From 2e175b9d3fc9f213875046678e51c3a8f9844c1a Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Fri, 13 Dec 2024 03:23:57 +1100
Subject: [PATCH 1/6] [8.16] [Search] Add ML as required plugin to Search
 Assistant (#204009) (#204035)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Search] Add ML as required plugin to Search Assistant
(#204009)](https://github.com/elastic/kibana/pull/204009)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Sander
Philipse","email":"94373878+sphilipse@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-12-12T14:20:09Z","message":"[Search]
Add ML as required plugin to Search Assistant (#204009)\n\n##
Summary\r\n\r\nThis adds the `ml` plugin as required to the Search
Assistant so that we\r\ndon't need users to navigate to an ml-based
plugin to initiate the\r\nknowledge
base.","sha":"16d45f503a886b13b9fbc04a8cd20bb7e0f14ece","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","Team:Search","backport:prev-major"],"title":"[Search]
Add ML as required plugin to Search
Assistant","number":204009,"url":"https://github.com/elastic/kibana/pull/204009","mergeCommit":{"message":"[Search]
Add ML as required plugin to Search Assistant (#204009)\n\n##
Summary\r\n\r\nThis adds the `ml` plugin as required to the Search
Assistant so that we\r\ndon't need users to navigate to an ml-based
plugin to initiate the\r\nknowledge
base.","sha":"16d45f503a886b13b9fbc04a8cd20bb7e0f14ece"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204009","number":204009,"mergeCommit":{"message":"[Search]
Add ML as required plugin to Search Assistant (#204009)\n\n##
Summary\r\n\r\nThis adds the `ml` plugin as required to the Search
Assistant so that we\r\ndon't need users to navigate to an ml-based
plugin to initiate the\r\nknowledge
base.","sha":"16d45f503a886b13b9fbc04a8cd20bb7e0f14ece"}}]}] BACKPORT-->

Co-authored-by: Sander Philipse <94373878+sphilipse@users.noreply.github.com>
---
 x-pack/plugins/search_assistant/kibana.jsonc  | 1 +
 x-pack/plugins/serverless_search/kibana.jsonc | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/search_assistant/kibana.jsonc b/x-pack/plugins/search_assistant/kibana.jsonc
index 0f94105943037..6efbbc126818e 100644
--- a/x-pack/plugins/search_assistant/kibana.jsonc
+++ b/x-pack/plugins/search_assistant/kibana.jsonc
@@ -14,6 +14,7 @@
     "requiredPlugins": [
       "actions",
       "licensing",
+      "ml", // necessary for assistant's use of knowledge base in assistant package
       "observabilityAIAssistant",
       "triggersActionsUi",
       "share"
diff --git a/x-pack/plugins/serverless_search/kibana.jsonc b/x-pack/plugins/serverless_search/kibana.jsonc
index 8ef675723cf0e..8c1d4dedaa76a 100644
--- a/x-pack/plugins/serverless_search/kibana.jsonc
+++ b/x-pack/plugins/serverless_search/kibana.jsonc
@@ -29,6 +29,8 @@
       "searchInferenceEndpoints",
       "usageCollection"
     ],
-    "requiredBundles": ["kibanaReact"]
+    "requiredBundles": [
+      "kibanaReact"
+    ]
   }
 }

From 0384a5367205c2c97b406c5622b6c4e69ffc7875 Mon Sep 17 00:00:00 2001
From: Kurt <kc13greiner@users.noreply.github.com>
Date: Thu, 12 Dec 2024 17:42:32 -0500
Subject: [PATCH 2/6] [8.16] Upgrade mocha to 10.3.0 (#203500) (#203939)

# Backport

This will backport the following commits from `main` to `8.16`:
- [Upgrade mocha to 10.3.0
(#203500)](https://github.com/elastic/kibana/pull/203500)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"Kurt","email":"kc13greiner@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-12-11T12:17:46Z","message":"Upgrade
mocha to 10.3.0 (#203500)\n\n## Summary\r\n\r\nUpgrade `mocha` from
10.1.0 to
10.3.0\r\n\r\n[Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"751c86bc96bb598a3ad319b2723ef1dc661c4218","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","v9.0.0","backport:all-open"],"number":203500,"url":"https://github.com/elastic/kibana/pull/203500","mergeCommit":{"message":"Upgrade
mocha to 10.3.0 (#203500)\n\n## Summary\r\n\r\nUpgrade `mocha` from
10.1.0 to
10.3.0\r\n\r\n[Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"751c86bc96bb598a3ad319b2723ef1dc661c4218"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203500","number":203500,"mergeCommit":{"message":"Upgrade
mocha to 10.3.0 (#203500)\n\n## Summary\r\n\r\nUpgrade `mocha` from
10.1.0 to
10.3.0\r\n\r\n[Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"751c86bc96bb598a3ad319b2723ef1dc661c4218"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
---
 package.json |   2 +-
 yarn.lock    | 248 ++++++++++++++++++++++-----------------------------
 2 files changed, 109 insertions(+), 141 deletions(-)

diff --git a/package.json b/package.json
index 323f29039a578..3845ecb68631f 100644
--- a/package.json
+++ b/package.json
@@ -1773,7 +1773,7 @@
     "micromatch": "^4.0.8",
     "mini-css-extract-plugin": "1.1.0",
     "minimist": "^1.2.6",
-    "mocha": "^10.1.0",
+    "mocha": "^10.3.0",
     "mocha-junit-reporter": "^2.0.2",
     "mocha-multi-reporters": "^1.5.1",
     "mochawesome": "^7.1.3",
diff --git a/yarn.lock b/yarn.lock
index ffa976938ed6b..e75520f7e6c07 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -12458,11 +12458,6 @@ ansi-align@^3.0.0:
   dependencies:
     string-width "^4.1.0"
 
-ansi-colors@4.1.1, ansi-colors@^4.1.1:
-  version "4.1.1"
-  resolved "https://registry.yarnpkg.com/ansi-colors/-/ansi-colors-4.1.1.tgz#cbb9ae256bf750af1eab344f229aa27fe94ba348"
-  integrity sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==
-
 ansi-colors@^1.0.1:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/ansi-colors/-/ansi-colors-1.1.0.tgz#6374b4dd5d4718ff3ce27a671a3b1cad077132a9"
@@ -12475,6 +12470,11 @@ ansi-colors@^3.0.0:
   resolved "https://registry.yarnpkg.com/ansi-colors/-/ansi-colors-3.2.4.tgz#e3a3da4bfbae6c86a9c285625de124a234026fbf"
   integrity sha512-hHUXGagefjN2iRrID63xckIvotOXOojhQKWIPUZ4mNUZ9nLZW+7FMNoE1lOkEhNWYsx/7ysGIuJYCiMAA9FnrA==
 
+ansi-colors@^4.1.1, ansi-colors@^4.1.3:
+  version "4.1.3"
+  resolved "https://registry.yarnpkg.com/ansi-colors/-/ansi-colors-4.1.3.tgz#37611340eb2243e70cc604cad35d63270d48781b"
+  integrity sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==
+
 ansi-escapes@^4.2.1, ansi-escapes@^4.3.0, ansi-escapes@^4.3.2:
   version "4.3.2"
   resolved "https://registry.yarnpkg.com/ansi-escapes/-/ansi-escapes-4.3.2.tgz#6b2291d1db7d98b6521d5f1efa42d0f3a9feb65e"
@@ -13704,7 +13704,7 @@ brotli@^1.2.0:
   dependencies:
     base64-js "^1.1.2"
 
-browser-stdout@1.3.1:
+browser-stdout@^1.3.1:
   version "1.3.1"
   resolved "https://registry.yarnpkg.com/browser-stdout/-/browser-stdout-1.3.1.tgz#baa559ee14ced73452229bad7326467c61fabd60"
   integrity sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==
@@ -14257,7 +14257,7 @@ child-process-promise@^2.2.1:
     node-version "^1.0.0"
     promise-polyfill "^6.0.1"
 
-chokidar@3.5.3, chokidar@^2.1.2, chokidar@^2.1.8, chokidar@^3.4.0, chokidar@^3.4.1, chokidar@^3.4.2, chokidar@^3.5.1, chokidar@^3.5.3:
+chokidar@^2.1.2, chokidar@^2.1.8, chokidar@^3.4.0, chokidar@^3.4.1, chokidar@^3.4.2, chokidar@^3.5.1, chokidar@^3.5.3:
   version "3.5.3"
   resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.5.3.tgz#1cf37c8707b932bd1af1ae22c0432e2acd1903bd"
   integrity sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==
@@ -14925,16 +14925,21 @@ cookie-signature@1.0.6:
   resolved "https://registry.yarnpkg.com/cookie-signature/-/cookie-signature-1.0.6.tgz#e303a882b342cc3ee8ca513a79999734dab3ae2c"
   integrity sha1-4wOogrNCzD7oylE6eZmXNNqzriw=
 
-cookie@0.6.0, cookie@^0.6.0:
-  version "0.6.0"
-  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"
-  integrity sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==
+cookie@0.7.1:
+  version "0.7.1"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.7.1.tgz#2f73c42142d5d5cf71310a74fc4ae61670e5dbc9"
+  integrity sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==
 
 cookie@^0.5.0:
   version "0.5.0"
   resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.5.0.tgz#d1f5d71adec6558c58f389987c366aa47e994f8b"
   integrity sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==
 
+cookie@^0.6.0:
+  version "0.6.0"
+  resolved "https://registry.yarnpkg.com/cookie/-/cookie-0.6.0.tgz#2798b04b071b0ecbff0dbb62a505a8efa4e19051"
+  integrity sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==
+
 cookiejar@^2.1.4:
   version "2.1.4"
   resolved "https://registry.yarnpkg.com/cookiejar/-/cookiejar-2.1.4.tgz#ee669c1fea2cf42dc31585469d193fef0d65771b"
@@ -16378,11 +16383,6 @@ diff-sequences@^29.6.3:
   resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-29.6.3.tgz#4deaf894d11407c51efc8418012f9e70b84ea921"
   integrity sha512-EjePK1srD3P08o2j4f0ExnylqRs5B9tJjcp9t1krH2qRi8CCdsYfwe9JgSLurFBWwq4uOlipzfk5fHNvwFKr8Q==
 
-diff@5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/diff/-/diff-5.0.0.tgz#7ed6ad76d859d030787ec35855f5b1daf31d852b"
-  integrity sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==
-
 diff@^3.5.0:
   version "3.5.0"
   resolved "https://registry.yarnpkg.com/diff/-/diff-3.5.0.tgz#800c0dd1e0a8bfbc95835c202ad220fe317e5a12"
@@ -16393,10 +16393,10 @@ diff@^4.0.1:
   resolved "https://registry.yarnpkg.com/diff/-/diff-4.0.2.tgz#60f3aecb89d5fae520c11aa19efc2bb982aade7d"
   integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==
 
