[wip] Llm stream #15
Closed
[wip] Llm stream #15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…lp diagnose rule execution errors (elastic#166778) ## Summary Thanks @spong for the speedy assistance with getting this code-complete! Utilizing the Security Assistant to provide some suggested mediation steps for rule errors could help customers to better self-diagnose rule errors. Thus, enhancing their experience with the Security Solution and potentially reducing new support tickets. Error on rule details page: <img width="1462" alt="threshold_rule_exception_error" src="https://github.com/elastic/kibana/assets/915763/9f31fad5-f1e5-46b2-accf-2739ac3b83dd"> Response from security assistant: <img width="1454" alt="threshold_rule_exception_assistant_resolved" src="https://github.com/elastic/kibana/assets/915763/5fbd8ea5-8a5d-47ea-8f24-6698b298f023"> Available for warnings too: <img width="1205" alt="assistant_error_help_warning" src="https://github.com/elastic/kibana/assets/915763/e93bb870-9688-4d87-a6db-59a552ab9af9"> Includes the rule name and data sources for pre-built rules for additional information to generate a slightly more helpful response: <img width="1958" alt="pre_built_rule_name_data_source" src="https://github.com/elastic/kibana/assets/915763/d6e797c8-e014-4cb0-be95-fcce02568121"> --------- Co-authored-by: Garrett Spong <[email protected]>
## Summary Splitting some of the long running Alerting FTR configs: | Config Path | Runtime | | ------------- | ------------- | | x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts | 36m 55s | | x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts | 36m 58s | <img width="1576" alt="image" src="https://github.com/elastic/kibana/assets/10977896/c73374c6-d769-4536-a277-5a2a38b83fa4"> After split: | Config Path | Runtime | | ------------- | ------------- | | x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts | 22m 59s | | x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts | 23m 15s | | x-pack/test/alerting_api_integration/security_and_spaces/group4/config.ts | 22m 26s | | x-pack/test/alerting_api_integration/security_and_spaces/group4/config_non_dedicated_task_runner.ts | 21m 36s |
Closes elastic#162800 ## Summary This PR re-adds dashboard titles to the browser tab title, which was accidentally removed as part of the [portable dashboards](elastic#144332) work. For example, if I'm on the sample Logs dashboard, the title of that dashboard will now be reflected in the tab title like it was prior to `v8.7.0`: | Before | After | |--------|--------| |  |  | The tab title should stay up-to-date with Dashboard title changes, as demonstrated in this video: https://github.com/elastic/kibana/assets/8698078/651fff50-70f7-46ff-af47-b274fe6b0a19 Note that this will **only apply** to dashboards in the dashboard app - dashboards outside of the dashboard app should not change the browser tab title, unless the consumer does this on their own. ### [Flaky Test Runner](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3987)  ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
…s creation to include more match options (elastic#170495) ## Summary - [x] Adds a `matches` and `does not match` operator option to all eligible event filter creation entry fields that support matches - [x] Updates the existing warning to only appear if that is the `file.path.text` entry field is selected - [x] Generalize the warning for wildcard usage if operator is matches and a wildcard is used in the value - [x] Updates wildcard warning tooltip to include "Creating event filters with both `matches` and `does not match` operators may significantly decrease performance." - [x] Unit tests # Screenshots  Warning about wildcards affecting Endpoint performance <img width="1219" alt="image" src="https://github.com/elastic/kibana/assets/56409205/5bceec10-6387-44d5-bc7f-76de1816ce46"> # Event Filter & Artifact **LINUX**  <details open> <summary> linux artifact entry </summary> <p> ``` { "entries": [ { "type": "simple", "entries": [ { "field": "event.category", "operator": "included", "type": "wildcard_cased", "value": "network" }, { "field": "process.name", "operator": "included", "type": "exact_cased", "value": "network" } ] } ] } ``` </p> </details open> **WINDOWS**  <details open> <summary> windows artifact entry </summary> <p> ``` { "entries": [ { "type": "simple", "entries": [ { "field": "event.kind", "operator": "included", "type": "wildcard_cased", "value": "event" }, { "field": "process.name", "operator": "included", "type": "exact_caseless", "value": "event" }, { "field": "event.category", "operator": "included", "type": "wildcard_cased", "value": "authentication" }, { "field": "process.name", "operator": "included", "type": "exact_caseless", "value": "authentication" } ] } ] } ``` </p> </details open> **MAC**  <details open> <summary> mac artifact entry</summary> <p> ``` { "entries": [ { "type": "simple", "entries": [ { "field": "event.id", "operator": "included", "type": "wildcard_cased", "value": "071e1cfc-8333-4c6c-965a-00678c7b1d61" }, { "field": "process.name", "operator": "included", "type": "exact_caseless", "value": "071e1cfc-8333-4c6c-965a-00678c7b1d61" }, { "field": "file.path", "operator": "included", "type": "wildcard_cased", "value": "C:\\My Documents\\business\\January\\processName" }, { "field": "process.name", "operator": "included", "type": "exact_caseless", "value": "C:\\My Documents\\business\\January\\processName" } ] } ] } ``` </p> </details open>
