diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx
index ec19812917d5..8c424176af29 100644
--- a/api_docs/actions.mdx
+++ b/api_docs/actions.mdx
@@ -12,7 +12,7 @@ import actionsObj from './actions.devdocs.json';
-Contact [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) for questions regarding this plugin.
+Contact [Response Ops](https://github.com/orgs/elastic/teams/response-ops) for questions regarding this plugin.
**Code health stats**
diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx
index bad1c9dd0214..f9c8afc62978 100644
--- a/api_docs/alerting.mdx
+++ b/api_docs/alerting.mdx
@@ -12,7 +12,7 @@ import alertingObj from './alerting.devdocs.json';
-Contact [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) for questions regarding this plugin.
+Contact [Response Ops](https://github.com/orgs/elastic/teams/response-ops) for questions regarding this plugin.
**Code health stats**
diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx
index 1c37cdac9c67..34fe15801fc5 100644
--- a/api_docs/event_log.mdx
+++ b/api_docs/event_log.mdx
@@ -12,7 +12,7 @@ import eventLogObj from './event_log.devdocs.json';
-Contact [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) for questions regarding this plugin.
+Contact [Response Ops](https://github.com/orgs/elastic/teams/response-ops) for questions regarding this plugin.
**Code health stats**
diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx
index 65a1dd12b0e4..524c624763ac 100644
--- a/api_docs/plugin_directory.mdx
+++ b/api_docs/plugin_directory.mdx
@@ -24,14 +24,14 @@ warning: This document is auto-generated and is meant to be viewed inside our ex
| Plugin name | Maintaining team | Description | API Cnt | Any Cnt | Missing
comments | Missing
exports |
|--------------|----------------|-----------|--------------|----------|---------------|--------|
-| | [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) | - | 125 | 0 | 125 | 11 |
+| | [Response Ops](https://github.com/orgs/elastic/teams/response-ops) | - | 125 | 0 | 125 | 11 |
| | [Vis Editors](https://github.com/orgs/elastic/teams/kibana-vis-editors) | - | 23 | 0 | 19 | 1 |
-| | [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) | - | 299 | 0 | 291 | 19 |
+| | [Response Ops](https://github.com/orgs/elastic/teams/response-ops) | - | 299 | 0 | 291 | 19 |
| | [APM UI](https://github.com/orgs/elastic/teams/apm-ui) | The user interface for Elastic APM | 40 | 0 | 40 | 49 |
| | [Kibana Core](https://github.com/orgs/elastic/teams/kibana-core) | - | 9 | 0 | 9 | 0 |
| | [App Services](https://github.com/orgs/elastic/teams/kibana-app-services) | Considering using bfetch capabilities when fetching large amounts of data. This services supports batching HTTP requests and streaming responses back. | 78 | 1 | 69 | 2 |
| | [Kibana Presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds Canvas application to Kibana | 9 | 0 | 8 | 3 |
-| | [ResponseOps](https://github.com/orgs/elastic/teams/response-ops) | The Case management system in Kibana | 82 | 0 | 59 | 20 |
+| | [Response Ops](https://github.com/orgs/elastic/teams/response-ops) | The Case management system in Kibana | 82 | 0 | 59 | 20 |
| | [Vis Editors](https://github.com/orgs/elastic/teams/kibana-vis-editors) | - | 321 | 2 | 288 | 4 |
| | [Kibana Core](https://github.com/orgs/elastic/teams/kibana-core) | - | 28 | 0 | 23 | 0 |
| | [Stack Management](https://github.com/orgs/elastic/teams/kibana-stack-management) | - | 13 | 0 | 13 | 1 |
@@ -56,7 +56,7 @@ warning: This document is auto-generated and is meant to be viewed inside our ex
| | [Platform Security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides encryption and decryption utilities for saved objects containing sensitive information. | 48 | 0 | 44 | 0 |
| | [Enterprise Search](https://github.com/orgs/elastic/teams/enterprise-search-frontend) | Adds dashboards for discovering and managing Enterprise Search products. | 2 | 0 | 2 | 0 |
| | [Stack Management](https://github.com/orgs/elastic/teams/kibana-stack-management) | - | 110 | 3 | 106 | 3 |
-| | [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) | - | 82 | 0 | 82 | 6 |
+| | [Response Ops](https://github.com/orgs/elastic/teams/response-ops) | - | 82 | 0 | 82 | 6 |
| | [Kibana Presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds 'error' renderer to expressions | 17 | 0 | 15 | 2 |
| | [Vis Editors](https://github.com/orgs/elastic/teams/kibana-vis-editors) | Expression Gauge plugin adds a `gauge` renderer and function to the expression plugin. The renderer will display the `gauge` chart. | 68 | 0 | 68 | 3 |
| | [Vis Editors](https://github.com/orgs/elastic/teams/kibana-vis-editors) | Expression Heatmap plugin adds a `heatmap` renderer and function to the expression plugin. The renderer will display the `heatmap` chart. | 114 | 0 | 110 | 3 |
@@ -126,8 +126,8 @@ warning: This document is auto-generated and is meant to be viewed inside our ex
| | [Shared UX](https://github.com/orgs/elastic/teams/shared-ux) | A plugin providing components and services for shared user experiences in Kibana. | 14 | 0 | 0 | 1 |
| | [Stack Management](https://github.com/orgs/elastic/teams/kibana-stack-management) | - | 21 | 1 | 21 | 1 |
| | [Platform Security](https://github.com/orgs/elastic/teams/kibana-security) | This plugin provides the Spaces feature, which allows saved objects to be organized into meaningful categories. | 250 | 0 | 61 | 0 |
-| | [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) | - | 4 | 0 | 4 | 0 |
-| | [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) | - | 71 | 0 | 33 | 7 |
+| | [Response Ops](https://github.com/orgs/elastic/teams/response-ops) | - | 4 | 0 | 4 | 0 |
+| | [Response Ops](https://github.com/orgs/elastic/teams/response-ops) | - | 71 | 0 | 33 | 7 |
| | [Kibana Telemetry](https://github.com/orgs/elastic/teams/kibana-telemetry) | - | 41 | 0 | 0 | 0 |
| | [Kibana Telemetry](https://github.com/orgs/elastic/teams/kibana-telemetry) | - | 33 | 0 | 33 | 6 |
| | [Kibana Telemetry](https://github.com/orgs/elastic/teams/kibana-telemetry) | - | 1 | 0 | 1 | 0 |
@@ -135,7 +135,7 @@ warning: This document is auto-generated and is meant to be viewed inside our ex
| | [Security solution](https://github.com/orgs/elastic/teams/security-solution) | - | 444 | 1 | 338 | 34 |
| | [Machine Learning UI](https://github.com/orgs/elastic/teams/ml-ui) | This plugin provides access to the transforms features provided by Elastic. Transforms enable you to convert existing Elasticsearch indices into summarized indices, which provide opportunities for new insights and analytics. | 4 | 0 | 4 | 1 |
| translations | [Kibana Localization](https://github.com/orgs/elastic/teams/kibana-localization) | - | 0 | 0 | 0 | 0 |
-| | [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) | - | 246 | 0 | 234 | 20 |
+| | [Response Ops](https://github.com/orgs/elastic/teams/response-ops) | - | 246 | 0 | 234 | 20 |
| | [App Services](https://github.com/orgs/elastic/teams/kibana-app-services) | Adds UI Actions service to Kibana | 130 | 0 | 91 | 11 |
| | [App Services](https://github.com/orgs/elastic/teams/kibana-app-services) | Extends UI Actions plugin with more functionality | 203 | 0 | 141 | 9 |
| upgradeAssistant | [Stack Management](https://github.com/orgs/elastic/teams/kibana-stack-management) | - | 0 | 0 | 0 | 0 |
diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx
index 765a402c7ab2..c14cf169d0b7 100644
--- a/api_docs/stack_alerts.mdx
+++ b/api_docs/stack_alerts.mdx
@@ -12,7 +12,7 @@ import stackAlertsObj from './stack_alerts.devdocs.json';
-Contact [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) for questions regarding this plugin.
+Contact [Response Ops](https://github.com/orgs/elastic/teams/response-ops) for questions regarding this plugin.
**Code health stats**
diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx
index 96ba8428e04d..329f94578041 100644
--- a/api_docs/task_manager.mdx
+++ b/api_docs/task_manager.mdx
@@ -12,7 +12,7 @@ import taskManagerObj from './task_manager.devdocs.json';
-Contact [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) for questions regarding this plugin.
+Contact [Response Ops](https://github.com/orgs/elastic/teams/response-ops) for questions regarding this plugin.
**Code health stats**
diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx
index 23abdccc81e7..6eb7cf35af14 100644
--- a/api_docs/triggers_actions_ui.mdx
+++ b/api_docs/triggers_actions_ui.mdx
@@ -12,7 +12,7 @@ import triggersActionsUiObj from './triggers_actions_ui.devdocs.json';
-Contact [Kibana Alerting](https://github.com/orgs/elastic/teams/kibana-alerting-services) for questions regarding this plugin.
+Contact [Response Ops](https://github.com/orgs/elastic/teams/response-ops) for questions regarding this plugin.
**Code health stats**
diff --git a/docs/canvas/canvas-function-reference.asciidoc b/docs/canvas/canvas-function-reference.asciidoc
index 24a7608f98fa..efc82bbe71f7 100644
--- a/docs/canvas/canvas-function-reference.asciidoc
+++ b/docs/canvas/canvas-function-reference.asciidoc
@@ -13,7 +13,7 @@ A *** denotes a required argument.
A † denotes an argument can be passed multiple times.
-<> | B | <> | <> | <> | <> | <> | <> | <> | <> | K | <> | <> | <> | O | <> | Q | <> | <> | <> | <> | <> | W | X | Y | Z
+<> | B | <> | <> | <> | <> | <> | <> | <> | <> | <> | <> | <> | <> | O | <> | Q | <> | <> | <> | <> | <> | W | X | Y | Z
[float]
[[a_fns]]
@@ -35,7 +35,8 @@ all condition={gt 10} condition={lt 20}
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| math "mean(percent_uptime)"
| formatnumber "0.0%"
@@ -83,7 +84,8 @@ alterColumn column="@timestamp" name="foo"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| alterColumn "time" name="time_in_ms" type="number"
| table
@@ -131,7 +133,8 @@ any condition={lte 10} condition={gt 30}
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| filterrows {
getCell "project" | any {eq "elasticsearch"} {eq "kibana"} {eq "x-pack"}
@@ -175,7 +178,8 @@ as name="bar"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| ply by="project" fn={math "count(username)" | as "num_users"} fn={math "mean(price)" | as "price"}
| pointseries x="project" y="num_users" size="price" color="project"
@@ -257,7 +261,8 @@ axisConfig position="right" min=0 max=10 tickSize=1
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| pointseries x="size(cost)" y="project" color="project"
| plot defaultStyle={seriesStyle bars=0.75 horizontalBars=true}
@@ -380,7 +385,7 @@ Clears the _context_, and returns `null`.
[[clog_fn]]
=== `clog`
-It outputs the _context_ in the console. This function is for debug purpose.
+Outputs the _input_ in the console. This function is for debug purposes
*Expression syntax*
[source,js]
@@ -391,74 +396,20 @@ clog
*Code example*
[source,text]
----
-filters
- | demodata
- | clog
- | filterrows fn={getCell "age" | gt 70}
- | clog
- | pointseries x="time" y="mean(price)"
- | plot defaultStyle={seriesStyle lines=1 fill=1}
- | render
+kibana
+| demodata
+| clog
+| filterrows fn={getCell "age" | gt 70}
+| clog
+| pointseries x="time" y="mean(price)"
+| plot defaultStyle={seriesStyle lines=1 fill=1}
+| render
----
This prints the `datatable` objects in the browser console before and after the `filterrows` function.
*Accepts:* `any`
-*Returns:* `any`
-
-[float]
-[[createTable_fn]]
-=== `createTable`
-
-Creates a datatable with a list of columns, and 1 or more empty rows.
-To populate the rows, use <> or <>.
-
-[cols="3*^<"]
-|===
-|Argument |Type |Description
-
-|ids *** †
-
-|`string`
-|Column ids to generate in positional order. ID represents the key in the row.
-
-|`names` †
-|`string`
-|Column names to generate in positional order. Names are not required to be unique, and default to the ID if not provided.
-
-|`rowCount`
-
-Default: 1
-|`number`
-|The number of empty rows to add to the table, to be assigned a value later.
-|===
-
-*Expression syntax*
-[source,js]
-----
-createTable id="a" id="b"
-createTable id="a" name="A" id="b" name="B" rowCount=5
-----
-
-*Code example*
-[source,text]
-----
-var_set
- name="logs" value={essql "select count(*) as a from kibana_sample_data_logs"}
- name="commerce" value={essql "select count(*) as b from kibana_sample_data_ecommerce"}
-| createTable ids="totalA" ids="totalB"
-| staticColumn name="totalA" value={var "logs" | getCell "a"}
-| alterColumn column="totalA" type="number"
-| staticColumn name="totalB" value={var "commerce" | getCell "b"}
-| alterColumn column="totalB" type="number"
-| mathColumn id="percent" name="percent" expression="totalA / totalB"
-| render
-----
-
-This creates a table based on the results of two `essql` queries, joined
-into one table.
-
-*Accepts:* `null`
+*Returns:* Depends on your input and arguments
[float]
@@ -477,7 +428,8 @@ columns exclude="username, country, age"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| columns include="price, cost, state, project"
| table
@@ -521,7 +473,8 @@ compare op="lte" to=100
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| mapColumn project
fn={getCell project |
@@ -673,6 +626,59 @@ Using the `context` function allows us to pass the output, or _context_, of the
*Returns:* Depends on your input and arguments
+[float]
+[[createTable_fn]]
+=== `createTable`
+
+Creates a datatable with a list of columns, and 1 or more empty rows. To populate the rows, use <> or <>.
+
+*Expression syntax*
+[source,js]
+----
+createTable id="a" id="b"
+createTable id="a" name="A" id="b" name="B" rowCount=5
+----
+
+*Code example*
+[source,text]
+----
+var_set
+name="logs" value={essql "select count(*) as a from kibana_sample_data_logs"}
+name="commerce" value={essql "select count(*) as b from kibana_sample_data_ecommerce"}
+| createTable ids="totalA" ids="totalB"
+| staticColumn name="totalA" value={var "logs" | getCell "a"}
+| alterColumn column="totalA" type="number"
+| staticColumn name="totalB" value={var "commerce" | getCell "b"}
+| alterColumn column="totalB" type="number"
+| mathColumn id="percent" name="percent" expression="totalA / totalB"
+| render
+----
+This creates a table based on the results of two `essql` queries, joined into one table.
+
+*Accepts:* `null`
+
+[cols="3*^<"]
+|===
+|Argument |Type |Description
+
+|`ids` †
+|`string`
+|Column ids to generate in positional order. ID represents the key in the row.
+
+|`names` †
+|`string`
+|Column names to generate in positional order. Names are not required to be unique, and default to the ID if not provided.
+
+|`rowCount`
+|`number`
+|The number of empty rows to add to the table, to be assigned a value later
+
+Default: `1`
+|===
+
+*Returns:* `datatable`
+
+
[float]
[[csv_fn]]
=== `csv`
@@ -793,7 +799,8 @@ demodata type="shirts"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| table
| render
@@ -876,6 +883,10 @@ This creates a dropdown filter element. It requires a data source and uses the u
|`string`
|The group name for the filter.
+|`labelColumn`
+|`string`
+|The column or field to use as the label in the dropdown control
+
|`valueColumn` ***
|`string`
|The column or field from which to extract the unique values for the dropdown control.
@@ -887,6 +898,32 @@ This creates a dropdown filter element. It requires a data source and uses the u
[[e_fns]]
== E
+[float]
+[[embeddable_fn]]
+=== `embeddable`
+
+Returns an embeddable with the provided configuration
+
+*Accepts:* `filter`
+
+[cols="3*^<"]
+|===
+|Argument |Type |Description
+
+|_Unnamed_ ***
+
+Alias: `config`
+|`string`
+|The base64 encoded embeddable input object
+
+|`type` ***
+|`string`
+|The embeddable type
+|===
+
+*Returns:* `embeddable`
+
+
[float]
[[eq_fn]]
=== `eq`
@@ -905,7 +942,8 @@ eq "foo"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| mapColumn project
fn={getCell project |
@@ -953,7 +991,8 @@ escount query="response:404" index="kibana_sample_data_logs"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| escount "Cancelled:true" index="kibana_sample_data_flights"
| math "value"
| progress shape="semicircle"
@@ -980,7 +1019,7 @@ Default: `"-_index:.kibana"`
|`index`
|`string`
-|An index or {data-source}. For example, `"logstash-*"`.
+|An index or data view. For example, `"logstash-*"`.
Default: `"_all"`
|===
@@ -1007,7 +1046,8 @@ esdocs index="kibana_sample_data_flights" sort="AvgTicketPrice, asc"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| esdocs index="kibana_sample_data_ecommerce"
fields="customer_gender, taxful_total_price, order_date"
sort="order_date, asc"
@@ -1020,7 +1060,7 @@ filters
palette={palette "#7ECAE3" "#003A4D" gradient=true}
| render
----
-This retrieves the first 10000 documents data from the `kibana_sample_data_ecommerce` {data-source} sorted by `order_date` in ascending order, and only requests the `customer_gender`, `taxful_total_price`, and `order_date` fields.
+This retrieves the first 10000 documents data from the `kibana_sample_data_ecommerce` index sorted by `order_date` in ascending order, and only requests the `customer_gender`, `taxful_total_price`, and `order_date` fields.
*Accepts:* `filter`
@@ -1048,7 +1088,7 @@ Default: `1000`
|`index`
|`string`
-|An index or {data-source}. For example, `"logstash-*"`.
+|An index or data view. For example, `"logstash-*"`.
Default: `"_all"`
@@ -1080,7 +1120,8 @@ essql "SELECT * FROM "apm*"" count=10000
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| essql query="SELECT Carrier, FlightDelayMin, AvgTicketPrice FROM "kibana_sample_data_flights""
| table
| render
@@ -1105,6 +1146,12 @@ Aliases: `q`, `query`
Default: `1000`
+|`parameter` †
+
+Alias: `param`
+|`string`, `number`, `boolean`
+|A parameter to be passed to the SQL query.
+
|`timezone`
Alias: `tz`
@@ -1134,7 +1181,8 @@ exactly column="project" value="beats"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| exactly column=project value=elasticsearch
| demodata
| pointseries x=project y="mean(age)"
@@ -1188,7 +1236,8 @@ filterrows fn={getCell "age" | gt 50}
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| filterrows {getCell "country" | any {eq "IN"} {eq "US"} {eq "CN"}}
| mapColumn "@timestamp"
@@ -1297,7 +1346,8 @@ font lHeight=32
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| pointseries x="project" y="size(cost)" color="project"
| plot defaultStyle={seriesStyle bars=0.75} legend=false
@@ -1323,23 +1373,25 @@ filters
|`string`
|The horizontal text alignment.
-Default: `"left"`
+Default: `${ theme "font.align" default="left" }`
|`color`
|`string`
|The text color.
+Default: `${ theme "font.color" }`
+
|`family`
|`string`
|An acceptable CSS web font string
-Default: `"'Open Sans', Helvetica, Arial, sans-serif"`
+Default: `${ theme "font.family" default="'Open Sans', Helvetica, Arial, sans-serif" }`
|`italic`
|`boolean`
|Italicize the text?
-Default: `false`
+Default: `${ theme "font.italic" default=false }`
|`lHeight`
@@ -1347,25 +1399,31 @@ Alias: `lineHeight`
|`number`, `null`
|The line height in pixels
-Default: `null`
+Default: `${ theme "font.lHeight" }`
|`size`
|`number`
-|The font size in pixels
+|The font size
+
+Default: `${ theme "font.size" default=14 }`
-Default: `14`
+|`sizeUnit`
+|`string`
+|The font size unit
+
+Default: `"px"`
|`underline`
|`boolean`
|Underline the text?
-Default: `false`
+Default: `${ theme "font.underline" default=false }`
|`weight`
|`string`
|The font weight. For example, `"normal"`, `"bold"`, `"bolder"`, `"lighter"`, `"100"`, `"200"`, `"300"`, `"400"`, `"500"`, `"600"`, `"700"`, `"800"`, or `"900"`.
-Default: `"normal"`
+Default: `${ theme "font.weight" default="normal" }`
|===
*Returns:* `style`
@@ -1387,7 +1445,8 @@ formatdate "MM/DD/YYYY"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| mapColumn "time" fn={getCell time | formatdate "MMM 'YY"}
| pointseries x="time" y="sum(price)" color="state"
@@ -1428,7 +1487,8 @@ formatnumber "0.0a"
*Code example*
[source,text]
----
-filters
+kibana
+| selectFilter
| demodata
| math "mean(percent_uptime)"
| progress shape="gauge"
@@ -1609,11 +1669,7 @@ Aliases: `dataurl`, `url`
|`string`, `null`
|The HTTP(S) URL or `base64` data URL of an image.
-Example value for the _Unnamed_ argument, formatted as a `base64` data URL:
-[source, url]
-------------
-data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+CjxzdmcKICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICB4bWxuczpjYz0iaHR0cDovL2NyZWF0aXZlY29tbW9ucy5vcmcvbnMjIgogICB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiCiAgIHhtbG5zOnN2Zz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIKICAgdmlld0JveD0iMCAwIDI3MC42MDAwMSAyNjkuNTQ2NjYiCiAgIGhlaWdodD0iMjY5LjU0NjY2IgogICB3aWR0aD0iMjcwLjYwMDAxIgogICB4bWw6c3BhY2U9InByZXNlcnZlIgogICBpZD0ic3ZnMiIKICAgdmVyc2lvbj0iMS4xIj48bWV0YWRhdGEKICAgICBpZD0ibWV0YWRhdGE4Ij48cmRmOlJERj48Y2M6V29yawogICAgICAgICByZGY6YWJvdXQ9IiI+PGRjOmZvcm1hdD5pbWFnZS9zdmcreG1sPC9kYzpmb3JtYXQ+PGRjOnR5cGUKICAgICAgICAgICByZGY6cmVzb3VyY2U9Imh0dHA6Ly9wdXJsLm9yZy9kYy9kY21pdHlwZS9TdGlsbEltYWdlIiAvPjwvY2M6V29yaz48L3JkZjpSREY+PC9tZXRhZGF0YT48ZGVmcwogICAgIGlkPSJkZWZzNiIgLz48ZwogICAgIHRyYW5zZm9ybT0ibWF0cml4KDEuMzMzMzMzMywwLDAsLTEuMzMzMzMzMywwLDI2OS41NDY2NykiCiAgICAgaWQ9ImcxMCI+PGcKICAgICAgIHRyYW5zZm9ybT0ic2NhbGUoMC4xKSIKICAgICAgIGlkPSJnMTIiPjxwYXRoCiAgICAgICAgIGlkPSJwYXRoMTQiCiAgICAgICAgIHN0eWxlPSJmaWxsOiNmZmZmZmY7ZmlsbC1vcGFjaXR5OjE7ZmlsbC1ydWxlOm5vbnplcm87c3Ryb2tlOm5vbmUiCiAgICAgICAgIGQ9Im0gMjAyOS40OCw5NjIuNDQxIGMgMCwxNzAuMDk5IC0xMDUuNDYsMzE4Ljc5OSAtMjY0LjE3LDM3Ni42NTkgNi45OCwzNS44NiAxMC42Miw3MS43MSAxMC42MiwxMDkuMDUgMCwzMTYuMTkgLTI1Ny4yNCw1NzMuNDMgLTU3My40Nyw1NzMuNDMgLTE4NC43MiwwIC0zNTYuNTU4LC04OC41OSAtNDY0LjUzLC0yMzcuODUgLTUzLjA5LDQxLjE4IC0xMTguMjg1LDYzLjc1IC0xODYuMzA1LDYzLjc1IC0xNjcuODM2LDAgLTMwNC4zODMsLTEzNi41NCAtMzA0LjM4MywtMzA0LjM4IDAsLTM3LjA4IDYuNjE3LC03Mi41OCAxOS4wMzEsLTEwNi4wOCBDIDEwOC40ODgsMTM4MC4wOSAwLDEyMjcuODkgMCwxMDU4Ljg4IDAsODg3LjkxIDEwNS45NzcsNzM4LjUzOSAyNjUuMzk4LDY4MS4wOSBjIC02Ljc2OSwtMzUuNDQyIC0xMC40NiwtNzIuMDIgLTEwLjQ2LC0xMDkgQyAyNTQuOTM4LDI1Ni42MjEgNTExLjU2NiwwIDgyNy4wMjcsMCAxMDEyLjIsMCAxMTgzLjk0LDg4Ljk0MTQgMTI5MS4zLDIzOC44MzIgYyA1My40NSwtNDEuOTYxIDExOC44LC02NC45OTIgMTg2LjU2LC02NC45OTIgMTY3LjgzLDAgMzA0LjM4LDEzNi40OTIgMzA0LjM4LDMwNC4zMzIgMCwzNy4wNzggLTYuNjIsNzIuNjI5IC0xOS4wMywxMDYuMTI5IDE1Ny43OCw1Ni44NzkgMjY2LjI3LDIwOS4xMjkgMjY2LjI3LDM3OC4xNCIgLz48cGF0aAogICAgICAgICBpZD0icGF0aDE2IgogICAgICAgICBzdHlsZT0iZmlsbDojZmFjZjA5O2ZpbGwtb3BhY2l0eToxO2ZpbGwtcnVsZTpub256ZXJvO3N0cm9rZTpub25lIgogICAgICAgICBkPSJtIDc5Ny44OTgsMTE1MC45MyA0NDQuMDcyLC0yMDIuNDUgNDQ4LjA1LDM5Mi41OCBjIDYuNDksMzIuMzkgOS42Niw2NC42NyA5LjY2LDk4LjQ2IDAsMjc2LjIzIC0yMjQuNjgsNTAwLjk1IC01MDAuOSw1MDAuOTUgLTE2NS4yNCwwIC0zMTkuMzcsLTgxLjM2IC00MTMuMDUzLC0yMTcuNzkgbCAtNzQuNTI0LC0zODYuNjQgODYuNjk1LC0xODUuMTEiIC8+PHBhdGgKICAgICAgICAgaWQ9InBhdGgxOCIKICAgICAgICAgc3R5bGU9ImZpbGw6IzQ5YzFhZTtmaWxsLW9wYWNpdHk6MTtmaWxsLXJ1bGU6bm9uemVybztzdHJva2U6bm9uZSIKICAgICAgICAgZD0ibSAzMzguMjIzLDY4MC42NzIgYyAtNi40ODksLTMyLjM4MyAtOS44MDksLTY1Ljk4MSAtOS44MDksLTk5Ljk3MyAwLC0yNzYuOTI5IDIyNS4zMzYsLTUwMi4yNTc2IDUwMi4zMTMsLTUwMi4yNTc2IDE2Ni41OTMsMCAzMjEuNDczLDgyLjExNzYgNDE1LjAxMywyMTkuOTQ5NiBsIDczLjk3LDM4NS4zNDcgLTk4LjcyLDE4OC42MjEgTCA3NzUuMTU2LDEwNzUuNTcgMzM4LjIyMyw2ODAuNjcyIiAvPjxwYXRoCiAgICAgICAgIGlkPSJwYXRoMjAiCiAgICAgICAgIHN0eWxlPSJmaWxsOiNlZjI5OWI7ZmlsbC1vcGFjaXR5OjE7ZmlsbC1ydWxlOm5vbnplcm87c3Ryb2tlOm5vbmUiCiAgICAgICAgIGQ9Im0gMzM1LjQxLDE0NDkuMTggMzA0LjMzMiwtNzEuODYgNjYuNjgsMzQ2LjAyIGMgLTQxLjU4NiwzMS43OCAtOTIuOTMsNDkuMTggLTE0NS43MzEsNDkuMTggLTEzMi4yNSwwIC0yMzkuODEyLC0xMDcuNjEgLTIzOS44MTIsLTIzOS44NyAwLC0yOS4yMSA0Ljg3OSwtNTcuMjIgMTQuNTMxLC04My40NyIgLz48cGF0aAogICAgICAgICBpZD0icGF0aDIyIgogICAgICAgICBzdHlsZT0iZmlsbDojNGNhYmU0O2ZpbGwtb3BhY2l0eToxO2ZpbGwtcnVsZTpub256ZXJvO3N0cm9rZTpub25lIgogICAgICAgICBkPSJNIDMwOC45OTIsMTM3Ni43IEMgMTczLjAyLDEzMzEuNjQgNzguNDgwNSwxMjAxLjMgNzguNDgwNSwxMDU3LjkzIDc4LjQ4MDUsOTE4LjM0IDE2NC44Miw3OTMuNjggMjk0LjQwNiw3NDQuMzUyIGwgNDI2Ljk4MSwzODUuOTM4IC03OC4zOTUsMTY3LjUxIC0zMzQsNzguOSIgLz48cGF0aAogICAgICAgICBpZD0icGF0aDI0IgogICAgICAgICBzdHlsZT0iZmlsbDojODVjZTI2O2ZpbGwtb3BhY2l0eToxO2ZpbGwtcnVsZTpub256ZXJvO3N0cm9rZTpub25lIgogICAgICAgICBkPSJtIDEzMjMuOCwyOTguNDEgYyA0MS43NCwtMzIuMDkgOTIuODMsLTQ5LjU5IDE0NC45OCwtNDkuNTkgMTMyLjI1LDAgMjM5LjgxLDEwNy41NTkgMjM5LjgxLDIzOS44MjEgMCwyOS4xNiAtNC44OCw1Ny4xNjggLTE0LjUzLDgzLjQxOCBsIC0zMDQuMDgsNzEuMTYgLTY2LjE4LC0zNDQuODA5IiAvPjxwYXRoCiAgICAgICAgIGlkPSJwYXRoMjYiCiAgICAgICAgIHN0eWxlPSJmaWxsOiMzMTc3YTc7ZmlsbC1vcGFjaXR5OjE7ZmlsbC1ydWxlOm5vbnplcm87c3Ryb2tlOm5vbmUiCiAgICAgICAgIGQ9Im0gMTM4NS42Nyw3MjIuOTMgMzM0Ljc2LC03OC4zMDEgYyAxMzYuMDIsNDQuOTYxIDIzMC41NiwxNzUuMzUxIDIzMC41NiwzMTguNzYyIDAsMTM5LjMzOSAtODYuNTQsMjYzLjg1OSAtMjE2LjM4LDMxMy4wMzkgbCAtNDM3Ljg0LC0zODMuNTkgODguOSwtMTY5LjkxIiAvPjwvZz48L2c+PC9zdmc+
-------------
+Default: `null`
|`mode`
|`string`
@@ -1669,6 +1725,20 @@ Default: `","`
*Returns:* `string`
+[float]
+[[k_fns]]
+== K
+
+[float]
+[[kibana_fn]]
+=== `kibana`
+
+Gets kibana global context
+
+*Accepts:* `kibana_context`, `null`
+
+*Returns:* `kibana_context`
+
[float]
[[l_fns]]
== L
@@ -1771,27 +1841,29 @@ Adds a column calculated as the result of other columns. Changes are made only w
|===
|Argument |Type |Description
-|`id`
-
-|`string`, `null`
-|An optional id of the resulting column. When no id is provided, the id will be looked up from the existing column by the provided name argument. If no column with this name exists yet, a new column with this name and an identical id will be added to the table.