-diff@^5.0.0, diff@^5.1.0:
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/diff/-/diff-5.1.0.tgz#bc52d298c5ea8df9194800224445ed43ffc87e40"
-  integrity sha512-D+mk+qE8VC/PAUrlAU34N+VfXev0ghe5ywmpqrawphmVZc1bEfn56uo9qpyGp1p4xpzOHkSW4ztBd6L7Xx4ACw==
+diff@^5.0.0, diff@^5.1.0, diff@^5.2.0:
+  version "5.2.0"
+  resolved "https://registry.yarnpkg.com/diff/-/diff-5.2.0.tgz#26ded047cd1179b78b9537d5ef725503ce1ae531"
+  integrity sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A==
 
 diffie-hellman@^5.0.0:
   version "5.0.2"
@@ -17187,11 +17187,6 @@ escape-html@^1.0.3, escape-html@~1.0.3:
   resolved "https://registry.yarnpkg.com/escape-html/-/escape-html-1.0.3.tgz#0258eae4d3d0c0974de1c169188ef0051d1d1988"
   integrity sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg=
 
-escape-string-regexp@4.0.0, escape-string-regexp@^4.0.0:
-  version "4.0.0"
-  resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34"
-  integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==
-
 escape-string-regexp@^1.0.2, escape-string-regexp@^1.0.5:
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
@@ -17202,6 +17197,11 @@ escape-string-regexp@^2.0.0:
   resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz#a30304e99daa32e23b2fd20f51babd07cffca344"
   integrity sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w==
 
+escape-string-regexp@^4.0.0:
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34"
+  integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==
+
 escodegen@^2.0.0, escodegen@^2.1.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-2.1.0.tgz#ba93bbb7a43986d29d6041f99f5262da773e2e17"
@@ -17781,7 +17781,7 @@ express@^4.17.1, express@^4.17.3, express@^4.18.2, express@^4.21.2:
     body-parser "1.20.3"
     content-disposition "0.5.4"
     content-type "~1.0.4"
-    cookie "0.6.0"
+    cookie "0.7.1"
     cookie-signature "1.0.6"
     debug "2.6.9"
     depd "2.0.0"
@@ -18232,14 +18232,6 @@ find-test-names@1.28.18, find-test-names@^1.19.0:
     globby "^11.0.4"
     simple-bin-help "^1.8.0"
 
-find-up@5.0.0, find-up@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/find-up/-/find-up-5.0.0.tgz#4c92819ecb7083561e4f4a240a86be5198f536fc"
-  integrity sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==
-  dependencies:
-    locate-path "^6.0.0"
-    path-exists "^4.0.0"
-
 find-up@^1.0.0:
   version "1.1.2"
   resolved "https://registry.yarnpkg.com/find-up/-/find-up-1.1.2.tgz#6b2e9822b1a2ce0a60ab64d610eccad53cb24d0f"
@@ -18263,6 +18255,14 @@ find-up@^4.0.0, find-up@^4.1.0:
     locate-path "^5.0.0"
     path-exists "^4.0.0"
 
+find-up@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/find-up/-/find-up-5.0.0.tgz#4c92819ecb7083561e4f4a240a86be5198f536fc"
+  integrity sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==
+  dependencies:
+    locate-path "^6.0.0"
+    path-exists "^4.0.0"
+
 flat-cache@^3.0.4:
   version "3.0.4"
   resolved "https://registry.yarnpkg.com/flat-cache/-/flat-cache-3.0.4.tgz#61b0338302b2fe9f957dcc32fc2a87f1c3048b11"
@@ -18946,19 +18946,7 @@ glob@7.1.6:
     once "^1.3.0"
     path-is-absolute "^1.0.0"
 
-glob@7.2.0:
-  version "7.2.0"
-  resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.0.tgz#d15535af7732e02e948f4c41628bd910293f6023"
-  integrity sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==
-  dependencies:
-    fs.realpath "^1.0.0"
-    inflight "^1.0.4"
-    inherits "2"
-    minimatch "^3.0.4"
-    once "^1.3.0"
-    path-is-absolute "^1.0.0"
-
-glob@8.1.0:
+glob@8.1.0, glob@^8.1.0:
   version "8.1.0"
   resolved "https://registry.yarnpkg.com/glob/-/glob-8.1.0.tgz#d388f656593ef708ee3e34640fdfb99a9fd1c33e"
   integrity sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==
@@ -19572,7 +19560,7 @@ hdr-histogram-percentiles-obj@^3.0.0:
   resolved "https://registry.yarnpkg.com/hdr-histogram-percentiles-obj/-/hdr-histogram-percentiles-obj-3.0.0.tgz#9409f4de0c2dda78e61de2d9d78b1e9f3cba283c"
   integrity sha512-7kIufnBqdsBGcSZLPJwqHT3yhk1QTsSlFsVD3kx5ixH/AlgBs9yM1q6DPhXZ8f8gtdqgh7N7/5btRLpQsS2gHw==
 
-he@1.2.0, he@^1.2.0:
+he@^1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f"
   integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==
@@ -21678,13 +21666,6 @@ js-tiktoken@^1.0.12:
   resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"
   integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==
 
-js-yaml@4.1.0, js-yaml@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"
-  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
-  dependencies:
-    argparse "^2.0.1"
-
 js-yaml@^3.13.1, js-yaml@^3.14.1:
   version "3.14.1"
   resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537"
@@ -21693,6 +21674,13 @@ js-yaml@^3.13.1, js-yaml@^3.14.1:
     argparse "^1.0.7"
     esprima "^4.0.0"
 
+js-yaml@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"
+  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
+  dependencies:
+    argparse "^2.0.1"
+
 jsbn@1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-1.1.0.tgz#b01307cb29b618a1ed26ec79e911f803c4da0040"
@@ -22515,14 +22503,6 @@ lodash@^4.17.10, lodash@^4.17.13, lodash@^4.17.15, lodash@^4.17.19, lodash@^4.17
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c"
   integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==
 
-log-symbols@4.1.0, log-symbols@^4.0.0, log-symbols@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-4.1.0.tgz#3fbdbb95b4683ac9fc785111e792e558d4abd503"
-  integrity sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==
-  dependencies:
-    chalk "^4.1.0"
-    is-unicode-supported "^0.1.0"
-
 log-symbols@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-3.0.0.tgz#f3a08516a5dea893336a7dee14d18a1cfdab77c4"
@@ -22530,6 +22510,14 @@ log-symbols@^3.0.0:
   dependencies:
     chalk "^2.4.2"
 
+log-symbols@^4.0.0, log-symbols@^4.1.0:
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-4.1.0.tgz#3fbdbb95b4683ac9fc785111e792e558d4abd503"
+  integrity sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==
+  dependencies:
+    chalk "^4.1.0"
+    is-unicode-supported "^0.1.0"
+
 log-update@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/log-update/-/log-update-4.0.0.tgz#589ecd352471f2a1c0c570287543a64dfd20e0a1"
@@ -23309,13 +23297,6 @@ minimalistic-crypto-utils@^1.0.1:
   resolved "https://registry.yarnpkg.com/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz#f6c00c1c0b082246e5c4d99dfb8c7c083b2b582a"
   integrity sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=
 
-minimatch@5.0.1:
-  version "5.0.1"
-  resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.0.1.tgz#fb9022f7528125187c92bd9e9b6366be1cf3415b"
-  integrity sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==
-  dependencies:
-    brace-expansion "^2.0.1"
-
 minimatch@^3.0.2, minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2:
   version "3.1.2"
   resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b"
@@ -23323,7 +23304,7 @@ minimatch@^3.0.2, minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatc
   dependencies:
     brace-expansion "^1.1.7"
 
-minimatch@^5.0.1, minimatch@^5.1.0:
+minimatch@^5.0.1, minimatch@^5.1.0, minimatch@^5.1.6:
   version "5.1.6"
   resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.1.6.tgz#1cfcb8cf5522ea69952cd2af95ae09477f122a96"
   integrity sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==
@@ -23530,32 +23511,31 @@ mocha-multi-reporters@^1.5.1:
     debug "^4.1.1"
     lodash "^4.17.15"
 
-mocha@^10.1.0:
-  version "10.1.0"
-  resolved "https://registry.yarnpkg.com/mocha/-/mocha-10.1.0.tgz#dbf1114b7c3f9d0ca5de3133906aea3dfc89ef7a"
-  integrity sha512-vUF7IYxEoN7XhQpFLxQAEMtE4W91acW4B6En9l97MwE9stL1A9gusXfoHZCLVHDUJ/7V5+lbCM6yMqzo5vNymg==
+mocha@^10.3.0:
+  version "10.8.2"
+  resolved "https://registry.yarnpkg.com/mocha/-/mocha-10.8.2.tgz#8d8342d016ed411b12a429eb731b825f961afb96"
+  integrity sha512-VZlYo/WE8t1tstuRmqgeyBgCbJc/lEdopaa+axcKzTBJ+UIdlAB9XnmvTCAH4pwR4ElNInaedhEBmZD8iCSVEg==
   dependencies:
-    ansi-colors "4.1.1"
-    browser-stdout "1.3.1"
-    chokidar "3.5.3"
-    debug "4.3.4"
-    diff "5.0.0"
-    escape-string-regexp "4.0.0"
-    find-up "5.0.0"
-    glob "7.2.0"
-    he "1.2.0"
-    js-yaml "4.1.0"
-    log-symbols "4.1.0"
-    minimatch "5.0.1"
-    ms "2.1.3"
-    nanoid "3.3.3"
-    serialize-javascript "6.0.0"
-    strip-json-comments "3.1.1"
-    supports-color "8.1.1"
-    workerpool "6.2.1"
-    yargs "16.2.0"
-    yargs-parser "20.2.4"
-    yargs-unparser "2.0.0"
+    ansi-colors "^4.1.3"
+    browser-stdout "^1.3.1"
+    chokidar "^3.5.3"
+    debug "^4.3.5"
+    diff "^5.2.0"
+    escape-string-regexp "^4.0.0"
+    find-up "^5.0.0"
+    glob "^8.1.0"
+    he "^1.2.0"
+    js-yaml "^4.1.0"
+    log-symbols "^4.1.0"
+    minimatch "^5.1.6"
+    ms "^2.1.3"
+    serialize-javascript "^6.0.2"
+    strip-json-comments "^3.1.1"
+    supports-color "^8.1.1"
+    workerpool "^6.5.1"
+    yargs "^16.2.0"
+    yargs-parser "^20.2.9"
+    yargs-unparser "^2.0.0"
 
 mochawesome-merge@^4.3.0:
   version "4.3.0"
@@ -23893,11 +23873,6 @@ nano-css@^5.2.1:
     stacktrace-js "^2.0.0"
     stylis "3.5.0"
 
