": - version "1.12.0" - resolved "https://registry.yarnpkg.com/@redocly/openapi-core/-/openapi-core-1.12.0.tgz#82047a92a138362c7f411046d855fdcde3a946b8" - integrity sha512-2Jfxv3iIk1JUwLSnLyewJ8GAsoxubROVieg13Sjo79TjuWaUBuI49j8GZqC08ljENqyEIp0JHReDjhKs4Snrhg== +"@redocly/openapi-core@1.16.0", "@redocly/openapi-core@^1.4.0": + version "1.16.0" + resolved "https://registry.yarnpkg.com/@redocly/openapi-core/-/openapi-core-1.16.0.tgz#95afcf822890af3fe8f1bde97018370b5cadb8ca" + integrity sha512-z06h+svyqbUcdAaePq8LPSwTPlm6Ig7j2VlL8skPBYnJvyaQ2IN7x/JkOvRL4ta+wcOCBdAex5JWnZbKaNktJg== dependencies: "@redocly/ajv" "^8.11.0" - "@redocly/config" "^0.2.0" + "@redocly/config" "^0.6.0" colorette "^1.2.0" + https-proxy-agent "^7.0.4" js-levenshtein "^1.1.6" js-yaml "^4.1.0" lodash.isequal "^4.5.0" @@ -12295,13 +12315,13 @@ arr-union@^3.1.0: resolved "https://registry.yarnpkg.com/arr-union/-/arr-union-3.1.0.tgz#e39b09aea9def866a8f206e288af63919bae39c4" integrity sha1-45sJrqne+Gao8gbiiK9jkZuuOcQ= -array-buffer-byte-length@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/array-buffer-byte-length/-/array-buffer-byte-length-1.0.0.tgz#fabe8bc193fea865f317fe7807085ee0dee5aead" - integrity sha512-LPuwb2P+NrQw3XhxGc36+XSvuBPopovXYTR9Ew++Du9Yb/bx5AzBfrIsBoj0EZUifjQU+sHL21sseZ3jerWO/A== +array-buffer-byte-length@^1.0.0, array-buffer-byte-length@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/array-buffer-byte-length/-/array-buffer-byte-length-1.0.1.tgz#1e5583ec16763540a27ae52eed99ff899223568f" + integrity sha512-ahC5W1xgou+KTXix4sAO8Ki12Q+jf4i0+tmk3sC+zgcynshkHxzpXdImBehiUYKKKDwvfFiJl1tZt6ewscS1Mg== dependencies: - call-bind "^1.0.2" - is-array-buffer "^3.0.1" + call-bind "^1.0.5" + is-array-buffer "^3.0.4" array-filter@^1.0.0: version "1.0.0" @@ -12418,16 +12438,18 @@ array.prototype.tosorted@^1.1.1: es-shim-unscopables "^1.0.0" get-intrinsic "^1.1.3" -arraybuffer.prototype.slice@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.1.tgz#9b5ea3868a6eebc30273da577eb888381c0044bb" - integrity sha512-09x0ZWFEjj4WD8PDbykUwo3t9arLn8NIzmmYEJFpYekOAQjpkGSyrQhNoRTcwwcFRu+ycWF78QZ63oWTqSjBcw== +arraybuffer.prototype.slice@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.3.tgz#097972f4255e41bc3425e37dc3f6421cf9aefde6" + integrity sha512-bMxMKAjg13EBSVscxTaYA4mRc5t1UAXa2kXiGTNfZ079HIWXEkKmkgFrh/nJqamaLSrXO5H4WFFkPEaLJWbs3A== dependencies: - array-buffer-byte-length "^1.0.0" - call-bind "^1.0.2" - define-properties "^1.2.0" - get-intrinsic "^1.2.1" - is-array-buffer "^3.0.2" + array-buffer-byte-length "^1.0.1" + call-bind "^1.0.5" + define-properties "^1.2.1" + es-abstract "^1.22.3" + es-errors "^1.2.1" + get-intrinsic "^1.2.3" + is-array-buffer "^3.0.4" is-shared-array-buffer "^1.0.2" arrify@^1.0.1: @@ -12616,7 +12638,7 @@ autoprefixer@^9.8.6: postcss "^7.0.32" postcss-value-parser "^4.1.0" -available-typed-arrays@^1.0.5, available-typed-arrays@^1.0.7: +available-typed-arrays@^1.0.7: version "1.0.7" resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz#a5cc375d6a03c2efc87a553f3e0b1522def14846" integrity sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ== @@ -13621,7 +13643,7 @@ caching-transform@^4.0.0: package-hash "^4.0.0" write-file-atomic "^3.0.0" -call-bind@^1.0.0, call-bind@^1.0.2, call-bind@^1.0.5, call-bind@^1.0.7: +call-bind@^1.0.0, call-bind@^1.0.2, call-bind@^1.0.5, call-bind@^1.0.6, call-bind@^1.0.7: version "1.0.7" resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.7.tgz#06016599c40c56498c18769d2730be242b6fa3b9" integrity sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w== @@ -14003,7 +14025,7 @@ classnames@2.2.6: resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.2.6.tgz#43935bffdd291f326dad0a205309b38d00f650ce" integrity sha512-JR/iSQOSt+LQIWwrwEzJ9uk0xfN3mTVYMwt1Ir5mUcSN6pU+V4zQFFaJsclJbPuAUQH+yfWef6tm7l1quW3C8Q== -classnames@^2.2.6, classnames@^2.3.1, classnames@^2.3.2, classnames@^2.5.1: +classnames@^2.2.6, classnames@^2.3.2, classnames@^2.5.1: version "2.5.1" resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.5.1.tgz#ba774c614be0f016da105c858e7159eae8e7687b" integrity sha512-saHYOzhIQs6wy2sVxTM6bUDsQO4F50V9RQ22qBpEdCW+I+/Wmke2HOl6lS6dTpdxVhb88/I6+Hs+438c3lfUow== @@ -14192,11 +14214,16 @@ cloneable-readable@^1.0.0: process-nextick-args "^2.0.0" readable-stream "^2.3.5" -clsx@^1.0.4, clsx@^1.1.0, clsx@^1.1.1: +clsx@^1.0.4, clsx@^1.1.1: version "1.2.1" resolved "https://registry.yarnpkg.com/clsx/-/clsx-1.2.1.tgz#0ddc4a20a549b59c93a4116bb26f5294ca17dc12" integrity sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg== +clsx@^2.0.0: + version "2.1.1" + resolved "https://registry.yarnpkg.com/clsx/-/clsx-2.1.1.tgz#eed397c9fd8bd882bfb18deab7102049a2f32999" + integrity sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA== + co@^4.6.0: version "4.6.0" resolved "https://registry.yarnpkg.com/co/-/co-4.6.0.tgz#6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184" @@ -15424,6 +15451,33 @@ data-urls@^3.0.2: whatwg-mimetype "^3.0.0" whatwg-url "^11.0.0" +data-view-buffer@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/data-view-buffer/-/data-view-buffer-1.0.1.tgz#8ea6326efec17a2e42620696e671d7d5a8bc66b2" + integrity sha512-0lht7OugA5x3iJLOWFhWK/5ehONdprk0ISXqVFn/NFrDu+cuc8iADFrGQz5BnRK7LLU3JmkbXSxaqX+/mXYtUA== + dependencies: + call-bind "^1.0.6" + es-errors "^1.3.0" + is-data-view "^1.0.1" + +data-view-byte-length@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/data-view-byte-length/-/data-view-byte-length-1.0.1.tgz#90721ca95ff280677eb793749fce1011347669e2" + integrity sha512-4J7wRJD3ABAzr8wP+OcIcqq2dlUKp4DVflx++hs5h5ZKydWMI6/D/fAot+yh6g2tHh8fLFTvNOaVN357NvSrOQ== + dependencies: + call-bind "^1.0.7" + es-errors "^1.3.0" + is-data-view "^1.0.1" + +data-view-byte-offset@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/data-view-byte-offset/-/data-view-byte-offset-1.0.0.tgz#5e0bbfb4828ed2d1b9b400cd8a7d119bca0ff18a" + integrity sha512-t/Ygsytq+R995EJ5PZlD4Cu56sWa8InXySaViRzw9apusqsOO2bQP+SbYzAhR0pFKoB+43lYy8rWban9JSuXnA== + dependencies: + call-bind "^1.0.6" + es-errors "^1.3.0" + is-data-view "^1.0.1" + date-fns@^1.30.1: version "1.30.1" resolved "https://registry.yarnpkg.com/date-fns/-/date-fns-1.30.1.tgz#2e71bf0b119153dbb4cc4e88d9ea5acfb50dc05c" @@ -15642,11 +15696,12 @@ define-lazy-prop@^2.0.0: resolved "https://registry.yarnpkg.com/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz#3f7ae421129bcaaac9bc74905c98a0009ec9ee7f" integrity sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og== -define-properties@^1.1.2, define-properties@^1.1.3, define-properties@^1.1.4, define-properties@^1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.0.tgz#52988570670c9eacedd8064f4a990f2405849bd5" - integrity sha512-xvqAVKGfT1+UAvPwKTVw/njhdQ8ZhXK4lI0bCIuCMrp2up9nPnaDftrLtmpTazqd1o+UY4zgzU+avtMbDP+ldA== +define-properties@^1.1.2, define-properties@^1.1.3, define-properties@^1.1.4, define-properties@^1.2.0, define-properties@^1.2.1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.1.tgz#10781cc616eb951a80a034bafcaa7377f6af2b6c" + integrity sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg== dependencies: + define-data-property "^1.0.1" has-property-descriptors "^1.0.0" object-keys "^1.1.1" @@ -16102,10 +16157,10 @@ domhandler@^5.0.1, domhandler@^5.0.2, domhandler@^5.0.3: dependencies: domelementtype "^2.3.0" -dompurify@^2.2.8: - version "2.5.2" - resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.5.2.tgz#e02be61d621bea36a76eb2beb23b043f347aa9c7" - integrity sha512-5vSyvxRAb45EoWwAktUT3AYqAwXK4FL7si22Cgj46U6ICsj/YJczCN+Bk7WNABIQmpWRymGfslMhrRUZkQNnqA== +dompurify@^3.0.6: + version "3.1.5" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.5.tgz#2c6a113fc728682a0f55684b1388c58ddb79dc38" + integrity sha512-lwG+n5h8QNpxtyrJW/gJWckL+1/DQiYMX8f7t8Z2AZTPw1esVrqjI63i7Zc2Gz0aKzLVMYC1V1PL/ky+aY/NgA== domutils@^2.0.0, domutils@^2.5.2, domutils@^2.8.0: version "2.8.0" @@ -16575,50 +16630,57 @@ error-stack-parser@^2.0.4, error-stack-parser@^2.0.6: dependencies: stackframe "^1.1.1" -es-abstract@^1.17.0-next.1, es-abstract@^1.19.0, es-abstract@^1.20.4, es-abstract@^1.21.2, es-abstract@^1.4.3, es-abstract@^1.9.0: - version "1.22.1" - resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.22.1.tgz#8b4e5fc5cefd7f1660f0f8e1a52900dfbc9d9ccc" - integrity sha512-ioRRcXMO6OFyRpyzV3kE1IIBd4WG5/kltnzdxSCqoP8CMGs/Li+M1uF5o7lOkZVFjDs+NLesthnF66Pg/0q0Lw== +es-abstract@^1.17.0-next.1, es-abstract@^1.20.4, es-abstract@^1.21.2, es-abstract@^1.22.1, es-abstract@^1.22.3, es-abstract@^1.23.0, es-abstract@^1.4.3, es-abstract@^1.9.0: + version "1.23.3" + resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.23.3.tgz#8f0c5a35cd215312573c5a27c87dfd6c881a0aa0" + integrity sha512-e+HfNH61Bj1X9/jLc5v1owaLYuHdeHHSQlkhCBiTK8rBvKaULl/beGMxwrMXjpYrv4pz22BlY570vVePA2ho4A== dependencies: - array-buffer-byte-length "^1.0.0" - arraybuffer.prototype.slice "^1.0.1" - available-typed-arrays "^1.0.5" - call-bind "^1.0.2" - es-set-tostringtag "^2.0.1" + array-buffer-byte-length "^1.0.1" + arraybuffer.prototype.slice "^1.0.3" + available-typed-arrays "^1.0.7" + call-bind "^1.0.7" + data-view-buffer "^1.0.1" + data-view-byte-length "^1.0.1" + data-view-byte-offset "^1.0.0" + es-define-property "^1.0.0" + es-errors "^1.3.0" + es-object-atoms "^1.0.0" + es-set-tostringtag "^2.0.3" es-to-primitive "^1.2.1" - function.prototype.name "^1.1.5" - get-intrinsic "^1.2.1" - get-symbol-description "^1.0.0" + function.prototype.name "^1.1.6" + get-intrinsic "^1.2.4" + get-symbol-description "^1.0.2" globalthis "^1.0.3" gopd "^1.0.1" - has "^1.0.3" - has-property-descriptors "^1.0.0" - has-proto "^1.0.1" + has-property-descriptors "^1.0.2" + has-proto "^1.0.3" has-symbols "^1.0.3" - internal-slot "^1.0.5" - is-array-buffer "^3.0.2" + hasown "^2.0.2" + internal-slot "^1.0.7" + is-array-buffer "^3.0.4" is-callable "^1.2.7" - is-negative-zero "^2.0.2" + is-data-view "^1.0.1" + is-negative-zero "^2.0.3" is-regex "^1.1.4" - is-shared-array-buffer "^1.0.2" + is-shared-array-buffer "^1.0.3" is-string "^1.0.7" - is-typed-array "^1.1.10" + is-typed-array "^1.1.13" is-weakref "^1.0.2" - object-inspect "^1.12.3" + object-inspect "^1.13.1" object-keys "^1.1.1" - object.assign "^4.1.4" - regexp.prototype.flags "^1.5.0" - safe-array-concat "^1.0.0" - safe-regex-test "^1.0.0" - string.prototype.trim "^1.2.7" - string.prototype.trimend "^1.0.6" - string.prototype.trimstart "^1.0.6" - typed-array-buffer "^1.0.0" - typed-array-byte-length "^1.0.0" - typed-array-byte-offset "^1.0.0" - typed-array-length "^1.0.4" + object.assign "^4.1.5" + regexp.prototype.flags "^1.5.2" + safe-array-concat "^1.1.2" + safe-regex-test "^1.0.3" + string.prototype.trim "^1.2.9" + string.prototype.trimend "^1.0.8" + string.prototype.trimstart "^1.0.8" + typed-array-buffer "^1.0.2" + typed-array-byte-length "^1.0.1" + typed-array-byte-offset "^1.0.2" + typed-array-length "^1.0.6" unbox-primitive "^1.0.2" - which-typed-array "^1.1.10" + which-typed-array "^1.1.15" es-array-method-boxes-properly@^1.0.0: version "1.0.0" @@ -16632,7 +16694,7 @@ es-define-property@^1.0.0: dependencies: get-intrinsic "^1.2.4" -es-errors@^1.3.0: +es-errors@^1.2.1, es-errors@^1.3.0: version "1.3.0" resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f" integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw== @@ -16657,14 +16719,21 @@ es-module-lexer@^1.2.1: resolved "https://registry.yarnpkg.com/es-module-lexer/-/es-module-lexer-1.5.0.tgz#4878fee3789ad99e065f975fdd3c645529ff0236" integrity sha512-pqrTKmwEIgafsYZAGw9kszYzmagcE/n4dbgwGWLEXg7J4QFJVQRBld8j3Q3GNez79jzxZshq0bcT962QHOghjw== -es-set-tostringtag@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.0.1.tgz#338d502f6f674301d710b80c8592de8a15f09cd8" - integrity sha512-g3OMbtlwY3QewlqAiMLI47KywjWZoEytKr8pf6iTC8uJq5bIAH52Z9pnQ8pVL6whrCto53JZDuUIsifGeLorTg== +es-object-atoms@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/es-object-atoms/-/es-object-atoms-1.0.0.tgz#ddb55cd47ac2e240701260bc2a8e31ecb643d941" + integrity sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw== dependencies: - get-intrinsic "^1.1.3" - has "^1.0.3" - has-tostringtag "^1.0.0" + es-errors "^1.3.0" + +es-set-tostringtag@^2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/es-set-tostringtag/-/es-set-tostringtag-2.0.3.tgz#8bb60f0a440c2e4281962428438d58545af39777" + integrity sha512-3T8uNMC3OQTHkFUsFq8r/BwAXLHvU/9O9mE0fBc/MY5iq/8H7ncvO947LmYA6ldWw9Uh8Yhf25zu6n7nML5QWQ== + dependencies: + get-intrinsic "^1.2.4" + has-tostringtag "^1.0.2" + hasown "^2.0.1" es-shim-unscopables@^1.0.0: version "1.0.0" @@ -17268,7 +17337,7 @@ eventemitter2@6.4.7: resolved "https://registry.yarnpkg.com/eventemitter2/-/eventemitter2-6.4.7.tgz#a7f6c4d7abf28a14c1ef3442f21cb306a054271d" integrity sha512-tYUSVOGeQPKt/eC1ABfhHy5Xd96N3oIijJvN3O9+TsC28T5V9yX9oEfEK5faP0EFSNVOG97qtAS68GBrQB2hDg== -eventemitter3@^4.0.0, eventemitter3@^4.0.4, eventemitter3@^4.0.7: +eventemitter3@^4.0.0, eventemitter3@^4.0.4: version "4.0.7" resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f" integrity sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw== @@ -18299,17 +18368,17 @@ function-bind@^1.0.2, function-bind@^1.1.1, function-bind@^1.1.2: resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c" integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== -function.prototype.name@^1.1.0, function.prototype.name@^1.1.2, function.prototype.name@^1.1.5: - version "1.1.5" - resolved "https://registry.yarnpkg.com/function.prototype.name/-/function.prototype.name-1.1.5.tgz#cce0505fe1ffb80503e6f9e46cc64e46a12a9621" - integrity sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA== +function.prototype.name@^1.1.0, function.prototype.name@^1.1.2, function.prototype.name@^1.1.6: + version "1.1.6" + resolved "https://registry.yarnpkg.com/function.prototype.name/-/function.prototype.name-1.1.6.tgz#cdf315b7d90ee77a4c6ee216c3c3362da07533fd" + integrity sha512-Z5kx79swU5P27WEayXM1tBi5Ze/lbIyiNgU3qyXUOf9b2rgXYyF9Dy9Cx+IQv/Lc8WCG6L82zwUPpSS9hGehIg== dependencies: call-bind "^1.0.2" - define-properties "^1.1.3" - es-abstract "^1.19.0" - functions-have-names "^1.2.2" + define-properties "^1.2.0" + es-abstract "^1.22.1" + functions-have-names "^1.2.3" -functions-have-names@^1.2.2, functions-have-names@^1.2.3: +functions-have-names@^1.2.3: version "1.2.3" resolved "https://registry.yarnpkg.com/functions-have-names/-/functions-have-names-1.2.3.tgz#0404fe4ee2ba2f607f0e0ec3c80bae994133b834" integrity sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ== @@ -18403,7 +18472,7 @@ get-east-asian-width@^1.0.0: resolved "https://registry.yarnpkg.com/get-east-asian-width/-/get-east-asian-width-1.2.0.tgz#5e6ebd9baee6fb8b7b6bd505221065f0cd91f64e" integrity sha512-2nk+7SIVb14QrgXFHcm84tD4bKQz0RxPuMT8Ag5KPOq7J5fEmAg0UbXdTOSHqNuHSU28k55qnceesxXRZGzKWA== -get-intrinsic@^1.0.2, get-intrinsic@^1.1.1, get-intrinsic@^1.1.3, get-intrinsic@^1.2.0, get-intrinsic@^1.2.1, get-intrinsic@^1.2.2, get-intrinsic@^1.2.4: +get-intrinsic@^1.0.2, get-intrinsic@^1.1.3, get-intrinsic@^1.2.1, get-intrinsic@^1.2.2, get-intrinsic@^1.2.3, get-intrinsic@^1.2.4: version "1.2.4" resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.4.tgz#e385f5a4b5227d449c3eabbad05494ef0abbeadd" integrity sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ== @@ -18473,13 +18542,14 @@ get-stream@^6.0.0, get-stream@^6.0.1: resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-6.0.1.tgz#a262d8eef67aced57c2852ad6167526a43cbf7b7" integrity sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg== -get-symbol-description@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/get-symbol-description/-/get-symbol-description-1.0.0.tgz#7fdb81c900101fbd564dd5f1a30af5aadc1e58d6" - integrity sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw== +get-symbol-description@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/get-symbol-description/-/get-symbol-description-1.0.2.tgz#533744d5aa20aca4e079c8e5daf7fd44202821f5" + integrity