-
|_Unnamed_ ***
Aliases: `column`, `name`
|`string`
|The name of the resulting column. Names are not required to be unique.
+|`copyMetaFrom`
+|`string`, `null`
+|If set, the meta object from the specified column id is copied over to the specified target column. If the column doesn't exist it silently fails.
+
+Default: `null`
+
|`expression` ***
Aliases: `exp`, `fn`, `function`
|`boolean`, `number`, `string`, `null`
-|A Canvas expression that is passed to each row as a single row `datatable`.
-
-|`copyMetaFrom`
+|An expression that is executed on every row, provided with a single-row `datatable` context and returning the cell value.
+|`id`
|`string`, `null`
-|If set, the meta object from the specified column id is copied over to the specified target column. Throws an exception if the column doesn't exist
+|An optional id of the resulting column. When no id is provided, the id will be looked up from the existing column by the provided name argument. If no column with this name exists yet, a new column with this name and an identical id will be added to the table.
+
+Default: `null`
|===
*Returns:* `datatable`
@@ -1851,33 +1923,29 @@ Alias: `expression`
|`string`
|An evaluated `TinyMath` expression. See https://www.elastic.co/guide/en/kibana/current/canvas-tinymath-functions.html.
-|`onError`
-
+|`onError`
|`string`
-|In case the `TinyMath` evaluation fails or returns NaN, the return value is specified by onError. For example, `"null"`, `"zero"`, `"false"`, `"throw"`. When `"throw"`, it will throw an exception, terminating expression execution.
-
-Default: `"throw"`
+|In case the `TinyMath` evaluation fails or returns NaN, the return value is specified by onError. When `'throw'`, it will throw an exception, terminating expression execution (default).
|===
-*Returns:* `number` | `boolean` | `null`
+*Returns:* Depends on your input and arguments
[float]
[[mathColumn_fn]]
=== `mathColumn`
-Adds a column by evaluating `TinyMath` on each row. This function is optimized for math, so it performs better than the <> with a <>.
+Adds a column by evaluating TinyMath on each row. This function is optimized for math, so it performs better than the mapColumn with a math
+
*Accepts:* `datatable`
[cols="3*^<"]
|===
|Argument |Type |Description
-|id ***
-|`string`
-|id of the resulting column. Must be unique.
+|_Unnamed_ ***
-|name ***
+Aliases: `column`, `name`
|`string`
|The name of the resulting column. Names are not required to be unique.
@@ -1885,19 +1953,21 @@ Adds a column by evaluating `TinyMath` on each row. This function is optimized f
Alias: `expression`
|`string`
-|A `TinyMath` expression evaluated on each row. See https://www.elastic.co/guide/en/kibana/current/canvas-tinymath-functions.html.
-
-|`onError`
+|An evaluated `TinyMath` expression. See https://www.elastic.co/guide/en/kibana/current/canvas-tinymath-functions.html.
-|`string`
-|In case the `TinyMath` evaluation fails or returns NaN, the return value is specified by onError. For example, `"null"`, `"zero"`, `"false"`, `"throw"`. When `"throw"`, it will throw an exception, terminating expression execution.
+|`copyMetaFrom`
+|`string`, `null`
+|If set, the meta object from the specified column id is copied over to the specified target column. If the column doesn't exist it silently fails.
-Default: `"throw"`
+Default: `null`
-|`copyMetaFrom`
+|`id` ***
+|`string`
+|id of the resulting column. Must be unique.
-|`string`, `null`
-|If set, the meta object from the specified column id is copied over to the specified target column. Throws an exception if the column doesn't exist
+|`onError`
+|`string`
+|In case the `TinyMath` evaluation fails or returns NaN, the return value is specified by onError. When `'throw'`, it will throw an exception, terminating expression execution (default).
|===
*Returns:* `datatable`
@@ -1991,17 +2061,41 @@ Alias: `color`
|`string`
|The palette colors. Accepts an HTML color name, HEX, HSL, HSLA, RGB, or RGBA.
+|`continuity`
+|`string`
+|
+
+Default: `"above"`
+
|`gradient`
|`boolean`
|Make a gradient palette where supported?
Default: `false`
+|`range`
+|`string`
+|
+
+Default: `"percent"`
+
+|`rangeMax`
+|`number`
+|
+
+|`rangeMin`
+|`number`
+|
+
|`reverse`
|`boolean`
|Reverse the palette?
Default: `false`
+
+|`stop` †
+|`number`
+|The palette color stops. When used, it must be associated with each color.
|===
*Returns:* `palette`
@@ -2262,6 +2356,40 @@ Default: `20`
[[r_fns]]
== R
+[float]
+[[removeFilter_fn]]
+=== `removeFilter`
+
+Removes filters from context
+
+*Accepts:* `kibana_context`
+
+[cols="3*^<"]
+|===
+|Argument |Type |Description
+
+|_Unnamed_
+
+Alias: `group`
+|`string`
+|Removes only filters belonging to the provided group
+
+|`from`
+|`string`
+|Removes only filters owned by the provided id
+
+|`ungrouped`
+
+Aliases: `nogroup`, `nogroups`
+|`boolean`
+|Should filters without group be removed
+
+Default: `false`
+|===
+
+*Returns:* `kibana_context`
+
+
[float]
[[render_fn]]
=== `render`
@@ -2316,14 +2444,10 @@ Default: `null`
|`string`, `null`
|The image to repeat. Provide an image asset as a `base64` data URL, or pass in a sub-expression.
-Example value for the `image` argument, formatted as a `base64` data URL:
-[source, url]
-------------
-data:image/svg+xml,%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22utf-8%22%3F%3E%0A%3Csvg%20viewBox%3D%22-3.948730230331421%20-1.7549896240234375%20245.25946044921875%20241.40370178222656%22%20width%3D%22245.25946044921875%22%20height%3D%22241.40370178222656%22%20style%3D%22enable-background%3Anew%200%200%20686.2%20235.7%3B%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%20%20%3Cdefs%3E%0A%20%20%20%20%3Cstyle%20type%3D%22text%2Fcss%22%3E%0A%09.st0%7Bfill%3A%232D2D2D%3B%7D%0A%3C%2Fstyle%3E%0A%20%20%3C%2Fdefs%3E%0A%20%20%3Cg%20transform%3D%22matrix%281%2C%200%2C%200%2C%201%2C%200%2C%200%29%22%3E%0A%20%20%20%20%3Cg%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M329.4%2C160.3l4.7-0.5l0.3%2C9.6c-12.4%2C1.7-23%2C2.6-31.8%2C2.6c-11.7%2C0-20-3.4-24.9-10.2%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-4.9-6.8-7.3-17.4-7.3-31.7c0-28.6%2C11.4-42.9%2C34.1-42.9c11%2C0%2C19.2%2C3.1%2C24.6%2C9.2c5.4%2C6.1%2C8.1%2C15.8%2C8.1%2C28.9l-0.7%2C9.3h-53.8%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc0%2C9%2C1.6%2C15.7%2C4.9%2C20c3.3%2C4.3%2C8.9%2C6.5%2C17%2C6.5C312.8%2C161.2%2C321.1%2C160.9%2C329.4%2C160.3z%20M325%2C124.9c0-10-1.6-17.1-4.8-21.2%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-3.2-4.1-8.4-6.2-15.6-6.2c-7.2%2C0-12.7%2C2.2-16.3%2C6.5c-3.6%2C4.3-5.5%2C11.3-5.6%2C20.9H325z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M354.3%2C171.4V64h12.2v107.4H354.3z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M443.5%2C113.5v41.1c0%2C4.1%2C10.1%2C3.9%2C10.1%2C3.9l-0.6%2C10.8c-8.6%2C0-15.7%2C0.7-20-3.4c-9.8%2C4.3-19.5%2C6.1-29.3%2C6.1%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-7.5%2C0-13.2-2.1-17.1-6.4c-3.9-4.2-5.9-10.3-5.9-18.3c0-7.9%2C2-13.8%2C6-17.5c4-3.7%2C10.3-6.1%2C18.9-6.9l25.6-2.4v-7%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc0-5.5-1.2-9.5-3.6-11.9c-2.4-2.4-5.7-3.6-9.8-3.6l-32.1%2C0V87.2h31.3c9.2%2C0%2C15.9%2C2.1%2C20.1%2C6.4C441.4%2C97.8%2C443.5%2C104.5%2C443.5%2C113.5%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bz%20M393.3%2C146.7c0%2C10%2C4.1%2C15%2C12.4%2C15c7.4%2C0%2C14.7-1.2%2C21.8-3.7l3.7-1.3v-26.9l-24.1%2C2.3c-4.9%2C0.4-8.4%2C1.8-10.6%2C4.2%26%2310%3B%26%239%3B%26%239%3B%26%239%3BC394.4%2C138.7%2C393.3%2C142.2%2C393.3%2C146.7z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M491.2%2C98.2c-11.8%2C0-17.8%2C4.1-17.8%2C12.4c0%2C3.8%2C1.4%2C6.5%2C4.1%2C8.1c2.7%2C1.6%2C8.9%2C3.2%2C18.6%2C4.9%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc9.7%2C1.7%2C16.5%2C4%2C20.5%2C7.1c4%2C3%2C6%2C8.7%2C6%2C17.1c0%2C8.4-2.7%2C14.5-8.1%2C18.4c-5.4%2C3.9-13.2%2C5.9-23.6%2C5.9c-6.7%2C0-29.2-2.5-29.2-2.5%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bl0.7-10.6c12.9%2C1.2%2C22.3%2C2.2%2C28.6%2C2.2c6.3%2C0%2C11.1-1%2C14.4-3c3.3-2%2C5-5.4%2C5-10.1c0-4.7-1.4-7.9-4.2-9.6c-2.8-1.7-9-3.3-18.6-4.8%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-9.6-1.5-16.4-3.7-20.4-6.7c-4-2.9-6-8.4-6-16.3c0-7.9%2C2.8-13.8%2C8.4-17.6c5.6-3.8%2C12.6-5.7%2C20.9-5.7c6.6%2C0%2C29.6%2C1.7%2C29.6%2C1.7%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bv10.7C508.1%2C99%2C498.2%2C98.2%2C491.2%2C98.2z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M581.7%2C99.5h-25.9v39c0%2C9.3%2C0.7%2C15.5%2C2%2C18.4c1.4%2C2.9%2C4.6%2C4.4%2C9.7%2C4.4l14.5-1l0.8%2C10.1%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-7.3%2C1.2-12.8%2C1.8-16.6%2C1.8c-8.5%2C0-14.3-2.1-17.6-6.2c-3.3-4.1-4.9-12-4.9-23.6V99.5h-11.6V88.9h11.6V63.9h12.1v24.9h25.9V99.5z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M598.7%2C78.4V64.3h12.2v14.2H598.7z%20M598.7%2C171.4V88.9h12.2v82.5H598.7z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M663.8%2C87.2c3.6%2C0%2C9.7%2C0.7%2C18.3%2C2l3.9%2C0.5l-0.5%2C9.9c-8.7-1-15.1-1.5-19.2-1.5c-9.2%2C0-15.5%2C2.2-18.8%2C6.6%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-3.3%2C4.4-5%2C12.6-5%2C24.5c0%2C11.9%2C1.5%2C20.2%2C4.6%2C24.9c3.1%2C4.7%2C9.5%2C7%2C19.3%2C7l19.2-1.5l0.5%2C10.1c-10.1%2C1.5-17.7%2C2.3-22.7%2C2.3%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-12.7%2C0-21.5-3.3-26.3-9.8c-4.8-6.5-7.3-17.5-7.3-33c0-15.5%2C2.6-26.4%2C7.8-32.6C643%2C90.4%2C651.7%2C87.2%2C663.8%2C87.2z%22%2F%3E%0A%20%20%20%20%3C%2Fg%3E%0A%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M236.6%2C123.5c0-19.8-12.3-37.2-30.8-43.9c0.8-4.2%2C1.2-8.4%2C1.2-12.7C207%2C30%2C177%2C0%2C140.2%2C0%26%2310%3B%26%239%3B%26%239%3BC118.6%2C0%2C98.6%2C10.3%2C86%2C27.7c-6.2-4.8-13.8-7.4-21.7-7.4c-19.6%2C0-35.5%2C15.9-35.5%2C35.5c0%2C4.3%2C0.8%2C8.5%2C2.2%2C12.4%26%2310%3B%26%239%3B%26%239%3BC12.6%2C74.8%2C0%2C92.5%2C0%2C112.2c0%2C19.9%2C12.4%2C37.3%2C30.9%2C44c-0.8%2C4.1-1.2%2C8.4-1.2%2C12.7c0%2C36.8%2C29.9%2C66.7%2C66.7%2C66.7%26%2310%3B%26%239%3B%26%239%3Bc21.6%2C0%2C41.6-10.4%2C54.1-27.8c6.2%2C4.9%2C13.8%2C7.6%2C21.7%2C7.6c19.6%2C0%2C35.5-15.9%2C35.5-35.5c0-4.3-0.8-8.5-2.2-12.4%26%2310%3B%26%239%3B%26%239%3BC223.9%2C160.9%2C236.6%2C143.2%2C236.6%2C123.5z%20M91.6%2C34.8c10.9-15.9%2C28.9-25.4%2C48.1-25.4c32.2%2C0%2C58.4%2C26.2%2C58.4%2C58.4%26%2310%3B%26%239%3B%26%239%3Bc0%2C3.9-0.4%2C7.7-1.1%2C11.5l-52.2%2C45.8L93%2C101.5L82.9%2C79.9L91.6%2C34.8z%20M65.4%2C29c6.2%2C0%2C12.1%2C2%2C17%2C5.7l-7.8%2C40.3l-35.5-8.4%26%2310%3B%26%239%3B%26%239%3Bc-1.1-3.1-1.7-6.3-1.7-9.7C37.4%2C41.6%2C49.9%2C29%2C65.4%2C29z%20M9.1%2C112.3c0-16.7%2C11-31.9%2C26.9-37.2L75%2C84.4l9.1%2C19.5l-49.8%2C45%26%2310%3B%26%239%3B%26%239%3BC19.2%2C143.1%2C9.1%2C128.6%2C9.1%2C112.3z%20M145.2%2C200.9c-10.9%2C16.1-29%2C25.6-48.4%2C25.6c-32.3%2C0-58.6-26.3-58.6-58.5c0-4%2C0.4-7.9%2C1.1-11.7%26%2310%3B%26%239%3B%26%239%3Bl50.9-46l52%2C23.7l11.5%2C22L145.2%2C200.9z%20M171.2%2C206.6c-6.1%2C0-12-2-16.9-5.8l7.7-40.2l35.4%2C8.3c1.1%2C3.1%2C1.7%2C6.3%2C1.7%2C9.7%26%2310%3B%26%239%3B%26%239%3BC199.2%2C194.1%2C186.6%2C206.6%2C171.2%2C206.6z%20M200.5%2C160.5l-39-9.1l-10.4-19.8l51-44.7c15.1%2C5.7%2C25.2%2C20.2%2C25.2%2C36.5%26%2310%3B%26%239%3B%26%239%3BC227.4%2C140.1%2C216.4%2C155.3%2C200.5%2C160.5z%22%2F%3E%0A%20%20%3C%2Fg%3E%0A%3C%2Fsvg%3E
-------------
+Default: `null`
|`max`
-|`number`
+|`number`, `null`
|The maximum number of times the image can repeat.
Default: `1000`
@@ -2396,11 +2520,7 @@ Default: `null`
|`string`, `null`
|The image to reveal. Provide an image asset as a `base64` data URL, or pass in a sub-expression.
-Example value for the `image` argument, formatted as a `base64` data URL:
-[source, url]
-------------
-data:image/svg+xml,%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22utf-8%22%3F%3E%0A%3Csvg%20viewBox%3D%22-3.948730230331421%20-1.7549896240234375%20245.25946044921875%20241.40370178222656%22%20width%3D%22245.25946044921875%22%20height%3D%22241.40370178222656%22%20style%3D%22enable-background%3Anew%200%200%20686.2%20235.7%3B%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%0A%20%20%3Cdefs%3E%0A%20%20%20%20%3Cstyle%20type%3D%22text%2Fcss%22%3E%0A%09.st0%7Bfill%3A%232D2D2D%3B%7D%0A%3C%2Fstyle%3E%0A%20%20%3C%2Fdefs%3E%0A%20%20%3Cg%20transform%3D%22matrix%281%2C%200%2C%200%2C%201%2C%200%2C%200%29%22%3E%0A%20%20%20%20%3Cg%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M329.4%2C160.3l4.7-0.5l0.3%2C9.6c-12.4%2C1.7-23%2C2.6-31.8%2C2.6c-11.7%2C0-20-3.4-24.9-10.2%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-4.9-6.8-7.3-17.4-7.3-31.7c0-28.6%2C11.4-42.9%2C34.1-42.9c11%2C0%2C19.2%2C3.1%2C24.6%2C9.2c5.4%2C6.1%2C8.1%2C15.8%2C8.1%2C28.9l-0.7%2C9.3h-53.8%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc0%2C9%2C1.6%2C15.7%2C4.9%2C20c3.3%2C4.3%2C8.9%2C6.5%2C17%2C6.5C312.8%2C161.2%2C321.1%2C160.9%2C329.4%2C160.3z%20M325%2C124.9c0-10-1.6-17.1-4.8-21.2%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-3.2-4.1-8.4-6.2-15.6-6.2c-7.2%2C0-12.7%2C2.2-16.3%2C6.5c-3.6%2C4.3-5.5%2C11.3-5.6%2C20.9H325z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M354.3%2C171.4V64h12.2v107.4H354.3z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M443.5%2C113.5v41.1c0%2C4.1%2C10.1%2C3.9%2C10.1%2C3.9l-0.6%2C10.8c-8.6%2C0-15.7%2C0.7-20-3.4c-9.8%2C4.3-19.5%2C6.1-29.3%2C6.1%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-7.5%2C0-13.2-2.1-17.1-6.4c-3.9-4.2-5.9-10.3-5.9-18.3c0-7.9%2C2-13.8%2C6-17.5c4-3.7%2C10.3-6.1%2C18.9-6.9l25.6-2.4v-7%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc0-5.5-1.2-9.5-3.6-11.9c-2.4-2.4-5.7-3.6-9.8-3.6l-32.1%2C0V87.2h31.3c9.2%2C0%2C15.9%2C2.1%2C20.1%2C6.4C441.4%2C97.8%2C443.5%2C104.5%2C443.5%2C113.5%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bz%20M393.3%2C146.7c0%2C10%2C4.1%2C15%2C12.4%2C15c7.4%2C0%2C14.7-1.2%2C21.8-3.7l3.7-1.3v-26.9l-24.1%2C2.3c-4.9%2C0.4-8.4%2C1.8-10.6%2C4.2%26%2310%3B%26%239%3B%26%239%3B%26%239%3BC394.4%2C138.7%2C393.3%2C142.2%2C393.3%2C146.7z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M491.2%2C98.2c-11.8%2C0-17.8%2C4.1-17.8%2C12.4c0%2C3.8%2C1.4%2C6.5%2C4.1%2C8.1c2.7%2C1.6%2C8.9%2C3.2%2C18.6%2C4.9%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc9.7%2C1.7%2C16.5%2C4%2C20.5%2C7.1c4%2C3%2C6%2C8.7%2C6%2C17.1c0%2C8.4-2.7%2C14.5-8.1%2C18.4c-5.4%2C3.9-13.2%2C5.9-23.6%2C5.9c-6.7%2C0-29.2-2.5-29.2-2.5%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bl0.7-10.6c12.9%2C1.2%2C22.3%2C2.2%2C28.6%2C2.2c6.3%2C0%2C11.1-1%2C14.4-3c3.3-2%2C5-5.4%2C5-10.1c0-4.7-1.4-7.9-4.2-9.6c-2.8-1.7-9-3.3-18.6-4.8%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-9.6-1.5-16.4-3.7-20.4-6.7c-4-2.9-6-8.4-6-16.3c0-7.9%2C2.8-13.8%2C8.4-17.6c5.6-3.8%2C12.6-5.7%2C20.9-5.7c6.6%2C0%2C29.6%2C1.7%2C29.6%2C1.7%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bv10.7C508.1%2C99%2C498.2%2C98.2%2C491.2%2C98.2z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M581.7%2C99.5h-25.9v39c0%2C9.3%2C0.7%2C15.5%2C2%2C18.4c1.4%2C2.9%2C4.6%2C4.4%2C9.7%2C4.4l14.5-1l0.8%2C10.1%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-7.3%2C1.2-12.8%2C1.8-16.6%2C1.8c-8.5%2C0-14.3-2.1-17.6-6.2c-3.3-4.1-4.9-12-4.9-23.6V99.5h-11.6V88.9h11.6V63.9h12.1v24.9h25.9V99.5z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M598.7%2C78.4V64.3h12.2v14.2H598.7z%20M598.7%2C171.4V88.9h12.2v82.5H598.7z%22%2F%3E%0A%20%20%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M663.8%2C87.2c3.6%2C0%2C9.7%2C0.7%2C18.3%2C2l3.9%2C0.5l-0.5%2C9.9c-8.7-1-15.1-1.5-19.2-1.5c-9.2%2C0-15.5%2C2.2-18.8%2C6.6%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-3.3%2C4.4-5%2C12.6-5%2C24.5c0%2C11.9%2C1.5%2C20.2%2C4.6%2C24.9c3.1%2C4.7%2C9.5%2C7%2C19.3%2C7l19.2-1.5l0.5%2C10.1c-10.1%2C1.5-17.7%2C2.3-22.7%2C2.3%26%2310%3B%26%239%3B%26%239%3B%26%239%3Bc-12.7%2C0-21.5-3.3-26.3-9.8c-4.8-6.5-7.3-17.5-7.3-33c0-15.5%2C2.6-26.4%2C7.8-32.6C643%2C90.4%2C651.7%2C87.2%2C663.8%2C87.2z%22%2F%3E%0A%20%20%20%20%3C%2Fg%3E%0A%20%20%20%20%3Cpath%20class%3D%22st0%22%20d%3D%22M236.6%2C123.5c0-19.8-12.3-37.2-30.8-43.9c0.8-4.2%2C1.2-8.4%2C1.2-12.7C207%2C30%2C177%2C0%2C140.2%2C0%26%2310%3B%26%239%3B%26%239%3BC118.6%2C0%2C98.6%2C10.3%2C86%2C27.7c-6.2-4.8-13.8-7.4-21.7-7.4c-19.6%2C0-35.5%2C15.9-35.5%2C35.5c0%2C4.3%2C0.8%2C8.5%2C2.2%2C12.4%26%2310%3B%26%239%3B%26%239%3BC12.6%2C74.8%2C0%2C92.5%2C0%2C112.2c0%2C19.9%2C12.4%2C37.3%2C30.9%2C44c-0.8%2C4.1-1.2%2C8.4-1.2%2C12.7c0%2C36.8%2C29.9%2C66.7%2C66.7%2C66.7%26%2310%3B%26%239%3B%26%239%3Bc21.6%2C0%2C41.6-10.4%2C54.1-27.8c6.2%2C4.9%2C13.8%2C7.6%2C21.7%2C7.6c19.6%2C0%2C35.5-15.9%2C35.5-35.5c0-4.3-0.8-8.5-2.2-12.4%26%2310%3B%26%239%3B%26%239%3BC223.9%2C160.9%2C236.6%2C143.2%2C236.6%2C123.5z%20M91.6%2C34.8c10.9-15.9%2C28.9-25.4%2C48.1-25.4c32.2%2C0%2C58.4%2C26.2%2C58.4%2C58.4%26%2310%3B%26%239%3B%26%239%3Bc0%2C3.9-0.4%2C7.7-1.1%2C11.5l-52.2%2C45.8L93%2C101.5L82.9%2C79.9L91.6%2C34.8z%20M65.4%2C29c6.2%2C0%2C12.1%2C2%2C17%2C5.7l-7.8%2C40.3l-35.5-8.4%26%2310%3B%26%239%3B%26%239%3Bc-1.1-3.1-1.7-6.3-1.7-9.7C37.4%2C41.6%2C49.9%2C29%2C65.4%2C29z%20M9.1%2C112.3c0-16.7%2C11-31.9%2C26.9-37.2L75%2C84.4l9.1%2C19.5l-49.8%2C45%26%2310%3B%26%239%3B%26%239%3BC19.2%2C143.1%2C9.1%2C128.6%2C9.1%2C112.3z%20M145.2%2C200.9c-10.9%2C16.1-29%2C25.6-48.4%2C25.6c-32.3%2C0-58.6-26.3-58.6-58.5c0-4%2C0.4-7.9%2C1.1-11.7%26%2310%3B%26%239%3B%26%239%3Bl50.9-46l52%2C23.7l11.5%2C22L145.2%2C200.9z%20M171.2%2C206.6c-6.1%2C0-12-2-16.9-5.8l7.7-40.2l35.4%2C8.3c1.1%2C3.1%2C1.7%2C6.3%2C1.7%2C9.7%26%2310%3B%26%239%3B%26%239%3BC199.2%2C194.1%2C186.6%2C206.6%2C171.2%2C206.6z%20M200.5%2C160.5l-39-9.1l-10.4-19.8l51-44.7c15.1%2C5.7%2C25.2%2C20.2%2C25.2%2C36.5%26%2310%3B%26%239%3B%26%239%3BC227.4%2C140.1%2C216.4%2C155.3%2C200.5%2C160.5z%22%2F%3E%0A%20%20%3C%2Fg%3E%0A%3C%2Fsvg%3E
-------------
+Default: `null`
|`origin`
|`string`
@@ -2449,99 +2569,37 @@ Returns the number of rows. Pairs with <> to get the count of unique col
== S
[float]
-[[savedLens_fn]]
-=== `savedLens`
-
-Returns an embeddable for a saved Lens visualization object.