-nanoid@3.3.3:
-  version "3.3.3"
-  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.3.tgz#fd8e8b7aa761fe807dba2d1b98fb7241bb724a25"
-  integrity sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==
-
 nanoid@3.3.6:
   version "3.3.6"
   resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.6.tgz#443380c856d6e9f9824267d960b4236ad583ea4c"
@@ -28379,13 +28354,6 @@ send@0.19.0:
     range-parser "~1.2.1"
     statuses "2.0.1"
 
-serialize-javascript@6.0.0:
-  version "6.0.0"
-  resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.0.tgz#efae5d88f45d7924141da8b5c3a7a7e663fefeb8"
-  integrity sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==
-  dependencies:
-    randombytes "^2.1.0"
-
 serialize-javascript@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-4.0.0.tgz#b525e1238489a5ecfc42afacc3fe99e666f4b1aa"
@@ -28400,7 +28368,7 @@ serialize-javascript@^5.0.1:
   dependencies:
     randombytes "^2.1.0"
 
-serialize-javascript@^6.0.1:
+serialize-javascript@^6.0.1, serialize-javascript@^6.0.2:
   version "6.0.2"
   resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2"
   integrity sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==
@@ -29589,7 +29557,7 @@ strip-indent@^3.0.0:
   dependencies:
     min-indent "^1.0.0"
 
-strip-json-comments@3.1.1, strip-json-comments@^3.1.1:
+strip-json-comments@^3.1.1:
   version "3.1.1"
   resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006"
   integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==
@@ -29774,13 +29742,6 @@ supertest@^7.0.0:
     methods "^1.1.2"
     superagent "^9.0.1"
 
-supports-color@8.1.1, supports-color@^8.0.0, supports-color@^8.1.1:
-  version "8.1.1"
-  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c"
-  integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==
-  dependencies:
-    has-flag "^4.0.0"
-
 supports-color@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-2.0.0.tgz#535d045ce6b6363fa40117084629995e9df324c7"
@@ -29800,6 +29761,13 @@ supports-color@^7.0.0, supports-color@^7.1.0:
   dependencies:
     has-flag "^4.0.0"
 
+supports-color@^8.0.0, supports-color@^8.1.1:
+  version "8.1.1"
+  resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c"
+  integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==
+  dependencies:
+    has-flag "^4.0.0"
+
 supports-hyperlinks@^2.0.0, supports-hyperlinks@^2.2.0:
   version "2.2.0"
   resolved "https://registry.yarnpkg.com/supports-hyperlinks/-/supports-hyperlinks-2.2.0.tgz#4f77b42488765891774b70c79babd87f9bd594bb"
@@ -32435,10 +32403,10 @@ worker-rpc@^0.1.0:
   dependencies:
     microevent.ts "~0.1.1"
 
-workerpool@6.2.1:
-  version "6.2.1"
-  resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.2.1.tgz#46fc150c17d826b86a008e5a4508656777e9c343"
-  integrity sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==
+workerpool@^6.5.1:
+  version "6.5.1"
+  resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.5.1.tgz#060f73b39d0caf97c6db64da004cd01b4c099544"
+  integrity sha512-Fs4dNYcsdpYSAfVxhnl1L5zTksjvOJxtC5hzMNl+1t9B8hTJTdKDyZ5ju7ztgPy+ft9tBFXoOlDNiOT9WUXZlA==
 
 "wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0:
   version "7.0.0"
@@ -32665,11 +32633,6 @@ yaml@^2.5.1:
   resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.5.1.tgz#c9772aacf62cb7494a95b0c4f1fb065b563db130"
   integrity sha512-bLQOjaX/ADgQ20isPJRvF0iRUHIxVhYvr53Of7wGcWlO2jvtUlH5m87DsmulFVxRpNLOnI4tB6p/oh8D7kpn9Q==
 
-yargs-parser@20.2.4, yargs-parser@^20.2.2, yargs-parser@^20.2.3:
-  version "20.2.4"
-  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.4.tgz#b42890f14566796f85ae8e3a25290d205f154a54"
-  integrity sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==
-
 yargs-parser@^18.1.2:
   version "18.1.3"
   resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-18.1.3.tgz#be68c4975c6b2abf469236b0c870362fab09a7b0"
@@ -32678,12 +32641,17 @@ yargs-parser@^18.1.2:
     camelcase "^5.0.0"
     decamelize "^1.2.0"
 
+yargs-parser@^20.2.2, yargs-parser@^20.2.3, yargs-parser@^20.2.9:
+  version "20.2.9"
+  resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee"
+  integrity sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==
+
 yargs-parser@^21.0.0, yargs-parser@^21.1.1:
   version "21.1.1"
   resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35"
   integrity sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==
 
-yargs-unparser@2.0.0:
+yargs-unparser@^2.0.0:
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/yargs-unparser/-/yargs-unparser-2.0.0.tgz#f131f9226911ae5d9ad38c432fe809366c2325eb"
   integrity sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==
@@ -32693,19 +32661,6 @@ yargs-unparser@2.0.0:
     flat "^5.0.2"
     is-plain-obj "^2.1.0"
 
-yargs@16.2.0:
-  version "16.2.0"
-  resolved "https://registry.yarnpkg.com/yargs/-/yargs-16.2.0.tgz#1c82bf0f6b6a66eafce7ef30e376f49a12477f66"
-  integrity sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==
-  dependencies:
-    cliui "^7.0.2"
-    escalade "^3.1.1"
-    get-caller-file "^2.0.5"
-    require-directory "^2.1.1"
-    string-width "^4.2.0"
-    y18n "^5.0.5"
-    yargs-parser "^20.2.2"
-
 yargs@17.0.1:
   version "17.0.1"
   resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.0.1.tgz#6a1ced4ed5ee0b388010ba9fd67af83b9362e0bb"
@@ -32736,6 +32691,19 @@ yargs@^15.0.2, yargs@^15.3.1, yargs@^15.4.1:
     y18n "^4.0.0"
     yargs-parser "^18.1.2"
 
+yargs@^16.2.0:
+  version "16.2.0"
+  resolved "https://registry.yarnpkg.com/yargs/-/yargs-16.2.0.tgz#1c82bf0f6b6a66eafce7ef30e376f49a12477f66"
+  integrity sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==
+  dependencies:
+    cliui "^7.0.2"
+    escalade "^3.1.1"
+    get-caller-file "^2.0.5"
+    require-directory "^2.1.1"
+    string-width "^4.2.0"
+    y18n "^5.0.5"
+    yargs-parser "^20.2.2"
+
 yargs@^17.0.1, yargs@^17.2.1, yargs@^17.3.1, yargs@^17.7.1, yargs@^17.7.2:
   version "17.7.2"
   resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.2.tgz#991df39aca675a192b816e1e0363f9d75d2aa269"

From 61ec11901edb6d13c1e6f03de5a53aa827f76354 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Fri, 13 Dec 2024 10:07:07 +1100
Subject: [PATCH 3/6] [8.16] Update data-views.asciidoc (#203854) (#204146)

# Backport

This will backport the following commits from `main` to `8.16`:
- [Update data-views.asciidoc
(#203854)](https://github.com/elastic/kibana/pull/203854)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Brandon
Morelli","email":"brandon.morelli@elastic.co"},"sourceCommit":{"committedDate":"2024-12-12T22:36:58Z","message":"Update
data-views.asciidoc (#203854)\n\n## Summary\n\nRemove backticks from two
code
blocks.","sha":"60399abab13b5bf0b7c370fc5f3d24e6f2de59ce","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-major"],"title":"Update
data-views.asciidoc","number":203854,"url":"https://github.com/elastic/kibana/pull/203854","mergeCommit":{"message":"Update
data-views.asciidoc (#203854)\n\n## Summary\n\nRemove backticks from two
code
blocks.","sha":"60399abab13b5bf0b7c370fc5f3d24e6f2de59ce"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203854","number":203854,"mergeCommit":{"message":"Update
data-views.asciidoc (#203854)\n\n## Summary\n\nRemove backticks from two
code blocks.","sha":"60399abab13b5bf0b7c370fc5f3d24e6f2de59ce"}}]}]
BACKPORT-->

Co-authored-by: Brandon Morelli <brandon.morelli@elastic.co>
---
 docs/concepts/data-views.asciidoc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/concepts/data-views.asciidoc b/docs/concepts/data-views.asciidoc
index 2a260e611a060..02922b2989762 100644
--- a/docs/concepts/data-views.asciidoc
+++ b/docs/concepts/data-views.asciidoc
@@ -142,14 +142,14 @@ To match indices starting with `logstash-`, but exclude those starting with `log
 all clusters having a name starting with `cluster_`:
 
 ```ts
-`cluster_*:logstash-*,cluster_*:-logstash-old*`
+cluster_*:logstash-*,cluster_*:-logstash-old*
 ```
 
 Excluding a cluster avoids sending any network calls to that cluster.
 To exclude a cluster with the name `cluster_one`:
 
 ```ts
-`cluster_*:logstash-*,-cluster_one:*`
+cluster_*:logstash-*,-cluster_one:*
 ```
 
 Once you configure a {data-source} to use the {ccs} syntax, all searches and
@@ -182,4 +182,4 @@ for {data-sources} with a high field count that span a large number of indices a
 list is updated every couple of minutes in typical {kib} usage. Alternatively, use the refresh button on the {data-source} 
 management detail page to get an updated field list. A force reload of {kib} has the same effect. 
 
-The field list may be impacted by changes in indices and user permissions.
\ No newline at end of file
+The field list may be impacted by changes in indices and user permissions.