sha512-g0QYk1dZBxGwk+Ngc+ltRH2IBp2f7zBkBMBJZCDerh6EhlhSR6+9irMCuT/09zD6qkarHUSn529sK/yL4S27mg== dependencies: - call-bind "^1.0.2" - get-intrinsic "^1.1.1" + call-bind "^1.0.5" + es-errors "^1.3.0" + get-intrinsic "^1.2.4" get-uri@^6.0.1: version "6.0.1" @@ -18980,10 +19050,10 @@ has-property-descriptors@^1.0.0, has-property-descriptors@^1.0.2: dependencies: es-define-property "^1.0.0" -has-proto@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/has-proto/-/has-proto-1.0.1.tgz#1885c1305538958aff469fef37937c22795408e0" - integrity sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg== +has-proto@^1.0.1, has-proto@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/has-proto/-/has-proto-1.0.3.tgz#b31ddfe9b0e6e9914536a6ab286426d0214f77fd" + integrity sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q== has-symbols@^1.0.0, has-symbols@^1.0.1, has-symbols@^1.0.3: version "1.0.3" @@ -19033,12 +19103,10 @@ has-values@^1.0.0: is-number "^3.0.0" kind-of "^4.0.0" -has@^1.0.0, has@^1.0.1, has@^1.0.3: - version "1.0.3" - resolved "https://registry.yarnpkg.com/has/-/has-1.0.3.tgz#722d7cbfc1f6aa8241f16dd814e011e1f41e8796" - integrity sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw== - dependencies: - function-bind "^1.1.1" +has@^1.0.0, has@^1.0.1, has@^1.0.3, has@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/has/-/has-1.0.4.tgz#2eb2860e000011dae4f1406a86fe80e530fb2ec6" + integrity sha512-qdSAmqLF6209RFj4VVItywPMbm3vWylknmB3nvNiUIs72xAimcM8nVYxYr7ncvZq5qzk9MKIZR8ijqD/1QuYjQ== hash-base@^2.0.0: version "2.0.2" @@ -19071,10 +19139,10 @@ hasha@^5.0.0: is-stream "^2.0.0" type-fest "^0.8.0" -hasown@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.0.tgz#f4c513d454a57b7c7e1650778de226b11700546c" - integrity sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA== +hasown@^2.0.0, hasown@^2.0.1, hasown@^2.0.2: + version "2.0.2" + resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003" + integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ== dependencies: function-bind "^1.1.2" @@ -19815,12 +19883,12 @@ install-artifact-from-github@^1.3.5: resolved "https://registry.yarnpkg.com/install-artifact-from-github/-/install-artifact-from-github-1.3.5.tgz#88c96fe40e5eb21d45586d564208c648a1dbf38d" integrity sha512-gZHC7f/cJgXz7MXlHFBxPVMsvIbev1OQN1uKQYKVJDydGNm9oYf9JstbU4Atnh/eSvk41WtEovoRm+8IF686xg== -internal-slot@^1.0.3, internal-slot@^1.0.4, internal-slot@^1.0.5: - version "1.0.6" - resolved "https://registry.yarnpkg.com/internal-slot/-/internal-slot-1.0.6.tgz#37e756098c4911c5e912b8edbf71ed3aa116f930" - integrity sha512-Xj6dv+PsbtwyPpEflsejS+oIZxmMlV44zAhG479uYu89MsjcYOhCFnNyKrkJrihbsiasQyY0afoCl/9BLR65bg== +internal-slot@^1.0.3, internal-slot@^1.0.4, internal-slot@^1.0.7: + version "1.0.7" + resolved "https://registry.yarnpkg.com/internal-slot/-/internal-slot-1.0.7.tgz#c06dcca3ed874249881007b0a5523b172a190802" + integrity sha512-NGnrKwXzSms2qUUih/ILZ5JBqNTSa1+ZmP6flaIp6KmSElgE9qdndzS3cqjrDovwFdmwsGsLdeFgB6suw+1e9g== dependencies: - get-intrinsic "^1.2.2" + es-errors "^1.3.0" hasown "^2.0.0" side-channel "^1.0.4" @@ -19964,14 +20032,13 @@ is-arguments@^1.0.4, is-arguments@^1.1.1: call-bind "^1.0.2" has-tostringtag "^1.0.0" -is-array-buffer@^3.0.1, is-array-buffer@^3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/is-array-buffer/-/is-array-buffer-3.0.2.tgz#f2653ced8412081638ecb0ebbd0c41c6e0aecbbe" - integrity sha512-y+FyyR/w8vfIRq4eQcM1EYgSTnmHXPqaF+IgzgraytCFq5Xh8lllDVmAZolPJiZttZLeFSINPYMaEJ7/vWUa1w== +is-array-buffer@^3.0.2, is-array-buffer@^3.0.4: + version "3.0.4" + resolved "https://registry.yarnpkg.com/is-array-buffer/-/is-array-buffer-3.0.4.tgz#7a1f92b3d61edd2bc65d24f130530ea93d7fae98" + integrity sha512-wcjaerHw0ydZwfhiKbXJWLDY8A7yV7KhjQOpb83hGgGfId/aQa4TOvwyzn2PuswW2gPCYEL/nEAiSVpdOj1lXw== dependencies: call-bind "^1.0.2" - get-intrinsic "^1.2.0" - is-typed-array "^1.1.10" + get-intrinsic "^1.2.1" is-arrayish@^0.2.1: version "0.2.1" @@ -20052,6 +20119,13 @@ is-data-descriptor@^1.0.0: dependencies: kind-of "^6.0.0" +is-data-view@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/is-data-view/-/is-data-view-1.0.1.tgz#4b4d3a511b70f3dc26d42c03ca9ca515d847759f" + integrity sha512-AHkaJrsUVW6wq6JS8y3JnM/GJF/9cf+k20+iDzlSaJrinEo5+7vRiteOSwBhHRiAyQATN1AmY4hwzxJKPmYf+w== + dependencies: + is-typed-array "^1.1.13" + is-date-object@^1.0.1, is-date-object@^1.0.5: version "1.0.5" resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.5.tgz#0841d5536e724c25597bf6ea62e1bd38298df31f" @@ -20220,10 +20294,10 @@ is-negated-glob@^1.0.0: resolved "https://registry.yarnpkg.com/is-negated-glob/-/is-negated-glob-1.0.0.tgz#6910bca5da8c95e784b5751b976cf5a10fee36d2" integrity sha1-aRC8pdqMleeEtXUbl2z1oQ/uNtI= -is-negative-zero@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/is-negative-zero/-/is-negative-zero-2.0.2.tgz#7bf6f03a28003b8b3965de3ac26f664d765f3150" - integrity sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA== +is-negative-zero@^2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/is-negative-zero/-/is-negative-zero-2.0.3.tgz#ced903a027aca6381b777a5743069d7376a49747" + integrity sha512-5KoIu2Ngpyek75jXodFvnafB6DJgr3u8uuK0LEZJjrU19DrMD3EVERaR8sjz8CCGgpZvxPl9SuE1GMVPFHx1mw== is-nil@^1.0.0: version "1.0.1" @@ -20392,12 +20466,12 @@ is-set@^2.0.1, is-set@^2.0.2: resolved "https://registry.yarnpkg.com/is-set/-/is-set-2.0.2.tgz#90755fa4c2562dc1c5d4024760d6119b94ca18ec" integrity sha512-+2cnTEZeY5z/iXGbLhPrOAaK/Mau5k5eXq9j14CpRTftq0pAJu2MwVRSZhyZWBzx3o6X795Lz6Bpb6R0GKf37g== -is-shared-array-buffer@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz#8f259c573b60b6a32d4058a1a07430c0a7344c79" - integrity sha512-sqN2UDu1/0y6uvXyStCOzyhAjCSlHceFoMKJW8W9EU9cvic/QdsZ0kEU93HEy3IUEFZIiH/3w+AH/UQbPHNdhA== +is-shared-array-buffer@^1.0.2, is-shared-array-buffer@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.3.tgz#1237f1cba059cdb62431d378dcc37d9680181688" + integrity sha512-nA2hv5XIhLR3uVzDDfCIknerhx8XUKnstuOERPNNIinXG7v9u+ohXF67vxm4TPTEPU6lm61ZkwP3c9PCB97rhg== dependencies: - call-bind "^1.0.2" + call-bind "^1.0.7" is-stream@^1.1.0: version "1.1.0" @@ -20428,7 +20502,7 @@ is-symbol@^1.0.2, is-symbol@^1.0.3: dependencies: has-symbols "^1.0.1" -is-typed-array@^1.1.10, is-typed-array@^1.1.9: +is-typed-array@^1.1.13: version "1.1.13" resolved "https://registry.yarnpkg.com/is-typed-array/-/is-typed-array-1.1.13.tgz#d6c5ca56df62334959322d7d7dd1cca50debe229" integrity sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw== @@ -22519,7 +22593,7 @@ markdown-table@^2.0.0: dependencies: repeat-string "^1.0.0" -marked@^4.0.15: +marked@^4.3.0: version "4.3.0" resolved "https://registry.yarnpkg.com/marked/-/marked-4.3.0.tgz#796362821b019f734054582038b116481b456cf3" integrity sha512-PRsaiG84bK+AMvxziE/lCFss8juXjNaWzVbN5tXAm4XjeaS9NAHhop+PjQxz2A9h8Q4M/xGmzP8vqNwy6JeK0A== @@ -23189,17 +23263,19 @@ ml-tree-similarity@^1.0.0: binary-search "^1.3.5" num-sort "^2.0.0" -mobx-react-lite@^3.4.0: - version "3.4.3" - resolved "https://registry.yarnpkg.com/mobx-react-lite/-/mobx-react-lite-3.4.3.tgz#3a4c22c30bfaa8b1b2aa48d12b2ba811c0947ab7" - integrity sha512-NkJREyFTSUXR772Qaai51BnE1voWx56LOL80xG7qkZr6vo8vEaLF3sz1JNUVh+rxmUzxYaqOhfuxTfqUh0FXUg== +mobx-react-lite@^4.0.7: + version "4.0.7" + resolved "https://registry.yarnpkg.com/mobx-react-lite/-/mobx-react-lite-4.0.7.tgz#f4e21e18d05c811010dcb1d3007e797924c4d90b" + integrity sha512-RjwdseshK9Mg8On5tyJZHtGD+J78ZnCnRaxeQDSiciKVQDUbfZcXhmld0VMxAwvcTnPEHZySGGewm467Fcpreg== + dependencies: + use-sync-external-store "^1.2.0" -mobx-react@^7.2.0: - version "7.6.0" - resolved "https://registry.yarnpkg.com/mobx-react/-/mobx-react-7.6.0.tgz#ebf0456728a9bd2e5c24fdcf9b36e285a222a7d6" - integrity sha512-+HQUNuh7AoQ9ZnU6c4rvbiVVl+wEkb9WqYsVDzGLng+Dqj1XntHu79PvEWKtSMoMj67vFp/ZPXcElosuJO8ckA== +mobx-react@^9.1.1: + version "9.1.1" + resolved "https://registry.yarnpkg.com/mobx-react/-/mobx-react-9.1.1.tgz#b96e0d5d74a3d02fc62729fd344b2a3ad2a88aae" + integrity sha512-gVV7AdSrAAxqXOJ2bAbGa5TkPqvITSzaPiiEkzpW4rRsMhSec7C2NBCJYILADHKp2tzOAIETGRsIY0UaCV5aEw== dependencies: - mobx-react-lite "^3.4.0" + mobx-react-lite "^4.0.7" mobx@^6.0.4: version "6.12.0" @@ -24174,10 +24250,10 @@ object-identity-map@^1.0.2: dependencies: object.entries "^1.1.0" -object-inspect@^1.12.3, object-inspect@^1.6.0, object-inspect@^1.7.0, object-inspect@^1.9.0: - version "1.12.3" - resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9" - integrity sha512-geUvdk7c+eizMNUDkRpW1wJwgfOiOeHbxBR/hLXK1aT6zmVSO0jsQcs7fj6MGw89jC/cjGfLcNOrtMYtGqm81g== +object-inspect@^1.13.1, object-inspect@^1.6.0, object-inspect@^1.7.0, object-inspect@^1.9.0: + version "1.13.2" + resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.13.2.tgz#dea0088467fb991e67af4058147a24824a3043ff" + integrity sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g== object-is@^1.0.1, object-is@^1.0.2, object-is@^1.1.2, object-is@^1.1.5: version "1.1.5" @@ -24211,13 +24287,13 @@ object-visit@^1.0.0: dependencies: isobject "^3.0.0" -object.assign@^4.1.0, object.assign@^4.1.4: - version "4.1.4" - resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.4.tgz#9673c7c7c351ab8c4d0b516f4343ebf4dfb7799f" - integrity sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ== +object.assign@^4.1.0, object.assign@^4.1.4, object.assign@^4.1.5: + version "4.1.5" + resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.5.tgz#3a833f9ab7fdb80fc9e8d2300c803d216d8fdbb0" + integrity sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ== dependencies: - call-bind "^1.0.2" - define-properties "^1.1.4" + call-bind "^1.0.5" + define-properties "^1.2.1" has-symbols "^1.0.3" object-keys "^1.1.1" @@ -24367,10 +24443,10 @@ openai@^4.24.1, openai@^4.41.1: node-fetch "^2.6.7" web-streams-polyfill "^3.2.1" -openapi-sampler@^1.3.1: - version "1.4.0" - resolved "https://registry.yarnpkg.com/openapi-sampler/-/openapi-sampler-1.4.0.tgz#c133cad6250481f2ec7e48b16eb70062adb514c0" - integrity sha512-3FKJQCHAMG9T7RsRy9u5Ft4ERPq1QQmn77C8T3OSofYL9uur59AqychvQ0YQKijrqRwIkAbzkh+nQnAE3gjMVA== +openapi-sampler@^1.5.0: + version "1.5.1" + resolved "https://registry.yarnpkg.com/openapi-sampler/-/openapi-sampler-1.5.1.tgz#2b0145179abb0d75eaf50c82b86ef044d22bd671" + integrity sha512-tIWIrZUKNAsbqf3bd9U1oH6JEXo8LNYuDlXw26By67EygpjT+ArFnsxxyTMjFWRfbqo5ozkvgSQDK69Gd8CddA== dependencies: "@types/json-schema" "^7.0.7" json-pointer "0.6.2" @@ -25243,7 +25319,7 @@ polished@^3.7.2: dependencies: "@babel/runtime" "^7.12.5" -polished@^4.1.3, polished@^4.2.2: +polished@^4.2.2: version "4.2.2" resolved "https://registry.yarnpkg.com/polished/-/polished-4.2.2.tgz#2529bb7c3198945373c52e34618c8fe7b1aa84d1" integrity