-
-*Accepts:* `any`
-
-[cols="3*^<"]
-|===
-|Argument |Type |Description
-
-|`id`
-|`string`
-|The ID of the saved Lens visualization object
-
-|`timerange`
-|`timerange`
-|The timerange of data that should be included
-
-|`title`
-|`string`
-|The title for the Lens visualization object
-|===
-
-*Returns:* `embeddable`
-
-
-[float]
-[[savedMap_fn]]
-=== `savedMap`
+[[selectFilter_fn]]
+=== `selectFilter`
-Returns an embeddable for a saved map object.
+Selects filters from context
-*Accepts:* `any`
+*Accepts:* `kibana_context`
[cols="3*^<"]
|===
|Argument |Type |Description
-|`center`
-|`mapCenter`
-|The center and zoom level the map should have
-
-|`hideLayer` †
-|`string`
-|The IDs of map layers that should be hidden
+|_Unnamed_ †
-|`id`
+Alias: `group`
|`string`
-|The ID of the saved map object
+|Select only filters belonging to the provided group
-|`timerange`
-|`timerange`
-|The timerange of data that should be included
-
-|`title`
+|`from`
|`string`
-|The title for the map
-|===
-
-*Returns:* `embeddable`
-
-
-[float]
-[[savedVisualization_fn]]
-=== `savedVisualization`
-
-Returns an embeddable for a saved visualization object.
-
-*Accepts:* `any`
-
-[cols="3*^<"]
-|===
-|Argument |Type |Description
+|Select only filters owned by the provided id
-|`colors` †
-|`seriesStyle`
-|Defines the color to use for a specific series
+|`ungrouped`
-|`hideLegend`
+Aliases: `nogroup`, `nogroups`
|`boolean`
-|Specifies the option to hide the legend
+|Should filters without group be included
-|`id`
-|`string`
-|The ID of the saved visualization object
-
-|`timerange`
-|`timerange`
-|The timerange of data that should be included
+Default: `false`
|===
-*Returns:* `embeddable`
+*Returns:* `kibana_context`
[float]
@@ -2641,7 +2699,7 @@ Default: `"black"`
Default: `false`
|===
-*Returns:* `shape`
+*Returns:* Depends on your input and arguments
[float]
@@ -2676,7 +2734,7 @@ Default: `false`
[[staticColumn_fn]]
=== `staticColumn`
-Adds a column with the same static value in every row. See also <>, <>, and <>.
+Adds a column with the same static value in every row. See also <>, <>, and <>
*Accepts:* `datatable`
@@ -2994,7 +3052,7 @@ Alias: `type`
Returns a UI settings parameter value.
-*Accepts:* `null`
+*Accepts:* `any`
[cols="3*^<"]
|===
@@ -3002,18 +3060,17 @@ Returns a UI settings parameter value.
|_Unnamed_ ***
-Aliases: `parameter`
+Alias: `parameter`
|`string`
|The parameter name.
|`default`
|`any`
|A default value in case of the parameter is not set.
-
-Default: `null`
|===
-*Returns:* `ui_setting`
+*Returns:* Depends on your input and arguments
+
[float]
[[urlparam_fn]]
@@ -3080,13 +3137,13 @@ Updates the Kibana global context.
|===
|Argument |Type |Description
-|_Unnamed_ ***
+|_Unnamed_ *** †
Alias: `name`
|`string`
|Specify the name of the variable.
-|`value`
+|`value` †
Alias: `val`
|`any`
diff --git a/docs/maps/images/gs_add_cloropeth_layer.png b/docs/maps/images/gs_add_cloropeth_layer.png
index 42e00ccc5dd2..10774c69adbb 100644
Binary files a/docs/maps/images/gs_add_cloropeth_layer.png and b/docs/maps/images/gs_add_cloropeth_layer.png differ
diff --git a/docs/maps/images/gs_add_es_document_layer.png b/docs/maps/images/gs_add_es_document_layer.png
index d7616c4b11fe..4656933552f2 100644
Binary files a/docs/maps/images/gs_add_es_document_layer.png and b/docs/maps/images/gs_add_es_document_layer.png differ
diff --git a/docs/maps/images/gs_dashboard_with_map.png b/docs/maps/images/gs_dashboard_with_map.png
index fdd4cc976d10..b7d4a7b63ed3 100644
Binary files a/docs/maps/images/gs_dashboard_with_map.png and b/docs/maps/images/gs_dashboard_with_map.png differ
diff --git a/docs/maps/images/gs_dashboard_with_terms_filter.png b/docs/maps/images/gs_dashboard_with_terms_filter.png
index ad88fe9db817..1876cad733b2 100644
Binary files a/docs/maps/images/gs_dashboard_with_terms_filter.png and b/docs/maps/images/gs_dashboard_with_terms_filter.png differ
diff --git a/docs/maps/images/sample_data_web_logs.png b/docs/maps/images/sample_data_web_logs.png
index e4902c3e8961..76ff9c0d1622 100644
Binary files a/docs/maps/images/sample_data_web_logs.png and b/docs/maps/images/sample_data_web_logs.png differ
diff --git a/docs/maps/maps-getting-started.asciidoc b/docs/maps/maps-getting-started.asciidoc
index 89d06fce6018..a85586fc4318 100644
--- a/docs/maps/maps-getting-started.asciidoc
+++ b/docs/maps/maps-getting-started.asciidoc
@@ -97,8 +97,6 @@ The layer is only visible when users zoom in.
. Set **Data view** to **kibana_sample_data_logs**.
-. Set **Scaling** to *Limits results to 10000.*
-
. Click **Add layer**.
. In **Layer settings**, set:
@@ -109,6 +107,8 @@ The layer is only visible when users zoom in.
. Add a tooltip field and select **agent**, **bytes**, **clientip**, **host**,
**machine.os**, **request**, **response**, and **timestamp**.
+. In **Scaling**, set *Limits results to 10,000.*
+
. In **Layer style**, set **Fill color** to **#2200FF**.
. Click **Save & close**.
diff --git a/docs/maps/vector-layer.asciidoc b/docs/maps/vector-layer.asciidoc
index f70e4d59796c..cf6dd5334b07 100644
--- a/docs/maps/vector-layer.asciidoc
+++ b/docs/maps/vector-layer.asciidoc
@@ -33,6 +33,10 @@ When a tile exceeds `index.max_result_window`, results exceeding `index.max_resu
*EMS Boundaries*:: Administrative boundaries from https://www.elastic.co/elastic-maps-service[Elastic Maps Service].
+*ML Anomalies*:: Points and lines associated with anomalies. The {anomaly-job}
+must use a `lat_long` function. Go to
+{ml-docs}/geographic-anomalies.html[Detecting anomalous locations in geographic data] for an example.
+
*Point to point*:: Aggregated data paths between the source and destination.
The index must contain at least 2 fields mapped as {ref}/geo-point.html[geo_point], source and destination.
diff --git a/package.json b/package.json
index c87ce15f455c..fdb358c25fb8 100644
--- a/package.json
+++ b/package.json
@@ -680,7 +680,7 @@
"@types/redux-actions": "^2.6.1",
"@types/redux-logger": "^3.0.8",
"@types/seedrandom": ">=2.0.0 <4.0.0",
- "@types/selenium-webdriver": "^4.0.16",
+ "@types/selenium-webdriver": "^4.0.18",
"@types/semver": "^7",
"@types/set-value": "^2.0.0",
"@types/sinon": "^7.0.13",
@@ -737,7 +737,7 @@
"callsites": "^3.1.0",
"chai": "3.5.0",
"chance": "1.0.18",
- "chromedriver": "^97.0.2",
+ "chromedriver": "^98.0.0",
"clean-webpack-plugin": "^3.0.0",
"cmd-shim": "^2.1.0",
"compression-webpack-plugin": "^4.0.0",
diff --git a/packages/kbn-es/src/cluster.js b/packages/kbn-es/src/cluster.js
index 4ad732975234..22ff9ae3c0cd 100644
--- a/packages/kbn-es/src/cluster.js
+++ b/packages/kbn-es/src/cluster.js
@@ -261,6 +261,7 @@ exports.Cluster = class Cluster {
'action.destructive_requires_name=true',
'ingest.geoip.downloader.enabled=false',
'search.check_ccs_compatibility=true',
+ 'cluster.routing.allocation.disk.threshold_enabled=false',
].concat(options.esArgs || []);
// Add to esArgs if ssl is enabled
diff --git a/packages/kbn-es/src/integration_tests/cluster.test.js b/packages/kbn-es/src/integration_tests/cluster.test.js
index 5633bd32b9ab..271942158dc9 100644
--- a/packages/kbn-es/src/integration_tests/cluster.test.js
+++ b/packages/kbn-es/src/integration_tests/cluster.test.js
@@ -310,6 +310,7 @@ describe('#start(installPath)', () => {
"action.destructive_requires_name=true",
"ingest.geoip.downloader.enabled=false",
"search.check_ccs_compatibility=true",
+ "cluster.routing.allocation.disk.threshold_enabled=false",
],
undefined,
Object {
@@ -389,6 +390,7 @@ describe('#run()', () => {
"action.destructive_requires_name=true",
"ingest.geoip.downloader.enabled=false",
"search.check_ccs_compatibility=true",
+ "cluster.routing.allocation.disk.threshold_enabled=false",
],
undefined,
Object {
diff --git a/packages/kbn-securitysolution-io-ts-list-types/src/common/exception_list/index.ts b/packages/kbn-securitysolution-io-ts-list-types/src/common/exception_list/index.ts
index 54c9ecfe40b9..2f59e868c354 100644
--- a/packages/kbn-securitysolution-io-ts-list-types/src/common/exception_list/index.ts
+++ b/packages/kbn-securitysolution-io-ts-list-types/src/common/exception_list/index.ts
@@ -14,6 +14,7 @@ export const exceptionListType = t.keyof({
endpoint_trusted_apps: null,
endpoint_events: null,
endpoint_host_isolation_exceptions: null,
+ endpoint_blocklists: null,
});
export const exceptionListTypeOrUndefined = t.union([exceptionListType, t.undefined]);
export type ExceptionListType = t.TypeOf;
@@ -24,4 +25,5 @@ export enum ExceptionListTypeEnum {
ENDPOINT_TRUSTED_APPS = 'endpoint',
ENDPOINT_EVENTS = 'endpoint_events',
ENDPOINT_HOST_ISOLATION_EXCEPTIONS = 'endpoint_host_isolation_exceptions',
+ ENDPOINT_BLOCKLISTS = 'endpoint_blocklists',
}
diff --git a/packages/kbn-securitysolution-io-ts-list-types/src/common/lists/index.test.ts b/packages/kbn-securitysolution-io-ts-list-types/src/common/lists/index.test.ts
index 9bcb11917f7d..c8145307153f 100644
--- a/packages/kbn-securitysolution-io-ts-list-types/src/common/lists/index.test.ts
+++ b/packages/kbn-securitysolution-io-ts-list-types/src/common/lists/index.test.ts
@@ -86,7 +86,7 @@ describe('Lists', () => {
const message = pipe(decoded, foldLeftRight);
expect(getPaths(left(message.errors))).toEqual([
- 'Invalid value "1" supplied to "Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_trusted_apps" | "endpoint_events" | "endpoint_host_isolation_exceptions", namespace_type: "agnostic" | "single" |}>"',
+ 'Invalid value "1" supplied to "Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_trusted_apps" | "endpoint_events" | "endpoint_host_isolation_exceptions" | "endpoint_blocklists", namespace_type: "agnostic" | "single" |}>"',
]);
expect(message.schema).toEqual({});
});
@@ -117,8 +117,8 @@ describe('Lists', () => {
const message = pipe(decoded, foldLeftRight);
expect(getPaths(left(message.errors))).toEqual([
- 'Invalid value "1" supplied to "(Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_trusted_apps" | "endpoint_events" | "endpoint_host_isolation_exceptions", namespace_type: "agnostic" | "single" |}> | undefined)"',
- 'Invalid value "[1]" supplied to "(Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_trusted_apps" | "endpoint_events" | "endpoint_host_isolation_exceptions", namespace_type: "agnostic" | "single" |}> | undefined)"',
+ 'Invalid value "1" supplied to "(Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_trusted_apps" | "endpoint_events" | "endpoint_host_isolation_exceptions" | "endpoint_blocklists", namespace_type: "agnostic" | "single" |}> | undefined)"',
+ 'Invalid value "[1]" supplied to "(Array<{| id: NonEmptyString, list_id: NonEmptyString, type: "detection" | "endpoint" | "endpoint_trusted_apps" | "endpoint_events" | "endpoint_host_isolation_exceptions" | "endpoint_blocklists", namespace_type: "agnostic" | "single" |}> | undefined)"',
]);
expect(message.schema).toEqual({});
});
diff --git a/packages/kbn-securitysolution-list-constants/src/index.ts b/packages/kbn-securitysolution-list-constants/src/index.ts
index f0e09ff7bb46..43fe3ac47f8d 100644
--- a/packages/kbn-securitysolution-list-constants/src/index.ts
+++ b/packages/kbn-securitysolution-list-constants/src/index.ts
@@ -76,3 +76,7 @@ export const ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_NAME =
'Endpoint Security Host isolation exceptions List';
export const ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_DESCRIPTION =
'Endpoint Security Host isolation exceptions List';
+
+export const ENDPOINT_BLOCKLISTS_LIST_ID = 'endpoint_blocklists';
+export const ENDPOINT_BLOCKLISTS_LIST_NAME = 'Endpoint Security Blocklists List';
+export const ENDPOINT_BLOCKLISTS_LIST_DESCRIPTION = 'Endpoint Security Blocklists List';
diff --git a/src/plugins/expressions/common/expression_functions/specs/clog.ts b/src/plugins/expressions/common/expression_functions/specs/clog.ts
index a523d7505648..6936b704b878 100644
--- a/src/plugins/expressions/common/expression_functions/specs/clog.ts
+++ b/src/plugins/expressions/common/expression_functions/specs/clog.ts
@@ -13,7 +13,7 @@ export type ExpressionFunctionClog = ExpressionFunctionDefinition<'clog', unknow
export const clog: ExpressionFunctionClog = {
name: 'clog',
args: {},
- help: 'Outputs the context to the console',
+ help: 'Outputs the _input_ in the console. This function is for debug purposes',
fn: (input: unknown) => {
// eslint-disable-next-line no-console
console.log(input);
diff --git a/src/plugins/expressions/common/expression_functions/specs/math_column.ts b/src/plugins/expressions/common/expression_functions/specs/math_column.ts
index fe6049b49c96..ae6cc8b755fe 100644
--- a/src/plugins/expressions/common/expression_functions/specs/math_column.ts
+++ b/src/plugins/expressions/common/expression_functions/specs/math_column.ts
@@ -28,12 +28,11 @@ export const mathColumn: ExpressionFunctionDefinition<
inputTypes: ['datatable'],
help: i18n.translate('expressions.functions.mathColumnHelpText', {
defaultMessage:
- 'Adds a column calculated as the result of other columns. ' +
- 'Changes are made only when you provide arguments.' +
- 'See also {alterColumnFn} and {staticColumnFn}.',
+ 'Adds a column by evaluating {tinymath} on each row. ' +
+ 'This function is optimized for math and performs better than using a math expression in {mapColumnFn}.',
values: {
- alterColumnFn: '`alterColumn`',
- staticColumnFn: '`staticColumn`',
+ mapColumnFn: '`mapColumn`',
+ tinymath: '`TinyMath`',
},
}),
args: {
diff --git a/x-pack/examples/alerting_example/kibana.json b/x-pack/examples/alerting_example/kibana.json
index 13117713a9a7..dabf932b5e68 100644
--- a/x-pack/examples/alerting_example/kibana.json
+++ b/x-pack/examples/alerting_example/kibana.json
@@ -3,8 +3,8 @@
"version": "0.0.1",
"kibanaVersion": "kibana",
"owner": {
- "name": "Kibana Alerting",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"server": true,
"ui": true,
diff --git a/x-pack/plugins/actions/kibana.json b/x-pack/plugins/actions/kibana.json
index aa3a9f3f6c34..4e928fafc4d5 100644
--- a/x-pack/plugins/actions/kibana.json
+++ b/x-pack/plugins/actions/kibana.json
@@ -1,8 +1,8 @@
{
"id": "actions",
"owner": {
- "name": "Kibana Alerting",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"server": true,
"version": "8.0.0",
diff --git a/x-pack/plugins/alerting/kibana.json b/x-pack/plugins/alerting/kibana.json
index 82d8de0daf14..90db7885de81 100644
--- a/x-pack/plugins/alerting/kibana.json
+++ b/x-pack/plugins/alerting/kibana.json
@@ -3,8 +3,8 @@
"server": true,
"ui": true,
"owner": {
- "name": "Kibana Alerting",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "8.0.0",
"kibanaVersion": "kibana",
diff --git a/x-pack/plugins/apm/dev_docs/vscode_setup.md b/x-pack/plugins/apm/dev_docs/vscode_setup.md
index c7adad4fd094..9be3a53b5217 100644
--- a/x-pack/plugins/apm/dev_docs/vscode_setup.md
+++ b/x-pack/plugins/apm/dev_docs/vscode_setup.md
@@ -31,7 +31,10 @@ To make the [VSCode debugger](https://vscode.readthedocs.io/en/latest/editor/deb
"type": "node",
"name": "vscode-jest-tests",
"request": "launch",
- "args": ["--runInBand"],
+ "args": [
+ "--runInBand",
+ "--config=${workspaceFolder}/jest.config.js"
+ ],
"cwd": "${workspaceFolder}",
"console": "integratedTerminal",
"internalConsoleOptions": "neverOpen",
diff --git a/x-pack/plugins/apm/public/components/shared/service_icons/cloud_details.tsx b/x-pack/plugins/apm/public/components/shared/service_icons/cloud_details.tsx
index 91780fec1584..b5e4013d08ec 100644
--- a/x-pack/plugins/apm/public/components/shared/service_icons/cloud_details.tsx
+++ b/x-pack/plugins/apm/public/components/shared/service_icons/cloud_details.tsx
@@ -5,13 +5,7 @@
* 2.0.