From cbcb1cb5622476949bb6aef24a7ca649818faaee Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic
 <137783811+natasha-moore-elastic@users.noreply.github.com>
Date: Fri, 13 Dec 2024 09:54:42 +0000
Subject: [PATCH 4/6] [8.16] [DOCS] Adds conceptual content to API docs
 (#202305) (#204108)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[DOCS] Adds conceptual content to API docs
(#202305)](https://github.com/elastic/kibana/pull/202305)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"natasha-moore-elastic","email":"137783811+natasha-moore-elastic@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-12-12T16:53:29Z","message":"[DOCS]
Adds conceptual content to API docs (#202305)\n\n##
Summary\r\n\r\nResolves
https://github.com/elastic/security-docs-internal/issues/49.\r\n\r\nIn
order to retire asciidoc API docs, we first need to move over
any\r\nrelevant content from those docs to the API reference site. This
PR adds\r\nthe relevant conceptual information
from:\r\n\r\n-\r\nhttps://www.elastic.co/guide/en/security/master/exceptions-api-overview.html\r\n-\r\nhttps://www.elastic.co/guide/en/security/master/lists-api-overview.html\r\n-
https://www.elastic.co/guide/en/security/master/rule-api-overview.html\r\n\r\n###
Previews:\r\nBump previews expire after 30min, so I'm providing
screenshots below:\r\n\r\nDetections
preview:\r\n\r\n![detections_preview](https://github.com/user-attachments/assets/c47b9d85-b5d0-4a32-8668-dc1ae2215681)\r\n\r\nExceptions
preview:\r\n\r\n![exceptions_preview](https://github.com/user-attachments/assets/b3fe9139-2162-4c56-bba9-751dffa11cb4)\r\n\r\nLists
preview:\r\n\r\n![lists_preview](https://github.com/user-attachments/assets/1c714f17-825d-45c7-8112-cc3d25c51047)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"cebcf01d35b84308e1ca9eabed694864a9e39ed9","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","v9.0.0","Feature:Detection
Rules","docs","Team:Detections and Resp","Feature:Rule
Exceptions","APIDocs","Team:Detection Rule Management","Team:Detection
Engine","backport:version","v8.17.0","v8.16.2"],"number":202305,"url":"https://github.com/elastic/kibana/pull/202305","mergeCommit":{"message":"[DOCS]
Adds conceptual content to API docs (#202305)\n\n##
Summary\r\n\r\nResolves
https://github.com/elastic/security-docs-internal/issues/49.\r\n\r\nIn
order to retire asciidoc API docs, we first need to move over
any\r\nrelevant content from those docs to the API reference site. This
PR adds\r\nthe relevant conceptual information
from:\r\n\r\n-\r\nhttps://www.elastic.co/guide/en/security/master/exceptions-api-overview.html\r\n-\r\nhttps://www.elastic.co/guide/en/security/master/lists-api-overview.html\r\n-
https://www.elastic.co/guide/en/security/master/rule-api-overview.html\r\n\r\n###
Previews:\r\nBump previews expire after 30min, so I'm providing
screenshots below:\r\n\r\nDetections
preview:\r\n\r\n![detections_preview](https://github.com/user-attachments/assets/c47b9d85-b5d0-4a32-8668-dc1ae2215681)\r\n\r\nExceptions
preview:\r\n\r\n![exceptions_preview](https://github.com/user-attachments/assets/b3fe9139-2162-4c56-bba9-751dffa11cb4)\r\n\r\nLists
preview:\r\n\r\n![lists_preview](https://github.com/user-attachments/assets/1c714f17-825d-45c7-8112-cc3d25c51047)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"cebcf01d35b84308e1ca9eabed694864a9e39ed9"}},"sourceBranch":"main","suggestedTargetBranches":["8.17","8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/202305","number":202305,"mergeCommit":{"message":"[DOCS]
Adds conceptual content to API docs (#202305)\n\n##
Summary\r\n\r\nResolves
https://github.com/elastic/security-docs-internal/issues/49.\r\n\r\nIn
order to retire asciidoc API docs, we first need to move over
any\r\nrelevant content from those docs to the API reference site. This
PR adds\r\nthe relevant conceptual information
from:\r\n\r\n-\r\nhttps://www.elastic.co/guide/en/security/master/exceptions-api-overview.html\r\n-\r\nhttps://www.elastic.co/guide/en/security/master/lists-api-overview.html\r\n-
https://www.elastic.co/guide/en/security/master/rule-api-overview.html\r\n\r\n###
Previews:\r\nBump previews expire after 30min, so I'm providing
screenshots below:\r\n\r\nDetections
preview:\r\n\r\n![detections_preview](https://github.com/user-attachments/assets/c47b9d85-b5d0-4a32-8668-dc1ae2215681)\r\n\r\nExceptions
preview:\r\n\r\n![exceptions_preview](https://github.com/user-attachments/assets/b3fe9139-2162-4c56-bba9-751dffa11cb4)\r\n\r\nLists
preview:\r\n\r\n![lists_preview](https://github.com/user-attachments/assets/1c714f17-825d-45c7-8112-cc3d25c51047)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"cebcf01d35b84308e1ca9eabed694864a9e39ed9"}},{"branch":"8.17","label":"v8.17.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.2","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
---
 oas_docs/output/kibana.yaml                   | 68 ++++++++++++++++-
 ...eptions_api_2023_10_31.bundled.schema.yaml | 54 ++++++++++++-
 ...eptions_api_2023_10_31.bundled.schema.yaml | 54 ++++++++++++-
 .../scripts/openapi_bundle.js                 | 32 +-------
 .../exceptions_ess.info.yaml                  | 26 +++++++
 .../exceptions_serverless.info.yaml           | 26 +++++++
 ...n_lists_api_2023_10_31.bundled.schema.yaml | 75 ++++++++++++++++++-
 ...n_lists_api_2023_10_31.bundled.schema.yaml | 75 ++++++++++++++++++-
 .../scripts/openapi_bundle.js                 | 30 +-------
 .../openapi_bundle_info/lists_ess.info.yaml   | 49 ++++++++++++
 .../lists_serverless.info.yaml                | 49 ++++++++++++
 ...ections_api_2023_10_31.bundled.schema.yaml | 28 +++++--
 ...ections_api_2023_10_31.bundled.schema.yaml | 28 +++++--
 .../scripts/openapi/bundle_detections.js      | 38 ++--------
 .../detections_ess.info.yaml                  | 14 ++++
 .../detections_serverless.info.yaml           | 14 ++++
 16 files changed, 545 insertions(+), 115 deletions(-)
 create mode 100644 packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_ess.info.yaml
 create mode 100644 packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_serverless.info.yaml
 create mode 100644 packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_ess.info.yaml
 create mode 100644 packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_serverless.info.yaml
 create mode 100644 x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_ess.info.yaml
 create mode 100644 x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_serverless.info.yaml

diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml
index 98dd14d116985..a78e7066126df 100644
--- a/oas_docs/output/kibana.yaml
+++ b/oas_docs/output/kibana.yaml
@@ -120,7 +120,12 @@ tags:
   - description: Manage and interact with Security Assistant resources.
     name: Security AI Assistant API
     x-displayName: Security AI assistant
-  - description: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.
+  - description: |
+      Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged.
+      > warn
+      > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.
+
+      > If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.
     name: Security Detections API
     x-displayName: Security detections
   - description: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.
@@ -132,10 +137,67 @@ tags:
   - description: ''
     name: Security Entity Analytics API
     x-displayName: Security entity analytics
-  - description: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.
+  - description: |
+      Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.
+
+      Exceptions are made up of:
+
+      * **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.
+      * **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert.
+
+      For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.
+      > info
+      > You cannot use lists with endpoint rule exceptions.
+
+      > info
+      > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.
+
+      ## Exceptions requirements
+
+      Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui).
     name: Security Exceptions API
     x-displayName: Security exceptions
-  - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items.
+  - description: |
+      Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts.
+
+      Lists are made up of:
+
+      * **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used:
+          * `boolean`
+          * `byte`
+          * `date`
+          * `date_nanos`
+          * `date_range`
+          * `double`
+          * `double_range`
+          * `float`
+          * `float_range`
+          * `half_float`
+          * `integer`
+          * `integer_range`
+          * `ip`
+          * `ip_range`
+          * `keyword`
+          * `long`
+          * `long_range`
+          * `short`
+          * `text`
+      * **List items**: The values used to determine whether the exception prevents an alert from being generated.
+
+      All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address:
+      1. `192.168.1.1`
+      2. `192.168.1.3`
+      3. `192.168.1.18`
+      4. `192.168.1.12`
+      5. `192.168.1.7`
+
+      To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list.
+      > info
+      > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object.
+
+      ## Lists requirements
+
+      Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements.
     name: Security Lists API
     x-displayName: Security lists
   - description: Run live queries, manage packs and saved queries.
diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml
index ac08ffe99ef3a..270c977c377a2 100644
--- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml
+++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml
@@ -1853,9 +1853,55 @@ components:
 security:
   - BasicAuth: []
 tags:
-  - description: >-
-      Exceptions API allows you to manage detection rule exceptions to prevent a
-      rule from generating an alert from incoming events even when the rule's
-      other criteria are met.
+  - description: >
+      Exceptions are associated with detection and endpoint rules, and are used
+      to prevent a rule from generating an alert from incoming events, even when
+      the rule's other criteria are met. They can help reduce the number of
+      false positives and prevent trusted processes and network activity from
+      generating unnecessary alerts.
+
+
+      Exceptions are made up of:
+
+
+      * **Exception containers**: A container for related exceptions. Generally,
+      a single exception container contains all the exception items relevant for
+      a subset of rules. For example, a container can be used to group together
+      network-related exceptions that are relevant for a large number of network
+      rules. The container can then be associated with all the relevant rules.
+
+      * **Exception items**: The query (fields, values, and logic) used to
+      prevent rules from generating alerts. When an exception item's query
+      evaluates to `true`, the rule does not generate an alert.
+
+
+      For detection rules, you can also use lists to define rule exceptions. A
+      list holds multiple values of the same Elasticsearch data type, such as IP
+      addresses. These values are used to determine when an exception prevents
+      an alert from being generated.
+
+      > info
+
+      > You cannot use lists with endpoint rule exceptions.
+
+
+      > info
+
+      > Only exception containers can be associated with rules. You cannot
+      directly associate an exception item or a list container with a rule. To
+      use list exceptions, create an exception item that references the relevant
+      list container.
+
+
+      ## Exceptions requirements
+
+
+      Before you can start working with exceptions that use value lists, you
+      must create the `.lists` and `.items` data streams for the relevant Kibana
+      space. To do this, use the [Create list data
+      streams](../operation/operation-createlistindex) endpoint. Once these data
+      streams are created, your role needs privileges to manage rules. For a
+      complete list of requirements, refer to [Enable and access
+      detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui).
     name: Security Exceptions API
     x-displayName: Security exceptions
diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml
index 3ec5d97ca8eec..ec250e4643ed0 100644
--- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml
+++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml
@@ -1853,9 +1853,55 @@ components:
 security:
   - BasicAuth: []
 tags:
-  - description: >-
-      Exceptions API allows you to manage detection rule exceptions to prevent a
-      rule from generating an alert from incoming events even when the rule's
-      other criteria are met.
+  - description: >
+      Exceptions are associated with detection and endpoint rules, and are used
+      to prevent a rule from generating an alert from incoming events, even when
+      the rule's other criteria are met. They can help reduce the number of
+      false positives and prevent trusted processes and network activity from
+      generating unnecessary alerts.
+
+
+      Exceptions are made up of:
+
+
+      * **Exception containers**: A container for related exceptions. Generally,
+      a single exception container contains all the exception items relevant for
+      a subset of rules. For example, a container can be used to group together
+      network-related exceptions that are relevant for a large number of network
+      rules. The container can then be associated with all the relevant rules.
+
+      * **Exception items**: The query (fields, values, and logic) used to
+      prevent rules from generating alerts. When an exception item's query
+      evaluates to `true`, the rule does not generate an alert.
+
+
+      For detection rules, you can also use lists to define rule exceptions. A
+      list holds multiple values of the same Elasticsearch data type, such as IP
+      addresses. These values are used to determine when an exception prevents
+      an alert from being generated.
+
+      > info
+
+      > You cannot use lists with endpoint rule exceptions.
+
+
+      > info
+
+      > Only exception containers can be associated with rules. You cannot
+      directly associate an exception item or a list container with a rule. To
+      use list exceptions, create an exception item that references the relevant
+      list container.
+
+
+      ## Exceptions requirements
+
+
+      Before you can start working with exceptions that use value lists, you
+      must create the `.lists` and `.items` data streams for the relevant Kibana
+      space. To do this, use the [Create list data
+      streams](../operation/operation-createlistindex) endpoint. Once these data
+      streams are created, your role needs privileges to manage rules. For a
+      complete list of requirements, refer to [Enable and access
+      detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui).
     name: Security Exceptions API
     x-displayName: Security exceptions
diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js
index 83c84d91daaf5..70299e56eac2e 100644
--- a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js
+++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js
@@ -22,21 +22,7 @@ const ROOT = resolve(__dirname, '..');
     ),
     options: {
       includeLabels: ['serverless'],
-      prototypeDocument: {
-        info: {
-          title: 'Security Exceptions API (Elastic Cloud Serverless)',
-          description:
-            "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.",
-        },
-        tags: [
-          {
-            name: 'Security Exceptions API',
-            'x-displayName': 'Security exceptions',
-            description:
-              "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.",
-          },
-        ],
-      },
+      prototypeDocument: join(ROOT, 'scripts/openapi_bundle_info/exceptions_serverless.info.yaml'),
     },
   });
 