…point ops analyst user roles (elastic#170778) ## Summary Ref: elastic/security-team#7950 --------- Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Ievgen Sorokopud <[email protected]>
## Summary This adds a new "Universal Profiling" tab to asset details with a flamegrapth for a selected host. The tab is behind a feature flag and is disabled by default. It will be enabled by default for clound/onprem once we implement Profiling empty state, serverless is tbd. * Added two new endpoints for fetching profiling status (not used by the FE yet) and flamegraph data. * Added a `profilingEnabled` feature flag * Added a new tab in the UI and integrated the Flamegraph embeddable  ## How to test * Connect local kibana to oblt cluster that has Profiling configured (e.g. edge) * Add this to your dev `kibana.yml` ``` xpack.profiling.enabled: true xpack.infra.profilingEnabled: true # Direct ES URL on the oblt cluster that you're using, in case of edge it's https://edge-oblt.es.us-west2.gcp.elastic-cloud.com:443 xpack.profiling.elasticsearch.hosts: REMOTE_CLUSTER_ES_URL # If needed create a new user on the remote oblt cluster xpack.profiling.elasticsearch.username: REMOTE_CLUSTER_USER xpack.profiling.elasticsearch.password: REMOTE_CLUSTER_PASWORD ``` * Open kibana, go to Hosts * Open a flyout for one of the hosts and make sure you see the Profiling tab with a flamegraph * Open Host details as a full page and also make sure you see the new tab --------- Co-authored-by: kibanamachine <[email protected]>
## Summary Several improvements to tracing and logging in Fleet setup to find root cause of problems: - Add a trace transaction to ensure Fleet setup calls on Kibana start up are traced - Add specific spans around each step of setup preconfiguration to more easily correlate errors to the process - Capture errors in APM errors - Add stack traces to error logs during package installation to better identify the cause of the error --------- Co-authored-by: kibanamachine <[email protected]>
…stic#171874) ## Summary Closes elastic#171855 Removes the sanitize function from ES|QL strategy **Now** <img width="1790" alt="image" src="https://github.com/elastic/kibana/assets/17003240/67d3d32a-28f9-40c2-9697-070234041323"> **Before** <img width="501" alt="Screenshot 2023-11-23 at 4 29 38 PM" src="https://github.com/elastic/kibana/assets/17003240/e9a1d38e-80cb-4bd0-af21-5afbf31e3aed">
## Summary - Added vertical scroll to the column selection popover - Changed the fixed width of some columns in the cases table https://github.com/elastic/kibana/assets/1533137/08bccc40-792c-4bc0-8a4b-2a007b7257c2
…astic#171970) Closes elastic#171843 ## Summary This PR fixes not showing the threshold line in the following case: <img src="https://github.com/elastic/kibana/assets/12370520/fa0af167-b7f1-499a-a703-b336d4f2414c" width=500 />
…1916) ## Summary Allows searching on the ES|QL reference markdown. This means that now the search will return more results. Examples: - If I search for keep it will return all the occurences of the word keep so the user will see the keep command but also all the other commands that the keep word is used in the examples. I think that this is very useful as the user can see more than 1 examples of a command - If I search for date it will return not only the commands that have the word date but also the commands that allow date in their arguments - As now it searches also to the description it can also return false positive results. I think is an accepted drawback. <img width="1050" alt="image" src="https://github.com/elastic/kibana/assets/17003240/5de45bcf-c0fc-4fbc-bbdf-bdf25fcb89f6"> Note: I am not allowing this for Lens formulas. I introduced a new property to disable it. The implementation works for formulas too but we haven't received any negative feedback so far so I would like to test it in the ES|QL reference first. ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
Fixes elastic#170048 ## Summary This PR adds support in the `UI` for the `custom_details` and links attributes in the Pagerduty connector. ### Release Notes PagerDuty connector now supports the links and custom_details attributes.