*/
-import {
- EuiBadge,
- EuiDescriptionList,
- EuiBetaBadge,
- EuiFlexGroup,
- EuiFlexItem,
-} from '@elastic/eui';
+import { EuiBadge, EuiDescriptionList } from '@elastic/eui';
import { EuiDescriptionListProps } from '@elastic/eui/src/components/description_list/description_list';
import { i18n } from '@kbn/i18n';
import React from 'react';
@@ -51,32 +45,7 @@ export function CloudDetails({ cloud, isServerless }: Props) {
defaultMessage: 'Cloud service',
}
),
- description: (
-
- {cloud.serviceName}
- {isServerless && (
-
-
-
- )}
-
- ),
+ description: cloud.serviceName,
});
}
diff --git a/x-pack/plugins/canvas/i18n/functions/dict/alter_column.ts b/x-pack/plugins/canvas/i18n/functions/dict/alter_column.ts
index 25975410ef8b..795a70abb981 100644
--- a/x-pack/plugins/canvas/i18n/functions/dict/alter_column.ts
+++ b/x-pack/plugins/canvas/i18n/functions/dict/alter_column.ts
@@ -15,7 +15,7 @@ export const help: FunctionHelp> = {
help: i18n.translate('xpack.canvas.functions.alterColumnHelpText', {
defaultMessage:
'Converts between core types, including {list}, and {end}, and renames columns. ' +
- 'See also {mapColumnFn} and {staticColumnFn}.',
+ 'See also {mapColumnFn}, {mathColumnFn}, and {staticColumnFn}.',
values: {
list: Object.values(DATATABLE_COLUMN_TYPES)
.slice(0, -1)
@@ -24,6 +24,7 @@ export const help: FunctionHelp> = {
end: `\`${Object.values(DATATABLE_COLUMN_TYPES).slice(-1)[0]}\``,
mapColumnFn: '`mapColumn`',
staticColumnFn: '`staticColumn`',
+ mathColumnFn: '`mathColumn`',
},
}),
args: {
diff --git a/x-pack/plugins/canvas/i18n/functions/dict/static_column.ts b/x-pack/plugins/canvas/i18n/functions/dict/static_column.ts
index 3b5a632edf99..a27c1491fc0a 100644
--- a/x-pack/plugins/canvas/i18n/functions/dict/static_column.ts
+++ b/x-pack/plugins/canvas/i18n/functions/dict/static_column.ts
@@ -13,10 +13,11 @@ import { FunctionFactory } from '../../../types';
export const help: FunctionHelp> = {
help: i18n.translate('xpack.canvas.functions.staticColumnHelpText', {
defaultMessage:
- 'Adds a column with the same static value in every row. See also {alterColumnFn} and {mapColumnFn}.',
+ 'Adds a column with the same static value in every row. See also {alterColumnFn}, {mapColumnFn}, and {mathColumnFn}',
values: {
alterColumnFn: '`alterColumn`',
mapColumnFn: '`mapColumn`',
+ mathColumnFn: '`mathColumn`',
},
}),
args: {
diff --git a/x-pack/plugins/canvas/public/components/function_reference_generator/function_examples.ts b/x-pack/plugins/canvas/public/components/function_reference_generator/function_examples.ts
index 785f183b193f..c25e163a0c21 100644
--- a/x-pack/plugins/canvas/public/components/function_reference_generator/function_examples.ts
+++ b/x-pack/plugins/canvas/public/components/function_reference_generator/function_examples.ts
@@ -134,6 +134,20 @@ case if={lte 50} then="green"`,
help: 'This sets the color of the progress indicator and the color of the label to `"green"` if the value is less than or equal to `0.5`, `"orange"` if the value is greater than `0.5` and less than or equal to `0.75`, and `"red"` if `none` of the case conditions are met.',
},
},
+ clog: {
+ syntax: `clog`,
+ usage: {
+ expression: `kibana
+| demodata
+| clog
+| filterrows fn={getCell "age" | gt 70}
+| clog
+| pointseries x="time" y="mean(price)"
+| plot defaultStyle={seriesStyle lines=1 fill=1}
+| render`,
+ help: 'This prints the `datatable` objects in the browser console before and after the `filterrows` function.',
+ },
+ },
columns: {
syntax: `columns include="@timestamp, projects, cost"
columns exclude="username, country, age"`,
@@ -199,6 +213,23 @@ containerStyle backgroundImage={asset id=asset-f40d2292-cf9e-4f2c-8c6f-a504a25e9
help: 'Using the `context` function allows us to pass the output, or _context_, of the previous function as a value to an argument in the next function. Here we get the formatted date string from the previous function and pass it as `content` for the markdown element.',
},
},
+ createTable: {
+ syntax: `createTable id="a" id="b"
+createTable id="a" name="A" id="b" name="B" rowCount=5`,
+ usage: {
+ expression: `var_set
+name="logs" value={essql "select count(*) as a from kibana_sample_data_logs"}
+name="commerce" value={essql "select count(*) as b from kibana_sample_data_ecommerce"}
+| createTable ids="totalA" ids="totalB"
+| staticColumn name="totalA" value={var "logs" | getCell "a"}
+| alterColumn column="totalA" type="number"
+| staticColumn name="totalB" value={var "commerce" | getCell "b"}
+| alterColumn column="totalB" type="number"
+| mathColumn id="percent" name="percent" expression="totalA / totalB"
+| render`,
+ help: 'This creates a table based on the results of two `essql` queries, joined into one table.',
+ },
+ },
csv: {
syntax: `csv "fruit, stock
kiwi, 10
diff --git a/x-pack/plugins/canvas/public/components/function_reference_generator/generate_function_reference.ts b/x-pack/plugins/canvas/public/components/function_reference_generator/generate_function_reference.ts
index 289704ae7953..7f7f897b4f28 100644
--- a/x-pack/plugins/canvas/public/components/function_reference_generator/generate_function_reference.ts
+++ b/x-pack/plugins/canvas/public/components/function_reference_generator/generate_function_reference.ts
@@ -26,12 +26,32 @@ const fnList = [
...browserFunctions.map((fn) => fn().name),
...serverFunctions.map((fn) => fn().name),
'asset',
+ 'clog',
+ 'createTable',
+ 'embeddable',
'filters',
+ 'font',
+ 'image',
+ 'kibana',
+ 'mapColumn',
+ 'math',
+ 'mathColumn',
+ 'metric',
+ 'palette',
+ 'pie',
+ 'plot',
+ 'progress',
+ 'removeFilter',
+ 'repeatImage',
+ 'revealImage',
+ 'selectFilter',
+ 'shape',
'timelion',
'to',
- 'font',
+ 'uiSetting',
'var',
'var_set',
+
// ignore unsupported embeddables functions for now
].filter((fn) => !['savedSearch'].includes(fn));
diff --git a/x-pack/plugins/event_log/kibana.json b/x-pack/plugins/event_log/kibana.json
index 5223549a2e4f..c437667512cd 100644
--- a/x-pack/plugins/event_log/kibana.json
+++ b/x-pack/plugins/event_log/kibana.json
@@ -3,8 +3,8 @@
"version": "0.0.1",
"kibanaVersion": "kibana",
"owner": {
- "name": "Kibana Alerting",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"configPath": ["xpack", "eventLog"],
"optionalPlugins": ["spaces"],
diff --git a/x-pack/plugins/fleet/server/integration_tests/__snapshots__/cloud_preconfiguration.test.ts.snap b/x-pack/plugins/fleet/server/integration_tests/__snapshots__/cloud_preconfiguration.test.ts.snap
new file mode 100644
index 000000000000..80f2c39abe98
--- /dev/null
+++ b/x-pack/plugins/fleet/server/integration_tests/__snapshots__/cloud_preconfiguration.test.ts.snap
@@ -0,0 +1,231 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Fleet preconfiguration reset Preconfigred cloud policy Create correct .fleet-policies 1`] = `
+Object {
+ "agent": Object {
+ "monitoring": Object {
+ "enabled": false,
+ "logs": false,
+ "metrics": false,
+ },
+ },
+ "id": "policy-elastic-agent-on-cloud",
+ "inputs": Array [
+ Object {
+ "data_stream": Object {
+ "namespace": "default",
+ },
+ "id": "elastic-cloud-fleet-server",
+ "meta": Object {
+ "package": Object {
+ "name": "fleet_server",
+ "version": "1.1.1",
+ },
+ },
+ "name": "Fleet Server",
+ "revision": 1,
+ "server": Object {
+ "host": "0.0.0.0",
+ "port": 8220,
+ },
+ "server.runtime": Object {
+ "gc_percent": 20,
+ },
+ "type": "fleet-server",
+ "use_output": "es-containerhost",
+ },
+ Object {
+ "apm-server": Object {
+ "auth": Object {
+ "anonymous": Object {
+ "allow_agent": Array [
+ "rum-js",
+ "js-base",
+ "iOS/swift",
+ ],
+ "allow_service": null,
+ "enabled": true,
+ "rate_limit": Object {
+ "event_limit": 300,
+ "ip_limit": 1000,
+ },
+ },
+ "api_key": Object {
+ "enabled": true,
+ "limit": 100,
+ },
+ "secret_token": "CLOUD_SECRET_TOKEN",
+ },
+ "capture_personal_data": true,
+ "default_service_environment": null,
+ "expvar.enabled": false,
+ "host": "0.0.0.0:8200",
+ "idle_timeout": "45s",
+ "java_attacher": Object {
+ "discovery-rules": null,
+ "download-agent-version": null,
+ "enabled": false,
+ },
+ "max_connections": 0,
+ "max_event_size": 307200,
+ "max_header_size": 1048576,
+ "read_timeout": "3600s",
+ "response_headers": null,
+ "rum": Object {
+ "allow_headers": null,
+ "allow_origins": Array [
+ "*",
+ ],
+ "enabled": true,
+ "exclude_from_grouping": "^/webpack",
+ "library_pattern": "node_modules|bower_components|~",
+ "response_headers": null,
+ },
+ "sampling": Object {
+ "tail": Object {
+ "enabled": false,
+ "interval": "1m",
+ "policies": Array [
+ Object {
+ "sample_rate": 0.1,
+ },
+ ],
+ },
+ },
+ "shutdown_timeout": "30s",
+ "ssl": Object {
+ "certificate": "/app/config/certs/node.crt",
+ "cipher_suites": null,
+ "curve_types": null,
+ "enabled": true,
+ "key": "/app/config/certs/node.key",
+ "key_passphrase": null,
+ "supported_protocols": Array [
+ "TLSv1.0",
+ "TLSv1.1",
+ "TLSv1.2",
+ ],
+ },
+ "write_timeout": "30s",
+ },
+ "data_stream": Object {
+ "namespace": "default",
+ },
+ "id": "elastic-cloud-apm",
+ "meta": Object {
+ "package": Object {
+ "name": "apm",
+ "version": "8.2.0-dev3",
+ },
+ },
+ "name": "Elastic APM",
+ "revision": 1,
+ "type": "apm",
+ "use_output": "es-containerhost",
+ },
+ ],
+ "output_permissions": Object {
+ "es-containerhost": Object {
+ "Elastic APM": Object {
+ "cluster": Array [
+ "cluster:monitor/main",
+ ],
+ "indices": Array [
+ Object {
+ "names": Array [
+ "logs-apm.app-default",
+ ],
+ "privileges": Array [
+ "auto_configure",
+ "create_doc",
+ ],
+ },
+ Object {
+ "names": Array [
+ "metrics-apm.app.*-default",
+ ],
+ "privileges": Array [
+ "auto_configure",
+ "create_doc",
+ ],
+ },
+ Object {
+ "names": Array [
+ "logs-apm.error-default",
+ ],
+ "privileges": Array [
+ "auto_configure",
+ "create_doc",
+ ],
+ },
+ Object {
+ "names": Array [
+ "metrics-apm.internal-default",
+ ],
+ "privileges": Array [
+ "auto_configure",
+ "create_doc",
+ ],
+ },
+ Object {
+ "names": Array [
+ "metrics-apm.profiling-default",
+ ],
+ "privileges": Array [
+ "auto_configure",
+ "create_doc",
+ ],
+ },
+ Object {
+ "names": Array [
+ "traces-apm.rum-default",
+ ],
+ "privileges": Array [
+ "auto_configure",
+ "create_doc",
+ ],
+ },
+ Object {
+ "names": Array [
+ "traces-apm.sampled-default",
+ ],
+ "privileges": Array [
+ "auto_configure",
+ "create_doc",
+ "maintenance",
+ "monitor",
+ "read",
+ ],
+ },
+ Object {
+ "names": Array [
+ "traces-apm-default",
+ ],
+ "privileges": Array [
+ "auto_configure",
+ "create_doc",
+ ],
+ },
+ ],
+ },
+ "_elastic_agent_checks": Object {
+ "cluster": Array [
+ "monitor",
+ ],
+ },
+ "_elastic_agent_monitoring": Object {
+ "indices": Array [],
+ },
+ },
+ },
+ "outputs": Object {
+ "es-containerhost": Object {
+ "hosts": Array [
+ "https://cloudinternales:9200",
+ ],
+ "type": "elasticsearch",
+ },
+ },
+ "revision": 4,
+}
+`;
diff --git a/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts b/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts
new file mode 100644
index 000000000000..2dbdb5849750
--- /dev/null
+++ b/x-pack/plugins/fleet/server/integration_tests/cloud_preconfiguration.test.ts
@@ -0,0 +1,195 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import Path from 'path';
+
+import * as kbnTestServer from 'src/core/test_helpers/kbn_server';
+
+import { AGENT_POLICY_INDEX } from '../../common';
+import type { PackagePolicySOAttributes } from '../../common';
+import type { AgentPolicySOAttributes } from '../types';
+
+import { useDockerRegistry, waitForFleetSetup } from './helpers';
+import { CLOUD_KIBANA_CONFIG } from './fixtures/cloud_kibana_config';
+
+const logFilePath = Path.join(__dirname, 'logs.log');
+
+describe('Fleet preconfiguration reset', () => {
+ let esServer: kbnTestServer.TestElasticsearchUtils;
+ let kbnServer: kbnTestServer.TestKibanaUtils;
+
+ const registryUrl = useDockerRegistry();
+
+ const startServers = async () => {
+ const { startES } = kbnTestServer.createTestServers({
+ adjustTimeout: (t) => jest.setTimeout(t),
+ settings: {
+ es: {
+ license: 'trial',
+ },
+ kbn: {},
+ },
+ });
+
+ esServer = await startES();
+ const startKibana = async () => {
+ const root = kbnTestServer.createRootWithCorePlugins(
+ {
+ ...CLOUD_KIBANA_CONFIG,
+ 'xpack.fleet.registryUrl': registryUrl,
+ logging: {
+ appenders: {
+ file: {
+ type: 'file',
+ fileName: logFilePath,
+ layout: {
+ type: 'json',
+ },
+ },
+ },
+ loggers: [
+ {
+ name: 'root',
+ appenders: ['file'],
+ },
+ {
+ name: 'plugins.fleet',
+ level: 'all',
+ },
+ ],
+ },
+ },
+ { oss: false }
+ );
+
+ await root.preboot();
+ const coreSetup = await root.setup();
+ const coreStart = await root.start();
+
+ return {
+ root,
+ coreSetup,
+ coreStart,
+ stop: async () => await root.shutdown(),
+ };
+ };
+ kbnServer = await startKibana();
+ await waitForFleetSetup(kbnServer.root);
+ };
+
+ const stopServers = async () => {
+ if (kbnServer) {
+ await kbnServer.stop();
+ }
+
+ if (esServer) {
+ await esServer.stop();
+ }
+
+ await new Promise((res) => setTimeout(res, 10000));
+ };
+
+ // Share the same servers for all the test to make test a lot faster (but test are not isolated anymore)
+ beforeAll(async () => {
+ await startServers();
+ });
+
+ afterAll(async () => {
+ await stopServers();
+ });
+
+ describe('Preconfigred cloud policy', () => {
+ it('Works and preconfigure correctly agent policies', async () => {
+ const agentPolicies = await kbnServer.coreStart.savedObjects
+ .createInternalRepository()
+ .find({
+ type: 'ingest-agent-policies',
+ perPage: 10000,
+ });
+
+ expect(agentPolicies.total).toBe(2);
+ expect(
+ agentPolicies.saved_objects.find((so) => so.id === 'policy-elastic-agent-on-cloud')
+ ).toBeDefined();
+ expect(agentPolicies.saved_objects.find((so) => so.id === 'default-policy')).toBeDefined();
+ });
+
+ it('Create correct .fleet-policies', async () => {
+ const res = await kbnServer.coreStart.elasticsearch.client.asInternalUser.search({
+ index: AGENT_POLICY_INDEX,
+ q: `policy_id:policy-elastic-agent-on-cloud`,
+ sort: 'revision_idx:desc',
+ });
+
+ expect((res.hits.hits[0]._source as any)!.data).toMatchSnapshot();
+ });
+
+ it('Create correct package policies', async () => {
+ const packagePolicies = await kbnServer.coreStart.savedObjects
+ .createInternalRepository()
+ .find({
+ type: 'ingest-package-policies',
+ perPage: 10000,
+ });
+
+ expect(packagePolicies.total).toBe(3);
+ expect(
+ packagePolicies.saved_objects.find((so) => so.id === 'elastic-cloud-fleet-server')
+ ).toBeDefined();
+ expect(
+ packagePolicies.saved_objects.find((so) => so.id === 'elastic-cloud-apm')
+ ).toBeDefined();
+ expect(packagePolicies.saved_objects.find((so) => so.id === 'default-system')).toBeDefined();
+
+ const fleetServerPackagePolicy = packagePolicies.saved_objects.find(
+ (so) => so.id === 'elastic-cloud-fleet-server'
+ );
+ expect(fleetServerPackagePolicy?.attributes.vars).toMatchInlineSnapshot(`undefined`);
+ expect(fleetServerPackagePolicy?.attributes.inputs).toMatchInlineSnapshot(`
+ Array [
+ Object {
+ "compiled_input": Object {
+ "server": Object {
+ "host": "0.0.0.0",
+ "port": 8220,
+ },
+ "server.runtime": Object {
+ "gc_percent": 20,
+ },
+ },
+ "enabled": true,
+ "keep_enabled": true,
+ "policy_template": "fleet_server",
+ "streams": Array [],
+ "type": "fleet-server",
+ "vars": Object {
+ "custom": Object {
+ "type": "yaml",
+ "value": "server.runtime:
+ gc_percent: 20 # Force the GC to execute more frequently: see https://golang.org/pkg/runtime/debug/#SetGCPercent
+ ",
+ },
+ "host": Object {
+ "frozen": true,
+ "type": "text",
+ "value": "0.0.0.0",
+ },
+ "max_connections": Object {
+ "type": "integer",
+ },
+ "port": Object {
+ "frozen": true,
+ "type": "integer",
+ "value": 8220,
+ },
+ },
+ },
+ ]
+ `);
+ });
+ });
+});
diff --git a/x-pack/plugins/fleet/server/integration_tests/fixtures/cloud_kibana_config.ts b/x-pack/plugins/fleet/server/integration_tests/fixtures/cloud_kibana_config.ts
new file mode 100644
index 000000000000..fa9770a58f44
--- /dev/null
+++ b/x-pack/plugins/fleet/server/integration_tests/fixtures/cloud_kibana_config.ts
@@ -0,0 +1,148 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const CLOUD_KIBANA_CONFIG = {
+ xpack: {
+ fleet: {
+ packages: [
+ {
+ name: 'apm',
+ version: 'latest',
+ },
+ {
+ name: 'fleet_server',
+ version: 'latest',
+ },
+ {
+ name: 'system',
+ version: 'latest',
+ },
+ ],
+ outputs: [
+ {
+ name: 'Elastic Cloud internal output',
+ type: 'elasticsearch',
+ id: 'es-containerhost',
+ hosts: ['https://cloudinternales:9200'],
+ },
+ ],
+ agentPolicies: [
+ {
+ name: 'Elastic Cloud agent policy',
+ description: 'Default agent policy for agents hosted on Elastic Cloud',
+ id: 'policy-elastic-agent-on-cloud',
+ data_output_id: 'es-containerhost',
+ monitoring_output_id: 'es-containerhost',
+ is_default: false,
+ is_managed: true,
+ is_default_fleet_server: false,
+ namespace: 'default',
+ monitoring_enabled: [],
+ unenroll_timeout: 86400,
+ package_policies: [
+ {
+ name: 'Fleet Server',
+ id: 'elastic-cloud-fleet-server',
+ package: {
+ name: 'fleet_server',
+ },
+ inputs: [
+ {
+ type: 'fleet-server',
+ keep_enabled: true,
+ vars: [
+ {
+ name: 'host',
+ value: '0.0.0.0',
+ frozen: true,
+ },
+ {
+ name: 'port',
+ value: 8220,
+ frozen: true,
+ },
+ {
+ name: 'custom',
+ value:
+ 'server.runtime:\n gc_percent: 20 # Force the GC to execute more frequently: see https://golang.org/pkg/runtime/debug/#SetGCPercent\n',
+ },
+ ],
+ },
+ ],
+ },
+ {
+ name: 'Elastic APM',
+ id: 'elastic-cloud-apm',
+ package: {
+ name: 'apm',
+ },
+ inputs: [
+ {
+ type: 'apm',
+ keep_enabled: true,
+ vars: [
+ {
+ name: 'api_key_enabled',
+ value: true,
+ },
+ {
+ name: 'host',
+ value: '0.0.0.0:8200',
+ frozen: true,
+ },
+ {
+ name: 'secret_token',
+ value: 'CLOUD_SECRET_TOKEN',
+ },
+ {
+ name: 'tls_enabled',
+ value: true,
+ frozen: true,
+ },
+ {
+ name: 'tls_certificate',
+ value: '/app/config/certs/node.crt',
+ frozen: true,
+ },
+ {
+ name: 'tls_key',
+ value: '/app/config/certs/node.key',
+ frozen: true,
+ },
+ {
+ name: 'url',
+ value: 'CLOUD_APM_URL',
+ frozen: true,
+ },
+ ],
+ },
+ ],
+ },
+ ],
+ },
+ {
+ name: 'Default policy',
+ id: 'default-policy',
+ description: 'Default agent policy created by Kibana',
+ is_default: true,
+ is_managed: false,
+ namespace: 'default',
+ monitoring_enabled: ['logs', 'metrics'],
+ package_policies: [
+ {
+ name: 'system-1',
+ id: 'default-system',
+ package: {
+ name: 'system',
+ },
+ },
+ ],
+ },
+ ],
+ },
+ },
+};
diff --git a/x-pack/plugins/fleet/server/integration_tests/ha_setup.test.ts b/x-pack/plugins/fleet/server/integration_tests/ha_setup.test.ts
index 8907399adb62..2a3a35072b0b 100644
--- a/x-pack/plugins/fleet/server/integration_tests/ha_setup.test.ts
+++ b/x-pack/plugins/fleet/server/integration_tests/ha_setup.test.ts
@@ -19,7 +19,7 @@ import type {
PackagePolicySOAttributes,
} from '../types';
-import { useDockerRegistry } from './docker_registry_helper';
+import { useDockerRegistry } from './helpers';
const logFilePath = Path.join(__dirname, 'logs.log');
diff --git a/x-pack/plugins/fleet/server/integration_tests/docker_registry_helper.ts b/x-pack/plugins/fleet/server/integration_tests/helpers/docker_registry_helper.ts
similarity index 100%
rename from x-pack/plugins/fleet/server/integration_tests/docker_registry_helper.ts
rename to x-pack/plugins/fleet/server/integration_tests/helpers/docker_registry_helper.ts
diff --git a/x-pack/plugins/fleet/server/integration_tests/helpers/index.ts b/x-pack/plugins/fleet/server/integration_tests/helpers/index.ts
new file mode 100644
index 000000000000..b413211fe9ae
--- /dev/null
+++ b/x-pack/plugins/fleet/server/integration_tests/helpers/index.ts
@@ -0,0 +1,39 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { adminTestUser } from '@kbn/test';
+
+import * as kbnTestServer from 'src/core/test_helpers/kbn_server';
+import type { HttpMethod } from 'src/core/test_helpers/kbn_server';
+
+type Root = ReturnType;
+
+export * from './docker_registry_helper';
+
+export const waitForFleetSetup = async (root: Root) => {
+ const isFleetSetupRunning = async () => {
+ const statusApi = getSupertestWithAdminUser(root, 'get', '/api/status');
+ const resp = await statusApi.send();
+ const fleetStatus = resp.body?.status?.plugins?.fleet;
+ if (fleetStatus?.meta?.error) {
+ throw new Error(`Setup failed: ${JSON.stringify(fleetStatus)}`);
+ }
+
+ return !fleetStatus || fleetStatus?.summary === 'Fleet is setting up';
+ };
+
+ while (await isFleetSetupRunning()) {
+ await new Promise((resolve) => setTimeout(resolve, 2000));
+ }
+};
+
+export function getSupertestWithAdminUser(root: Root, method: HttpMethod, path: string) {
+ const testUserCredentials = Buffer.from(`${adminTestUser.username}:${adminTestUser.password}`);
+ return kbnTestServer
+ .getSupertest(root, method, path)
+ .set('Authorization', `Basic ${testUserCredentials.toString('base64')}`);
+}
diff --git a/x-pack/plugins/fleet/server/integration_tests/reset_preconfiguration.test.ts b/x-pack/plugins/fleet/server/integration_tests/reset_preconfiguration.test.ts
index 3b9210265780..1c387dc628cb 100644
--- a/x-pack/plugins/fleet/server/integration_tests/reset_preconfiguration.test.ts
+++ b/x-pack/plugins/fleet/server/integration_tests/reset_preconfiguration.test.ts
@@ -7,44 +7,15 @@
import Path from 'path';
-import { adminTestUser } from '@kbn/test';
-
import * as kbnTestServer from 'src/core/test_helpers/kbn_server';
-import type { HttpMethod } from 'src/core/test_helpers/kbn_server';
import type { AgentPolicySOAttributes } from '../types';
import { PRECONFIGURATION_DELETION_RECORD_SAVED_OBJECT_TYPE } from '../../common';
-import { useDockerRegistry } from './docker_registry_helper';
+import { useDockerRegistry, waitForFleetSetup, getSupertestWithAdminUser } from './helpers';
const logFilePath = Path.join(__dirname, 'logs.log');
-type Root = ReturnType;
-
-function getSupertestWithAdminUser(root: Root, method: HttpMethod, path: string) {
- const testUserCredentials = Buffer.from(`${adminTestUser.username}:${adminTestUser.password}`);
- return kbnTestServer
- .getSupertest(root, method, path)
- .set('Authorization', `Basic ${testUserCredentials.toString('base64')}`);
-}
-
-const waitForFleetSetup = async (root: Root) => {
- const isFleetSetupRunning = async () => {
- const statusApi = getSupertestWithAdminUser(root, 'get', '/api/status');
- const resp = await statusApi.send();
- const fleetStatus = resp.body?.status?.plugins?.fleet;
- if (fleetStatus?.meta?.error) {
- throw new Error(`Setup failed: ${JSON.stringify(fleetStatus)}`);
- }
-
- return !fleetStatus || fleetStatus?.summary === 'Fleet is setting up';
- };
-
- while (await isFleetSetupRunning()) {
- await new Promise((resolve) => setTimeout(resolve, 2000));
- }
-};
-
describe('Fleet preconfiguration reset', () => {
let esServer: kbnTestServer.TestElasticsearchUtils;
let kbnServer: kbnTestServer.TestKibanaUtils;
diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/dot_expander.test.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/dot_expander.test.tsx
index 75468f31b1a5..eb93f4ea8644 100644
--- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/dot_expander.test.tsx
+++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/__jest__/processors/dot_expander.test.tsx
@@ -56,7 +56,7 @@ describe('Processor: Dot Expander', () => {
expect(form.getErrorsMessages()).toEqual(['A field value is required.']);
});
- test('prevents form submission if field does not contain a . for the dot notation', async () => {
+ test('prevents form submission if field for the dot notation does not contain a . and not equal to *', async () => {
const {
actions: { saveNewProcessor },
form,
@@ -77,9 +77,28 @@ describe('Processor: Dot Expander', () => {
// Expect form error as "field" does not contain '.'
expect(form.getErrorsMessages()).toEqual([
- 'A field value requires at least one dot character.',
+ 'The field name must be an asterisk or contain a dot character.',
]);
});
+
+ test('allows form submission if the field for the dot notation is equal to *', async () => {
+ const {
+ actions: { saveNewProcessor },
+ form,
+ } = testBed;
+
+ // Set "field" value to a * for expanding all top-level dotted field names
+ form.setInputValue('fieldNameField.input', '*');
+
+ // Save the field
+ await saveNewProcessor();
+
+ const processors = getProcessorValue(onUpdate, DOT_EXPANDER_TYPE);
+ expect(processors[0][DOT_EXPANDER_TYPE]).toEqual({
+ field: '*',
+ });
+ });
+
test('saves with default parameter values', async () => {
const {
actions: { saveNewProcessor },
diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/dot_expander.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/dot_expander.tsx
index c66633dfd23d..0d82fadbc026 100644
--- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/dot_expander.tsx
+++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/processor_form/processors/dot_expander.tsx
@@ -40,11 +40,15 @@ export const DotExpander: FunctionComponent = () => {
{
validator: ({ value }) => {
if (typeof value === 'string' && value.length) {
- return !value.includes('.')
