diff --git a/.buildkite/pipelines/artifacts.yml b/.buildkite/pipelines/artifacts.yml index 4a52ee7402823..5b219952c8cf1 100644 --- a/.buildkite/pipelines/artifacts.yml +++ b/.buildkite/pipelines/artifacts.yml @@ -88,7 +88,7 @@ steps: - exit_status: -1 agents: queue: n2-2 - timeout_in_minutes: 30 + timeout_in_minutes: 60 if: "build.env('RELEASE_BUILD') == null || build.env('RELEASE_BUILD') == '' || build.env('RELEASE_BUILD') == 'false'" retry: automatic: diff --git a/.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml b/.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml index feac7bdb17848..2ee943d72ee03 100644 --- a/.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml +++ b/.buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml @@ -46,13 +46,3 @@ steps: USE_GROUP_LABEL: true agents: image: "docker.elastic.co/ci-agent-images/manual-verification-agent:0.0.6" - - - group: "Observability" - steps: - - label: ":judge::seedling: Trigger Manual Tests Phase - Observability" - command: "make -C /agent trigger-manual-verification-phase" - env: - NOTIFICATION_APPENDIX: " please execute your manual testing plan." - USE_GROUP_LABEL: true - agents: - image: "docker.elastic.co/ci-agent-images/manual-verification-agent:0.0.6" diff --git a/.buildkite/pull_requests.json b/.buildkite/pull_requests.json index 41de2dc843d4d..65a3ff6ba2004 100644 --- a/.buildkite/pull_requests.json +++ b/.buildkite/pull_requests.json @@ -55,14 +55,14 @@ "repoName": "kibana", "pipelineSlug": "kibana-kme-test", - "enabled": false, + "enabled": true, "allow_org_users": true, "allowed_repo_permissions": ["admin", "write"], "allowed_list": ["barlowm", "renovate[bot]"], "set_commit_status": true, - "commit_status_context": "kibana-ci", + "commit_status_context": "kibana-ci-test", "build_on_commit": true, - "build_on_comment": true, + "build_on_comment": false, "trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:build|test)\\W+(?:this|it))", "always_trigger_comment_regex": "^(?:(?:buildkite\\W+)?(?:build|test)\\W+(?:this|it))", "skip_ci_labels": [], diff --git a/.ci/Dockerfile b/.ci/Dockerfile index 109b9ffab3cc5..91e0d5bf36a9d 100644 --- a/.ci/Dockerfile +++ b/.ci/Dockerfile @@ -1,7 +1,7 @@ # NOTE: This Dockerfile is ONLY used to run certain tasks in CI. It is not used to run Kibana or as a distributable. # If you're looking for the Kibana Docker image distributable, please see: src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts -ARG NODE_VERSION=18.18.2 +ARG NODE_VERSION=20.9.0 FROM node:${NODE_VERSION} AS base diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index c01799df5a855..7b7b12649a867 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -302,6 +302,7 @@ x-pack/plugins/cross_cluster_replication @elastic/platform-deployment-management packages/kbn-crypto @elastic/kibana-security packages/kbn-crypto-browser @elastic/kibana-core x-pack/plugins/custom_branding @elastic/appex-sharedux +packages/kbn-custom-icons @elastic/obs-ux-logs-team packages/kbn-custom-integrations @elastic/obs-ux-logs-team src/plugins/custom_integrations @elastic/fleet packages/kbn-cypress-config @elastic/kibana-operations @@ -345,6 +346,7 @@ packages/kbn-ebt-tools @elastic/kibana-core packages/kbn-ecs @elastic/kibana-core @elastic/security-threat-hunting-investigations x-pack/packages/security-solution/ecs_data_quality_dashboard @elastic/security-threat-hunting-investigations x-pack/plugins/ecs_data_quality_dashboard @elastic/security-threat-hunting-investigations +packages/kbn-elastic-agent-utils @elastic/obs-ux-logs-team x-pack/packages/kbn-elastic-assistant @elastic/security-solution x-pack/plugins/elastic_assistant @elastic/security-solution test/plugin_functional/plugins/elasticsearch_client_plugin @elastic/kibana-core @@ -1464,6 +1466,7 @@ x-pack/plugins/security_solution/public/overview/components/entity_analytics x-pack/plugins/security_solution/server/lib/entity_analytics @elastic/security-entity-analytics x-pack/plugins/security_solution/server/lib/risk_score @elastic/security-entity-analytics x-pack/test/security_solution_api_integration/test_suites/entity_analytics @elastic/security-entity-analytics +x-pack/plugins/security_solution/public/flyout/entity_details @elastic/security-entity-analytics # Security Defend Workflows - OSQuery Ownership /x-pack/plugins/security_solution/common/api/detection_engine/model/rule_response_actions @elastic/security-defend-workflows diff --git a/.node-version b/.node-version index 87ec8842b158d..f3f52b42d3da9 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -18.18.2 +20.9.0 diff --git a/.nvmrc b/.nvmrc index 87ec8842b158d..f3f52b42d3da9 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -18.18.2 +20.9.0 diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index e614bdff172f9..38802ebef5b1d 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -22,13 +22,13 @@ load("@build_bazel_rules_nodejs//:index.bzl", "node_repositories", "yarn_install # Setup the Node.js toolchain for the architectures we want to support node_repositories( node_repositories = { - "18.18.2-darwin_amd64": ("node-v18.18.2-darwin-x64.tar.gz", "node-v18.18.2-darwin-x64", "5bb8da908ed590e256a69bf2862238c8a67bc4600119f2f7721ca18a7c810c0f"), - "18.18.2-darwin_arm64": ("node-v18.18.2-darwin-arm64.tar.gz", "node-v18.18.2-darwin-arm64", "9f982cc91b28778dd8638e4f94563b0c2a1da7aba62beb72bd427721035ab553"), - "18.18.2-linux_arm64": ("node-v18.18.2-linux-arm64.tar.xz", "node-v18.18.2-linux-arm64", "8a5a03f6a742159c9aa0ae3a99b368cd938cf62f3a5522a2e5acbe6313710efe"), - "18.18.2-linux_amd64": ("node-v18.18.2-linux-x64.tar.xz", "node-v18.18.2-linux-x64", "f7cf590bc7153f3beaa9e1138d00e50d74df223f0bec61f63e7df65f7315b76a"), - "18.18.2-windows_amd64": ("node-v18.18.2-win-x64.zip", "node-v18.18.2-win-x64", "3bb0e51e579a41a22b3bf6cb2f3e79c03801aa17acbe0ca00fc555d1282e7acd"), + "20.9.0-darwin_amd64": ("node-v20.9.0-darwin-x64.tar.gz", "node-v20.9.0-darwin-x64", "fc5b73f2a78c17bbe926cdb1447d652f9f094c79582f1be6471b4b38a2e1ccc8"), + "20.9.0-darwin_arm64": ("node-v20.9.0-darwin-arm64.tar.gz", "node-v20.9.0-darwin-arm64", "31d2d46ae8d8a3982f54e2ff1e60c2e4a8e80bf78a3e8b46dcaac95ac5d7ce6a"), + "20.9.0-linux_arm64": ("node-v20.9.0-linux-arm64.tar.xz", "node-v20.9.0-linux-arm64", "79c07c41c9f2410e35fd8dec61491ba63762e428bffa2ee0ff3aec1afe05d4b1"), + "20.9.0-linux_amd64": ("node-v20.9.0-linux-x64.tar.xz", "node-v20.9.0-linux-x64", "d11a5e06d6fda8d0cb1a759365d2b5e33c609f3c9f333fdc63e0522475dc0c89"), + "20.9.0-windows_amd64": ("node-v20.9.0-win-x64.zip", "node-v20.9.0-win-x64", "70d87dad2378c63216ff83d5a754c61d2886fc39d32ce0d2ea6de763a22d3780"), }, - node_version = "18.18.2", + node_version = "20.9.0", node_urls = [ "https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/dist/v{version}/{filename}", ], diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx index 5005cf25d7fe9..82678433aacc2 100644 --- a/api_docs/actions.mdx +++ b/api_docs/actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/actions title: "actions" image: https://source.unsplash.com/400x175/?github description: API docs for the actions plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'actions'] --- import actionsObj from './actions.devdocs.json'; diff --git a/api_docs/advanced_settings.mdx b/api_docs/advanced_settings.mdx index 86012bf5a7b66..3066b1334eccb 100644 --- a/api_docs/advanced_settings.mdx +++ b/api_docs/advanced_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/advancedSettings title: "advancedSettings" image: https://source.unsplash.com/400x175/?github description: API docs for the advancedSettings plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'advancedSettings'] --- import advancedSettingsObj from './advanced_settings.devdocs.json'; diff --git a/api_docs/aiops.mdx b/api_docs/aiops.mdx index 68d9d7a557364..c14d692c24d5e 100644 --- a/api_docs/aiops.mdx +++ b/api_docs/aiops.