…yment (elastic#171921) ## Summary Closes elastic#171883 This PR adds: - Limiting options for "Threads per allocation" control for a model deployment based on the `max_single_ml_node_processors` limit - Validation of the number of allocation according to the `total_ml_processors` field <img width="1018" alt="image" src="https://github.com/elastic/kibana/assets/5236598/b8debd82-5f84-469a-8440-4a48b00a9dc3"> ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
## Summary [Fleet] Improve error handling on epm endpoints. Currently most errors occurring when doing any operation with packages will throw and result in a `500` in the correspondent endpoint. This PR is an attempts to handle those errors in a more comprehensive way and to return meaningful responses. Where I can I'm replacing the generic `Error` with `FleetError`; it calls `Logger.error` and checks if the error belongs to a specific type, if not defaults to 500. The error described in elastic/integrations#8268 will now return a 400: https://github.com/elastic/kibana/pull/171722/files#diff-952b3c1842d5d24d9e70833cae1683e2d78df7b489dc99665dab723cc10927c1R349-R352 ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <[email protected]>
…c#171975) Fixes elastic#167767 ## Summary I added information about whether the custom field is required or not. Additionally, I followed @mdefazio 's comment and changed how we display these to use an`EuiBadge` instead. The color is custom. <img width="1207" alt="Screenshot 2023-11-27 at 11 57 52" src="https://github.com/elastic/kibana/assets/1533137/4c491293-1ccf-4377-843f-55fef45fc9b3">
…mponent template (elastic#170571) Resolves elastic#168959 ## Summary Hard-coding a list of experimental (RFC stage 2) ECS fields to exclude from the ECS component template. These are only the fields that are not currently defined in `ecs_flat.yml`. The only existing field that is excluded is `faas.trigger` which, if included, will cause a mapping conflict exception because of an ECS mapping change from `nested` to `object`. ## To Verify Compare the mappings for the `.alerts-ecs-mappings` component template between `main` and this branch and notice that the `faas.trigger` field is excluded from the component template on this branch. --------- Co-authored-by: Kibana Machine <[email protected]>
Closes elastic#164305 ## Summary This PR adds two `uiCounters` to keep track of when something is clicked in the new Links panel: 1. `dashboardLink:click` - counts when a dashboard link is clicked 2. `externalLink:click` - counts when an external link is clicked These counters can be tracked via the `kibana-ui-counters` data view on the telemetry clusters, like so:  Note that this **only** applies if the `onClick` method is called; if the user, for example, right clicks on the link and selects "Open in new tab" instead, this "click" will not be tracked. To my knowledge, there is no way to track these types of clicks. ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <[email protected]>
…171769) ## Summary Fixes elastic#169907 This PR cleans the ES|QL statement from DROP commands before sending it over for the date histogram chart in Lens. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Stratoula Kalafateli <[email protected]>
…71598) ## Summary Makes the PIT finder more consistent by ignoring empty first page and not yielding it (as this is also what is done for other pages) --------- Co-authored-by: Kibana Machine <[email protected]>
…astic#170056) ## Summary Adding Usage Telemetry for Detection Rules & Secuirty Lists Tasks ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Pete Hampton <[email protected]> Co-authored-by: Pete Hampton <[email protected]>
## Summary Add a new telemetry task to collect diagnostic timelines. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Pete Hampton <[email protected]>
…ic#167902) ## Summary This PR updates the alert preview in Create rule -> Rule preview to use the new expandable alert flyout: - Switched timeline wrapper to be visible on create rule page. This allows us to keep all the timeline navigation in the new expandable alert flyout - Disabled alert specific components, when flyout is open in create rule: - Alert status is not shown - Rule summary preview is disabled - Title link to rule details page is removed - Exclude filter in/filter out hover actions in highlighted fields - New placeholder text for investigation guide and response: we should not show link to documentation when user is setting up a rule With feature flag on: https://github.com/elastic/kibana/assets/18648970/a45e930e-f1e8-4899-aef4-1aa0c3dc3330 **How to test** - Add `xpack.securitySolution.enableExperimental: ['expandableFlyoutInCreateRuleEnabled' ]` to `kibana.yml.dev` - Go to Rules page -> Detection rules (SIEM) => Create rule - Pick a rule type and populate the query, click `Continue` - On the right hand side, click `Refresh`, some alerts should appear in the table - Click expand on a row ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Nikita Indik <[email protected]> Co-authored-by: kibanamachine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
wip