+ const allowedPattern = value.includes('.') || value === '*';
+ return !allowedPattern
? {
message: i18n.translate(
'xpack.ingestPipelines.pipelineEditor.dotExpanderForm.fieldNameRequiresDotError',
- { defaultMessage: 'A field value requires at least one dot character.' }
+ {
+ defaultMessage:
+ 'The field name must be an asterisk or contain a dot character.',
+ }
),
}
: undefined;
diff --git a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/shared/map_processor_type_to_form.tsx b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/shared/map_processor_type_to_form.tsx
index d02aa4fc3fc0..d47f90abbd36 100644
--- a/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/shared/map_processor_type_to_form.tsx
+++ b/x-pack/plugins/ingest_pipelines/public/application/components/pipeline_editor/components/shared/map_processor_type_to_form.tsx
@@ -256,13 +256,24 @@ export const mapProcessorTypeToDescriptor: MapProcessorTypeToDescriptor = {
defaultMessage:
'Expands a field containing dot notation into an object field. The object field is then accessible by other processors in the pipeline.',
}),
- getDefaultDescription: ({ field }) =>
- i18n.translate('xpack.ingestPipelines.processors.defaultDescription.dot_expander', {
- defaultMessage: 'Expands "{field}" into an object field',
- values: {
- field,
- },
- }),
+ getDefaultDescription: ({ field }) => {
+ return field === '*'
+ ? i18n.translate(
+ 'xpack.ingestPipelines.processors.defaultDescription.dot_expander.wildcard',
+ {
+ defaultMessage: 'All top-level fields will be expanded',
+ }
+ )
+ : i18n.translate(
+ 'xpack.ingestPipelines.processors.defaultDescription.dot_expander.dot_notation',
+ {
+ defaultMessage: 'Expands "{field}" into an object field',
+ values: {
+ field,
+ },
+ }
+ );
+ },
},
drop: {
FieldsComponent: Drop,
diff --git a/x-pack/plugins/ml/public/maps/anomaly_source_field.ts b/x-pack/plugins/ml/public/maps/anomaly_source_field.ts
index bc0336397089..ac60cb3b54fb 100644
--- a/x-pack/plugins/ml/public/maps/anomaly_source_field.ts
+++ b/x-pack/plugins/ml/public/maps/anomaly_source_field.ts
@@ -98,6 +98,12 @@ export const ANOMALY_SOURCE_FIELDS: Record> = {
}),
type: 'string',
},
+ influencers: {
+ label: i18n.translate('xpack.ml.maps.anomalyLayerInfluencersLabel', {
+ defaultMessage: 'Influencers',
+ }),
+ type: 'string',
+ },
};
export class AnomalySourceTooltipProperty implements ITooltipProperty {
diff --git a/x-pack/plugins/ml/public/maps/maps_util.test.js b/x-pack/plugins/ml/public/maps/maps_util.test.js
new file mode 100644
index 000000000000..dd6fde9e8b28
--- /dev/null
+++ b/x-pack/plugins/ml/public/maps/maps_util.test.js
@@ -0,0 +1,90 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { getInfluencersHtmlString, getResultsForJobId } from './util';
+import {
+ mlResultsServiceMock,
+ typicalExpected,
+ actualExpected,
+ typicalToActualExpected,
+} from './results.test.mock';
+
+describe('Maps util', () => {
+ describe('getInfluencersHtmlString', () => {
+ const splitField = 'split_field_influencer';
+ const valueFour = 'value_four';
+ const influencerFour = 'influencer_four';
+ const influencers = [
+ {
+ influencer_field_name: 'influencer_one',
+ influencer_field_values: ['value_one', 'value_two', 'value_three', valueFour],
+ },
+ {
+ influencer_field_name: 'influencer_two',
+ influencer_field_values: ['value_one', 'value_two', 'value_three', valueFour],
+ },
+ {
+ influencer_field_name: splitField,
+ influencer_field_values: ['value_one', 'value_two'],
+ },
+ {
+ influencer_field_name: 'influencer_three',
+ influencer_field_values: ['value_one', 'value_two', 'value_three', valueFour],
+ },
+ {
+ influencer_field_name: influencerFour,
+ influencer_field_values: ['value_one', 'value_two', 'value_three', valueFour],
+ },
+ ];
+
+ test('should create the html string when given an array of influencers', () => {
+ const expected =
+ '- influencer_one: value_one, value_two, value_three
- influencer_two: value_one, value_two, value_three
- influencer_three: value_one, value_two, value_three
';
+ const actual = getInfluencersHtmlString(influencers, splitField);
+ expect(actual).toBe(expected);
+ // Should not include split field
+ expect(actual.includes(splitField)).toBe(false);
+ // should limit to the first three influencer values
+ expect(actual.includes(valueFour)).toBe(false);
+ // should limit to the first three influencer names
+ expect(actual.includes(influencerFour)).toBe(false);
+ });
+ });
+
+ describe('getResultsForJobId', () => {
+ const jobId = 'jobId';
+ const searchFilters = {
+ timeFilters: { from: 'now-2y', to: 'now' },
+ query: { language: 'kuery', query: '' },
+ };
+
+ test('should get map features from job anomalies results for typical layer', async () => {
+ const actual = await getResultsForJobId(
+ mlResultsServiceMock,
+ jobId,
+ 'typical',
+ searchFilters
+ );
+ expect(actual).toEqual(typicalExpected);
+ });
+
+ test('should get map features from job anomalies results for actual layer', async () => {
+ const actual = await getResultsForJobId(mlResultsServiceMock, jobId, 'actual', searchFilters);
+ expect(actual).toEqual(actualExpected);
+ });
+
+ test('should get map features from job anomalies results for "typical to actual" layer', async () => {
+ const actual = await getResultsForJobId(
+ mlResultsServiceMock,
+ jobId,
+ 'typical to actual',
+ searchFilters
+ );
+ expect(actual).toEqual(typicalToActualExpected);
+ });
+ });
+});
diff --git a/x-pack/plugins/ml/public/maps/results.test.mock.ts b/x-pack/plugins/ml/public/maps/results.test.mock.ts
new file mode 100644
index 000000000000..f718e818ba73
--- /dev/null
+++ b/x-pack/plugins/ml/public/maps/results.test.mock.ts
@@ -0,0 +1,160 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+const results = {
+ took: 9,
+ timed_out: false,
+ _shards: {
+ total: 1,
+ successful: 1,
+ skipped: 0,
+ failed: 0,
+ },
+ hits: {
+ total: {
+ value: 19,
+ relation: 'eq',
+ },
+ max_score: 4.4813457,
+ hits: [
+ {
+ _index: '.ml-anomalies-shared',
+ _id: 'test-tooltip-one_record_1645974000000_900_0_0_0',
+ _score: 4.4813457,
+ _source: {
+ job_id: 'test-tooltip-one',
+ result_type: 'record',
+ probability: 0.00042878057629659614,
+ multi_bucket_impact: -5,
+ record_score: 77.74620142126848,
+ initial_record_score: 77.74620142126848,
+ bucket_span: 900,
+ detector_index: 0,
+ is_interim: false,
+ timestamp: 1645974000000,
+ function: 'lat_long',
+ function_description: 'lat_long',
+ typical: [39.9864616394043, -97.862548828125],
+ actual: [29.261693651787937, -121.93940273718908],
+ field_name: 'geo.coordinates',
+ influencers: [
+ {
+ influencer_field_name: 'geo.dest',
+ influencer_field_values: ['CN', 'DO', 'RU', 'US'],
+ },
+ {
+ influencer_field_name: 'clientip',
+ influencer_field_values: [
+ '108.131.25.207',
+ '192.41.143.247',
+ '194.12.201.131',
+ '41.91.106.242',
+ ],
+ },
+ {
+ influencer_field_name: 'agent.keyword',
+ influencer_field_values: [
+ 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)',
+ 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24',
+ 'Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1',
+ ],
+ },
+ ],
+ geo_results: {
+ typical_point: '39.986461639404,-97.862548828125',
+ actual_point: '29.261693651788,-121.939402737189',
+ },
+ 'geo.dest': ['CN', 'DO', 'RU', 'US'],
+ 'agent.keyword': [
+ 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)',
+ 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24',
+ 'Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1',
+ ],
+ clientip: ['108.131.25.207', '192.41.143.247', '194.12.201.131', '41.91.106.242'],
+ },
+ },
+ ],
+ },
+};
+
+export const typicalExpected = {
+ features: [
+ {
+ geometry: { coordinates: [-97.862548828125, 39.986461639404], type: 'Point' },
+ properties: {
+ actual: [-121.939402737189, 29.261693651788],
+ actualDisplay: [-121.94, 29.26],
+ fieldName: 'geo.coordinates',
+ functionDescription: 'lat_long',
+ influencers:
+ '- geo.dest: CN, DO, RU
- clientip: 108.131.25.207, 192.41.143.247, 194.12.201.131
- agent.keyword: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322), Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24, Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1
',
+ record_score: 77,
+ timestamp: 'February 27th 2022, 10:00:00',
+ typical: [-97.862548828125, 39.986461639404],
+ typicalDisplay: [-97.86, 39.99],
+ },
+ type: 'Feature',
+ },
+ ],
+ type: 'FeatureCollection',
+};
+
+export const actualExpected = {
+ type: 'FeatureCollection',
+ features: [
+ {
+ type: 'Feature',
+ geometry: {
+ type: 'Point',
+ coordinates: [-121.939402737189, 29.261693651788],
+ },
+ properties: {
+ actual: [-121.939402737189, 29.261693651788],
+ actualDisplay: [-121.94, 29.26],
+ typical: [-97.862548828125, 39.986461639404],
+ typicalDisplay: [-97.86, 39.99],
+ fieldName: 'geo.coordinates',
+ functionDescription: 'lat_long',
+ timestamp: 'February 27th 2022, 10:00:00',
+ record_score: 77,
+ influencers:
+ '- geo.dest: CN, DO, RU
- clientip: 108.131.25.207, 192.41.143.247, 194.12.201.131
- agent.keyword: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322), Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24, Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1
',
+ },
+ },
+ ],
+};
+export const typicalToActualExpected = {
+ type: 'FeatureCollection',
+ features: [
+ {
+ type: 'Feature',
+ geometry: {
+ type: 'LineString',
+ coordinates: [
+ [-97.862548828125, 39.986461639404],
+ [-121.939402737189, 29.261693651788],
+ ],
+ },
+ properties: {
+ actual: [-121.939402737189, 29.261693651788],
+ actualDisplay: [-121.94, 29.26],
+ typical: [-97.862548828125, 39.986461639404],
+ typicalDisplay: [-97.86, 39.99],
+ fieldName: 'geo.coordinates',
+ functionDescription: 'lat_long',
+ timestamp: 'February 27th 2022, 10:00:00',
+ record_score: 77,
+ influencers:
+ '- geo.dest: CN, DO, RU
- clientip: 108.131.25.207, 192.41.143.247, 194.12.201.131
- agent.keyword: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322), Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.50 Safari/534.24, Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1
',
+ },
+ },
+ ],
+};
+
+export const mlResultsServiceMock = {
+ anomalySearch: () => results,
+};
diff --git a/x-pack/plugins/ml/public/maps/util.ts b/x-pack/plugins/ml/public/maps/util.ts
index df731f4bb309..11e6b6f5a392 100644
--- a/x-pack/plugins/ml/public/maps/util.ts
+++ b/x-pack/plugins/ml/public/maps/util.ts
@@ -23,6 +23,34 @@ export const ML_ANOMALY_LAYERS = {
} as const;
export type MlAnomalyLayersType = typeof ML_ANOMALY_LAYERS[keyof typeof ML_ANOMALY_LAYERS];
+const INFLUENCER_LIMIT = 3;
+const INFLUENCER_MAX_VALUES = 3;
+
+export function getInfluencersHtmlString(
+ influencers: Array<{ influencer_field_name: string; influencer_field_values: string[] }>,
+ splitFields: string[]
+) {
+ let htmlString = '';
+ let influencerCount = 0;
+ for (let i = 0; i < influencers.length; i++) {
+ // eslint-disable-next-line @typescript-eslint/naming-convention
+ const { influencer_field_name, influencer_field_values } = influencers[i];
+ // Skip if there are no values or it's a partition field
+ if (!influencer_field_values.length || splitFields.includes(influencer_field_name)) continue;
+
+ const fieldValuesString = influencer_field_values.slice(0, INFLUENCER_MAX_VALUES).join(', ');
+
+ htmlString += `- ${influencer_field_name}: ${fieldValuesString}
`;
+ influencerCount += 1;
+
+ if (influencerCount === INFLUENCER_LIMIT) {
+ break;
+ }
+ }
+ htmlString += '
';
+
+ return htmlString;
+}
// Must reverse coordinates here. Map expects [lon, lat] - anomalies are stored as [lat, lon] for lat_lon jobs
function getCoordinates(actualCoordinateStr: string, round: boolean = false): number[] {
@@ -136,6 +164,15 @@ export async function getResultsForJobId(
coordinates: [typical, actual],
};
}
+
+ const splitFields = {
+ ...(_source.partition_field_name
+ ? { [_source.partition_field_name]: _source.partition_field_value }
+ : {}),
+ ...(_source.by_field_name ? { [_source.by_field_name]: _source.by_field_value } : {}),
+ ...(_source.over_field_name ? { [_source.over_field_name]: _source.over_field_value } : {}),
+ };
+
return {
type: 'Feature',
geometry,
@@ -148,12 +185,14 @@ export async function getResultsForJobId(
functionDescription: _source.function_description,
timestamp: formatHumanReadableDateTimeSeconds(_source.timestamp),
record_score: Math.floor(_source.record_score),
- ...(_source.partition_field_name
- ? { [_source.partition_field_name]: _source.partition_field_value }
- : {}),
- ...(_source.by_field_name ? { [_source.by_field_name]: _source.by_field_value } : {}),
- ...(_source.over_field_name
- ? { [_source.over_field_name]: _source.over_field_value }
+ ...(Object.keys(splitFields).length > 0 ? splitFields : {}),
+ ...(_source.influencers?.length
+ ? {
+ influencers: getInfluencersHtmlString(
+ _source.influencers,
+ Object.keys(splitFields)
+ ),
+ }
: {}),
},
};
diff --git a/x-pack/plugins/security_solution/common/ecs/event/index.ts b/x-pack/plugins/security_solution/common/ecs/event/index.ts
index f38ebdc29c1f..56f7d3e84dfa 100644
--- a/x-pack/plugins/security_solution/common/ecs/event/index.ts
+++ b/x-pack/plugins/security_solution/common/ecs/event/index.ts
@@ -62,7 +62,6 @@ export enum EventCategory {
PROCESS = 'process',
FILE = 'file',
NETWORK = 'network',
- DNS = 'dns',
REGISTRY = 'registry',
MALWARE = 'malware',
}
diff --git a/x-pack/plugins/security_solution/common/endpoint/data_generators/exceptions_list_item_generator.ts b/x-pack/plugins/security_solution/common/endpoint/data_generators/exceptions_list_item_generator.ts
index 90bd928cbd1f..5789db692eb4 100644
--- a/x-pack/plugins/security_solution/common/endpoint/data_generators/exceptions_list_item_generator.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/data_generators/exceptions_list_item_generator.ts
@@ -14,6 +14,7 @@ import {
ENDPOINT_EVENT_FILTERS_LIST_ID,
ENDPOINT_TRUSTED_APPS_LIST_ID,
ENDPOINT_HOST_ISOLATION_EXCEPTIONS_LIST_ID,
+ ENDPOINT_BLOCKLISTS_LIST_ID,
} from '@kbn/securitysolution-list-constants';
import { BaseDataGenerator } from './base_data_generator';
import { ConditionEntryField } from '../types';
@@ -250,4 +251,70 @@ export class ExceptionsListItemGenerator extends BaseDataGenerator = {}): ExceptionListItemSchema {
+ return this.generate({
+ name: `Blocklist ${this.randomString(5)}`,
+ list_id: ENDPOINT_BLOCKLISTS_LIST_ID,
+ item_id: `generator_endpoint_blocklist_${this.randomUUID()}`,
+ os_types: ['windows'],
+ entries: [
+ this.randomChoice([
+ {
+ field: 'process.executable.caseless',
+ value: ['/some/path', 'some/other/path', 'yet/another/path'],
+ type: 'match_any',
+ operator: 'included',
+ },
+ {
+ field: 'process.hash.sha256',
+ value: [
+ 'a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3',
+ '2C26B46B68FFC68FF99B453C1D30413413422D706483BFA0F98A5E886266E7AE',
+ 'FCDE2B2EDBA56BF408601FB721FE9B5C338D10EE429EA04FAE5511B68FBF8FB9',
+ ],
+ type: 'match_any',
+ operator: 'included',
+ },
+ {
+ field: 'process.Ext.code_signature',
+ entries: [
+ {
+ field: 'trusted',
+ value: 'true',
+ type: 'match',
+ operator: 'included',
+ },
+ {
+ field: 'subject_name',
+ value: ['notsus.exe', 'verynotsus.exe', 'superlegit.exe'],
+ type: 'match_any',
+ operator: 'included',
+ },
+ ],
+ type: 'nested',
+ },
+ ]),
+ ],
+ ...overrides,
+ });
+ }
+
+ generateBlocklistForCreate(
+ overrides: Partial = {}
+ ): CreateExceptionListItemSchemaWithNonNullProps {
+ return {
+ ...exceptionItemToCreateExceptionItem(this.generateBlocklist()),
+ ...overrides,
+ };
+ }
+
+ generateBlocklistForUpdate(
+ overrides: Partial = {}
+ ): UpdateExceptionListItemSchemaWithNonNullProps {
+ return {
+ ...exceptionItemToUpdateExceptionItem(this.generateBlocklist()),
+ ...overrides,
+ };
+ }
}
diff --git a/x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts b/x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts
index 7e07693cb078..3fb239198a65 100644
--- a/x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/ccs_integration/detection_alerts/alerts_details.spec.ts
@@ -9,7 +9,7 @@ import { JSON_TEXT } from '../../screens/alerts_details';
import { expandFirstAlert, waitForAlertsPanelToBeLoaded } from '../../tasks/alerts';
import { openJsonView } from '../../tasks/alerts_details';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { esArchiverCCSLoad } from '../../tasks/es_archiver';
import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
@@ -23,7 +23,7 @@ describe('Alert details with unmapped fields', () => {
cleanKibana();
esArchiverCCSLoad('unmapped_fields');
loginAndWaitForPageWithoutDateRange(ALERTS_URL);
- createCustomRuleActivated(getUnmappedCCSRule());
+ createCustomRuleEnabled(getUnmappedCCSRule());
loginAndWaitForPageWithoutDateRange(ALERTS_URL);
waitForAlertsPanelToBeLoaded();
expandFirstAlert();
diff --git a/x-pack/plugins/security_solution/cypress/integration/data_sources/create_runtime_field.spec.ts b/x-pack/plugins/security_solution/cypress/integration/data_sources/create_runtime_field.spec.ts
index 1b9c63dd2dbc..152147b1844b 100644
--- a/x-pack/plugins/security_solution/cypress/integration/data_sources/create_runtime_field.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/data_sources/create_runtime_field.spec.ts
@@ -13,7 +13,7 @@ import { openTimelineFieldsBrowser, populateTimeline } from '../../tasks/timelin
import { HOSTS_URL, ALERTS_URL } from '../../urls/navigation';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { getNewRule } from '../../objects/rule';
import { refreshPage } from '../../tasks/security_header';
@@ -29,7 +29,7 @@ describe('Create DataView runtime field', () => {
it.skip('adds field to alert table', () => {
const fieldName = 'field.name.alert.page';
loginAndWaitForPage(ALERTS_URL);
- createCustomRuleActivated(getNewRule());
+ createCustomRuleEnabled(getNewRule());
refreshPage();
waitForAlertsToPopulate(500);
openEventsViewerFieldsBrowser();
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/acknowledged.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/acknowledged.spec.ts
index 32ce0bebda22..06ff1938d5d4 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/acknowledged.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/acknowledged.spec.ts
@@ -18,7 +18,7 @@ import {
markAcknowledgedFirstAlert,
goToAcknowledgedAlerts,
} from '../../tasks/alerts';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { loginAndWaitForPage } from '../../tasks/login';
@@ -30,7 +30,7 @@ describe.skip('Marking alerts as acknowledged', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPage(ALERTS_URL);
- createCustomRuleActivated(getNewRule());
+ createCustomRuleEnabled(getNewRule());
refreshPage();
waitForAlertsToPopulate(500);
});
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
index 2d5a67664668..6a8bf9cd42ea 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
@@ -15,7 +15,7 @@ import {
import { expandFirstAlert } from '../../tasks/alerts';
import { openJsonView, openTable } from '../../tasks/alerts_details';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { esArchiverLoad } from '../../tasks/es_archiver';
@@ -31,7 +31,7 @@ describe.skip('Alert details with unmapped fields', () => {
cleanKibana();
esArchiverLoad('unmapped_fields');
loginAndWaitForPageWithoutDateRange(ALERTS_URL);
- createCustomRuleActivated(getUnmappedRule());
+ createCustomRuleEnabled(getUnmappedRule());
refreshPage();
waitForAlertsToPopulate();
expandFirstAlert();
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/attach_to_case.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/attach_to_case.spec.ts
index 436ef0975ef0..03cac07ac8b7 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/attach_to_case.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/attach_to_case.spec.ts
@@ -9,7 +9,7 @@ import { getNewRule } from '../../objects/rule';
import { ROLES } from '../../../common/test';
import { expandFirstAlertActions } from '../../tasks/alerts';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { login, loginAndWaitForPage, waitForPageWithoutDateRange } from '../../tasks/login';
@@ -28,7 +28,7 @@ describe.skip('Alerts timeline', () => {
// First we login as a privileged user to create alerts.
cleanKibana();
loginAndWaitForPage(ALERTS_URL, ROLES.platform_engineer);
- createCustomRuleActivated(getNewRule());
+ createCustomRuleEnabled(getNewRule());
refreshPage();
waitForAlertsToPopulate(500);
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/building_block_alerts.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/building_block_alerts.spec.ts
index 288d16dc22fb..d9cf95921912 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/building_block_alerts.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/building_block_alerts.spec.ts
@@ -9,7 +9,7 @@ import { getBuildingBlockRule } from '../../objects/rule';
import { OVERVIEW_ALERTS_HISTOGRAM } from '../../screens/overview';
import { OVERVIEW } from '../../screens/security_header';
import { goToRuleDetails } from '../../tasks/alerts_detection_rules';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate, waitForTheRuleToBeExecuted } from '../../tasks/create_new_rule';
import { loginAndWaitForPage, loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
@@ -25,7 +25,7 @@ describe.skip('Alerts generated by building block rules', () => {
});
it('Alerts should be visible on the Rule Detail page and not visible on the Overview page', () => {
- createCustomRuleActivated(getBuildingBlockRule());
+ createCustomRuleEnabled(getBuildingBlockRule());
loginAndWaitForPage(DETECTIONS_RULE_MANAGEMENT_URL);
goToRuleDetails();
waitForTheRuleToBeExecuted();
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/closing.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/closing.spec.ts
index af2772b98a79..a46502687d3a 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/closing.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/closing.spec.ts
@@ -23,7 +23,7 @@ import {
selectNumberOfAlerts,
waitForAlerts,
} from '../../tasks/alerts';
-import { createCustomRuleActivated, deleteCustomRule } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled, deleteCustomRule } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { loginAndWaitForPage } from '../../tasks/login';
@@ -35,7 +35,7 @@ describe.skip('Closing alerts', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPage(ALERTS_URL);
- createCustomRuleActivated(getNewRule(), '1', '100m', 100);
+ createCustomRuleEnabled(getNewRule(), '1', '100m', 100);
refreshPage();
waitForAlertsToPopulate(100);
deleteCustomRule();
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/investigate_in_timeline.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/investigate_in_timeline.spec.ts
index e8873de412f4..7ea11017dd6e 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/investigate_in_timeline.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/investigate_in_timeline.spec.ts
@@ -9,7 +9,7 @@ import { getNewRule } from '../../objects/rule';
import { PROVIDER_BADGE } from '../../screens/timeline';
import { investigateFirstAlertInTimeline } from '../../tasks/alerts';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { loginAndWaitForPage } from '../../tasks/login';
@@ -21,7 +21,7 @@ describe.skip('Alerts timeline', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPage(ALERTS_URL);
- createCustomRuleActivated(getNewRule());
+ createCustomRuleEnabled(getNewRule());
refreshPage();
waitForAlertsToPopulate(500);
});
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/opening.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/opening.spec.ts
index ece7dbe55967..6ad8c28595c6 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/opening.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/opening.spec.ts
@@ -21,7 +21,7 @@ import {
selectNumberOfAlerts,
waitForAlerts,
} from '../../tasks/alerts';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { loginAndWaitForPage } from '../../tasks/login';
@@ -33,7 +33,7 @@ describe.skip('Opening alerts', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPage(ALERTS_URL);
- createCustomRuleActivated(getNewRule());
+ createCustomRuleEnabled(getNewRule());
refreshPage();
waitForAlertsToPopulate(500);
selectNumberOfAlerts(5);
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
index b98f626c6356..73b915dfff64 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
@@ -83,11 +83,11 @@ import {
selectNumberOfRules,
waitForRulesTableToBeRefreshed,
} from '../../tasks/alerts_detection_rules';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { createTimeline } from '../../tasks/api_calls/timelines';
import { cleanKibana, reload } from '../../tasks/common';
import {
- createAndActivateRule,
+ createAndEnableRule,
fillAboutRule,
fillAboutRuleAndContinue,
fillDefineCustomRuleWithImportedQueryAndContinue,
@@ -101,7 +101,7 @@ import {
} from '../../tasks/create_new_rule';
import { saveEditedRule, waitForKibana } from '../../tasks/edit_rule';
import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
-import { activatesRule, getDetails } from '../../tasks/rule_details';
+import { enablesRule, getDetails } from '../../tasks/rule_details';
import { RULE_CREATION, DETECTIONS_RULE_MANAGEMENT_URL } from '../../urls/navigation';
@@ -125,7 +125,7 @@ describe.skip('Custom detection rules creation', () => {
});
});
- it('Creates and activates a new rule', function () {
+ it('Creates and enables a new rule', function () {
loginAndWaitForPageWithoutDateRange(RULE_CREATION);
fillDefineCustomRuleWithImportedQueryAndContinue(this.rule);
fillAboutRuleAndContinue(this.rule);
@@ -143,7 +143,7 @@ describe.skip('Custom detection rules creation', () => {
cy.get(ABOUT_CONTINUE_BTN).should('exist').click({ force: true });
cy.get(ABOUT_CONTINUE_BTN).should('not.exist');
- createAndActivateRule();
+ createAndEnableRule();
cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)');
@@ -209,10 +209,10 @@ describe('Custom detection rules deletion and edition', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPageWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
- createCustomRuleActivated(getNewRule(), 'rule1');
+ createCustomRuleEnabled(getNewRule(), 'rule1');
- createCustomRuleActivated(getNewOverrideRule(), 'rule2');
- createCustomRuleActivated(getExistingRule(), 'rule3');
+ createCustomRuleEnabled(getNewOverrideRule(), 'rule2');
+ createCustomRuleEnabled(getExistingRule(), 'rule3');
reload();
});
@@ -309,12 +309,12 @@ describe('Custom detection rules deletion and edition', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPageWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
- createCustomRuleActivated(getExistingRule(), 'rule1');
+ createCustomRuleEnabled(getExistingRule(), 'rule1');
reload();
});
it('Only modifies rule active status on enable/disable', () => {
- activatesRule();
+ enablesRule();
cy.intercept('GET', `/api/detection_engine/rules?id=*`).as('fetchRuleDetails');
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts
index 8384c879d811..0ae68553f50c 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts
@@ -51,7 +51,7 @@ import {
import { createTimeline } from '../../tasks/api_calls/timelines';
import { cleanKibana } from '../../tasks/common';
import {
- createAndActivateRule,
+ createAndEnableRule,
fillAboutRuleAndContinue,
fillDefineEqlRuleAndContinue,
fillScheduleRuleAndContinue,
@@ -84,13 +84,13 @@ describe.skip('Detection rules, EQL', () => {
});
});
- it('Creates and activates a new EQL rule', function () {
+ it('Creates and enables a new EQL rule', function () {
loginAndWaitForPageWithoutDateRange(RULE_CREATION);
selectEqlRuleType();
fillDefineEqlRuleAndContinue(this.rule);
fillAboutRuleAndContinue(this.rule);
fillScheduleRuleAndContinue(this.rule);
- createAndActivateRule();
+ createAndEnableRule();
cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)');
@@ -176,13 +176,13 @@ describe.skip('Detection rules, sequence EQL', () => {
});
});
- it('Creates and activates a new EQL rule with a sequence', function () {
+ it('Creates and enables a new EQL rule with a sequence', function () {
loginAndWaitForPageWithoutDateRange(RULE_CREATION);
selectEqlRuleType();
fillDefineEqlRuleAndContinue(this.rule);
fillAboutRuleAndContinue(this.rule);
fillScheduleRuleAndContinue(this.rule);
- createAndActivateRule();
+ createAndEnableRule();
cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)');
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/indicator_match_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/indicator_match_rule.spec.ts
index d34d9bd4fc17..9978045835f4 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/indicator_match_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/indicator_match_rule.spec.ts
@@ -75,7 +75,7 @@ import { createCustomIndicatorRule } from '../../tasks/api_calls/rules';
import { loadPrepackagedTimelineTemplates } from '../../tasks/api_calls/timelines';
import { cleanKibana, reload } from '../../tasks/common';
import {