@@ -48,21 +34,7 @@ const ROOT = resolve(__dirname, '..');
     ),
     options: {
       includeLabels: ['ess'],
-      prototypeDocument: {
-        info: {
-          title: 'Security Exceptions API (Elastic Cloud and self-hosted)',
-          description:
-            "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.",
-        },
-        tags: [
-          {
-            name: 'Security Exceptions API',
-            'x-displayName': 'Security exceptions',
-            description:
-              "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.",
-          },
-        ],
-      },
+      prototypeDocument: join(ROOT, 'scripts/openapi_bundle_info/exceptions_ess.info.yaml'),
     },
   });
 })();
diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_ess.info.yaml b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_ess.info.yaml
new file mode 100644
index 0000000000000..855870c444c7c
--- /dev/null
+++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_ess.info.yaml
@@ -0,0 +1,26 @@
+openapi: 3.0.3
+info:
+  title: "Security Exceptions API (Elastic Cloud and self-hosted)"
+  description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met."
+
+tags:
+  - name: "Security Exceptions API"
+    x-displayName: "Security exceptions"
+    description: |
+      Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.
+
+      Exceptions are made up of:
+
+      * **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.
+      * **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert.
+
+      For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.
+      > info
+      > You cannot use lists with endpoint rule exceptions.
+
+      > info
+      > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.
+
+      ## Exceptions requirements
+
+      Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui).
diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_serverless.info.yaml b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_serverless.info.yaml
new file mode 100644
index 0000000000000..a8894d997be98
--- /dev/null
+++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle_info/exceptions_serverless.info.yaml
@@ -0,0 +1,26 @@
+openapi: 3.0.3
+info:
+  title: "Security Exceptions API (Elastic Cloud Serverless)"
+  description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met."
+
+tags:
+  - name: "Security Exceptions API"
+    x-displayName: "Security exceptions"
+    description: |
+      Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts.
+
+      Exceptions are made up of:
+
+      * **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.
+      * **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert.
+
+      For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated.
+      > info
+      > You cannot use lists with endpoint rule exceptions.
+
+      > info
+      > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container.
+
+      ## Exceptions requirements
+
+      Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui).
diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml
index 708aacdd51e7c..28495aa3ddb35 100644
--- a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml
+++ b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml
@@ -1521,6 +1521,79 @@ components:
 security:
   - BasicAuth: []
 tags:
-  - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.'
+  - description: >
+      Lists can be used with detection rule exceptions to define values that
+      prevent a rule from generating alerts.
+
+
+      Lists are made up of:
+
+
+      * **List containers**: A container for values of the same Elasticsearch
+      data type. The following data types can be used:
+          * `boolean`
+          * `byte`
+          * `date`
+          * `date_nanos`
+          * `date_range`
+          * `double`
+          * `double_range`
+          * `float`
+          * `float_range`
+          * `half_float`
+          * `integer`
+          * `integer_range`
+          * `ip`
+          * `ip_range`
+          * `keyword`
+          * `long`
+          * `long_range`
+          * `short`
+          * `text`
+      * **List items**: The values used to determine whether the exception
+      prevents an alert from being generated.
+
+
+      All list items in the same list container must be of the same data type,
+      and each item defines a single value. For example, an IP list container
+      named `internal-ip-addresses-southport` contains five items, where each
+      item defines one internal IP address:
+
+      1. `192.168.1.1`
+
+      2. `192.168.1.3`
+
+      3. `192.168.1.18`
+
+      4. `192.168.1.12`
+
+      5. `192.168.1.7`
+
+
+      To use these IP addresses as values for defining rule exceptions, use the
+      Security exceptions API to [create an exception list
+      item](../operation/operation-createexceptionlistitem) that references the
+      `internal-ip-addresses-southport` list.
+
+      > info
+
+      > Lists cannot be added directly to rules, nor do they define the
+      operators used to determine when exceptions are applied (`is in list`, `is
+      not in list`). Use an exception item to define the operator and associate
+      it with an [exception
+      container](../operation/operation-createexceptionlist). You can then add
+      the exception container to a rule's `exceptions_list` object.
+
+
+      ## Lists requirements
+
+
+      Before you can start using lists, you must create the `.lists` and
+      `.items` data streams for the relevant Kibana space. To do this, use the
+      [Create list data streams](../operation/operation-createlistindex)
+      endpoint. Once these data streams are created, your role needs privileges
+      to manage rules. Refer to [Enable and access
+      detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui)
+      for a complete list of requirements.
     name: Security Lists API
     x-displayName: Security lists
diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml
index 8f1374241e4c2..cb76238bc48dc 100644
--- a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml
+++ b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml
@@ -1521,6 +1521,79 @@ components:
 security:
   - BasicAuth: []
 tags:
-  - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.'
+  - description: >
+      Lists can be used with detection rule exceptions to define values that
+      prevent a rule from generating alerts.
+
+
+      Lists are made up of:
+
+
+      * **List containers**: A container for values of the same Elasticsearch
+      data type. The following data types can be used:
+          * `boolean`
+          * `byte`
+          * `date`
+          * `date_nanos`
+          * `date_range`
+          * `double`
+          * `double_range`
+          * `float`
+          * `float_range`
+          * `half_float`
+          * `integer`
+          * `integer_range`
+          * `ip`
+          * `ip_range`
+          * `keyword`
+          * `long`
+          * `long_range`
+          * `short`
+          * `text`
+      * **List items**: The values used to determine whether the exception
+      prevents an alert from being generated.
+
+
+      All list items in the same list container must be of the same data type,
+      and each item defines a single value. For example, an IP list container
+      named `internal-ip-addresses-southport` contains five items, where each
+      item defines one internal IP address:
+
+      1. `192.168.1.1`
+
+      2. `192.168.1.3`
+
+      3. `192.168.1.18`
+
+      4. `192.168.1.12`
+
+      5. `192.168.1.7`
+
+
+      To use these IP addresses as values for defining rule exceptions, use the
+      Security exceptions API to [create an exception list
+      item](../operation/operation-createexceptionlistitem) that references the
+      `internal-ip-addresses-southport` list.
+
+      > info
+
+      > Lists cannot be added directly to rules, nor do they define the
+      operators used to determine when exceptions are applied (`is in list`, `is
+      not in list`). Use an exception item to define the operator and associate
+      it with an [exception
+      container](../operation/operation-createexceptionlist). You can then add
+      the exception container to a rule's `exceptions_list` object.
+
+
+      ## Lists requirements
+
+
+      Before you can start using lists, you must create the `.lists` and
+      `.items` data streams for the relevant Kibana space. To do this, use the
+      [Create list data streams](../operation/operation-createlistindex)
+      endpoint. Once these data streams are created, your role needs privileges
+      to manage rules. Refer to [Enable and access
+      detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui)
+      for a complete list of requirements.
     name: Security Lists API
     x-displayName: Security lists
diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js
index b8ea2ea2e8377..7a61724759178 100644
--- a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js
+++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js
@@ -22,20 +22,7 @@ const ROOT = resolve(__dirname, '..');
     ),
     options: {
       includeLabels: ['serverless'],
-      prototypeDocument: {
-        info: {
-          title: 'Security Lists API (Elastic Cloud Serverless)',
-          description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.',
-        },
-        tags: [
-          {
-            name: 'Security Lists API',
-            'x-displayName': 'Security lists',
-            description:
-              'Lists API allows you to manage lists of keywords, IPs or IP ranges items.',
-          },
-        ],
-      },
+      prototypeDocument: join(ROOT, 'scripts/openapi_bundle_info/lists_serverless.info.yaml'),
     },
   });
 