sha512-Sz2Lkdxz6F2Pgnpi9U5Ng/WdWAUZxmHrNPoVlm3aAemxoy2Qy7LGjQg4uf8qKelDAUW94F4np3iH2YPf2qefcQ== @@ -25718,7 +25794,7 @@ printj@~1.1.0: resolved "https://registry.yarnpkg.com/printj/-/printj-1.1.2.tgz#d90deb2975a8b9f600fb3a1c94e3f4c53c78a222" integrity sha512-zA2SmoLaxZyArQTOPj5LXecR+RagfPSU5Kw1qP+jkWeNlrq+eJZyY2oS68SU1Z/7/myXM4lo9716laOFAVStCQ== -prismjs@^1.22.0, prismjs@^1.27.0: +prismjs@^1.22.0, prismjs@^1.29.0: version "1.29.0" resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.29.0.tgz#f113555a8fa9b57c35e637bba27509dcf802dd12" integrity sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q== @@ -26467,7 +26543,7 @@ react-is@17.0.2, react-is@^17.0.0, react-is@^17.0.1, react-is@^17.0.2: resolved "https://registry.yarnpkg.com/react-is/-/react-is-17.0.2.tgz#e691d4a8e9c789365655539ab372762b0efb54f0" integrity sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w== -react-is@18.1.0, "react-is@^16.12.0 || ^17.0.0 || ^18.0.0", react-is@^18.0.0: +react-is@18.1.0: version "18.1.0" resolved "https://registry.yarnpkg.com/react-is/-/react-is-18.1.0.tgz#61aaed3096d30eacf2a2127118b5b41387d32a67" integrity sha512-Fl7FuabXsJnV5Q1qIOQwx/sagGF18kogb4gpfcG4gjLBWO0WDiiz1ko/ExayuxE7InyQkBLkxRFG5oxY6Uu3Kg== @@ -26477,6 +26553,11 @@ react-is@^16.12.0, react-is@^16.13.1, react-is@^16.6.0, react-is@^16.7.0, react- resolved "https://registry.yarnpkg.com/react-is/-/react-is-16.13.1.tgz#789729a4dc36de2999dc156dd6c1d9c18cea56a4" integrity sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ== +"react-is@^16.12.0 || ^17.0.0 || ^18.0.0", react-is@^18.0.0, react-is@^18.2.0: + version "18.3.1" + resolved "https://registry.yarnpkg.com/react-is/-/react-is-18.3.1.tgz#e83557dc12eae63a99e003a46388b1dcbb44db7e" + integrity sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg== + react-lifecycles-compat@^3.0.4: version "3.0.4" resolved "https://registry.yarnpkg.com/react-lifecycles-compat/-/react-lifecycles-compat-3.0.4.tgz#4f1a273afdfc8f3488a8c516bfda78f872352362" @@ -26674,7 +26755,7 @@ react-select@^5.0.0: prop-types "^15.6.0" react-transition-group "^4.3.0" -react-shallow-renderer@^16.13.1: +react-shallow-renderer@^16.13.1, react-shallow-renderer@^16.15.0: version "16.15.0" resolved "https://registry.yarnpkg.com/react-shallow-renderer/-/react-shallow-renderer-16.15.0.tgz#48fb2cf9b23d23cde96708fe5273a7d3446f4457" integrity sha512-oScf2FqQ9LFVQgA73vr86xl2NaOIX73rh+YFqcOp68CWj56tSfgtGKrEbyhCj0rSijyG9M1CYprTh39fBi5hzA== @@ -26724,12 +26805,12 @@ react-syntax-highlighter@^15.3.1: prismjs "^1.22.0" refractor "^3.2.0" -react-tabs@^4.3.0: - version "4.3.0" - resolved "https://registry.yarnpkg.com/react-tabs/-/react-tabs-4.3.0.tgz#9f4db0fd209ba4ab2c1e78993ff964435f84af62" - integrity sha512-2GfoG+f41kiBIIyd3gF+/GRCCYtamC8/2zlAcD8cqQmqI9Q+YVz7fJLHMmU9pXDVYYHpJeCgUSBJju85vu5q8Q== +react-tabs@^6.0.2: + version "6.0.2" + resolved "https://registry.yarnpkg.com/react-tabs/-/react-tabs-6.0.2.tgz#bc1065c3828561fee285a8fd045f22e0fcdde1eb" + integrity sha512-aQXTKolnM28k3KguGDBSAbJvcowOQr23A+CUJdzJtOSDOtTwzEaJA+1U4KwhNL9+Obe+jFS7geuvA7ICQPXOnQ== dependencies: - clsx "^1.1.0" + clsx "^2.0.0" prop-types "^15.5.0" "react-test-renderer@^16.8.0 || ^17.0.0", react-test-renderer@^17.0.0, react-test-renderer@^17.0.2: @@ -27003,31 +27084,32 @@ redent@^3.0.0: indent-string "^4.0.0" strip-indent "^3.0.0" -redoc@~2.1.3: - version "2.1.3" - resolved "https://registry.yarnpkg.com/redoc/-/redoc-2.1.3.tgz#612c9fed744993d5fc99cbf39fe9056bd1034fa5" - integrity sha512-d7F9qLLxaiFW4GC03VkwlX9wuRIpx9aiIIf3o6mzMnqPfhxrn2IRKGndrkJeVdItgCfmg9jXZiFEowm60f1meQ== +redoc@~2.1.5: + version "2.1.5" + resolved "https://registry.yarnpkg.com/redoc/-/redoc-2.1.5.tgz#421307b22036b244171095bfc7ea3cfd419563c8" + integrity sha512-POSbVg+7WLf+/5/c6GWLxL7+9t2D+1WlZdLN0a6qaCQc+ih3XYzteRBkXEN5kjrYrRNjdspfxTZkDLN5WV3Tzg== dependencies: - "@redocly/openapi-core" "^1.0.0-rc.2" - classnames "^2.3.1" + "@cfaester/enzyme-adapter-react-18" "^0.8.0" + "@redocly/openapi-core" "^1.4.0" + classnames "^2.3.2" decko "^1.2.0" - dompurify "^2.2.8" - eventemitter3 "^4.0.7" + dompurify "^3.0.6" + eventemitter3 "^5.0.1" json-pointer "^0.6.2" lunr "^2.3.9" mark.js "^8.11.1" - marked "^4.0.15" - mobx-react "^7.2.0" - openapi-sampler "^1.3.1" + marked "^4.3.0" + mobx-react "^9.1.1" + openapi-sampler "^1.5.0" path-browserify "^1.0.1" perfect-scrollbar "^1.5.5" - polished "^4.1.3" - prismjs "^1.27.0" - prop-types "^15.7.2" - react-tabs "^4.3.0" + polished "^4.2.2" + prismjs "^1.29.0" + prop-types "^15.8.1" + react-tabs "^6.0.2" slugify "~1.4.7" stickyfill "^1.1.1" - swagger2openapi "^7.0.6" + swagger2openapi "^7.0.8" url-template "^2.0.8" reduce-reducers@^0.4.3: @@ -27156,14 +27238,15 @@ regex-not@^1.0.0, regex-not@^1.0.2: extend-shallow "^3.0.2" safe-regex "^1.1.0" -regexp.prototype.flags@^1.2.0, regexp.prototype.flags@^1.4.3, regexp.prototype.flags@^1.5.0, regexp.prototype.flags@^1.5.1: - version "1.5.1" - resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.5.1.tgz#90ce989138db209f81492edd734183ce99f9677e" - integrity sha512-sy6TXMN+hnP/wMy+ISxg3krXx7BAtWVO4UouuCN/ziM9UEne0euamVNafDfvC83bRNr95y0V5iijeDQFUNpvrg== +regexp.prototype.flags@^1.2.0, regexp.prototype.flags@^1.4.3, regexp.prototype.flags@^1.5.1, regexp.prototype.flags@^1.5.2: + version "1.5.2" + resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.5.2.tgz#138f644a3350f981a858c44f6bb1a61ff59be334" + integrity