- createAndActivateRule,
+ createAndEnableRule,
fillAboutRuleAndContinue,
fillDefineIndicatorMatchRuleAndContinue,
fillIndexAndIndicatorIndexPattern,
@@ -408,7 +408,7 @@ describe.skip('indicator match', () => {
loginAndWaitForPageWithoutDateRange(ALERTS_URL);
});
- it('Creates and activates a new Indicator Match rule', () => {
+ it('Creates and enables a new Indicator Match rule', () => {
goToManageAlertsDetectionRules();
waitForRulesTableToBeLoaded();
goToCreateNewRule();
@@ -416,7 +416,7 @@ describe.skip('indicator match', () => {
fillDefineIndicatorMatchRuleAndContinue(getNewThreatIndicatorRule());
fillAboutRuleAndContinue(getNewThreatIndicatorRule());
fillScheduleRuleAndContinue(getNewThreatIndicatorRule());
- createAndActivateRule();
+ createAndEnableRule();
cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)');
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/links.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/links.spec.ts
index 469c77e1c3c1..4e6a5352aee9 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/links.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/links.spec.ts
@@ -7,7 +7,7 @@
import { getNewRule } from '../../objects/rule';
import { RULES_MONITORING_TABLE, RULE_NAME } from '../../screens/alerts_detection_rules';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana, reload } from '../../tasks/common';
import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
import { DETECTIONS_RULE_MANAGEMENT_URL } from '../../urls/navigation';
@@ -16,7 +16,7 @@ describe('Rules talbes links', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPageWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
- createCustomRuleActivated(getNewRule(), 'rule1');
+ createCustomRuleEnabled(getNewRule(), 'rule1');
reload();
});
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/machine_learning_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/machine_learning_rule.spec.ts
index bf8d753a8161..d47ff6f98cd1 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/machine_learning_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/machine_learning_rule.spec.ts
@@ -47,7 +47,7 @@ import {
} from '../../tasks/alerts_detection_rules';
import { cleanKibana } from '../../tasks/common';
import {
- createAndActivateRule,
+ createAndEnableRule,
fillAboutRuleAndContinue,
fillDefineMachineLearningRuleAndContinue,
fillScheduleRuleAndContinue,
@@ -68,13 +68,13 @@ describe.skip('Detection rules, machine learning', () => {
cleanKibana();
});
- it('Creates and activates a new ml rule', () => {
+ it('Creates and enables a new ml rule', () => {
loginAndWaitForPageWithoutDateRange(RULE_CREATION);
selectMachineLearningRuleType();
fillDefineMachineLearningRuleAndContinue(getMachineLearningRule());
fillAboutRuleAndContinue(getMachineLearningRule());
fillScheduleRuleAndContinue(getMachineLearningRule());
- createAndActivateRule();
+ createAndEnableRule();
cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)');
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts
index 694036d8a167..2dcfae29b615 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts
@@ -61,7 +61,7 @@ import {
import { createTimeline } from '../../tasks/api_calls/timelines';
import { cleanKibana } from '../../tasks/common';
import {
- createAndActivateRule,
+ createAndEnableRule,
fillAboutRuleWithOverrideAndContinue,
fillDefineCustomRuleWithImportedQueryAndContinue,
fillScheduleRuleAndContinue,
@@ -92,12 +92,12 @@ describe.skip('Detection rules, override', () => {
});
});
- it('Creates and activates a new custom rule with override option', function () {
+ it('Creates and enables a new custom rule with override option', function () {
loginAndWaitForPageWithoutDateRange(RULE_CREATION);
fillDefineCustomRuleWithImportedQueryAndContinue(this.rule);
fillAboutRuleWithOverrideAndContinue(this.rule);
fillScheduleRuleAndContinue(this.rule);
- createAndActivateRule();
+ createAndEnableRule();
cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)');
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/prebuilt_rules.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/prebuilt_rules.spec.ts
index 3081d7c966eb..ea83b66ffb95 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/prebuilt_rules.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/prebuilt_rules.spec.ts
@@ -27,9 +27,9 @@ import {
waitForPrebuiltDetectionRulesToBeLoaded,
selectAllRules,
confirmRulesDelete,
- activateSelectedRules,
+ enableSelectedRules,
waitForRuleToChangeStatus,
- deactivateSelectedRules,
+ disableSelectedRules,
changeRowsPerPageTo,
} from '../../tasks/alerts_detection_rules';
import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
@@ -77,14 +77,14 @@ describe('Actions with prebuilt rules', () => {
});
context('Rules table', () => {
- it('Allows to activate/deactivate all rules at once', () => {
+ it('Allows to enable/disable all rules at once', () => {
selectAllRules();
- activateSelectedRules();
+ enableSelectedRules();
waitForRuleToChangeStatus();
cy.get(RULE_SWITCH).should('have.attr', 'aria-checked', 'true');
selectAllRules();
- deactivateSelectedRules();
+ disableSelectedRules();
waitForRuleToChangeStatus();
cy.get(RULE_SWITCH).should('have.attr', 'aria-checked', 'false');
});
@@ -174,16 +174,16 @@ describe('Actions with prebuilt rules', () => {
});
context('Rule monitoring table', () => {
- it('Allows to activate/deactivate all rules at once', () => {
+ it('Allows to enable/disable all rules at once', () => {
cy.get(RULES_MONITORING_TABLE).click();
cy.get(SELECT_ALL_RULES_ON_PAGE_CHECKBOX).click();
- activateSelectedRules();
+ enableSelectedRules();
waitForRuleToChangeStatus();
cy.get(RULE_SWITCH).should('have.attr', 'aria-checked', 'true');
selectAllRules();
- deactivateSelectedRules();
+ disableSelectedRules();
waitForRuleToChangeStatus();
cy.get(RULE_SWITCH).should('have.attr', 'aria-checked', 'false');
});
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts
index 921128ce3303..80fbfc6a7bf1 100644
--- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts
@@ -59,11 +59,11 @@ import {
goToRuleDetails,
waitForRulesTableToBeLoaded,
} from '../../tasks/alerts_detection_rules';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { createTimeline } from '../../tasks/api_calls/timelines';
import { cleanKibana } from '../../tasks/common';
import {
- createAndActivateRule,
+ createAndEnableRule,
fillAboutRuleAndContinue,
fillDefineThresholdRuleAndContinue,
fillDefineThresholdRule,
@@ -93,12 +93,12 @@ describe.skip('Detection rules, threshold', () => {
loginAndWaitForPageWithoutDateRange(RULE_CREATION);
});
- it('Creates and activates a new threshold rule', () => {
+ it('Creates and enables a new threshold rule', () => {
selectThresholdRuleType();
fillDefineThresholdRuleAndContinue(rule);
fillAboutRuleAndContinue(rule);
fillScheduleRuleAndContinue(rule);
- createAndActivateRule();
+ createAndEnableRule();
cy.get(CUSTOM_RULES_BTN).should('have.text', 'Custom rules (1)');
@@ -168,7 +168,7 @@ describe.skip('Detection rules, threshold', () => {
it.skip('Preview results of keyword using "host.name"', () => {
rule.index = [...rule.index, '.siem-signals*'];
- createCustomRuleActivated(getNewRule());
+ createCustomRuleEnabled(getNewRule());
goToManageAlertsDetectionRules();
waitForRulesTableToBeLoaded();
goToCreateNewRule();
@@ -187,7 +187,7 @@ describe.skip('Detection rules, threshold', () => {
};
previewRule.index = [...previewRule.index, '.siem-signals*'];
- createCustomRuleActivated(getNewRule());
+ createCustomRuleEnabled(getNewRule());
goToManageAlertsDetectionRules();
waitForRulesTableToBeLoaded();
goToCreateNewRule();
diff --git a/x-pack/plugins/security_solution/cypress/integration/exceptions/from_alert.spec.ts b/x-pack/plugins/security_solution/cypress/integration/exceptions/from_alert.spec.ts
index 9887eb1e8612..189b95754e83 100644
--- a/x-pack/plugins/security_solution/cypress/integration/exceptions/from_alert.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/exceptions/from_alert.spec.ts
@@ -18,7 +18,7 @@ import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { esArchiverLoad, esArchiverUnload } from '../../tasks/es_archiver';
import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
import {
- activatesRule,
+ enablesRule,
addsException,
goToAlertsTab,
goToExceptionsTab,
@@ -35,14 +35,14 @@ describe.skip('From alert', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPageWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
- createCustomRule({ ...getNewRule(), index: ['exceptions-*'] }, 'rule_testing', '10s');
+ createCustomRule({ ...getNewRule(), index: ['exceptions-*'] }, 'rule_testing');
reload();
goToRuleDetails();
cy.get(RULE_STATUS).should('have.text', '—');
esArchiverLoad('auditbeat_for_exceptions');
- activatesRule();
+ enablesRule();
waitForTheRuleToBeExecuted();
waitForAlertsToPopulate();
diff --git a/x-pack/plugins/security_solution/cypress/integration/exceptions/from_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/exceptions/from_rule.spec.ts
index d9661324aee6..cc4d6ec0b2e5 100644
--- a/x-pack/plugins/security_solution/cypress/integration/exceptions/from_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/exceptions/from_rule.spec.ts
@@ -18,7 +18,7 @@ import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { esArchiverLoad, esArchiverUnload } from '../../tasks/es_archiver';
import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
import {
- activatesRule,
+ enablesRule,
addsExceptionFromRuleSettings,
goToAlertsTab,
goToExceptionsTab,
@@ -35,14 +35,14 @@ describe.skip('From rule', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPageWithoutDateRange(DETECTIONS_RULE_MANAGEMENT_URL);
- createCustomRule({ ...getNewRule(), index: ['exceptions-*'] }, 'rule_testing', '10s');
+ createCustomRule({ ...getNewRule(), index: ['exceptions-*'] }, 'rule_testing');
reload();
goToRuleDetails();
cy.get(RULE_STATUS).should('have.text', '—');
esArchiverLoad('auditbeat_for_exceptions');
- activatesRule();
+ enablesRule();
waitForTheRuleToBeExecuted();
waitForAlertsToPopulate();
refreshPage();
diff --git a/x-pack/plugins/security_solution/cypress/integration/users/user_details.spec.ts b/x-pack/plugins/security_solution/cypress/integration/users/user_details.spec.ts
index a30b651bfba3..9e3446a7d071 100644
--- a/x-pack/plugins/security_solution/cypress/integration/users/user_details.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/users/user_details.spec.ts
@@ -6,7 +6,7 @@
*/
import { ALERT_FLYOUT } from '../../screens/alerts_details';
-import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { createCustomRuleEnabled } from '../../tasks/api_calls/rules';
import { cleanKibana } from '../../tasks/common';
import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
@@ -24,7 +24,7 @@ describe.skip('user details flyout', () => {
beforeEach(() => {
cleanKibana();
loginAndWaitForPageWithoutDateRange(ALERTS_URL);
- createCustomRuleActivated(getNewRule());
+ createCustomRuleEnabled(getNewRule());
refreshPage();
waitForAlertsToPopulate();
});
diff --git a/x-pack/plugins/security_solution/cypress/objects/rule.ts b/x-pack/plugins/security_solution/cypress/objects/rule.ts
index 6a1c13b51509..2f81c160f280 100644
--- a/x-pack/plugins/security_solution/cypress/objects/rule.ts
+++ b/x-pack/plugins/security_solution/cypress/objects/rule.ts
@@ -163,6 +163,8 @@ const getSeverityOverride4 = (): SeverityOverride => ({
sourceValue: 'auditbeat',
});
+// Default interval is 1m, our tests config overwrite this to 1s
+// See https://github.com/elastic/kibana/pull/125396 for details
const getRunsEvery = (): Interval => ({
interval: '1',
timeType: 'Seconds',
diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts b/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
index fa8271a15898..f72f613d99e8 100644
--- a/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
+++ b/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
@@ -23,9 +23,9 @@ export const DUPLICATE_RULE_ACTION_BTN = '[data-test-subj="duplicateRuleAction"]
export const DUPLICATE_RULE_MENU_PANEL_BTN = '[data-test-subj="rules-details-duplicate-rule"]';
-export const ACTIVATE_RULE_BULK_BTN = '[data-test-subj="activateRuleBulk"]';
+export const ENABLE_RULE_BULK_BTN = '[data-test-subj="enableRuleBulk"]';
-export const DEACTIVATE_RULE_BULK_BTN = '[data-test-subj="deactivateRuleBulk"]';
+export const DISABLE_RULE_BULK_BTN = '[data-test-subj="disableRuleBulk"]';
export const DELETE_RULE_BULK_BTN = '[data-test-subj="deleteRuleBulk"]';
diff --git a/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts b/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts
index a3e5e8af3f59..bb87a0fe1262 100644
--- a/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts
+++ b/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts
@@ -58,7 +58,7 @@ export const COMBO_BOX_CLEAR_BTN = '[data-test-subj="comboBoxClearButton"]';
export const COMBO_BOX_INPUT = '[data-test-subj="comboBoxInput"]';
-export const CREATE_AND_ACTIVATE_BTN = '[data-test-subj="create-activate"]';
+export const CREATE_AND_ENABLE_BTN = '[data-test-subj="create-enable"]';
export const CUSTOM_QUERY_INPUT = '[data-test-subj="queryInput"]';
diff --git a/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts b/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts
index e2b187a6b51d..8475ef7247c2 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/alerts_detection_rules.ts
@@ -36,8 +36,8 @@ import {
SELECT_ALL_RULES_BTN,
MODAL_CONFIRMATION_BTN,
RULES_DELETE_CONFIRMATION_MODAL,
- ACTIVATE_RULE_BULK_BTN,
- DEACTIVATE_RULE_BULK_BTN,
+ ENABLE_RULE_BULK_BTN,
+ DISABLE_RULE_BULK_BTN,
RULE_DETAILS_DELETE_BTN,
RULE_IMPORT_MODAL_BUTTON,
RULE_IMPORT_MODAL,
@@ -87,7 +87,7 @@ export const duplicateRuleFromMenu = () => {
/**
* Check that the duplicated rule is on the table
- * and it is deactivated (default)
+ * and it is disabled (default)
*/
export const checkDuplicatedRule = () => {
cy.contains(RULE_NAME, duplicatedRuleName)
@@ -126,14 +126,14 @@ export const duplicateSelectedRules = () => {
cy.get(DUPLICATE_RULE_BULK_BTN).click();
};
-export const activateSelectedRules = () => {
+export const enableSelectedRules = () => {
cy.get(BULK_ACTIONS_BTN).click({ force: true });
- cy.get(ACTIVATE_RULE_BULK_BTN).click();
+ cy.get(ENABLE_RULE_BULK_BTN).click();
};
-export const deactivateSelectedRules = () => {
+export const disableSelectedRules = () => {
cy.get(BULK_ACTIONS_BTN).click({ force: true });
- cy.get(DEACTIVATE_RULE_BULK_BTN).click();
+ cy.get(DISABLE_RULE_BULK_BTN).click();
};
export const exportFirstRule = () => {
diff --git a/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts b/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts
index 0e6f4e6851a1..13ba3af59be9 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts
@@ -58,6 +58,8 @@ export const createCustomIndicatorRule = (rule: ThreatIndicatorRule, ruleId = 'r
rule_id: ruleId,
risk_score: parseInt(rule.riskScore, 10),
description: rule.description,
+ // Default interval is 1m, our tests config overwrite this to 1s
+ // See https://github.com/elastic/kibana/pull/125396 for details
interval: '10s',
name: rule.name,
severity: rule.severity.toLocaleLowerCase(),
@@ -90,7 +92,7 @@ export const createCustomIndicatorRule = (rule: ThreatIndicatorRule, ruleId = 'r
failOnStatusCode: false,
});
-export const createCustomRuleActivated = (
+export const createCustomRuleEnabled = (
rule: CustomRule,
ruleId = '1',
interval = '100m',
diff --git a/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts b/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts
index 068839ad576d..4ea8f4ce0ff9 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts
@@ -27,7 +27,7 @@ import {
BACK_TO_ALL_RULES_LINK,
COMBO_BOX_CLEAR_BTN,
COMBO_BOX_INPUT,
- CREATE_AND_ACTIVATE_BTN,
+ CREATE_AND_ENABLE_BTN,
CUSTOM_QUERY_INPUT,
CUSTOM_QUERY_REQUIRED,
DEFAULT_RISK_SCORE_INPUT,
@@ -98,10 +98,10 @@ import { SERVER_SIDE_EVENT_COUNT } from '../screens/timeline';
import { TIMELINE } from '../screens/timelines';
import { refreshPage } from './security_header';
-export const createAndActivateRule = () => {
+export const createAndEnableRule = () => {
cy.get(SCHEDULE_CONTINUE_BUTTON).click({ force: true });
- cy.get(CREATE_AND_ACTIVATE_BTN).click({ force: true });
- cy.get(CREATE_AND_ACTIVATE_BTN).should('not.exist');
+ cy.get(CREATE_AND_ENABLE_BTN).click({ force: true });
+ cy.get(CREATE_AND_ENABLE_BTN).should('not.exist');
cy.get(BACK_TO_ALL_RULES_LINK).click({ force: true });
cy.get(BACK_TO_ALL_RULES_LINK).should('not.exist');
};
diff --git a/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts b/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts
index 5094d469907b..e69c217c4a76 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts
@@ -31,7 +31,7 @@ import {
} from '../screens/rule_details';
import { addsFields, closeFieldsBrowser, filterFieldsBrowser } from './fields_browser';
-export const activatesRule = () => {
+export const enablesRule = () => {
cy.intercept('PATCH', '/api/detection_engine/rules/_bulk_update').as('bulk_update');
cy.get(RULE_SWITCH).should('be.visible');
cy.get(RULE_SWITCH).click();
diff --git a/x-pack/plugins/security_solution/cypress/tasks/sourcerer.ts b/x-pack/plugins/security_solution/cypress/tasks/sourcerer.ts
index 7309b374810e..95a2d01cd2f5 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/sourcerer.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/sourcerer.ts
@@ -11,7 +11,7 @@ import { HOSTS_URL } from '../urls/navigation';
import { waitForPage } from './login';
import { openTimelineUsingToggle } from './security_main';
import { DEFAULT_ALERTS_INDEX } from '../../common/constants';
-import { createCustomRuleActivated } from './api_calls/rules';
+import { createCustomRuleEnabled } from './api_calls/rules';
import { getNewRule } from '../objects/rule';
export const openSourcerer = (sourcererScope?: string) => {
@@ -176,6 +176,6 @@ export const refreshUntilAlertsIndexExists = async () => {
};
export const waitForAlertsIndexToExist = () => {
- createCustomRuleActivated(getNewRule(), '1', '100m', 100);
+ createCustomRuleEnabled(getNewRule(), '1', '100m', 100);
refreshUntilAlertsIndexExists();
};
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx
index 4bb4c4809764..53c0d143600f 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx
@@ -129,7 +129,7 @@ describe('AlertSummaryView', () => {
});
});
- test('DNS event renders the correct summary rows', () => {
+ test('DNS network event renders the correct summary rows', () => {
const renderProps = {
...props,
data: [
@@ -137,8 +137,8 @@ describe('AlertSummaryView', () => {
if (item.category === 'event' && item.field === 'event.category') {
return {
...item,
- values: ['dns'],
- originalValue: ['dns'],
+ values: ['network'],
+ originalValue: ['network'],
};
}
return item;
@@ -324,6 +324,39 @@ describe('AlertSummaryView', () => {
});
});
+ test('[legacy] Machine learning events show correct fields', () => {
+ const enhancedData = [
+ ...mockAlertDetailsData.map((item) => {
+ if (item.category === 'kibana' && item.field === 'kibana.alert.rule.type') {
+ return {
+ ...item,
+ values: ['machine_learning'],
+ originalValue: ['machine_learning'],
+ };
+ }
+ return item;
+ }),
+ {
+ category: 'signal',
+ field: 'signal.rule.machine_learning_job_id',
+ values: ['i_am_the_ml_job_id'],
+ },
+ { category: 'signal', field: 'signal.rule.anomaly_threshold', values: [2] },
+ ] as TimelineEventsDetailsItem[];
+ const renderProps = {
+ ...props,
+ data: enhancedData,
+ };
+ const { getByText } = render(
+
+
+
+ );
+ ['i_am_the_ml_job_id', 'signal.rule.anomaly_threshold'].forEach((fieldId) => {
+ expect(getByText(fieldId));
+ });
+ });
+
test('Threat match events show correct fields', () => {
const enhancedData = [
...mockAlertDetailsData.map((item) => {
@@ -338,10 +371,51 @@ describe('AlertSummaryView', () => {
}),
{
category: 'kibana',
- field: 'kibana.alert.rule.threat_index',
+ field: 'kibana.alert.rule.parameters.threat_index',
+ values: ['threat_index*'],
+ },
+ {
+ category: 'kibana',
+ field: 'kibana.alert.rule.parameters.threat_query',
+ values: ['*query*'],
+ },
+ ] as TimelineEventsDetailsItem[];
+ const renderProps = {
+ ...props,
+ data: enhancedData,
+ };
+ const { getByText } = render(
+
+
+
+ );
+ ['threat_index*', '*query*'].forEach((fieldId) => {
+ expect(getByText(fieldId));
+ });
+ });
+
+ test('[legacy] Threat match events show correct fields', () => {
+ const enhancedData = [
+ ...mockAlertDetailsData.map((item) => {
+ if (item.category === 'kibana' && item.field === 'kibana.alert.rule.type') {
+ return {
+ ...item,
+ values: ['threat_match'],
+ originalValue: ['threat_match'],
+ };
+ }
+ return item;
+ }),
+ {
+ category: 'signal',
+ field: 'signal.rule.threat_index',
values: ['threat_index*'],
},
- { category: 'kibana', field: 'kibana.alert.rule.threat_query', values: ['*query*'] },
+ {
+ category: 'signal',
+ field: 'signal.rule.threat_query',
+ values: ['*query*'],
+ },
] as TimelineEventsDetailsItem[];
const renderProps = {
...props,
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/get_alert_summary_rows.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/get_alert_summary_rows.tsx
index 9f0dfb53a5c4..8550cd843512 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/get_alert_summary_rows.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/get_alert_summary_rows.tsx
@@ -6,7 +6,7 @@
*/
import { find, isEmpty, uniqBy } from 'lodash/fp';
-import { ALERT_RULE_NAMESPACE, ALERT_RULE_PARAMETERS, ALERT_RULE_TYPE } from '@kbn/rule-data-utils';
+import { ALERT_RULE_PARAMETERS, ALERT_RULE_TYPE } from '@kbn/rule-data-utils';
import * as i18n from './translations';
import { BrowserFields } from '../../../../common/search_strategy/index_fields';
@@ -62,10 +62,9 @@ function getFieldsByCategory({
{ id: 'destination.port' },
{ id: 'source.address' },
{ id: 'source.port' },
+ { id: 'dns.question.name' },
{ id: 'process.name' },
];
- case EventCategory.DNS:
- return [{ id: 'dns.question.name' }, { id: 'process.name' }];
case EventCategory.REGISTRY:
return [{ id: 'registry.key' }, { id: 'registry.value' }, { id: 'process.name' }];
case EventCategory.MALWARE:
@@ -146,18 +145,22 @@ function getFieldsByRuleType(ruleType?: string): EventSummaryField[] {
return [
{
id: `${ALERT_RULE_PARAMETERS}.machine_learning_job_id`,
+ legacyId: 'signal.rule.machine_learning_job_id',
},
{
id: `${ALERT_RULE_PARAMETERS}.anomaly_threshold`,
+ legacyId: 'signal.rule.anomaly_threshold',
},
];
case 'threat_match':
return [
{
- id: `${ALERT_RULE_NAMESPACE}.threat_index`,
+ id: `${ALERT_RULE_PARAMETERS}.threat_index`,
+ legacyId: 'signal.rule.threat_index',
},
{
- id: `${ALERT_RULE_NAMESPACE}.threat_query`,
+ id: `${ALERT_RULE_PARAMETERS}.threat_query`,
+ legacyId: 'signal.rule.threat_query',
},
];
default:
@@ -251,11 +254,18 @@ export const getSummaryRows = ({
return data != null
? tableFields.reduce((acc, field) => {
- const item = data.find((d) => d.field === field.id);
- if (!item || isEmpty(item?.values)) {
+ const item = data.find(
+ (d) => d.field === field.id || (field.legacyId && d.field === field.legacyId)
+ );
+ if (!item || isEmpty(item.values)) {
return acc;
}
+ // If we found the data by its legacy id we swap the ids to display the correct one
+ if (item.field === field.legacyId) {
+ field.id = field.legacyId;
+ }
+
const linkValueField =
field.linkField != null && data.find((d) => d.field === field.linkField);
const description = {
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/types.ts b/x-pack/plugins/security_solution/public/common/components/event_details/types.ts
index 0e2eef882594..9b64ddd4db5d 100644
--- a/x-pack/plugins/security_solution/public/common/components/event_details/types.ts
+++ b/x-pack/plugins/security_solution/public/common/components/event_details/types.ts
@@ -30,6 +30,7 @@ export type EnrichedFieldInfoWithValues = EnrichedFieldInfo & { values: string[]
export interface EventSummaryField {
id: string;
+ legacyId?: string;
label?: string;
linkField?: string;
fieldType?: string;
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/ml_job_select/help_text.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/ml_job_select/help_text.tsx
index 0a4c5ce76c78..ee4b5061e849 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/ml_job_select/help_text.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/ml_job_select/help_text.tsx
@@ -42,7 +42,7 @@ const HelpTextComponent: React.FC<{ href: string; notRunningJobIds: string[] }>
{notRunningJobIds.length === 1 ? (
) : (
acc + (i < array.length - 1 ? ', ' : ', and ') + value
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/pre_packaged_rules/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/pre_packaged_rules/translations.ts
index 847e73f0bf19..5b66b4611c03 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/pre_packaged_rules/translations.ts
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/pre_packaged_rules/translations.ts
@@ -18,7 +18,7 @@ export const PRE_BUILT_MSG = i18n.translate(
'xpack.securitySolution.detectionEngine.rules.prePackagedRules.emptyPromptMessage',
{
defaultMessage:
- 'Elastic Security comes with prebuilt detection rules that run in the background and create alerts when their conditions are met. By default, all prebuilt rules except the Endpoint Security rule are disabled. You can select additional rules you want to activate.',
+ 'Elastic Security comes with prebuilt detection rules that run in the background and create alerts when their conditions are met. By default, all prebuilt rules except the Endpoint Security rule are disabled. You can select additional rules you want to enable.',
}
);
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx
index 72730deec6a1..94a883e6bae1 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/index.tsx
@@ -230,7 +230,7 @@ const StepRuleActionsComponent: FC = ({
isLoading={isLoading}
onClick={() => handleSubmit(false)}
>
- {I18n.COMPLETE_WITHOUT_ACTIVATING}
+ {I18n.COMPLETE_WITHOUT_ENABLING}
@@ -239,9 +239,9 @@ const StepRuleActionsComponent: FC = ({
isDisabled={isLoading}
isLoading={isLoading}
onClick={() => handleSubmit(true)}
- data-test-subj="create-activate"
+ data-test-subj="create-enable"
>
- {I18n.COMPLETE_WITH_ACTIVATING}
+ {I18n.COMPLETE_WITH_ENABLING}
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx
index fcd04c2bfc1e..dadb3d422973 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx
@@ -8,17 +8,17 @@
import { i18n } from '@kbn/i18n';
import { startCase } from 'lodash/fp';
-export const COMPLETE_WITHOUT_ACTIVATING = i18n.translate(
- 'xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithoutActivatingTitle',
+export const COMPLETE_WITHOUT_ENABLING = i18n.translate(
+ 'xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithoutEnablingTitle',
{
- defaultMessage: 'Create rule without activating it',
+ defaultMessage: 'Create rule without enabling it',
}
);
-export const COMPLETE_WITH_ACTIVATING = i18n.translate(
- 'xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithActivatingTitle',
+export const COMPLETE_WITH_ENABLING = i18n.translate(
+ 'xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithEnablingTitle',
{
- defaultMessage: 'Create & activate rule',
+ defaultMessage: 'Create & enable rule',
}
);
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_schedule_rule/translations.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_schedule_rule/translations.tsx
deleted file mode 100644
index c1de42c70884..000000000000
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_schedule_rule/translations.tsx
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { i18n } from '@kbn/i18n';
-
-export const COMPLETE_WITHOUT_ACTIVATING = i18n.translate(
- 'xpack.securitySolution.detectionEngine.createRule. stepScheduleRule.completeWithoutActivatingTitle',
- {
- defaultMessage: 'Create rule without activating it',
- }
-);
-
-export const COMPLETE_WITH_ACTIVATING = i18n.translate(
- 'xpack.securitySolution.detectionEngine.createRule. stepScheduleRule.completeWithActivatingTitle',
- {
- defaultMessage: 'Create & activate rule',
- }
-);
diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_find_rules_query.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_find_rules_query.ts
index 47778be0d9c9..6e212cebc85d 100644
--- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_find_rules_query.ts
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_find_rules_query.ts
@@ -87,7 +87,7 @@ export const useInvalidateRules = () => {
/**
* We should use this hook to update the rules cache when modifying rules
* without changing the rules collection size. Use it with the new rules data
- * after operations like bulk or single rule edit or rule activation, but not
+ * after operations like bulk or single rule edit or rule enabling, but not
* when adding or removing rules. When adding/removing rules, we should
* invalidate the cache instead.