@@ -47,20 +34,7 @@ const ROOT = resolve(__dirname, '..');
     ),
     options: {
       includeLabels: ['ess'],
-      prototypeDocument: {
-        info: {
-          title: 'Security Lists API (Elastic Cloud and self-hosted)',
-          description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.',
-        },
-        tags: [
-          {
-            name: 'Security Lists API',
-            'x-displayName': 'Security lists',
-            description:
-              'Lists API allows you to manage lists of keywords, IPs or IP ranges items.',
-          },
-        ],
-      },
+      prototypeDocument: join(ROOT, 'scripts/openapi_bundle_info/lists_ess.info.yaml'),
     },
   });
 })();
diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_ess.info.yaml b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_ess.info.yaml
new file mode 100644
index 0000000000000..f2f528c8d7ba7
--- /dev/null
+++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_ess.info.yaml
@@ -0,0 +1,49 @@
+openapi: 3.0.3
+info:
+  title: "Security Lists API (Elastic Cloud and self-hosted)"
+  description: "Lists API allows you to manage lists of keywords, IPs or IP ranges items."
+
+tags:
+  - name: "Security Lists API"
+    x-displayName: "Security lists"
+    description: |
+      Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts.
+
+      Lists are made up of:
+
+      * **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used:
+          * `boolean`
+          * `byte`
+          * `date`
+          * `date_nanos`
+          * `date_range`
+          * `double`
+          * `double_range`
+          * `float`
+          * `float_range`
+          * `half_float`
+          * `integer`
+          * `integer_range`
+          * `ip`
+          * `ip_range`
+          * `keyword`
+          * `long`
+          * `long_range`
+          * `short`
+          * `text`
+      * **List items**: The values used to determine whether the exception prevents an alert from being generated.
+
+      All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address:
+      1. `192.168.1.1`
+      2. `192.168.1.3`
+      3. `192.168.1.18`
+      4. `192.168.1.12`
+      5. `192.168.1.7`
+
+      To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list.
+      > info
+      > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object.
+
+      ## Lists requirements
+
+      Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for a complete list of requirements.
diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_serverless.info.yaml b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_serverless.info.yaml
new file mode 100644
index 0000000000000..8f3245db29a99
--- /dev/null
+++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle_info/lists_serverless.info.yaml
@@ -0,0 +1,49 @@
+openapi: 3.0.3
+info:
+  title: "Security Lists API (Elastic Cloud Serverless)"
+  description: "Lists API allows you to manage lists of keywords, IPs or IP ranges items."
+
+tags:
+  - name: "Security Lists API"
+    x-displayName: "Security lists"
+    description: |
+      Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts.
+
+      Lists are made up of:
+
+      * **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used:
+          * `boolean`
+          * `byte`
+          * `date`
+          * `date_nanos`
+          * `date_range`
+          * `double`
+          * `double_range`
+          * `float`
+          * `float_range`
+          * `half_float`
+          * `integer`
+          * `integer_range`
+          * `ip`
+          * `ip_range`
+          * `keyword`
+          * `long`
+          * `long_range`
+          * `short`
+          * `text`
+      * **List items**: The values used to determine whether the exception prevents an alert from being generated.
+
+      All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address:
+      1. `192.168.1.1`
+      2. `192.168.1.3`
+      3. `192.168.1.18`
+      4. `192.168.1.12`
+      5. `192.168.1.7`
+
+      To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list.
+      > info
+      > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object.
+
+      ## Lists requirements
+
+      Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements.
diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
index e3b49871fa5a1..875471fb4ec15 100644
--- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
@@ -1,9 +1,11 @@
 openapi: 3.0.3
 info:
   description: >-
-    You can create rules that automatically turn events and external alerts sent
-    to Elastic Security into detection alerts. These alerts are displayed on the
-    Detections page.
+    Use the detections APIs to create and manage detection rules. Detection
+    rules search events and external alerts sent to Elastic Security and
+    generate detection alerts from any hits. Alerts are displayed on the
+    **Alerts** page and can be assigned and triaged, using the alert status to
+    mark them as open, closed, or acknowledged.
   title: Security Detections API (Elastic Cloud and self-hosted)
   version: '2023-10-31'
 servers:
@@ -7104,9 +7106,21 @@ components:
 security:
   - BasicAuth: []
 tags:
-  - description: >-
-      You can create rules that automatically turn events and external alerts
-      sent to Elastic Security into detection alerts. These alerts are displayed
-      on the Detections page.
+  - description: >
+      Use the detections APIs to create and manage detection rules. Detection
+      rules search events and external alerts sent to Elastic Security and
+      generate detection alerts from any hits. Alerts are displayed on the
+      **Alerts** page and can be assigned and triaged, using the alert status to
+      mark them as open, closed, or acknowledged.
+
+      > warn
+
+      > If the API key used for authorization has different privileges than the
+      key that created or most recently updated a rule, the rule behavior might
+      change.
+
+
+      > If the API key that created a rule is deleted, or the user that created
+      the rule becomes inactive, the rule will stop running.
     name: Security Detections API
     x-displayName: Security detections
diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
index 9384496c41b35..83f59786a9b96 100644
--- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
@@ -1,9 +1,11 @@
 openapi: 3.0.3
 info:
   description: >-
-    You can create rules that automatically turn events and external alerts sent
-    to Elastic Security into detection alerts. These alerts are displayed on the
-    Detections page.
+    Use the detections APIs to create and manage detection rules. Detection
+    rules search events and external alerts sent to Elastic Security and
+    generate detection alerts from any hits. Alerts are displayed on the
+    **Alerts** page and can be assigned and triaged, using the alert status to
+    mark them as open, closed, or acknowledged.
   title: Security Detections API (Elastic Cloud Serverless)
   version: '2023-10-31'
 servers:
@@ -6250,9 +6252,21 @@ components:
 security:
   - BasicAuth: []
 tags:
-  - description: >-
-      You can create rules that automatically turn events and external alerts
-      sent to Elastic Security into detection alerts. These alerts are displayed
-      on the Detections page.
+  - description: >
+      Use the detections APIs to create and manage detection rules. Detection
+      rules search events and external alerts sent to Elastic Security and
+      generate detection alerts from any hits. Alerts are displayed on the
+      **Alerts** page and can be assigned and triaged, using the alert status to
+      mark them as open, closed, or acknowledged.
+
+      > warn
+
+      > If the API key used for authorization has different privileges than the
+      key that created or most recently updated a rule, the rule behavior might
+      change.
+
+
+      > If the API key that created a rule is deleted, or the user that created
+      the rule becomes inactive, the rule will stop running.
     name: Security Detections API
     x-displayName: Security detections
diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js
index 2c0e36f3db8ee..7bfd659927ec3 100644
--- a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js
+++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js
@@ -20,21 +20,10 @@ const ROOT = resolve(__dirname, '../..');
     ),
     options: {
       includeLabels: ['serverless'],
-      prototypeDocument: {
-        info: {
-          title: 'Security Detections API (Elastic Cloud Serverless)',
-          description:
-            'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.',
-        },
-        tags: [
-          {
-            name: 'Security Detections API',
-            'x-displayName': 'Security detections',
-            description:
-              'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.',
-          },
-        ],
-      },
+      prototypeDocument: join(
+        ROOT,
+        'scripts/openapi/bundle_detections_info/detections_serverless.info.yaml'
+      ),
     },
   });
 
@@ -46,21 +35,10 @@ const ROOT = resolve(__dirname, '../..');
     ),
     options: {
       includeLabels: ['ess'],
-      prototypeDocument: {
-        info: {
-          title: 'Security Detections API (Elastic Cloud and self-hosted)',
-          description:
-            'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.',
-        },
-        tags: [
-          {
-            name: 'Security Detections API',
-            'x-displayName': 'Security detections',
-            description:
-              'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.',
-          },
-        ],
-      },
+      prototypeDocument: join(
+        ROOT,
+        'scripts/openapi/bundle_detections_info/detections_ess.info.yaml'
+      ),
     },
   });
 })();
diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_ess.info.yaml b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_ess.info.yaml
new file mode 100644
index 0000000000000..bb3f8830dc35a
--- /dev/null
+++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_ess.info.yaml
@@ -0,0 +1,14 @@
+openapi: 3.0.3
+info:
+  title: "Security Detections API (Elastic Cloud and self-hosted)"
+  description: "Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged."
+
+tags:
+  - name: "Security Detections API"
+    x-displayName: "Security detections"
+    description: |
+      Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged.
+      > warn
+      > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.
+
+      > If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.
\ No newline at end of file
diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_serverless.info.yaml b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_serverless.info.yaml
new file mode 100644
index 0000000000000..a90f669b4ed28
--- /dev/null
+++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections_info/detections_serverless.info.yaml
@@ -0,0 +1,14 @@
+openapi: 3.0.3
+info:
+  title: "Security Detections API (Elastic Cloud Serverless)"
+  description: "Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged."
+
+tags:
+  - name: "Security Detections API"
+    x-displayName: "Security detections"
+    description: |
+      Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged.
+      > warn
+      > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change.
+
+      > If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running.
\ No newline at end of file