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiops title: "aiops" image: https://source.unsplash.com/400x175/?github description: API docs for the aiops plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiops'] --- import aiopsObj from './aiops.devdocs.json'; diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx index b0f51b4c0370a..dbfbad7b56c84 100644 --- a/api_docs/alerting.mdx +++ b/api_docs/alerting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/alerting title: "alerting" image: https://source.unsplash.com/400x175/?github description: API docs for the alerting plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'alerting'] --- import alertingObj from './alerting.devdocs.json'; diff --git a/api_docs/apm.devdocs.json b/api_docs/apm.devdocs.json index 897cd39513a7b..1f8e4fbabe130 100644 --- a/api_docs/apm.devdocs.json +++ b/api_docs/apm.devdocs.json @@ -418,7 +418,7 @@ "label": "APIEndpoint", "description": [], "signature": [ - "\"POST /internal/apm/data_view/static\" | \"GET /internal/apm/data_view/title\" | \"GET /internal/apm/environments\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics_by_transaction_name\" | \"POST /internal/apm/services/{serviceName}/errors/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/samples\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/error/{errorId}\" | \"GET /internal/apm/services/{serviceName}/errors/distribution\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/top_erroneous_transactions\" | \"POST /internal/apm/latency/overall_distribution/transactions\" | \"GET /internal/apm/services/{serviceName}/metrics/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/nodes\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/summary\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/functions_overview\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/active_instances\" | \"GET /internal/apm/observability_overview\" | \"GET /internal/apm/observability_overview/has_data\" | \"GET /internal/apm/service-map\" | \"GET /internal/apm/service-map/service/{serviceName}\" | \"GET /internal/apm/service-map/dependency\" | \"GET /internal/apm/services\" | \"POST /internal/apm/services/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/metadata/details\" | \"GET /internal/apm/services/{serviceName}/metadata/icons\" | \"GET /internal/apm/services/{serviceName}/agent\" | \"GET /internal/apm/services/{serviceName}/transaction_types\" | \"GET /internal/apm/services/{serviceName}/node/{serviceNodeName}/metadata\" | \"GET /api/apm/services/{serviceName}/annotation/search 2023-10-31\" | \"POST /api/apm/services/{serviceName}/annotation 2023-10-31\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/details/{serviceNodeName}\" | \"GET /internal/apm/services/{serviceName}/throughput\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/main_statistics\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/dependencies\" | \"GET /internal/apm/services/{serviceName}/dependencies/breakdown\" | \"GET /internal/apm/services/{serviceName}/anomaly_charts\" | \"GET /internal/apm/services/{serviceName}/alerts_count\" | \"GET /internal/apm/service-groups\" | \"GET /internal/apm/service-group\" | \"POST /internal/apm/service-group\" | \"DELETE /internal/apm/service-group\" | \"GET /internal/apm/service-group/services\" | \"GET /internal/apm/service-group/counts\" | \"GET /internal/apm/suggestions\" | \"GET /internal/apm/traces/{traceId}\" | \"GET /internal/apm/traces\" | \"GET /internal/apm/traces/{traceId}/root_transaction\" | \"GET /internal/apm/transactions/{transactionId}\" | \"GET /internal/apm/traces/find\" | \"POST /internal/apm/traces/aggregated_critical_path\" | \"GET /internal/apm/traces/{traceId}/transactions/{transactionId}\" | \"GET /internal/apm/traces/{traceId}/spans/{spanId}\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/latency\" | \"GET /internal/apm/services/{serviceName}/transactions/traces/samples\" | \"GET /internal/apm/services/{serviceName}/transaction/charts/breakdown\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/error_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate_by_transaction_name\" | \"GET /internal/apm/rule_types/transaction_error_rate/chart_preview\" | \"GET /internal/apm/rule_types/error_count/chart_preview\" | \"GET /internal/apm/rule_types/transaction_duration/chart_preview\" | \"GET /api/apm/settings/agent-configuration 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/view 2023-10-31\" | \"DELETE /api/apm/settings/agent-configuration 2023-10-31\" | \"PUT /api/apm/settings/agent-configuration 2023-10-31\" | \"POST /api/apm/settings/agent-configuration/search 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/environments 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/agent_name 2023-10-31\" | \"GET /internal/apm/settings/anomaly-detection/jobs\" | \"POST /internal/apm/settings/anomaly-detection/jobs\" | \"GET /internal/apm/settings/anomaly-detection/environments\" | \"POST /internal/apm/settings/anomaly-detection/update_to_v3\" | \"GET /internal/apm/settings/apm-index-settings\" | \"GET /internal/apm/settings/apm-indices\" | \"POST /internal/apm/settings/apm-indices/save\" | \"GET /internal/apm/settings/custom_links/transaction\" | \"GET /internal/apm/settings/custom_links\" | \"POST /internal/apm/settings/custom_links\" | \"PUT /internal/apm/settings/custom_links/{id}\" | \"DELETE /internal/apm/settings/custom_links/{id}\" | \"GET /api/apm/sourcemaps 2023-10-31\" | \"POST /api/apm/sourcemaps 2023-10-31\" | \"DELETE /api/apm/sourcemaps/{id} 2023-10-31\" | \"POST /internal/apm/sourcemaps/migrate_fleet_artifacts\" | \"GET /internal/apm/fleet/has_apm_policies\" | \"GET /internal/apm/fleet/agents\" | \"POST /api/apm/fleet/apm_server_schema 2023-10-31\" | \"GET /internal/apm/fleet/apm_server_schema/unsupported\" | \"GET /internal/apm/fleet/migration_check\" | \"POST /internal/apm/fleet/cloud_apm_package_policy\" | \"GET /internal/apm/fleet/java_agent_versions\" | \"GET /internal/apm/dependencies/top_dependencies\" | \"GET /internal/apm/dependencies/upstream_services\" | \"GET /internal/apm/dependencies/metadata\" | \"GET /internal/apm/dependencies/charts/latency\" | \"GET /internal/apm/dependencies/charts/throughput\" | \"GET /internal/apm/dependencies/charts/error_rate\" | \"GET /internal/apm/dependencies/operations\" | \"GET /internal/apm/dependencies/charts/distribution\" | \"GET /internal/apm/dependencies/operations/spans\" | \"GET /internal/apm/correlations/field_candidates/transactions\" | \"GET /internal/apm/correlations/field_value_stats/transactions\" | \"POST /internal/apm/correlations/field_value_pairs/transactions\" | \"POST /internal/apm/correlations/significant_correlations/transactions\" | \"POST /internal/apm/correlations/p_values/transactions\" | \"GET /internal/apm/fallback_to_transactions\" | \"GET /internal/apm/has_data\" | \"GET /internal/apm/event_metadata/{processorEvent}/{id}\" | \"GET /internal/apm/agent_keys\" | \"GET /internal/apm/agent_keys/privileges\" | \"POST /internal/apm/api_key/invalidate\" | \"POST /api/apm/agent_keys 2023-10-31\" | \"GET /internal/apm/storage_explorer\" | \"GET /internal/apm/services/{serviceName}/storage_details\" | \"GET /internal/apm/storage_chart\" | \"GET /internal/apm/storage_explorer/privileges\" | \"GET /internal/apm/storage_explorer_summary_stats\" | \"GET /internal/apm/storage_explorer/is_cross_cluster_search\" | \"GET /internal/apm/storage_explorer/get_services\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/parents\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/children\" | \"GET /internal/apm/services/{serviceName}/infrastructure_attributes\" | \"GET /internal/apm/debug-telemetry\" | \"GET /internal/apm/time_range_metadata\" | \"GET /internal/apm/settings/labs\" | \"GET /internal/apm/get_agents_per_service\" | \"GET /internal/apm/get_latest_agent_versions\" | \"GET /internal/apm/services/{serviceName}/agent_instances\" | \"GET /internal/apm/services/{serviceName}/mobile/filters\" | \"GET /internal/apm/mobile-services/{serviceName}/most_used_charts\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/sessions\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/http_requests\" | \"GET /internal/apm/mobile-services/{serviceName}/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/location/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/terms\" | \"GET /internal/apm/mobile-services/{serviceName}/main_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/detailed_statistics\" | \"GET /internal/apm/diagnostics\" | \"POST /internal/apm/assistant/get_apm_timeseries\" | \"GET /internal/apm/assistant/get_service_summary\" | \"GET /internal/apm/assistant/get_error_document\" | \"POST /internal/apm/assistant/get_correlation_values\" | \"GET /internal/apm/assistant/get_downstream_dependencies\" | \"POST /internal/apm/assistant/get_services_list\" | \"GET /internal/apm/services/{serviceName}/profiling/flamegraph\" | \"GET /internal/apm/profiling/status\" | \"GET /internal/apm/services/{serviceName}/profiling/functions\" | \"POST /internal/apm/custom-dashboard\" | \"DELETE /internal/apm/custom-dashboard\" | \"GET /internal/apm/services/{serviceName}/dashboards\"" + "\"POST /internal/apm/data_view/static\" | \"GET /internal/apm/data_view/index_pattern\" | \"GET /internal/apm/environments\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/groups/main_statistics_by_transaction_name\" | \"POST /internal/apm/services/{serviceName}/errors/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/samples\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/error/{errorId}\" | \"GET /internal/apm/services/{serviceName}/errors/distribution\" | \"GET /internal/apm/services/{serviceName}/errors/{groupId}/top_erroneous_transactions\" | \"POST /internal/apm/latency/overall_distribution/transactions\" | \"GET /internal/apm/services/{serviceName}/metrics/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/nodes\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/charts\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/summary\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/functions_overview\" | \"GET /internal/apm/services/{serviceName}/metrics/serverless/active_instances\" | \"GET /internal/apm/observability_overview\" | \"GET /internal/apm/observability_overview/has_data\" | \"GET /internal/apm/service-map\" | \"GET /internal/apm/service-map/service/{serviceName}\" | \"GET /internal/apm/service-map/dependency\" | \"GET /internal/apm/services\" | \"POST /internal/apm/services/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/metadata/details\" | \"GET /internal/apm/services/{serviceName}/metadata/icons\" | \"GET /internal/apm/services/{serviceName}/agent\" | \"GET /internal/apm/services/{serviceName}/transaction_types\" | \"GET /internal/apm/services/{serviceName}/node/{serviceNodeName}/metadata\" | \"GET /api/apm/services/{serviceName}/annotation/search 2023-10-31\" | \"POST /api/apm/services/{serviceName}/annotation 2023-10-31\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/details/{serviceNodeName}\" | \"GET /internal/apm/services/{serviceName}/throughput\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/main_statistics\" | \"GET /internal/apm/services/{serviceName}/service_overview_instances/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/dependencies\" | \"GET /internal/apm/services/{serviceName}/dependencies/breakdown\" | \"GET /internal/apm/services/{serviceName}/anomaly_charts\" | \"GET /internal/apm/services/{serviceName}/alerts_count\" | \"GET /internal/apm/service-groups\" | \"GET /internal/apm/service-group\" | \"POST /internal/apm/service-group\" | \"DELETE /internal/apm/service-group\" | \"GET /internal/apm/service-group/services\" | \"GET /internal/apm/service-group/counts\" | \"GET /internal/apm/suggestions\" | \"GET /internal/apm/traces/{traceId}\" | \"GET /internal/apm/traces\" | \"GET /internal/apm/traces/{traceId}/root_transaction\" | \"GET /internal/apm/transactions/{transactionId}\" | \"GET /internal/apm/traces/find\" | \"POST /internal/apm/traces/aggregated_critical_path\" | \"GET /internal/apm/traces/{traceId}/transactions/{transactionId}\" | \"GET /internal/apm/traces/{traceId}/spans/{spanId}\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/main_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/groups/detailed_statistics\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/latency\" | \"GET /internal/apm/services/{serviceName}/transactions/traces/samples\" | \"GET /internal/apm/services/{serviceName}/transaction/charts/breakdown\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/error_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate\" | \"GET /internal/apm/services/{serviceName}/transactions/charts/coldstart_rate_by_transaction_name\" | \"GET /internal/apm/rule_types/transaction_error_rate/chart_preview\" | \"GET /internal/apm/rule_types/error_count/chart_preview\" | \"GET /internal/apm/rule_types/transaction_duration/chart_preview\" | \"GET /api/apm/settings/agent-configuration 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/view 2023-10-31\" | \"DELETE /api/apm/settings/agent-configuration 2023-10-31\" | \"PUT /api/apm/settings/agent-configuration 2023-10-31\" | \"POST /api/apm/settings/agent-configuration/search 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/environments 2023-10-31\" | \"GET /api/apm/settings/agent-configuration/agent_name 2023-10-31\" | \"GET /internal/apm/settings/anomaly-detection/jobs\" | \"POST /internal/apm/settings/anomaly-detection/jobs\" | \"GET /internal/apm/settings/anomaly-detection/environments\" | \"POST /internal/apm/settings/anomaly-detection/update_to_v3\" | \"GET /internal/apm/settings/apm-index-settings\" | \"GET /internal/apm/settings/apm-indices\" | \"POST /internal/apm/settings/apm-indices/save\" | \"GET /internal/apm/settings/custom_links/transaction\" | \"GET /internal/apm/settings/custom_links\" | \"POST /internal/apm/settings/custom_links\" | \"PUT /internal/apm/settings/custom_links/{id}\" | \"DELETE /internal/apm/settings/custom_links/{id}\" | \"GET /api/apm/sourcemaps 2023-10-31\" | \"POST /api/apm/sourcemaps 2023-10-31\" | \"DELETE /api/apm/sourcemaps/{id} 2023-10-31\" | \"POST /internal/apm/sourcemaps/migrate_fleet_artifacts\" | \"GET /internal/apm/fleet/has_apm_policies\" | \"GET /internal/apm/fleet/agents\" | \"POST /api/apm/fleet/apm_server_schema 2023-10-31\" | \"GET /internal/apm/fleet/apm_server_schema/unsupported\" | \"GET /internal/apm/fleet/migration_check\" | \"POST /internal/apm/fleet/cloud_apm_package_policy\" | \"GET /internal/apm/fleet/java_agent_versions\" | \"GET /internal/apm/dependencies/top_dependencies\" | \"GET /internal/apm/dependencies/upstream_services\" | \"GET /internal/apm/dependencies/metadata\" | \"GET /internal/apm/dependencies/charts/latency\" | \"GET /internal/apm/dependencies/charts/throughput\" | \"GET /internal/apm/dependencies/charts/error_rate\" | \"GET /internal/apm/dependencies/operations\" | \"GET /internal/apm/dependencies/charts/distribution\" | \"GET /internal/apm/dependencies/operations/spans\" | \"GET /internal/apm/correlations/field_candidates/transactions\" | \"GET /internal/apm/correlations/field_value_stats/transactions\" | \"POST /internal/apm/correlations/field_value_pairs/transactions\" | \"POST /internal/apm/correlations/significant_correlations/transactions\" | \"POST /internal/apm/correlations/p_values/transactions\" | \"GET /internal/apm/fallback_to_transactions\" | \"GET /internal/apm/has_data\" | \"GET /internal/apm/event_metadata/{processorEvent}/{id}\" | \"GET /internal/apm/agent_keys\" | \"GET /internal/apm/agent_keys/privileges\" | \"POST /internal/apm/api_key/invalidate\" | \"POST /api/apm/agent_keys 2023-10-31\" | \"GET /internal/apm/storage_explorer\" | \"GET /internal/apm/services/{serviceName}/storage_details\" | \"GET /internal/apm/storage_chart\" | \"GET /internal/apm/storage_explorer/privileges\" | \"GET /internal/apm/storage_explorer_summary_stats\" | \"GET /internal/apm/storage_explorer/is_cross_cluster_search\" | \"GET /internal/apm/storage_explorer/get_services\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/parents\" | \"GET /internal/apm/traces/{traceId}/span_links/{spanId}/children\" | \"GET /internal/apm/services/{serviceName}/infrastructure_attributes\" | \"GET /internal/apm/debug-telemetry\" | \"GET /internal/apm/time_range_metadata\" | \"GET /internal/apm/settings/labs\" | \"GET /internal/apm/get_agents_per_service\" | \"GET /internal/apm/get_latest_agent_versions\" | \"GET /internal/apm/services/{serviceName}/agent_instances\" | \"GET /internal/apm/services/{serviceName}/mobile/filters\" | \"GET /internal/apm/mobile-services/{serviceName}/most_used_charts\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/sessions\" | \"GET /internal/apm/mobile-services/{serviceName}/transactions/charts/http_requests\" | \"GET /internal/apm/mobile-services/{serviceName}/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/location/stats\" | \"GET /internal/apm/mobile-services/{serviceName}/terms\" | \"GET /internal/apm/mobile-services/{serviceName}/main_statistics\" | \"GET /internal/apm/mobile-services/{serviceName}/detailed_statistics\" | \"GET /internal/apm/diagnostics\" | \"POST /internal/apm/assistant/get_apm_timeseries\" | \"GET /internal/apm/assistant/get_service_summary\" | \"GET /internal/apm/assistant/get_error_document\" | \"POST /internal/apm/assistant/get_correlation_values\" | \"GET /internal/apm/assistant/get_downstream_dependencies\" | \"POST /internal/apm/assistant/get_services_list\" | \"GET /internal/apm/services/{serviceName}/profiling/flamegraph\" | \"GET /internal/apm/profiling/status\" | \"GET /internal/apm/services/{serviceName}/profiling/functions\" | \"POST /internal/apm/custom-dashboard\" | \"DELETE /internal/apm/custom-dashboard\" | \"GET /internal/apm/services/{serviceName}/dashboards\"" ], "path": "x-pack/plugins/apm/server/routes/apm_routes/get_global_apm_server_route_repository.ts", "deprecated": false, @@ -7373,9 +7373,9 @@ }, ">)[]; }>; } & ", "APMRouteCreateOptions", - "; \"GET /internal/apm/data_view/title\": { endpoint: \"GET /internal/apm/data_view/title\"; params?: undefined; handler: ({}: ", + "; \"GET /internal/apm/data_view/index_pattern\": { endpoint: \"GET /internal/apm/data_view/index_pattern\"; params?: undefined; handler: ({}: ", "APMRouteHandlerResources", - ") => Promise<{ apmDataViewTitle: string; }>; } & ", + ") => Promise<{ apmDataViewIndexPattern: string; }>; } & ", "APMRouteCreateOptions", "; \"POST /internal/apm/data_view/static\": { endpoint: \"POST /internal/apm/data_view/static\"; params?: undefined; handler: ({}: ", "APMRouteHandlerResources", diff --git a/api_docs/apm.mdx b/api_docs/apm.mdx index 78794b06dac51..b84e7790f9f78 100644 --- a/api_docs/apm.mdx +++ b/api_docs/apm.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apm title: "apm" image: https://source.unsplash.com/400x175/?github description: API docs for the apm plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apm'] --- import apmObj from './apm.devdocs.json'; diff --git a/api_docs/apm_data_access.mdx b/api_docs/apm_data_access.mdx index 0380e2a03e828..a737a3aa03cc1 100644 --- a/api_docs/apm_data_access.mdx +++ b/api_docs/apm_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apmDataAccess title: "apmDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the apmDataAccess plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apmDataAccess'] --- import apmDataAccessObj from './apm_data_access.devdocs.json'; diff --git a/api_docs/asset_manager.mdx b/api_docs/asset_manager.mdx