*
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/actions.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/actions.ts
index 29b374f3fb26..8e98d24b1724 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/actions.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/actions.ts
@@ -138,8 +138,8 @@ export const enableRulesAction = async (
setLoadingRules?: RulesTableActions['setLoadingRules']
) => {
const errorTitle = enabled
- ? i18n.BATCH_ACTION_ACTIVATE_SELECTED_ERROR(ids.length)
- : i18n.BATCH_ACTION_DEACTIVATE_SELECTED_ERROR(ids.length);
+ ? i18n.BATCH_ACTION_ENABLE_SELECTED_ERROR(ids.length)
+ : i18n.BATCH_ACTION_DISABLE_SELECTED_ERROR(ids.length);
try {
setLoadingRules?.({ ids, action: enabled ? 'enable' : 'disable' });
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions.tsx
index 7058b95bf5fc..fd12f9a71bf2 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/bulk_actions/use_bulk_actions.tsx
@@ -110,19 +110,19 @@ export const useBulkActions = ({
!hasActionsPrivileges &&
selectedRules.some((rule) => !canEditRuleWithActions(rule, hasActionsPrivileges));
- const handleActivateAction = async () => {
+ const handleEnableAction = async () => {
closePopover();
- const deactivatedRules = selectedRules.filter(({ enabled }) => !enabled);
- const deactivatedRulesNoML = deactivatedRules.filter(({ type }) => !isMlRule(type));
+ const disabledRules = selectedRules.filter(({ enabled }) => !enabled);
+ const disabledRulesNoML = disabledRules.filter(({ type }) => !isMlRule(type));
- const mlRuleCount = deactivatedRules.length - deactivatedRulesNoML.length;
+ const mlRuleCount = disabledRules.length - disabledRulesNoML.length;
if (!hasMlPermissions && mlRuleCount > 0) {
displayWarningToast(detectionI18n.ML_RULES_UNAVAILABLE(mlRuleCount), dispatchToaster);
}
const ruleIds = hasMlPermissions
- ? deactivatedRules.map(({ id }) => id)
- : deactivatedRulesNoML.map(({ id }) => id);
+ ? disabledRules.map(({ id }) => id)
+ : disabledRulesNoML.map(({ id }) => id);
if (isAllSelected) {
const rulesBulkAction = initRulesBulkAction({
@@ -139,12 +139,12 @@ export const useBulkActions = ({
invalidateRules();
};
- const handleDeactivateActions = async () => {
+ const handleDisableActions = async () => {
closePopover();
- const activatedIds = selectedRules.filter(({ enabled }) => enabled).map(({ id }) => id);
+ const enabledIds = selectedRules.filter(({ enabled }) => enabled).map(({ id }) => id);
if (isAllSelected) {
const rulesBulkAction = initRulesBulkAction({
- visibleRuleIds: activatedIds,
+ visibleRuleIds: enabledIds,
action: BulkAction.disable,
setLoadingRules,
toasts,
@@ -152,7 +152,7 @@ export const useBulkActions = ({
await rulesBulkAction.byQuery(filterQuery);
} else {
- await enableRulesAction(activatedIds, false, dispatchToaster, setLoadingRules);
+ await enableRulesAction(enabledIds, false, dispatchToaster, setLoadingRules);
}
invalidateRules();
};
@@ -345,10 +345,10 @@ export const useBulkActions = ({
{
key: i18n.BULK_ACTION_ENABLE,
name: i18n.BULK_ACTION_ENABLE,
- 'data-test-subj': 'activateRuleBulk',
+ 'data-test-subj': 'enableRuleBulk',
disabled:
missingActionPrivileges || containsLoading || (!containsDisabled && !isAllSelected),
- onClick: handleActivateAction,
+ onClick: handleEnableAction,
toolTipContent: missingActionPrivileges ? i18n.EDIT_RULE_SETTINGS_TOOLTIP : undefined,
toolTipPosition: 'right',
icon: undefined,
@@ -391,10 +391,10 @@ export const useBulkActions = ({
{
key: i18n.BULK_ACTION_DISABLE,
name: i18n.BULK_ACTION_DISABLE,
- 'data-test-subj': 'deactivateRuleBulk',
+ 'data-test-subj': 'disableRuleBulk',
disabled:
missingActionPrivileges || containsLoading || (!containsEnabled && !isAllSelected),
- onClick: handleDeactivateActions,
+ onClick: handleDisableActions,
toolTipContent: missingActionPrivileges ? i18n.EDIT_RULE_SETTINGS_TOOLTIP : undefined,
toolTipPosition: 'right',
icon: undefined,
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
index 29df35290a44..7ddc97ccbfdc 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
@@ -677,7 +677,7 @@ const RuleDetailsPageComponent: React.FC = ({
enabled={isExistingRule && (rule?.enabled ?? false)}
onChange={handleOnChangeEnabledRule}
/>
- {i18n.ACTIVATE_RULE}
+ {i18n.ENABLE_RULE}
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts
index 32745f39d27a..9a51952d17a9 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/translations.ts
@@ -28,10 +28,10 @@ export const EXPERIMENTAL = i18n.translate(
}
);
-export const ACTIVATE_RULE = i18n.translate(
- 'xpack.securitySolution.detectionEngine.ruleDetails.activateRuleLabel',
+export const ENABLE_RULE = i18n.translate(
+ 'xpack.securitySolution.detectionEngine.ruleDetails.enableRuleLabel',
{
- defaultMessage: 'Activate',
+ defaultMessage: 'Enable',
}
);
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
index c336b588f12b..b1cc2e4f0388 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/translations.ts
@@ -454,18 +454,18 @@ export const BULK_EDIT_FLYOUT_FORM_DELETE_TAGS_TITLE = i18n.translate(
}
);
-export const BATCH_ACTION_ACTIVATE_SELECTED_ERROR = (totalRules: number) =>
+export const BATCH_ACTION_ENABLE_SELECTED_ERROR = (totalRules: number) =>
i18n.translate(
- 'xpack.securitySolution.detectionEngine.rules.allRules.batchActions.activateSelectedErrorTitle',
+ 'xpack.securitySolution.detectionEngine.rules.allRules.batchActions.enableSelectedErrorTitle',
{
values: { totalRules },
defaultMessage: 'Error enabling {totalRules, plural, =1 {rule} other {rules}}',
}
);
-export const BATCH_ACTION_DEACTIVATE_SELECTED_ERROR = (totalRules: number) =>
+export const BATCH_ACTION_DISABLE_SELECTED_ERROR = (totalRules: number) =>
i18n.translate(
- 'xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deactivateSelectedErrorTitle',
+ 'xpack.securitySolution.detectionEngine.rules.allRules.batchActions.disableSelectedErrorTitle',
{
values: { totalRules },
defaultMessage: 'Error disabling {totalRules, plural, =1 {rule} other {rules}}',
diff --git a/x-pack/plugins/security_solution/public/management/pages/blocklist/constants.ts b/x-pack/plugins/security_solution/public/management/pages/blocklist/constants.ts
new file mode 100644
index 000000000000..3fb68e417159
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/pages/blocklist/constants.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import {
+ ExceptionListType,
+ ExceptionListTypeEnum,
+ CreateExceptionListSchema,
+} from '@kbn/securitysolution-io-ts-list-types';
+import {
+ ENDPOINT_BLOCKLISTS_LIST_DESCRIPTION,
+ ENDPOINT_BLOCKLISTS_LIST_ID,
+ ENDPOINT_BLOCKLISTS_LIST_NAME,
+} from '@kbn/securitysolution-list-constants';
+
+export const BLOCKLISTS_LIST_TYPE: ExceptionListType = ExceptionListTypeEnum.ENDPOINT_BLOCKLISTS;
+
+export const BLOCKLISTS_LIST_DEFINITION: CreateExceptionListSchema = {
+ name: ENDPOINT_BLOCKLISTS_LIST_NAME,
+ namespace_type: 'agnostic',
+ description: ENDPOINT_BLOCKLISTS_LIST_DESCRIPTION,
+ list_id: ENDPOINT_BLOCKLISTS_LIST_ID,
+ type: BLOCKLISTS_LIST_TYPE,
+};
diff --git a/x-pack/plugins/security_solution/public/management/pages/blocklist/services/blocklists_api_client.ts b/x-pack/plugins/security_solution/public/management/pages/blocklist/services/blocklists_api_client.ts
new file mode 100644
index 000000000000..fa0451d9363a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/pages/blocklist/services/blocklists_api_client.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ENDPOINT_BLOCKLISTS_LIST_ID } from '@kbn/securitysolution-list-constants';
+import { HttpStart } from 'kibana/public';
+import { ExceptionsListApiClient } from '../../../services/exceptions_list/exceptions_list_api_client';
+import { BLOCKLISTS_LIST_DEFINITION } from '../constants';
+
+/**
+ * Blocklist exceptions Api client class using ExceptionsListApiClient as base class
+ * It follow the Singleton pattern.
+ * Please, use the getInstance method instead of creating a new instance when using this implementation.
+ */
+export class BlocklistsApiClient extends ExceptionsListApiClient {
+ constructor(http: HttpStart) {
+ super(http, ENDPOINT_BLOCKLISTS_LIST_ID, BLOCKLISTS_LIST_DEFINITION);
+ }
+
+ public static getInstance(http: HttpStart): ExceptionsListApiClient {
+ return super.getInstance(http, ENDPOINT_BLOCKLISTS_LIST_ID, BLOCKLISTS_LIST_DEFINITION);
+ }
+}
diff --git a/x-pack/plugins/security_solution/public/management/pages/blocklist/services/index.ts b/x-pack/plugins/security_solution/public/management/pages/blocklist/services/index.ts
new file mode 100644
index 000000000000..002093007329
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/pages/blocklist/services/index.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export * from './blocklists_api_client';
diff --git a/x-pack/plugins/security_solution/public/management/pages/blocklist/view/blocklist.tsx b/x-pack/plugins/security_solution/public/management/pages/blocklist/view/blocklist.tsx
index a48d6c5bd837..8d98b401102f 100644
--- a/x-pack/plugins/security_solution/public/management/pages/blocklist/view/blocklist.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/blocklist/view/blocklist.tsx
@@ -9,7 +9,7 @@ import React, { memo } from 'react';
import { i18n } from '@kbn/i18n';
import { useHttp } from '../../../../common/lib/kibana';
import { ArtifactListPage, ArtifactListPageProps } from '../../../components/artifact_list_page';
-import { HostIsolationExceptionsApiClient } from '../../host_isolation_exceptions/host_isolation_exceptions_api_client';
+import { BlocklistsApiClient } from '../services';
// FIXME:PT delete this when real component is implemented
const TempDevFormComponent: ArtifactListPageProps['ArtifactFormComponent'] = (props) => {
@@ -39,7 +39,7 @@ const BLOCKLIST_PAGE_LABELS: ArtifactListPageProps['labels'] = {
defaultMessage: 'Blocklist',
}),
pageAboutInfo: i18n.translate('xpack.securitySolution.blocklist.pageAboutInfo', {
- defaultMessage: '(DEV: temporarily using isolation exception api)', // FIXME: need wording from PM
+ defaultMessage: 'Add a blocklist to block applications or files from running.',
}),
pageAddButtonTitle: i18n.translate('xpack.securitySolution.blocklist.pageAddButtonTitle', {
defaultMessage: 'Add blocklist entry',
@@ -118,13 +118,11 @@ const BLOCKLIST_PAGE_LABELS: ArtifactListPageProps['labels'] = {
export const Blocklist = memo(() => {
const http = useHttp();
- // FIXME: Implement Blocklist API client and define list
- // for now, just using Event Filters
- const eventFiltersApiClient = HostIsolationExceptionsApiClient.getInstance(http);
+ const blocklistsApiClient = BlocklistsApiClient.getInstance(http);
return (
(
({ timeline, onOpenTimeline, isLastItem }) => {
const handleClick = useCallback(
@@ -55,7 +65,7 @@ const RecentTimelinesItem = React.memo(
{timeline.description && timeline.description.length && (
- {timeline.description}
+ {timeline.description}
)}
diff --git a/x-pack/plugins/security_solution/scripts/endpoint/blocklists/index.ts b/x-pack/plugins/security_solution/scripts/endpoint/blocklists/index.ts
new file mode 100644
index 000000000000..81a18bb89c35
--- /dev/null
+++ b/x-pack/plugins/security_solution/scripts/endpoint/blocklists/index.ts
@@ -0,0 +1,124 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { run, RunFn, createFailError } from '@kbn/dev-utils';
+import { KbnClient } from '@kbn/test';
+import { AxiosError } from 'axios';
+import pMap from 'p-map';
+import type { CreateExceptionListSchema } from '@kbn/securitysolution-io-ts-list-types';
+import {
+ ENDPOINT_BLOCKLISTS_LIST_DESCRIPTION,
+ ENDPOINT_BLOCKLISTS_LIST_ID,
+ ENDPOINT_BLOCKLISTS_LIST_NAME,
+ EXCEPTION_LIST_ITEM_URL,
+ EXCEPTION_LIST_URL,
+} from '@kbn/securitysolution-list-constants';
+import { randomPolicyIdGenerator } from '../common/random_policy_id_generator';
+import { ExceptionsListItemGenerator } from '../../../common/endpoint/data_generators/exceptions_list_item_generator';
+import { isArtifactByPolicy } from '../../../common/endpoint/service/artifacts';
+
+export const cli = () => {
+ run(
+ async (options) => {
+ try {
+ await createBlocklists(options);
+ options.log.success(`${options.flags.count} endpoint blocklists created`);
+ } catch (e) {
+ options.log.error(e);
+ throw createFailError(e.message);
+ }
+ },
+ {
+ description: 'Load Endpoint Blocklists',
+ flags: {
+ string: ['kibana'],
+ default: {
+ count: 10,
+ kibana: 'http://elastic:changeme@localhost:5601',
+ },
+ help: `
+ --count Number of blocklists to create. Default: 10
+ --kibana The URL to kibana including credentials. Default: http://elastic:changeme@localhost:5601
+ `,
+ },
+ }
+ );
+};
+
+class BlocklistDataLoaderError extends Error {
+ constructor(message: string, public readonly meta: unknown) {
+ super(message);
+ }
+}
+
+const handleThrowAxiosHttpError = (err: AxiosError): never => {
+ let message = err.message;
+
+ if (err.response) {
+ message = `[${err.response.status}] ${err.response.data.message ?? err.message} [ ${String(
+ err.response.config.method
+ ).toUpperCase()} ${err.response.config.url} ]`;
+ }
+ throw new BlocklistDataLoaderError(message, err.toJSON());
+};
+
+const createBlocklists: RunFn = async ({ flags, log }) => {
+ const eventGenerator = new ExceptionsListItemGenerator();
+ const kbn = new KbnClient({ log, url: flags.kibana as string });
+
+ await ensureCreateEndpointBlocklistsList(kbn);
+
+ const randomPolicyId = await randomPolicyIdGenerator(kbn, log);
+
+ await pMap(
+ Array.from({ length: flags.count as unknown as number }),
+ () => {
+ const body = eventGenerator.generateBlocklistForCreate();
+
+ if (isArtifactByPolicy(body)) {
+ const nmExceptions = Math.floor(Math.random() * 3) || 1;
+ body.tags = Array.from({ length: nmExceptions }, () => {
+ return `policy:${randomPolicyId()}`;
+ });
+ }
+ return kbn
+ .request({
+ method: 'POST',
+ path: EXCEPTION_LIST_ITEM_URL,
+ body,
+ })
+ .catch((e) => handleThrowAxiosHttpError(e));
+ },
+ { concurrency: 10 }
+ );
+};
+
+const ensureCreateEndpointBlocklistsList = async (kbn: KbnClient) => {
+ const newListDefinition: CreateExceptionListSchema = {
+ description: ENDPOINT_BLOCKLISTS_LIST_DESCRIPTION,
+ list_id: ENDPOINT_BLOCKLISTS_LIST_ID,
+ meta: undefined,
+ name: ENDPOINT_BLOCKLISTS_LIST_NAME,
+ os_types: [],
+ tags: [],
+ type: 'endpoint',
+ namespace_type: 'agnostic',
+ };
+
+ await kbn
+ .request({
+ method: 'POST',
+ path: EXCEPTION_LIST_URL,
+ body: newListDefinition,
+ })
+ .catch((e) => {
+ // Ignore if list was already created
+ if (e.response.status !== 409) {
+ handleThrowAxiosHttpError(e);
+ }
+ });
+};
diff --git a/x-pack/plugins/security_solution/scripts/endpoint/load_blocklists.js b/x-pack/plugins/security_solution/scripts/endpoint/load_blocklists.js
new file mode 100644
index 000000000000..46777ae8ccf7
--- /dev/null
+++ b/x-pack/plugins/security_solution/scripts/endpoint/load_blocklists.js
@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+require('../../../../../src/setup_node_env');
+require('./blocklists').cli();
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_saved_object_references/README.md b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_saved_object_references/README.md
index da9ccd30cfda..22e1da8dff5b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_saved_object_references/README.md
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/legacy_saved_object_references/README.md
@@ -10,7 +10,7 @@ until we have all users moved away from the legacy system.
## How to create a legacy notification
-* Create a rule and activate it normally within security_solution
+* Create a rule and enable it normally within security_solution
* Do not add actions to the rule at this point as we are exercising the older legacy system. However, you want at least one action configured such as a slack notification.
* Within dev tools do a query for all your actions and grab one of the `_id` of them without their prefix:
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
index c57a44620787..9cf57ff0018b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
@@ -757,12 +757,12 @@ describe('utils', () => {
expect(res).toBeTruthy();
expect(mockLogger.warn).toHaveBeenCalledWith(
- 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is de-activated. If you have recently enrolled agents enabled with Endpoint Security through Fleet, this warning should stop once an alert is sent from an agent. name: "fake name" id: "fake id" rule id: "fake rule id" signals index: "fakeindex"'
+ 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is disabled. If you have recently enrolled agents enabled with Endpoint Security through Fleet, this warning should stop once an alert is sent from an agent. name: "fake name" id: "fake id" rule id: "fake rule id" signals index: "fakeindex"'
);
expect(ruleExecutionLogger.logStatusChange).toHaveBeenCalledWith({
newStatus: RuleExecutionStatus['partial failure'],
message:
- 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is de-activated. If you have recently enrolled agents enabled with Endpoint Security through Fleet, this warning should stop once an alert is sent from an agent.',
+ 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is disabled. If you have recently enrolled agents enabled with Endpoint Security through Fleet, this warning should stop once an alert is sent from an agent.',
});
});
@@ -797,12 +797,12 @@ describe('utils', () => {
expect(res).toBeTruthy();
expect(mockLogger.warn).toHaveBeenCalledWith(
- 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is de-activated. name: "fake name" id: "fake id" rule id: "fake rule id" signals index: "fakeindex"'
+ 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is disabled. name: "fake name" id: "fake id" rule id: "fake rule id" signals index: "fakeindex"'
);
expect(ruleExecutionLogger.logStatusChange).toHaveBeenCalledWith({
newStatus: RuleExecutionStatus['partial failure'],
message:
- 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is de-activated.',
+ 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["logs-endpoint.alerts-*"] was found. This warning will continue to appear until a matching index is created or this rule is disabled.',
});
});
});
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
index cb1db88f78d3..b7a06d618162 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
@@ -143,7 +143,7 @@ export const hasTimestampFields = async (args: {
if (isEmpty(timestampFieldCapsResponse.body.indices)) {
const errorString = `This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ${JSON.stringify(
inputIndices
- )} was found. This warning will continue to appear until a matching index is created or this rule is de-activated. ${
+ )} was found. This warning will continue to appear until a matching index is created or this rule is disabled. ${
ruleName === 'Endpoint Security'
? 'If you have recently enrolled agents enabled with Endpoint Security through Fleet, this warning should stop once an alert is sent from an agent.'