From 0aff81d9df647b30debbc3959e5f59780b409752 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Fri, 13 Dec 2024 21:23:42 +1100
Subject: [PATCH 5/6] [8.16] [Security Solution] Change handling whitespace for
 textarea autoheight to &#x60;pre&#x60; (#203993) (#204171)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution] Change handling whitespace for textarea
autoheight to &#x60;pre&#x60;
(#203993)](https://github.com/elastic/kibana/pull/203993)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"jacek.kolezynski@elastic.co"},"sourceCommit":{"committedDate":"2024-12-13T08:35:42Z","message":"[Security
Solution] Change handling whitespace for textarea autoheight to `pre`
(#203993)\n\n**Resolves: #178615**\n\n## Summary\n\nChange the way
kbnQueryBar__textarea--autoHeight css class handles the\nwhitespace.
Instead of `normal` use `pre`. This improves the\nbehavior for long
pre-formatted texts in the query field in Firefox. It doesn't
affect\nChrome nor Safari.\n\n\n## BEFORE\n### Chrome \n<img
width=\"1013\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/c56be529-b55d-4170-a6d1-4d7b01d98b3e\"\n/>\n\n###
Safari\n<img width=\"925\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/2697c72f-a063-49b8-8501-80e90ef0733f\"\n/>\n\n###
Firefox **(the issue is here)**\n<img width=\"927\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/ed896f71-5303-4ef4-9899-3d46b3e99af7\"\n/>\n\n\n##
AFTER\n### Chrome\n<img width=\"1014\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/71259eb8-c984-4c7f-99a7-d4f528568f3b\"\n/>\n\n###
Safari\n<img width=\"942\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/998499a4-6480-4407-8e40-a897c0d2e7b8\"\n/>\n\n###
Firefox **(Note that the issue is gone)**\n<img width=\"924\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/f79f86d5-726d-4f7d-9c06-d2e003cfcd97\"\n/>\n\nNote:
please notice that for some reason, with this setting,
Firefox\nadditionally presents the whole text at the bottom as one line.
But that\nshould be OK.\n<img width=\"831\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/43198645-7d3e-4f74-a59e-9577531349a6\"\n/>","sha":"e287528eda0ba1a3056c8693baeb8e7f6588342e","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","backport:version","v8.18.0","v8.16.3","v8.17.1"],"title":"[Security
Solution] Change handling whitespace for textarea autoheight to
`pre`","number":203993,"url":"https://github.com/elastic/kibana/pull/203993","mergeCommit":{"message":"[Security
Solution] Change handling whitespace for textarea autoheight to `pre`
(#203993)\n\n**Resolves: #178615**\n\n## Summary\n\nChange the way
kbnQueryBar__textarea--autoHeight css class handles the\nwhitespace.
Instead of `normal` use `pre`. This improves the\nbehavior for long
pre-formatted texts in the query field in Firefox. It doesn't
affect\nChrome nor Safari.\n\n\n## BEFORE\n### Chrome \n<img
width=\"1013\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/c56be529-b55d-4170-a6d1-4d7b01d98b3e\"\n/>\n\n###
Safari\n<img width=\"925\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/2697c72f-a063-49b8-8501-80e90ef0733f\"\n/>\n\n###
Firefox **(the issue is here)**\n<img width=\"927\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/ed896f71-5303-4ef4-9899-3d46b3e99af7\"\n/>\n\n\n##
AFTER\n### Chrome\n<img width=\"1014\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/71259eb8-c984-4c7f-99a7-d4f528568f3b\"\n/>\n\n###
Safari\n<img width=\"942\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/998499a4-6480-4407-8e40-a897c0d2e7b8\"\n/>\n\n###
Firefox **(Note that the issue is gone)**\n<img width=\"924\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/f79f86d5-726d-4f7d-9c06-d2e003cfcd97\"\n/>\n\nNote:
please notice that for some reason, with this setting,
Firefox\nadditionally presents the whole text at the bottom as one line.
But that\nshould be OK.\n<img width=\"831\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/43198645-7d3e-4f74-a59e-9577531349a6\"\n/>","sha":"e287528eda0ba1a3056c8693baeb8e7f6588342e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203993","number":203993,"mergeCommit":{"message":"[Security
Solution] Change handling whitespace for textarea autoheight to `pre`
(#203993)\n\n**Resolves: #178615**\n\n## Summary\n\nChange the way
kbnQueryBar__textarea--autoHeight css class handles the\nwhitespace.
Instead of `normal` use `pre`. This improves the\nbehavior for long
pre-formatted texts in the query field in Firefox. It doesn't
affect\nChrome nor Safari.\n\n\n## BEFORE\n### Chrome \n<img
width=\"1013\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/c56be529-b55d-4170-a6d1-4d7b01d98b3e\"\n/>\n\n###
Safari\n<img width=\"925\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/2697c72f-a063-49b8-8501-80e90ef0733f\"\n/>\n\n###
Firefox **(the issue is here)**\n<img width=\"927\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/ed896f71-5303-4ef4-9899-3d46b3e99af7\"\n/>\n\n\n##
AFTER\n### Chrome\n<img width=\"1014\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/71259eb8-c984-4c7f-99a7-d4f528568f3b\"\n/>\n\n###
Safari\n<img width=\"942\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/998499a4-6480-4407-8e40-a897c0d2e7b8\"\n/>\n\n###
Firefox **(Note that the issue is gone)**\n<img width=\"924\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/f79f86d5-726d-4f7d-9c06-d2e003cfcd97\"\n/>\n\nNote:
please notice that for some reason, with this setting,
Firefox\nadditionally presents the whole text at the bottom as one line.
But that\nshould be OK.\n<img width=\"831\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/43198645-7d3e-4f74-a59e-9577531349a6\"\n/>","sha":"e287528eda0ba1a3056c8693baeb8e7f6588342e"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Jacek Kolezynski <jacek.kolezynski@elastic.co>
---
 .../public/query_string_input/query_string_input.scss           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/plugins/unified_search/public/query_string_input/query_string_input.scss b/src/plugins/unified_search/public/query_string_input/query_string_input.scss
index 46473af849c9b..89af2e8e9911a 100644
--- a/src/plugins/unified_search/public/query_string_input/query_string_input.scss
+++ b/src/plugins/unified_search/public/query_string_input/query_string_input.scss
@@ -51,7 +51,7 @@
   &.kbnQueryBar__textarea--autoHeight {
     overflow-x: auto;
     overflow-y: auto;
-    white-space: normal;
+    white-space: pre;
     max-height: calc(35vh - 100px);
     min-height: $euiFormControlHeight;
   }

From c6ebceb178665fc20554a5566a4930409c194d30 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Sat, 14 Dec 2024 21:39:46 +1100
Subject: [PATCH 6/6] [8.16] [Security Solution] AI Assistant: LLM Connector
 model chooser bug. New chat does not use connector&#x27;s model (#199303)
 (#204014) (#204306)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution] AI Assistant: LLM Connector model chooser bug.
New chat does not use connector&#x27;s model (#199303)
(#204014)](https://github.com/elastic/kibana/pull/204014)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Ievgen
Sorokopud","email":"ievgen.sorokopud@elastic.co"},"sourceCommit":{"committedDate":"2024-12-14T08:54:54Z","message":"[Security
Solution] AI Assistant: LLM Connector model chooser bug. New chat does
not use connector's model (#199303) (#204014)\n\n## Summary\r\n\r\nThe
PR fixes [this
bug](https://github.com/elastic/kibana/issues/199303)\r\n\r\nThe issue
happens with some of the locally setup LLMs
(like\r\n[Ollama](https://github.com/ollama/ollama)) which requires the
correct\r\n`model` to be passed as part of the [chat
completions\r\nAPI](https://github.com/ollama/ollama/blob/main/docs/api.md#generate-a-chat-completion).\r\n\r\nWe
had a bug in our code when on new conversation creation we would
not\r\npass all the connectors configuration and only `connectorId`
and\r\n`actionTypeId` would be passed. Here is the old code
implementation:\r\n\r\n```\r\nconst newConversation = await
createConversation({\r\n title: NEW_CHAT,\r\n
...(currentConversation?.apiConfig != null &&\r\n
currentConversation?.apiConfig?.actionTypeId != null\r\n ? {\r\n
apiConfig: {\r\n connectorId:
currentConversation.apiConfig.connectorId,\r\n actionTypeId:
currentConversation.apiConfig.actionTypeId,\r\n ...(newSystemPrompt?.id
!= null ? { defaultSystemPromptId: newSystemPrompt.id } : {}),\r\n
},\r\n }\r\n : {}),\r\n});\r\n```\r\n\r\nand thus the new conversation
would not have the complete connector\r\nconfiguration which would cause
to use default model (`gpt-4o`) as a\r\nmodel we pass to the
LLM.\r\n\r\nAlso, I updated the default body that we use on the Test
connector page,\r\nto make sure that we send a model parameter to the
LLM in case of `Open\r\nAI > Other (OpenAI Compatible Service)` kind of
connectors.\r\n\r\n### Testing notes\r\n\r\nSteps to reproduce:\r\n1.
Install\r\n[Ollama](https://github.com/ollama/ollama?tab=readme-ov-file#ollama)\r\nlocally\r\n2.
Setup an OpenAI connector using Other (OpenAI Compatible
Service)\r\nprovider\r\n3. Open AI Assistant and select created Ollama
connector to chat\r\n4. Create a \"New Chat\"\r\n5. The Ollama connector
should be selected\r\n6. Send a message to LLM (for example \"hello
world\")\r\n\r\nExpected: there should be no errors saying
`ActionsClientChatOpenAI: an\r\nerror occurred while running the action
- Unexpected API Error: - 404\r\nmodel \"gpt-4o\" not found, try pulling
it
first`","sha":"7e4e8592f45ceca822c4f34d18e9f047cfe3cde0","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","v9.0.0","Team:
SecuritySolution","Team:Security Generative
AI","backport:version","v8.18.0","v8.16.3","v8.17.1"],"title":"[Security
Solution] AI Assistant: LLM Connector model chooser bug. New chat does
not use connector's model
(#199303)","number":204014,"url":"https://github.com/elastic/kibana/pull/204014","mergeCommit":{"message":"[Security
Solution] AI Assistant: LLM Connector model chooser bug. New chat does
not use connector's model (#199303) (#204014)\n\n## Summary\r\n\r\nThe
PR fixes [this
bug](https://github.com/elastic/kibana/issues/199303)\r\n\r\nThe issue
happens with some of the locally setup LLMs
(like\r\n[Ollama](https://github.com/ollama/ollama)) which requires the
correct\r\n`model` to be passed as part of the [chat
completions\r\nAPI](https://github.com/ollama/ollama/blob/main/docs/api.md#generate-a-chat-completion).\r\n\r\nWe
had a bug in our code when on new conversation creation we would
not\r\npass all the connectors configuration and only `connectorId`
and\r\n`actionTypeId` would be passed. Here is the old code
implementation:\r\n\r\n```\r\nconst newConversation = await
createConversation({\r\n title: NEW_CHAT,\r\n
...(currentConversation?.apiConfig != null &&\r\n
currentConversation?.apiConfig?.actionTypeId != null\r\n ? {\r\n
apiConfig: {\r\n connectorId:
currentConversation.apiConfig.connectorId,\r\n actionTypeId:
currentConversation.apiConfig.actionTypeId,\r\n ...(newSystemPrompt?.id
!= null ? { defaultSystemPromptId: newSystemPrompt.id } : {}),\r\n
},\r\n }\r\n : {}),\r\n});\r\n```\r\n\r\nand thus the new conversation
would not have the complete connector\r\nconfiguration which would cause
to use default model (`gpt-4o`) as a\r\nmodel we pass to the
LLM.\r\n\r\nAlso, I updated the default body that we use on the Test
connector page,\r\nto make sure that we send a model parameter to the
LLM in case of `Open\r\nAI > Other (OpenAI Compatible Service)` kind of
connectors.\r\n\r\n### Testing notes\r\n\r\nSteps to reproduce:\r\n1.
Install\r\n[Ollama](https://github.com/ollama/ollama?tab=readme-ov-file#ollama)\r\nlocally\r\n2.
Setup an OpenAI connector using Other (OpenAI Compatible
Service)\r\nprovider\r\n3. Open AI Assistant and select created Ollama
connector to chat\r\n4. Create a \"New Chat\"\r\n5. The Ollama connector
should be selected\r\n6. Send a message to LLM (for example \"hello
world\")\r\n\r\nExpected: there should be no errors saying
`ActionsClientChatOpenAI: an\r\nerror occurred while running the action
- Unexpected API Error: - 404\r\nmodel \"gpt-4o\" not found, try pulling
it
first`","sha":"7e4e8592f45ceca822c4f34d18e9f047cfe3cde0"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204014","number":204014,"mergeCommit":{"message":"[Security
Solution] AI Assistant: LLM Connector model chooser bug. New chat does
not use connector's model (#199303) (#204014)\n\n## Summary\r\n\r\nThe
PR fixes [this
bug](https://github.com/elastic/kibana/issues/199303)\r\n\r\nThe issue
happens with some of the locally setup LLMs
(like\r\n[Ollama](https://github.com/ollama/ollama)) which requires the
correct\r\n`model` to be passed as part of the [chat
completions\r\nAPI](https://github.com/ollama/ollama/blob/main/docs/api.md#generate-a-chat-completion).\r\n\r\nWe
had a bug in our code when on new conversation creation we would
not\r\npass all the connectors configuration and only `connectorId`
and\r\n`actionTypeId` would be passed. Here is the old code
implementation:\r\n\r\n```\r\nconst newConversation = await
createConversation({\r\n title: NEW_CHAT,\r\n
...(currentConversation?.apiConfig != null &&\r\n
currentConversation?.apiConfig?.actionTypeId != null\r\n ? {\r\n
apiConfig: {\r\n connectorId:
currentConversation.apiConfig.connectorId,\r\n actionTypeId:
currentConversation.apiConfig.actionTypeId,\r\n ...(newSystemPrompt?.id
!= null ? { defaultSystemPromptId: newSystemPrompt.id } : {}),\r\n
},\r\n }\r\n : {}),\r\n});\r\n```\r\n\r\nand thus the new conversation
would not have the complete connector\r\nconfiguration which would cause
to use default model (`gpt-4o`) as a\r\nmodel we pass to the
LLM.\r\n\r\nAlso, I updated the default body that we use on the Test
connector page,\r\nto make sure that we send a model parameter to the
LLM in case of `Open\r\nAI > Other (OpenAI Compatible Service)` kind of
connectors.\r\n\r\n### Testing notes\r\n\r\nSteps to reproduce:\r\n1.
Install\r\n[Ollama](https://github.com/ollama/ollama?tab=readme-ov-file#ollama)\r\nlocally\r\n2.
Setup an OpenAI connector using Other (OpenAI Compatible
Service)\r\nprovider\r\n3. Open AI Assistant and select created Ollama
connector to chat\r\n4. Create a \"New Chat\"\r\n5. The Ollama connector
should be selected\r\n6. Send a message to LLM (for example \"hello
world\")\r\n\r\nExpected: there should be no errors saying
`ActionsClientChatOpenAI: an\r\nerror occurred while running the action
- Unexpected API Error: - 404\r\nmodel \"gpt-4o\" not found, try pulling
it
first`","sha":"7e4e8592f45ceca822c4f34d18e9f047cfe3cde0"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Ievgen Sorokopud <ievgen.sorokopud@elastic.co>
---
 .../use_current_conversation/index.tsx        | 26 ++++++++++-------
 .../connector_types/openai/constants.tsx      | 29 +++++++++++++++++--
 .../connector_types/openai/params.test.tsx    |  9 +++---
 .../public/connector_types/openai/params.tsx  | 14 +++------
 .../public/connector_types/openai/types.ts    |  1 +
 5 files changed, 53 insertions(+), 26 deletions(-)