sha512-NcDiDkTLuPR+++OCKB0nWafEmhg/Da8aUPLPMQbK+bxKKCm1/S5he+AqYa4PlMCVBalb4/yxIRub6qkEx5yJbw== dependencies: - call-bind "^1.0.2" - define-properties "^1.2.0" - set-function-name "^2.0.0" + call-bind "^1.0.6" + define-properties "^1.2.1" + es-errors "^1.3.0" + set-function-name "^2.0.1" regexpp@^3.0.0: version "3.2.0" @@ -27787,13 +27870,13 @@ rxjs@^7.4.0, rxjs@^7.5.5: dependencies: tslib "^2.1.0" -safe-array-concat@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/safe-array-concat/-/safe-array-concat-1.0.0.tgz#2064223cba3c08d2ee05148eedbc563cd6d84060" - integrity sha512-9dVEFruWIsnie89yym+xWTAYASdpw3CJV7Li/6zBewGf9z2i1j31rP6jnY0pHEO4QZh6N0K11bFjWmdR8UGdPQ== +safe-array-concat@^1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/safe-array-concat/-/safe-array-concat-1.1.2.tgz#81d77ee0c4e8b863635227c721278dd524c20edb" + integrity sha512-vj6RsCsWBCf19jIeHEfkRMw8DPiBb+DMXklQ/1SGDHOMlHdPUkZXFQ2YdplS23zESTijAcurb1aSgJA3AgMu1Q== dependencies: - call-bind "^1.0.2" - get-intrinsic "^1.2.0" + call-bind "^1.0.7" + get-intrinsic "^1.2.4" has-symbols "^1.0.3" isarray "^2.0.5" @@ -27817,13 +27900,13 @@ safe-json-stringify@^1.2.0: resolved "https://registry.yarnpkg.com/safe-json-stringify/-/safe-json-stringify-1.2.0.tgz#356e44bc98f1f93ce45df14bcd7c01cda86e0afd" integrity sha512-gH8eh2nZudPQO6TytOvbxnuhYBOvDBBLW52tz5q6X58lJcd/tkmqFR+5Z9adS8aJtURSXWThWy/xJtJwixErvg== -safe-regex-test@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/safe-regex-test/-/safe-regex-test-1.0.0.tgz#793b874d524eb3640d1873aad03596db2d4f2295" - integrity sha512-JBUUzyOgEwXQY1NuPtvcj/qcBDbDmEvWufhlnXZIm75DEHp+afM1r1ujJpJsV/gSM4t59tpDyPi1sd6ZaPFfsA== +safe-regex-test@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/safe-regex-test/-/safe-regex-test-1.0.3.tgz#a5b4c0f06e0ab50ea2c395c14d8371232924c377" + integrity sha512-CdASjNJPvRa7roO6Ra/gLYBTzYzzPyyBXxIMdGW3USQLyjWEls2RgW5UBTXaQVp+OrpeCK3bLem8smtmheoRuw== dependencies: - call-bind "^1.0.2" - get-intrinsic "^1.1.3" + call-bind "^1.0.6" + es-errors "^1.3.0" is-regex "^1.1.4" safe-regex@^1.1.0: @@ -28262,14 +28345,15 @@ set-function-length@^1.2.1: gopd "^1.0.1" has-property-descriptors "^1.0.2" -set-function-name@^2.0.0: - version "2.0.1" - resolved "https://registry.yarnpkg.com/set-function-name/-/set-function-name-2.0.1.tgz#12ce38b7954310b9f61faa12701620a0c882793a" - integrity sha512-tMNCiqYVkXIZgc2Hnoy2IvC/f8ezc5koaRFkCjrpWzGpCd3qbZXPzVy9MAZzK1ch/X0jvSkojys3oqJN0qCmdA== +set-function-name@^2.0.1: + version "2.0.2" + resolved "https://registry.yarnpkg.com/set-function-name/-/set-function-name-2.0.2.tgz#16a705c5a0dc2f5e638ca96d8a8cd4e1c2b90985" + integrity sha512-7PGFlmtwsEADb0WYyvCMa1t+yke6daIG4Wirafur5kcf+MhUnPms1UeR0CKQdTZD81yESwMHbtn+TR+dMviakQ== dependencies: - define-data-property "^1.0.1" + define-data-property "^1.1.4" + es-errors "^1.3.0" functions-have-names "^1.2.3" - has-property-descriptors "^1.0.0" + has-property-descriptors "^1.0.2" set-getter@^0.1.0: version "0.1.1" @@ -29315,32 +29399,33 @@ string.prototype.padstart@^3.0.0: es-abstract "^1.4.3" function-bind "^1.0.2" -string.prototype.trim@^1.2.1, string.prototype.trim@^1.2.7: - version "1.2.7" - resolved "https://registry.yarnpkg.com/string.prototype.trim/-/string.prototype.trim-1.2.7.tgz#a68352740859f6893f14ce3ef1bb3037f7a90533" - integrity sha512-p6TmeT1T3411M8Cgg9wBTMRtY2q9+PNy9EV1i2lIXUN/btt763oIfxwN3RR8VU6wHX8j/1CFy0L+YuThm6bgOg== +string.prototype.trim@^1.2.1, string.prototype.trim@^1.2.9: + version "1.2.9" + resolved "https://registry.yarnpkg.com/string.prototype.trim/-/string.prototype.trim-1.2.9.tgz#b6fa326d72d2c78b6df02f7759c73f8f6274faa4" + integrity sha512-klHuCNxiMZ8MlsOihJhJEBJAiMVqU3Z2nEXWfWnIqjN0gEFS9J9+IxKozWWtQGcgoa1WUZzLjKPTr4ZHNFTFxw== dependencies: - call-bind "^1.0.2" - define-properties "^1.1.4" - es-abstract "^1.20.4" + call-bind "^1.0.7" + define-properties "^1.2.1" + es-abstract "^1.23.0" + es-object-atoms "^1.0.0" -string.prototype.trimend@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz#c4a27fa026d979d79c04f17397f250a462944533" - integrity sha512-JySq+4mrPf9EsDBEDYMOb/lM7XQLulwg5R/m1r0PXEFqrV0qHvl58sdTilSXtKOflCsK2E8jxf+GKC0T07RWwQ== +string.prototype.trimend@^1.0.8: + version "1.0.8" + resolved "https://registry.yarnpkg.com/string.prototype.trimend/-/string.prototype.trimend-1.0.8.tgz#3651b8513719e8a9f48de7f2f77640b26652b229" + integrity sha512-p73uL5VCHCO2BZZ6krwwQE3kCzM7NKmis8S//xEC6fQonchbum4eP6kR4DLEjQFO3Wnj3Fuo8NM0kOSjVdHjZQ== dependencies: - call-bind "^1.0.2" - define-properties "^1.1.4" - es-abstract "^1.20.4" + call-bind "^1.0.7" + define-properties "^1.2.1" + es-object-atoms "^1.0.0" -string.prototype.trimstart@^1.0.6: - version "1.0.6" - resolved "https://registry.yarnpkg.com/string.prototype.trimstart/-/string.prototype.trimstart-1.0.6.tgz#e90ab66aa8e4007d92ef591bbf3cd422c56bdcf4" - integrity sha512-omqjMDaY92pbn5HOX7f9IccLA+U1tA9GvtU4JrodiXFfYB7jPzzHpRzpglLAjtUV6bB557zwClJezTqnAiYnQA== +string.prototype.trimstart@^1.0.8: + version "1.0.8" + resolved "https://registry.yarnpkg.com/string.prototype.trimstart/-/string.prototype.trimstart-1.0.8.tgz#7ee834dda8c7c17eff3118472bb35bfedaa34dde" + integrity sha512-UXSH262CSZY1tfu3G3Secr6uGLCFVPMhIqHjlgCUtCCcgihYc/xKs9djMTMUOb2j1mVSeU8EU6NWc/iQKU6Gfg== dependencies: - call-bind "^1.0.2" - define-properties "^1.1.4" - es-abstract "^1.20.4" + call-bind "^1.0.7" + define-properties "^1.2.1" + es-object-atoms "^1.0.0" string_decoder@^1.0.0, string_decoder@^1.1.1, string_decoder@~1.1.1: version "1.1.1" @@ -29690,7 +29775,7 @@ svgo@^2.7.0, svgo@^2.8.0: picocolors "^1.0.0" stable "^0.1.8" -swagger2openapi@^7.0.6: +swagger2openapi@^7.0.8: version "7.0.8" resolved "https://registry.yarnpkg.com/swagger2openapi/-/swagger2openapi-7.0.8.tgz#12c88d5de776cb1cbba758994930f40ad0afac59" integrity sha512-upi/0ZGkYgEcLeGieoz8gT74oWHA0E7JivX7aN9mAf+Tc7BQoRBvnIGHoPDw+f9TXTW4s6kGYCZJtauP6OYp7g== @@ -30529,44 +30614,49 @@ type@^2.7.2: resolved "https://registry.yarnpkg.com/type/-/type-2.7.2.tgz#2376a15a3a28b1efa0f5350dcf72d24df6ef98d0" integrity sha512-dzlvlNlt6AXU7EBSfpAscydQ7gXB+pPGsPnfJnZpiNJBDj7IaJzQlBZYGdEi4R9HmPdBv2XmWJ6YUtoTa7lmCw== -typed-array-buffer@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/typed-array-buffer/-/typed-array-buffer-1.0.0.tgz#18de3e7ed7974b0a729d3feecb94338d1472cd60" - integrity sha512-Y8KTSIglk9OZEr8zywiIHG/kmQ7KWyjseXs1CbSo8vC42w7hg2HgYTxSWwP0+is7bWDc1H+Fo026CpHFwm8tkw== +typed-array-buffer@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/typed-array-buffer/-/typed-array-buffer-1.0.2.tgz#1867c5d83b20fcb5ccf32649e5e2fc7424474ff3" + integrity sha512-gEymJYKZtKXzzBzM4jqa9w6Q1Jjm7x2d+sh19AdsD4wqnMPDYyvwpsIc2Q/835kHuo3BEQ7CjelGhfTsoBb2MQ== dependencies: - call-bind "^1.0.2" - get-intrinsic "^1.2.1" - is-typed-array "^1.1.10" + call-bind "^1.0.7" + es-errors "^1.3.0" + is-typed-array "^1.1.13" -typed-array-byte-length@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/typed-array-byte-length/-/typed-array-byte-length-1.0.0.tgz#d787a24a995711611fb2b87a4052799517b230d0" - integrity sha512-Or/+kvLxNpeQ9DtSydonMxCx+9ZXOswtwJn17SNLvhptaXYDJvkFFP5zbfU/uLmvnBJlI4yrnXRxpdWH/M5tNA== +typed-array-byte-length@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/typed-array-byte-length/-/typed-array-byte-length-1.0.1.tgz#d92972d3cff99a3fa2e765a28fcdc0f1d89dec67" + integrity sha512-3iMJ9q0ao7WE9tWcaYKIptkNBuOIcZCCT0d4MRvuuH88fEoEH62IuQe0OtraD3ebQEoTRk8XCBoknUNc1Y67pw== dependencies: - call-bind "^1.0.2" + call-bind "^1.0.7" for-each "^0.3.3" - has-proto "^1.0.1" - is-typed-array "^1.1.10" + gopd "^1.0.1" + has-proto "^1.0.3" + is-typed-array "^1.1.13" -typed-array-byte-offset@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/typed-array-byte-offset/-/typed-array-byte-offset-1.0.0.tgz#cbbe89b51fdef9cd6aaf07ad4707340abbc4ea0b" - integrity sha512-RD97prjEt9EL8YgAgpOkf3O4IF9lhJFr9g0htQkm0rchFp/Vx7LW5Q8fSXXub7BXAODyUQohRMyOc3faCPd0hg== +typed-array-byte-offset@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/typed-array-byte-offset/-/typed-array-byte-offset-1.0.2.tgz#f9ec1acb9259f395093e4567eb3c28a580d02063" + integrity sha512-Ous0vodHa56FviZucS2E63zkgtgrACj7omjwd/8lTEMEPFFyjfixMZ1ZXenpgCFBBt4EC1J2XsyVS2gkG0eTFA== dependencies: - available-typed-arrays "^1.0.5" - call-bind "^1.0.2" + available-typed-arrays "^1.0.7" + call-bind "^1.0.7" for-each "^0.3.3" - has-proto "^1.0.1" - is-typed-array "^1.1.10" + gopd "^1.0.1" + has-proto "^1.0.3" + is-typed-array "^1.1.13" -typed-array-length@^1.0.4: - version "1.0.4" - resolved "https://registry.yarnpkg.com/typed-array-length/-/typed-array-length-1.0.4.tgz#89d83785e5c4098bec72e08b319651f0eac9c1bb" - integrity sha512-KjZypGq+I/H7HI5HlOoGHkWUUGq+Q0TPhQurLbyrVrvnKTBgzLhIJ7j6J/XTQOi0d1RjyZ0wdas8bKs2p0x3Ng== +typed-array-length@^1.0.6: + version "1.0.6" + resolved "https://registry.yarnpkg.com/typed-array-length/-/typed-array-length-1.0.6.tgz#57155207c76e64a3457482dfdc1c9d1d3c4c73a3" + integrity sha512-/OxDN6OtAk5KBpGb28T+HZc2M+ADtvRxXrKKbUwtsLgdoxgX13hyy7ek6bFRl5+aBs2yZzB0c4CnQfAtVypW/g== dependencies: - call-bind "^1.0.2" + call-bind "^1.0.7" for-each "^0.3.3" - is-typed-array "^1.1.9" + gopd "^1.0.1" + has-proto "^1.0.3" + is-typed-array "^1.1.13" + possible-typed-array-names "^1.0.0" typedarray-to-buffer@^3.1.5: version "3.1.5" @@ -30664,13 +30754,18 @@ undici-types@~5.26.4: resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== -undici@^5.21.2, undici@^5.22.1: +undici@^5.21.2: version "5.28.4" resolved "https://registry.yarnpkg.com/undici/-/undici-5.28.4.tgz#6b280408edb6a1a604a9b20340f45b422e373068" integrity sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g== dependencies: "@fastify/busboy" "^2.0.0" +undici@^6.12.0: + version "6.19.0" + resolved "https://registry.yarnpkg.com/undici/-/undici-6.19.0.tgz#99f6e7ab4e4116dbbedf4e734e8c267f926f20a4" + integrity sha512-9gGwbSLgYMjp4r6M5P9bhqhx1E+RyUIHqZE0r7BmrRoqroJUG6xlVu5TXH9DnwmCPLkcaVNrcYtxUE9d3InnyQ== + unfetch@^4.2.0: version "4.2.0" resolved "https://registry.yarnpkg.com/unfetch/-/unfetch-4.2.0.tgz#7e21b0ef7d363d8d9af0fb929a5555f6ef97a3be" @@ -32135,7 +32230,7 @@ which-module@^2.0.0: resolved "https://registry.yarnpkg.com/which-module/-/which-module-2.0.0.tgz#d9ef07dce77b9902b8a3a8fa4b31c3e3f7e6e87a" integrity sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho= -which-typed-array@^1.1.10, which-typed-array@^1.1.13, which-typed-array@^1.1.14: +which-typed-array@^1.1.13, which-typed-array@^1.1.14, which-typed-array@^1.1.15: version "1.1.15" resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.15.tgz#264859e9b11a649b388bfaaf4f767df1f779b38d" integrity sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==