: ''
diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/constants.ts b/x-pack/plugins/security_solution/server/lib/telemetry/constants.ts
index af02c98f32c5..ec363568cafd 100644
--- a/x-pack/plugins/security_solution/server/lib/telemetry/constants.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/constants.ts
@@ -9,7 +9,7 @@ export const TELEMETRY_MAX_BUFFER_SIZE = 100;
export const MAX_SECURITY_LIST_TELEMETRY_BATCH = 100;
-export const MAX_ENDPOINT_TELEMETRY_BATCH = 1_000;
+export const MAX_ENDPOINT_TELEMETRY_BATCH = 300;
export const MAX_DETECTION_RULE_TELEMETRY_BATCH = 1_000;
diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/tasks/endpoint.ts b/x-pack/plugins/security_solution/server/lib/telemetry/tasks/endpoint.ts
index 6be174cdf33e..e9cc36bbff90 100644
--- a/x-pack/plugins/security_solution/server/lib/telemetry/tasks/endpoint.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/tasks/endpoint.ts
@@ -212,7 +212,15 @@ export function createTelemetryEndpointTaskConfig(maxTelemetryBatch: number) {
}
}
- const { cpu, memory, uptime } = endpoint.endpoint_metrics.Endpoint.metrics;
+ const {
+ cpu,
+ memory,
+ uptime,
+ documents_volume: documentsVolume,
+ malicious_behavior_rules: maliciousBehaviorRules,
+ system_impact: systemImpact,
+ threads,
+ } = endpoint.endpoint_metrics.Endpoint.metrics;
const endpointPolicyDetail = extractEndpointPolicyConfig(policyConfig);
return {
@@ -227,6 +235,10 @@ export function createTelemetryEndpointTaskConfig(maxTelemetryBatch: number) {
cpu: cpu.endpoint,
memory: memory.endpoint.private,
uptime,
+ documentsVolume,
+ maliciousBehaviorRules,
+ systemImpact,
+ threads,
},
endpoint_meta: {
os: endpoint.endpoint_metrics.host.os,
@@ -242,6 +254,8 @@ export function createTelemetryEndpointTaskConfig(maxTelemetryBatch: number) {
actions: failedPolicy._source.Endpoint.policy.applied.actions
.map((action) => (action.status !== 'success' ? action : null))
.filter((action) => action !== null),
+ configuration: failedPolicy._source.Endpoint.configuration,
+ state: failedPolicy._source.Endpoint.state,
}
: {},
telemetry_meta: {
diff --git a/x-pack/plugins/security_solution/server/lib/telemetry/types.ts b/x-pack/plugins/security_solution/server/lib/telemetry/types.ts
index 9e7953a5085c..ef2283d2697c 100644
--- a/x-pack/plugins/security_solution/server/lib/telemetry/types.ts
+++ b/x-pack/plugins/security_solution/server/lib/telemetry/types.ts
@@ -87,6 +87,10 @@ interface EndpointPolicyResponseHits {
};
}
+interface NonPolicyConfiguration {
+ isolation: boolean;
+}
+
export interface EndpointPolicyResponseDocument {
_source: {
'@timestamp': string;
@@ -112,6 +116,8 @@ export interface EndpointPolicyResponseDocument {
status: string;
};
};
+ configuration: NonPolicyConfiguration;
+ state: NonPolicyConfiguration;
};
};
}
@@ -160,6 +166,17 @@ interface EndpointMetricDocument {
};
}
+interface DocumentsVolumeMetrics {
+ suppressed_count: number;
+ suppressed_bytes: number;
+ sent_count: number;
+ sent_bytes: number;
+}
+
+interface SystemImpactEventsMetrics {
+ week_ms: number;
+}
+
export interface EndpointMetrics {
memory: {
endpoint: {
@@ -183,6 +200,34 @@ export interface EndpointMetrics {
endpoint: number;
system: number;
};
+ documents_volume: {
+ file_events: DocumentsVolumeMetrics;
+ library_events: DocumentsVolumeMetrics;
+ process_events: DocumentsVolumeMetrics;
+ registry_events: DocumentsVolumeMetrics;
+ network_events: DocumentsVolumeMetrics;
+ overall: DocumentsVolumeMetrics;
+ };
+ malicious_behavior_rules: Array<{ id: string; endpoint_uptime_percent: number }>;
+ system_impact: Array<{
+ process: {
+ code_signature: Array<{
+ trusted: boolean;
+ subject_name: string;
+ exists: boolean;
+ status: string;
+ }>;
+ executable: string;
+ };
+ malware?: SystemImpactEventsMetrics;
+ process_events?: SystemImpactEventsMetrics;
+ registry_events?: SystemImpactEventsMetrics;
+ dns_events?: SystemImpactEventsMetrics;
+ network_events?: SystemImpactEventsMetrics;
+ overall?: SystemImpactEventsMetrics;
+ library_load_events?: SystemImpactEventsMetrics;
+ }>;
+ threads: Array<{ name: string; cpu: { mean: number } }>;
}
interface EndpointMetricOS {
diff --git a/x-pack/plugins/stack_alerts/kibana.json b/x-pack/plugins/stack_alerts/kibana.json
index acd9dcb374d1..f70ad679deef 100644
--- a/x-pack/plugins/stack_alerts/kibana.json
+++ b/x-pack/plugins/stack_alerts/kibana.json
@@ -1,8 +1,8 @@
{
"id": "stackAlerts",
"owner": {
- "name": "Kibana Alerting",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"server": true,
"version": "8.2.0",
diff --git a/x-pack/plugins/task_manager/kibana.json b/x-pack/plugins/task_manager/kibana.json
index 3c28df441a0a..98ca8e115f76 100644
--- a/x-pack/plugins/task_manager/kibana.json
+++ b/x-pack/plugins/task_manager/kibana.json
@@ -3,8 +3,8 @@
"server": true,
"version": "8.2.0",
"owner": {
- "name": "Kibana Alerting",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"kibanaVersion": "kibana",
"configPath": ["xpack", "task_manager"],
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index b0c005bb3285..3a5bc5edfbb7 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -3226,7 +3226,6 @@
"expressions.functions.mathColumn.args.nameHelpText": "結果の列の名前です。名前は一意である必要はありません。",
"expressions.functions.mathColumn.arrayValueError": "{name}で配列値に対する演算を実行できません",
"expressions.functions.mathColumn.uniqueIdError": "IDは一意でなければなりません",
- "expressions.functions.mathColumnHelpText": "他の列の結果として計算された列を追加します。引数が指定された場合のみ変更が加えられます。{alterColumnFn}と{staticColumnFn}もご参照ください。",
"expressions.functions.mathHelpText": "{TYPE_NUMBER}または{DATATABLE}を{CONTEXT}として使用して、{TINYMATH}数式を解釈します。{DATATABLE}列は列名で表示されます。{CONTEXT}が数字の場合は、{value}と表示されます。",
"expressions.functions.movingAverage.args.byHelpText": "移動平均計算を分割する列",
"expressions.functions.movingAverage.args.inputColumnIdHelpText": "移動平均を計算する列",
@@ -7295,8 +7294,6 @@
"xpack.apm.serviceIcons.serverless": "サーバーレス",
"xpack.apm.serviceIcons.service": "サービス",
"xpack.apm.serviceIcons.serviceDetails.cloud.availabilityZoneLabel": "{zones, plural, other {可用性ゾーン}} ",
- "xpack.apm.serviceIcons.serviceDetails.cloud.betaLabel": "ベータ",
- "xpack.apm.serviceIcons.serviceDetails.cloud.betaTooltip": "AWS Lambdaサポートは一般公開されていません。不具合を報告して支援してください。",
"xpack.apm.serviceIcons.serviceDetails.cloud.faasTriggerTypeLabel": "{triggerTypes, plural, other {トリガータイプ}} ",
"xpack.apm.serviceIcons.serviceDetails.cloud.functionNameLabel": "{functionNames, plural, other {関数名}} ",
"xpack.apm.serviceIcons.serviceDetails.cloud.machineTypesLabel": "{machineTypes, plural, other {コンピュータータイプ} }\n ",
@@ -8088,7 +8085,6 @@
"xpack.canvas.functions.alterColumn.args.typeHelpText": "列の変換語のタイプです。タイプを変更しない場合は未入力のままにします。",
"xpack.canvas.functions.alterColumn.cannotConvertTypeErrorMessage": "「{type}」に変換できません",
"xpack.canvas.functions.alterColumn.columnNotFoundErrorMessage": "列が見つかりません。'{column}'",
- "xpack.canvas.functions.alterColumnHelpText": "{list}、{end}などのコアタイプを変換し、列名を変更します。{mapColumnFn}および{staticColumnFn}も参照してください。",
"xpack.canvas.functions.any.args.conditionHelpText": "確認する条件です。",
"xpack.canvas.functions.anyHelpText": "少なくとも 1 つの条件が満たされている場合、{BOOLEAN_TRUE} が返されます。{all_fn} もご参照ください。",
"xpack.canvas.functions.as.args.nameHelpText": "列に付ける名前です。",
@@ -8289,7 +8285,6 @@
"xpack.canvas.functions.sortHelpText": "{DATATABLE}を指定された列で並べ替えます。",
"xpack.canvas.functions.staticColumn.args.nameHelpText": "新しい列の名前です。",
"xpack.canvas.functions.staticColumn.args.valueHelpText": "新しい列の各行に挿入する値です。ヒント:部分式を使用して他の列を静的値にロールアップします。",
- "xpack.canvas.functions.staticColumnHelpText": "すべての行に同じ静的値の列を追加します。{alterColumnFn}および{mapColumnFn}も参照してください。",
"xpack.canvas.functions.string.args.valueHelpText": "1 つの文字列に結合する値です。必要な場所にスペースを入れてください。",
"xpack.canvas.functions.stringHelpText": "すべての引数を 1 つの文字列に連結させます。",
"xpack.canvas.functions.switch.args.caseHelpText": "確認する条件です。",
@@ -15712,7 +15707,6 @@
"xpack.ingestPipelines.processors.defaultDescription.dateIndexName.indexNamePrefixDefault.noPrefixValueLabel": "プレフィックスなし",
"xpack.ingestPipelines.processors.defaultDescription.dateIndexName.indexNamePrefixDefault.prefixValueLabel": "プレフィックス\"{prefix}\"を使用",
"xpack.ingestPipelines.processors.defaultDescription.dissect": "分離したパターンと一致する値を\"{field}\"から抽出します",
- "xpack.ingestPipelines.processors.defaultDescription.dot_expander": "\"{field}\"をオブジェクトフィールドに拡張します",
"xpack.ingestPipelines.processors.defaultDescription.drop": "エラーを返さずにドキュメントを破棄します",
"xpack.ingestPipelines.processors.defaultDescription.enrich": "\"{policy_name}\"ポリシーが\"{field}\"と一致した場合に、データを\"{target_field}\"に改善します",
"xpack.ingestPipelines.processors.defaultDescription.fail": "実行を停止する例外を発生させます",
@@ -23116,8 +23110,6 @@
"xpack.securitySolution.detectionEngine.components.importRuleModal.overwriteExceptionLabel": "競合する「list_id」で既存の例外リストを上書き",
"xpack.securitySolution.detectionEngine.components.importRuleModal.selectRuleDescription": "インポートするルールを選択します。関連付けられたルールアクションと例外を含めることができます。",
"xpack.securitySolution.detectionEngine.components.importRuleModal.successfullyImportedRulesTitle": "{totalRules} {totalRules, plural, other {ルール}}を正常にインポートしました",
- "xpack.securitySolution.detectionEngine.createRule. stepScheduleRule.completeWithActivatingTitle": "ルールの作成と有効化",
- "xpack.securitySolution.detectionEngine.createRule. stepScheduleRule.completeWithoutActivatingTitle": "有効化せずにルールを作成",
"xpack.securitySolution.detectionEngine.createRule.backToRulesButton": "ルール",
"xpack.securitySolution.detectionEngine.createRule.editRuleButton": "編集",
"xpack.securitySolution.detectionEngine.createRule.eqlRuleTypeDescription": "イベント相関関係",
@@ -23219,8 +23211,6 @@
"xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key}は有効なmustacheテンプレートではありません",
"xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noConnectorSelectedErrorMessage": "コネクターを選択していません",
"xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noReadActionsPrivileges": "ルールアクションを作成できません。「Actions」プラグインの「読み取り」アクセス権がありません。",
- "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithActivatingTitle": "ルールの作成と有効化",
- "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithoutActivatingTitle": "有効化せずにルールを作成",
"xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldAdditionalLookBackHelpText": "ルックバック期間に時間を追加してアラートの見落としを防ぎます。",
"xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldAdditionalLookBackLabel": "追加のルックバック時間",
"xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalHelpText": "ルールを定期的に実行し、指定の時間枠内でアラートを検出します。",
@@ -23902,7 +23892,6 @@
"xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription": "停止",
"xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAggregatedByDescription": "結果集約条件",
"xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAllDescription": "すべての結果",
- "xpack.securitySolution.detectionEngine.ruleDetails.activateRuleLabel": "有効化",
"xpack.securitySolution.detectionEngine.ruleDetails.backToRulesButton": "ルール",
"xpack.securitySolution.detectionEngine.ruleDetails.deletedRule": "削除されたルール",
"xpack.securitySolution.detectionEngine.ruleDetails.exceptionsTab": "例外",
@@ -23945,8 +23934,6 @@
"xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsToolTip": "Kibana アクション特権がありません",
"xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "ルールのエクスポート",
"xpack.securitySolution.detectionEngine.rules.allRules.activeRuleDescription": "アクティブ",
- "xpack.securitySolution.detectionEngine.rules.allRules.batchActions.activateSelectedErrorTitle": "{totalRules, plural, other {個のルール}}の有効化エラー",
- "xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deactivateSelectedErrorTitle": "{totalRules, plural, other {個のルール}}の無効化エラー",
"xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deleteSelectedErrorTitle": "{totalRules, plural, other {ルール}}の削除エラー",
"xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deleteSelectedImmutableTitle": "選択には削除できないイミュータブルルールがあります",
"xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "一斉アクション",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 5394701a744e..cd88c2b4b6a5 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -3234,7 +3234,6 @@
"expressions.functions.mathColumn.args.nameHelpText": "结果列的名称。名称不需要唯一。",
"expressions.functions.mathColumn.arrayValueError": "无法对 {name} 的数组值执行数学运算",
"expressions.functions.mathColumn.uniqueIdError": "ID 必须唯一",
- "expressions.functions.mathColumnHelpText": "添加计算为其他列的结果的列。只有提供参数时,才会执行更改。另请参见 {alterColumnFn} 和 {staticColumnFn}。",
"expressions.functions.mathHelpText": "使用 {TYPE_NUMBER} 或 {DATATABLE} 作为 {CONTEXT} 来解释 {TINYMATH} 数学表达式。{DATATABLE} 列按列名使用。如果 {CONTEXT} 是数字,则作为 {value} 使用。",
"expressions.functions.movingAverage.args.byHelpText": "用于移动平均值计算拆分依据的列",
"expressions.functions.movingAverage.args.inputColumnIdHelpText": "要计算移动平均值的列",
@@ -7312,8 +7311,6 @@
"xpack.apm.serviceIcons.serverless": "无服务器",
"xpack.apm.serviceIcons.service": "服务",
"xpack.apm.serviceIcons.serviceDetails.cloud.availabilityZoneLabel": "{zones, plural, other {可用性区域}} ",
- "xpack.apm.serviceIcons.serviceDetails.cloud.betaLabel": "公测版",
- "xpack.apm.serviceIcons.serviceDetails.cloud.betaTooltip": "AWS Lambda 支持不是 GA 版。请通过报告错误来帮助我们。",
"xpack.apm.serviceIcons.serviceDetails.cloud.faasTriggerTypeLabel": "{triggerTypes, plural, other {触发类型}} ",
"xpack.apm.serviceIcons.serviceDetails.cloud.functionNameLabel": "{functionNames, plural, other {功能名称}} ",
"xpack.apm.serviceIcons.serviceDetails.cloud.machineTypesLabel": "{machineTypes, plural, other {机器类型}} ",
@@ -8106,7 +8103,6 @@
"xpack.canvas.functions.alterColumn.args.typeHelpText": "将列转换成的类型。留空将不更改类型。",
"xpack.canvas.functions.alterColumn.cannotConvertTypeErrorMessage": "无法转换为“{type}”",
"xpack.canvas.functions.alterColumn.columnNotFoundErrorMessage": "找不到列:“{column}”",
- "xpack.canvas.functions.alterColumnHelpText": "在核心类型(包括 {list} 和 {end})之间转换,并重命名列。另请参见 {mapColumnFn} 和 {staticColumnFn}。",
"xpack.canvas.functions.any.args.conditionHelpText": "要检查的条件。",
"xpack.canvas.functions.anyHelpText": "至少满足一个条件时,返回 {BOOLEAN_TRUE}。另见 {all_fn}。",
"xpack.canvas.functions.as.args.nameHelpText": "要为列提供的名称。",
@@ -8308,7 +8304,6 @@
"xpack.canvas.functions.sortHelpText": "按指定列对 {DATATABLE} 进行排序。",
"xpack.canvas.functions.staticColumn.args.nameHelpText": "新列的名称。",
"xpack.canvas.functions.staticColumn.args.valueHelpText": "要在新列的每一行中插入的值。提示:使用子表达式可将其他列汇总为静态值。",
- "xpack.canvas.functions.staticColumnHelpText": "添加每一行都具有相同静态值的列。另请参见 {alterColumnFn} 和 {mapColumnFn}。",
"xpack.canvas.functions.string.args.valueHelpText": "要连结成一个字符串的值。根据需要加入空格。",
"xpack.canvas.functions.stringHelpText": "将所有参数串联成单个字符串。",
"xpack.canvas.functions.switch.args.caseHelpText": "要检查的条件。",
@@ -15736,7 +15731,6 @@
"xpack.ingestPipelines.processors.defaultDescription.dateIndexName.indexNamePrefixDefault.noPrefixValueLabel": "无前缀",
"xpack.ingestPipelines.processors.defaultDescription.dateIndexName.indexNamePrefixDefault.prefixValueLabel": "带前缀“{prefix}”",
"xpack.ingestPipelines.processors.defaultDescription.dissect": "从“{field}”提取匹配分解模式的值",
- "xpack.ingestPipelines.processors.defaultDescription.dot_expander": "将“{field}”扩展成对象字段",
"xpack.ingestPipelines.processors.defaultDescription.drop": "丢弃文档而不返回错误",
"xpack.ingestPipelines.processors.defaultDescription.enrich": "如果策略“{policy_name}”匹配“{field}”,将数据扩充到“{target_field}”",
"xpack.ingestPipelines.processors.defaultDescription.fail": "引发使执行停止的异常",
@@ -23145,8 +23139,6 @@
"xpack.securitySolution.detectionEngine.components.importRuleModal.overwriteExceptionLabel": "覆盖具有冲突“list_id”的现有例外列表",
"xpack.securitySolution.detectionEngine.components.importRuleModal.selectRuleDescription": "选择要导入的规则。可以包括关联的规则操作和例外。",
"xpack.securitySolution.detectionEngine.components.importRuleModal.successfullyImportedRulesTitle": "已成功导入 {totalRules} 个{totalRules, plural, other {规则}}",
- "xpack.securitySolution.detectionEngine.createRule. stepScheduleRule.completeWithActivatingTitle": "创建并激活规则",
- "xpack.securitySolution.detectionEngine.createRule. stepScheduleRule.completeWithoutActivatingTitle": "创建规则但不激活",
"xpack.securitySolution.detectionEngine.createRule.backToRulesButton": "规则",
"xpack.securitySolution.detectionEngine.createRule.editRuleButton": "编辑",
"xpack.securitySolution.detectionEngine.createRule.eqlRuleTypeDescription": "事件关联",
@@ -23248,8 +23240,6 @@
"xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key} 不是有效的 Mustache 模板",
"xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noConnectorSelectedErrorMessage": "未选择任何连接器",
"xpack.securitySolution.detectionEngine.createRule.stepRuleActions.noReadActionsPrivileges": "无法创建规则操作。您对“操作”插件没有“读”权限。",
- "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithActivatingTitle": "创建并激活规则",
- "xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.completeWithoutActivatingTitle": "创建规则但不激活",
"xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldAdditionalLookBackHelpText": "增加回查时段的时间以防止错过告警。",
"xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldAdditionalLookBackLabel": "更多回查时间",
"xpack.securitySolution.detectionEngine.createRule.stepScheduleRule.fieldIntervalHelpText": "规则定期运行并检测指定时间范围内的告警。",
@@ -23931,7 +23921,6 @@
"xpack.securitySolution.detectionEngine.ruleDescription.mlJobStoppedDescription": "已停止",
"xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAggregatedByDescription": "结果聚合依据",
"xpack.securitySolution.detectionEngine.ruleDescription.thresholdResultsAllDescription": "所有结果",
- "xpack.securitySolution.detectionEngine.ruleDetails.activateRuleLabel": "激活",
"xpack.securitySolution.detectionEngine.ruleDetails.backToRulesButton": "规则",
"xpack.securitySolution.detectionEngine.ruleDetails.deletedRule": "已删除规则",
"xpack.securitySolution.detectionEngine.ruleDetails.exceptionsTab": "例外",
@@ -23974,8 +23963,6 @@
"xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsToolTip": "您没有 Kibana 操作权限",
"xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "导出规则",
"xpack.securitySolution.detectionEngine.rules.allRules.activeRuleDescription": "活动",
- "xpack.securitySolution.detectionEngine.rules.allRules.batchActions.activateSelectedErrorTitle": "启用{totalRules, plural, other {规则}}时出错",
- "xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deactivateSelectedErrorTitle": "禁用{totalRules, plural, other {规则}}时出错",
"xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deleteSelectedErrorTitle": "删除{totalRules, plural, other {规则}}时出错",
"xpack.securitySolution.detectionEngine.rules.allRules.batchActions.deleteSelectedImmutableTitle": "选择内容包含无法删除的不可变规则",
"xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "批处理操作",
diff --git a/x-pack/plugins/triggers_actions_ui/kibana.json b/x-pack/plugins/triggers_actions_ui/kibana.json
index b72a7fe96817..b7b918aff946 100644
--- a/x-pack/plugins/triggers_actions_ui/kibana.json
+++ b/x-pack/plugins/triggers_actions_ui/kibana.json
@@ -1,8 +1,8 @@
{
"id": "triggersActionsUi",
"owner": {
- "name": "Kibana Alerting",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "kibana",
"server": true,
diff --git a/x-pack/test/alerting_api_integration/common/fixtures/plugins/aad/kibana.json b/x-pack/test/alerting_api_integration/common/fixtures/plugins/aad/kibana.json
index 7dea652f7f9b..1036cee74da6 100644
--- a/x-pack/test/alerting_api_integration/common/fixtures/plugins/aad/kibana.json
+++ b/x-pack/test/alerting_api_integration/common/fixtures/plugins/aad/kibana.json
@@ -1,8 +1,8 @@
{
"id": "aadFixtures",
"owner": {
- "name": "Alerting Services",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "1.0.0",
"kibanaVersion": "kibana",
diff --git a/x-pack/test/alerting_api_integration/common/fixtures/plugins/actions_simulators/kibana.json b/x-pack/test/alerting_api_integration/common/fixtures/plugins/actions_simulators/kibana.json
index 5a76689f96d3..f007886f09ac 100644
--- a/x-pack/test/alerting_api_integration/common/fixtures/plugins/actions_simulators/kibana.json
+++ b/x-pack/test/alerting_api_integration/common/fixtures/plugins/actions_simulators/kibana.json
@@ -1,8 +1,8 @@
{
"id": "actionsSimulators",
"owner": {
- "name": "Alerting Services",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "1.0.0",
"kibanaVersion": "kibana",
diff --git a/x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts/kibana.json b/x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts/kibana.json
index 22ccd552762f..e241028ec697 100644
--- a/x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts/kibana.json
+++ b/x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts/kibana.json
@@ -1,8 +1,8 @@
{
"id": "alertsFixtures",
"owner": {
- "name": "Alerting Services",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "1.0.0",
"kibanaVersion": "kibana",
diff --git a/x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts_restricted/kibana.json b/x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts_restricted/kibana.json
index 206acd533b26..6c7ee636c35a 100644
--- a/x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts_restricted/kibana.json
+++ b/x-pack/test/alerting_api_integration/common/fixtures/plugins/alerts_restricted/kibana.json
@@ -1,8 +1,8 @@
{
"id": "alertsRestrictedFixtures",
"owner": {
- "name": "Alerting Services",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "1.0.0",
"kibanaVersion": "kibana",
diff --git a/x-pack/test/alerting_api_integration/common/fixtures/plugins/task_manager_fixture/kibana.json b/x-pack/test/alerting_api_integration/common/fixtures/plugins/task_manager_fixture/kibana.json
index 8adfa8d57e72..79d04d29954c 100644
--- a/x-pack/test/alerting_api_integration/common/fixtures/plugins/task_manager_fixture/kibana.json
+++ b/x-pack/test/alerting_api_integration/common/fixtures/plugins/task_manager_fixture/kibana.json
@@ -1,8 +1,8 @@
{
"id": "taskManagerFixture",
"owner": {
- "name": "Alerting Services",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "1.0.0",
"kibanaVersion": "kibana",
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules.ts
index 3bc547ccb6a9..1075a6374277 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules.ts
@@ -131,7 +131,7 @@ export default ({ getService }: FtrProviderContext) => {
// TODO: https://github.com/elastic/kibana/pull/121644 clean up, make type-safe
expect(rule?.execution_summary?.last_execution.status).to.eql('partial failure');
expect(rule?.execution_summary?.last_execution.message).to.eql(
- 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["does-not-exist-*"] was found. This warning will continue to appear until a matching index is created or this rule is de-activated.'
+ 'This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["does-not-exist-*"] was found. This warning will continue to appear until a matching index is created or this rule is disabled.'
);
});
diff --git a/x-pack/test/functional_with_es_ssl/fixtures/plugins/alerts/kibana.json b/x-pack/test/functional_with_es_ssl/fixtures/plugins/alerts/kibana.json
index 8c798aa3fbe0..2dd7fcc0c498 100644
--- a/x-pack/test/functional_with_es_ssl/fixtures/plugins/alerts/kibana.json
+++ b/x-pack/test/functional_with_es_ssl/fixtures/plugins/alerts/kibana.json
@@ -1,6 +1,6 @@
{
"id": "alertingFixture",
- "owner": { "name": "Alerting Services", "githubTeam": "kibana-alerting-services" },
+ "owner": { "name": "Response Ops", "githubTeam": "response-ops" },
"version": "1.0.0",
"kibanaVersion": "kibana",
"requiredPlugins": ["alerting", "triggersActionsUi", "features"],
diff --git a/x-pack/test/plugin_api_integration/plugins/event_log/kibana.json b/x-pack/test/plugin_api_integration/plugins/event_log/kibana.json
index 42cfa0f766e3..2117704cbef8 100644
--- a/x-pack/test/plugin_api_integration/plugins/event_log/kibana.json
+++ b/x-pack/test/plugin_api_integration/plugins/event_log/kibana.json
@@ -1,8 +1,8 @@
{
"id": "eventLogFixture",
"owner": {
- "name": "Kibana Alerting",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "1.0.0",
"kibanaVersion": "kibana",
diff --git a/x-pack/test/plugin_api_integration/plugins/sample_task_plugin/kibana.json b/x-pack/test/plugin_api_integration/plugins/sample_task_plugin/kibana.json
index 0171004f1c7b..151e49c08016 100644
--- a/x-pack/test/plugin_api_integration/plugins/sample_task_plugin/kibana.json
+++ b/x-pack/test/plugin_api_integration/plugins/sample_task_plugin/kibana.json
@@ -1,8 +1,8 @@
{
"id": "sampleTaskPlugin",
"owner": {
- "name": "Alerting Services",
- "githubTeam": "kibana-alerting-services"
+ "name": "Response Ops",
+ "githubTeam": "response-ops"
},
"version": "1.0.0",
"kibanaVersion": "kibana",
diff --git a/x-pack/test/plugin_api_perf/plugins/task_manager_performance/kibana.json b/x-pack/test/plugin_api_perf/plugins/task_manager_performance/kibana.json
index 995427773ad9..b7fad9c24531 100644
--- a/x-pack/test/plugin_api_perf/plugins/task_manager_performance/kibana.json
+++ b/x-pack/test/plugin_api_perf/plugins/task_manager_performance/kibana.json
@@ -1,6 +1,6 @@
{
"id": "taskManagerPerformance",
- "owner": { "name": "Alerting Services", "githubTeam": "kibana-alerting-services" },
+ "owner": { "name": "Response Ops", "githubTeam": "response-ops" },
"version": "1.0.0",
"kibanaVersion": "kibana",
"requiredPlugins": ["taskManager"],
diff --git a/x-pack/test/security_solution_cypress/config.ts b/x-pack/test/security_solution_cypress/config.ts
index 383b7b31206a..fde617bcf1ce 100644
--- a/x-pack/test/security_solution_cypress/config.ts
+++ b/x-pack/test/security_solution_cypress/config.ts
@@ -43,6 +43,9 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
'--xpack.ruleRegistry.write.enabled=true',
'--xpack.ruleRegistry.write.cache.enabled=false',
'--xpack.ruleRegistry.unsafe.indexUpgrade.enabled=true',
+ // Without below line, default interval for rules is 1m
+ // See https://github.com/elastic/kibana/pull/125396 for details
+ '--xpack.alerting.minimumScheduleInterval=1s',
'--xpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled=true',
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
'riskyHostsEnabled',
diff --git a/x-pack/test/security_solution_endpoint/services/endpoint_artifacts.ts b/x-pack/test/security_solution_endpoint/services/endpoint_artifacts.ts
index f36c59722de7..f304e110df26 100644
--- a/x-pack/test/security_solution_endpoint/services/endpoint_artifacts.ts
+++ b/x-pack/test/security_solution_endpoint/services/endpoint_artifacts.ts
@@ -18,6 +18,7 @@ import { TRUSTED_APPS_EXCEPTION_LIST_DEFINITION } from '../../../plugins/securit
import { EndpointError } from '../../../plugins/security_solution/common/endpoint/errors';
import { EVENT_FILTER_LIST_DEFINITION } from '../../../plugins/security_solution/public/management/pages/event_filters/constants';
import { HOST_ISOLATION_EXCEPTIONS_LIST_DEFINITION } from '../../../plugins/security_solution/public/management/pages/host_isolation_exceptions/constants';
+import { BLOCKLISTS_LIST_DEFINITION } from '../../../plugins/security_solution/public/management/pages/blocklist/constants';
export interface ArtifactTestData {
artifact: ExceptionListItemSchema;
@@ -108,4 +109,13 @@ export class EndpointArtifactsTestResources extends FtrService {
return this.createExceptionItem(artifact);
}
+
+ async createBlocklist(
+ overrides: Partial = {}
+ ): Promise {
+ await this.ensureListExists(BLOCKLISTS_LIST_DEFINITION);
+ const blocklist = this.exceptionsGenerator.generateBlocklistForCreate(overrides);
+
+ return this.createExceptionItem(blocklist);
+ }
}
diff --git a/x-pack/test/upgrade/apps/reporting/reporting_smoke_tests.ts b/x-pack/test/upgrade/apps/reporting/reporting_smoke_tests.ts
index 20fc34f77dbf..e7769f2761f3 100644
--- a/x-pack/test/upgrade/apps/reporting/reporting_smoke_tests.ts
+++ b/x-pack/test/upgrade/apps/reporting/reporting_smoke_tests.ts
@@ -71,6 +71,21 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
}
const advOpt = await find.byXPath(`//button[descendant::*[text()='Advanced options']]`);
await advOpt.click();
+ // Workaround for: https://github.com/elastic/kibana/issues/126540
+ const isUrlTooLong = await testSubjects.exists('urlTooLongErrorMessage');
+ if (isUrlTooLong) {
+ // Save dashboard
+ await PageObjects.dashboard.switchToEditMode();
+ await PageObjects.dashboard.clickQuickSave();
+ await PageObjects.share.openShareMenuItem(link);
+ if (type === 'pdf_optimize') {
+ await testSubjects.click('usePrintLayout');
+ }
+ const advOpt2 = await find.byXPath(
+ `//button[descendant::*[text()='Advanced options']]`
+ );
+ await advOpt2.click();
+ }
const postUrl = await find.byXPath(`//button[descendant::*[text()='Copy POST URL']]`);
await postUrl.click();
const url = await browser.getClipboardValue();
diff --git a/yarn.lock b/yarn.lock
index 68816f9b172a..1994a2f42e4a 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7587,10 +7587,10 @@
resolved "https://registry.yarnpkg.com/@types/seedrandom/-/seedrandom-2.4.28.tgz#9ce8fa048c1e8c85cb71d7fe4d704e000226036f"
integrity sha512-SMA+fUwULwK7sd/ZJicUztiPs8F1yCPwF3O23Z9uQ32ME5Ha0NmDK9+QTsYE4O2tHXChzXomSWWeIhCnoN1LqA==
-"@types/selenium-webdriver@^4.0.16":
- version "4.0.16"
- resolved "https://registry.yarnpkg.com/@types/selenium-webdriver/-/selenium-webdriver-4.0.16.tgz#c3205c6691a1d645cf4163684bd119230a60e6f5"
- integrity sha512-0UAzu2lFXpLK4lU4yhgUtM/KxoN8hIpyI+q22KAwzIDHNk4kLJ/Ut5mJZLFSxfQx58OBQ9SJXZkSL065fe/WdQ==
+"@types/selenium-webdriver@^4.0.18":
+ version "4.0.18"
+ resolved "https://registry.yarnpkg.com/@types/selenium-webdriver/-/selenium-webdriver-4.0.18.tgz#98f6e1ccd2d92f6fddaccfc7c148d2e158da0f92"
+ integrity sha512-gkrUo3QldGr8V9im/DjgKkX4UVd1rtflfEBuPG9hPSA1keu7A0rF8h/MQjpTMm2EPVhBCd2K8tn5nlC9Vsd5Xw==
"@types/semver@^7":
version "7.3.4"
@@ -10754,10 +10754,10 @@ chrome-trace-event@^1.0.2:
dependencies:
tslib "^1.9.0"
-chromedriver@^97.0.2:
- version "97.0.2"
- resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-97.0.2.tgz#b6c26f6667ad40dc8cf08818878cc064787116fc"
- integrity sha512-sOAfKCR3WsHvmKedZoWa+3tBVGdPtxq4zKxgKZCoJ2c924olBTW4Bnha6SHl93Yo7+QqsNn6ZpAC0ojhutacAg==
+chromedriver@^98.0.0:
+ version "98.0.0"
+ resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-98.0.0.tgz#b2c3c1941fad4cdfadad5d4c46923e02f089fd30"
+ integrity sha512-Oi6Th5teK+VI4nti+423/dFkENYHEMOdUvqwJHzOaNwXqLwZ8FuSaKBybgALCctGapwJbd+tmPv3qSd6tUUIHQ==
dependencies:
"@testim/chrome-version" "^1.1.2"
axios "^0.24.0"