diff --git a/docs/api/dashboard-api.asciidoc b/docs/api/dashboard-api.asciidoc index e6f54dd9156ec..94511c3154fe0 100644 --- a/docs/api/dashboard-api.asciidoc +++ b/docs/api/dashboard-api.asciidoc @@ -1,7 +1,7 @@ [[dashboard-api]] == Import and export dashboard APIs -deprecated::[7.15.0,Both of these APIs have been deprecated in favor of <> and <>.] +deprecated::[7.15.0,These experimental APIs have been deprecated in favor of <> and <>.] Import and export dashboards with the corresponding saved objects, such as visualizations, saved searches, and index patterns. diff --git a/docs/api/dashboard/export-dashboard.asciidoc b/docs/api/dashboard/export-dashboard.asciidoc index 3a20eff0a54d2..098ec976569bd 100644 --- a/docs/api/dashboard/export-dashboard.asciidoc +++ b/docs/api/dashboard/export-dashboard.asciidoc @@ -6,7 +6,7 @@ deprecated::[7.15.0,Use <> instead.] -Export dashboards and corresponding saved objects. +experimental[] Export dashboards and corresponding saved objects. [[dashboard-api-export-request]] ==== Request diff --git a/docs/api/dashboard/import-dashboard.asciidoc b/docs/api/dashboard/import-dashboard.asciidoc index e4817d6cb7ee9..41eb47500c8d7 100644 --- a/docs/api/dashboard/import-dashboard.asciidoc +++ b/docs/api/dashboard/import-dashboard.asciidoc @@ -6,7 +6,7 @@ deprecated::[7.15.0,Use <> instead.] -Import dashboards and corresponding saved objects. +experimental[] Import dashboards and corresponding saved objects. [[dashboard-api-import-request]] ==== Request diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts index 171d224cc32d3..10f556a11bf60 100644 --- a/x-pack/plugins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/detection_rules/event_correlation_rule.spec.ts @@ -70,7 +70,7 @@ import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login'; import { ALERTS_URL } from '../../urls/navigation'; -describe('Detection rules, EQL', () => { +describe.skip('Detection rules, EQL', () => { const expectedUrls = getEqlRule().referenceUrls.join(''); const expectedFalsePositives = getEqlRule().falsePositivesExamples.join(''); const expectedTags = getEqlRule().tags.join(''); @@ -169,7 +169,7 @@ describe('Detection rules, EQL', () => { }); }); -describe('Detection rules, sequence EQL', () => { +describe.skip('Detection rules, sequence EQL', () => { const expectedNumberOfRules = 1; const expectedNumberOfSequenceAlerts = '1 alert'; diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts index 4ef3291e1b8f2..b5d4c6033e98f 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/handlers.ts @@ -41,7 +41,7 @@ import { findAllUnenrolledAgentIds } from './support/unenroll'; import { getAllEndpointPackagePolicies } from './support/endpoint_package_policies'; import { findAgentIdsByStatus } from './support/agent_status'; import { EndpointAppContextService } from '../../endpoint_app_context_services'; -import { fleetAgentStatusToEndpointHostStatus } from '../../utils'; +import { catchAndWrapError, fleetAgentStatusToEndpointHostStatus } from '../../utils'; import { queryResponseToHostListResult, queryResponseToHostResult, @@ -194,7 +194,9 @@ export async function getHostMetaData( const query = getESQueryHostMetadataByID(id); - const response = await esClient.asCurrentUser.search(query); + const response = await esClient.asCurrentUser + .search(query) + .catch(catchAndWrapError); const hostResult = queryResponseToHostResult(response.body); diff --git a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts index ae68d81d6b922..fbc51aa0360ce 100644 --- a/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts +++ b/x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/helpers.ts @@ -22,9 +22,7 @@ import { HostValue, } from '../../../../../../common/search_strategy/security_solution/hosts'; import { toObjectArrayOfStrings } from '../../../../../../common/utils/to_array'; -import { getHostMetaData } from '../../../../../endpoint/routes/metadata/handlers'; import { EndpointAppContext } from '../../../../../endpoint/types'; -import { fleetAgentStatusToEndpointHostStatus } from '../../../../../endpoint/utils'; import { getPendingActionCounts } from '../../../../../endpoint/services'; export const HOST_FIELDS = [ @@ -184,51 +182,54 @@ export const getHostEndpoint = async ( endpointContext: EndpointAppContext; } ): Promise => { - const { esClient, endpointContext, savedObjectsClient } = deps; + if (!id) { + return null; + } + + const { esClient, endpointContext } = deps; const logger = endpointContext.logFactory.get('metadata'); + try { const agentService = endpointContext.service.getAgentService(); - if (agentService === undefined) { + + if (!agentService) { throw new Error('agentService not available'); } - const metadataRequestContext = { - esClient, - endpointAppContextService: endpointContext.service, - logger, - savedObjectsClient, - }; - const endpointData = - id != null && metadataRequestContext.endpointAppContextService.getAgentService() != null - ? await getHostMetaData(metadataRequestContext, id) - : null; - - const fleetAgentId = endpointData?.elastic.agent.id; - const [fleetAgentStatus, pendingActions] = !fleetAgentId - ? [undefined, {}] - : await Promise.all([ - // Get Agent Status - agentService.getAgentStatusById(esClient.asCurrentUser, fleetAgentId), - // Get a list of pending actions (if any) - getPendingActionCounts( - esClient.asCurrentUser, - endpointContext.service.getEndpointMetadataService(), - [fleetAgentId] - ).then((results) => { + + const endpointData = await endpointContext.service + .getEndpointMetadataService() + // Using `internalUser` ES client below due to the fact that Fleet data has been moved to + // system indices (`.fleet*`). Because this is a readonly action, this should be ok to do + // here until proper RBOC controls are implemented + .getEnrichedHostMetadata(esClient.asInternalUser, id); + + const fleetAgentId = endpointData.metadata.elastic.agent.id; + + const pendingActions = fleetAgentId + ? getPendingActionCounts( + esClient.asInternalUser, + endpointContext.service.getEndpointMetadataService(), + [fleetAgentId] + ) + .then((results) => { return results[0].pending_actions; - }), - ]); - - return endpointData != null && endpointData - ? { - endpointPolicy: endpointData.Endpoint.policy.applied.name, - policyStatus: endpointData.Endpoint.policy.applied.status, - sensorVersion: endpointData.agent.version, - // eslint-disable-next-line @typescript-eslint/no-non-null-assertion - elasticAgentStatus: fleetAgentStatusToEndpointHostStatus(fleetAgentStatus!), - isolation: endpointData.Endpoint.state?.isolation ?? false, - pendingActions, - } - : null; + }) + .catch((error) => { + // Failure in retrieving the number of pending actions should not fail the entire + // call to get endpoint details. Log the error and return an empty object + logger.warn(error); + return {}; + }) + : {}; + + return { + endpointPolicy: endpointData.metadata.Endpoint.policy.applied.name, + policyStatus: endpointData.metadata.Endpoint.policy.applied.status, + sensorVersion: endpointData.metadata.agent.version, + elasticAgentStatus: endpointData.host_status, + isolation: endpointData.metadata.Endpoint.state?.isolation ?? false, + pendingActions, + }; } catch (err) { logger.warn(err); return null;