diff --git a/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_current_conversation/index.tsx b/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_current_conversation/index.tsx
index d599190ca5623..8938318b979a9 100644
--- a/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_current_conversation/index.tsx
+++ b/x-pack/packages/kbn-elastic-assistant/impl/assistant/use_current_conversation/index.tsx
@@ -260,18 +260,24 @@ export const useCurrentConversation = ({
     }
     const newSystemPrompt = getDefaultNewSystemPrompt(allSystemPrompts);
 
+    let conversation: Partial<Conversation> = {};
+    if (currentConversation?.apiConfig) {
+      const { defaultSystemPromptId: _, ...restApiConfig } = currentConversation?.apiConfig;
+      conversation =
+        restApiConfig.actionTypeId != null
+          ? {
+              apiConfig: {
+                ...restApiConfig,
+                ...(newSystemPrompt?.id != null
+                  ? { defaultSystemPromptId: newSystemPrompt.id }
+                  : {}),
+              },
+            }
+          : {};
+    }
     const newConversation = await createConversation({
       title: NEW_CHAT,
-      ...(currentConversation?.apiConfig != null &&
-      currentConversation?.apiConfig?.actionTypeId != null
-        ? {
-            apiConfig: {
-              connectorId: currentConversation.apiConfig.connectorId,
-              actionTypeId: currentConversation.apiConfig.actionTypeId,
-              ...(newSystemPrompt?.id != null ? { defaultSystemPromptId: newSystemPrompt.id } : {}),
-            },
-          }
-        : {}),
+      ...conversation,
     });
 
     if (newConversation) {
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/openai/constants.tsx b/x-pack/plugins/stack_connectors/public/connector_types/openai/constants.tsx
index 5f4238e52af78..a24db86804f95 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/openai/constants.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/openai/constants.tsx
@@ -11,23 +11,48 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import { EuiLink } from '@elastic/eui';
 import { DEFAULT_OPENAI_MODEL, OpenAiProviderType } from '../../../common/openai/constants';
 import * as i18n from './translations';
+import { Config } from './types';
 
 export const DEFAULT_URL = 'https://api.openai.com/v1/chat/completions' as const;
 export const DEFAULT_URL_AZURE =
   'https://{your-resource-name}.openai.azure.com/openai/deployments/{deployment-id}/chat/completions?api-version={api-version}' as const;
 
-export const DEFAULT_BODY = `{
+const DEFAULT_BODY = `{
     "messages": [{
         "role":"user",
         "content":"Hello world"
     }]
 }`;
-export const DEFAULT_BODY_AZURE = `{
+const DEFAULT_BODY_AZURE = `{
     "messages": [{
         "role":"user",
         "content":"Hello world"
     }]
 }`;
+const DEFAULT_BODY_OTHER = (defaultModel: string) => `{
+    "model": "${defaultModel}",
+    "messages": [{
+        "role":"user",
+        "content":"Hello world"
+    }]
+}`;
+
+export const getDefaultBody = (config?: Config) => {
+  if (!config) {
+    // default to OpenAiProviderType.OpenAi sample data
+    return DEFAULT_BODY;
+  }
+  if (config?.apiProvider === OpenAiProviderType.Other) {
+    // update sample data if Other (OpenAI Compatible Service)
+    return config.defaultModel ? DEFAULT_BODY_OTHER(config.defaultModel) : DEFAULT_BODY;
+  }
+  if (config?.apiProvider === OpenAiProviderType.AzureAi) {
+    // update sample data if AzureAi
+    return DEFAULT_BODY_AZURE;
+  }
+  // default to OpenAiProviderType.OpenAi sample data
+  return DEFAULT_BODY;
+};
 
 export const openAiConfig: ConfigFieldSchema[] = [
   {
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/openai/params.test.tsx b/x-pack/plugins/stack_connectors/public/connector_types/openai/params.test.tsx
index 7539cc6bf6373..c03582ba0b229 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/openai/params.test.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/openai/params.test.tsx
@@ -9,7 +9,7 @@ import React from 'react';
 import { fireEvent, render } from '@testing-library/react';
 import ParamsFields from './params';
 import { OpenAiProviderType, SUB_ACTION } from '../../../common/openai/constants';
-import { DEFAULT_BODY, DEFAULT_BODY_AZURE, DEFAULT_URL } from './constants';
+import { DEFAULT_URL, getDefaultBody } from './constants';
 
 const messageVariables = [
   {
@@ -73,14 +73,15 @@ describe('Gen AI Params Fields renders', () => {
       );
       expect(editAction).toHaveBeenCalledTimes(2);
       expect(editAction).toHaveBeenCalledWith('subAction', SUB_ACTION.RUN, 0);
+      const body = getDefaultBody(actionConnector.config);
       if (apiProvider === OpenAiProviderType.OpenAi) {
-        expect(editAction).toHaveBeenCalledWith('subActionParams', { body: DEFAULT_BODY }, 0);
+        expect(editAction).toHaveBeenCalledWith('subActionParams', { body }, 0);
       }
       if (apiProvider === OpenAiProviderType.AzureAi) {
-        expect(editAction).toHaveBeenCalledWith('subActionParams', { body: DEFAULT_BODY_AZURE }, 0);
+        expect(editAction).toHaveBeenCalledWith('subActionParams', { body }, 0);
       }
       if (apiProvider === OpenAiProviderType.Other) {
-        expect(editAction).toHaveBeenCalledWith('subActionParams', { body: DEFAULT_BODY }, 0);
+        expect(editAction).toHaveBeenCalledWith('subActionParams', { body }, 0);
       }
     }
   );
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/openai/params.tsx b/x-pack/plugins/stack_connectors/public/connector_types/openai/params.tsx
index ad4398482d2c8..000abfa4872be 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/openai/params.tsx
+++ b/x-pack/plugins/stack_connectors/public/connector_types/openai/params.tsx
@@ -12,8 +12,8 @@ import {
   ActionConnectorMode,
   JsonEditorWithMessageVariables,
 } from '@kbn/triggers-actions-ui-plugin/public';
-import { OpenAiProviderType, SUB_ACTION } from '../../../common/openai/constants';
-import { DEFAULT_BODY, DEFAULT_BODY_AZURE } from './constants';
+import { SUB_ACTION } from '../../../common/openai/constants';
+import { getDefaultBody } from './constants';
 import { OpenAIActionConnector, ActionParams } from './types';
 
 const ParamsFields: React.FunctionComponent<ActionParamsProps<ActionParams>> = ({
@@ -41,16 +41,10 @@ const ParamsFields: React.FunctionComponent<ActionParamsProps<ActionParams>> = (
 
   useEffect(() => {
     if (!subActionParams) {
-      // default to OpenAiProviderType.OpenAi sample data
-      let sampleBody = DEFAULT_BODY;
-
-      if (typedActionConnector?.config?.apiProvider === OpenAiProviderType.AzureAi) {
-        // update sample data if AzureAi
-        sampleBody = DEFAULT_BODY_AZURE;
-      }
+      const sampleBody = getDefaultBody(typedActionConnector?.config);
       editAction('subActionParams', { body: sampleBody }, index);
     }
-  }, [typedActionConnector?.config?.apiProvider, editAction, index, subActionParams]);
+  }, [typedActionConnector?.config, editAction, index, subActionParams]);
 
   const editSubActionParams = useCallback(
     (params: ActionParams['subActionParams']) => {
diff --git a/x-pack/plugins/stack_connectors/public/connector_types/openai/types.ts b/x-pack/plugins/stack_connectors/public/connector_types/openai/types.ts
index 3ba19c04d13a7..ea37fee0de879 100644
--- a/x-pack/plugins/stack_connectors/public/connector_types/openai/types.ts
+++ b/x-pack/plugins/stack_connectors/public/connector_types/openai/types.ts
@@ -18,6 +18,7 @@ export interface ActionParams {
 export interface Config {
   apiProvider: OpenAiProviderType;
   apiUrl: string;
+  defaultModel?: string;
 }
 
 export interface Secrets {