index b46754e0c7f01..c3fd98697b22e 100644 --- a/api_docs/asset_manager.mdx +++ b/api_docs/asset_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/assetManager title: "assetManager" image: https://source.unsplash.com/400x175/?github description: API docs for the assetManager plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'assetManager'] --- import assetManagerObj from './asset_manager.devdocs.json'; diff --git a/api_docs/banners.mdx b/api_docs/banners.mdx index 09c93351b2944..e242cf936564d 100644 --- a/api_docs/banners.mdx +++ b/api_docs/banners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/banners title: "banners" image: https://source.unsplash.com/400x175/?github description: API docs for the banners plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'banners'] --- import bannersObj from './banners.devdocs.json'; diff --git a/api_docs/bfetch.mdx b/api_docs/bfetch.mdx index 4af81d477a5eb..564ea0889cab6 100644 --- a/api_docs/bfetch.mdx +++ b/api_docs/bfetch.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/bfetch title: "bfetch" image: https://source.unsplash.com/400x175/?github description: API docs for the bfetch plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'bfetch'] --- import bfetchObj from './bfetch.devdocs.json'; diff --git a/api_docs/canvas.mdx b/api_docs/canvas.mdx index 48f6d29b8b957..a527e0f36e938 100644 --- a/api_docs/canvas.mdx +++ b/api_docs/canvas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/canvas title: "canvas" image: https://source.unsplash.com/400x175/?github description: API docs for the canvas plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'canvas'] --- import canvasObj from './canvas.devdocs.json'; diff --git a/api_docs/cases.mdx b/api_docs/cases.mdx index 05525c5dc98d4..4a0be26d524c0 100644 --- a/api_docs/cases.mdx +++ b/api_docs/cases.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cases title: "cases" image: https://source.unsplash.com/400x175/?github description: API docs for the cases plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cases'] --- import casesObj from './cases.devdocs.json'; diff --git a/api_docs/charts.mdx b/api_docs/charts.mdx index 87c6436f4ce96..f9cc38fc08317 100644 --- a/api_docs/charts.mdx +++ b/api_docs/charts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/charts title: "charts" image: https://source.unsplash.com/400x175/?github description: API docs for the charts plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'charts'] --- import chartsObj from './charts.devdocs.json'; diff --git a/api_docs/cloud.mdx b/api_docs/cloud.mdx index 6e21de24bd29c..072ea50c708e3 100644 --- a/api_docs/cloud.mdx +++ b/api_docs/cloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloud title: "cloud" image: https://source.unsplash.com/400x175/?github description: API docs for the cloud plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloud'] --- import cloudObj from './cloud.devdocs.json'; diff --git a/api_docs/cloud_data_migration.mdx b/api_docs/cloud_data_migration.mdx index 3349e6c25f48d..6ee5118a9f63b 100644 --- a/api_docs/cloud_data_migration.mdx +++ b/api_docs/cloud_data_migration.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDataMigration title: "cloudDataMigration" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDataMigration plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDataMigration'] --- import cloudDataMigrationObj from './cloud_data_migration.devdocs.json'; diff --git a/api_docs/cloud_defend.mdx b/api_docs/cloud_defend.mdx index bb1c772490f05..4f48d4c980a47 100644 --- a/api_docs/cloud_defend.mdx +++ b/api_docs/cloud_defend.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDefend title: "cloudDefend" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDefend plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDefend'] --- import cloudDefendObj from './cloud_defend.devdocs.json'; diff --git a/api_docs/cloud_experiments.mdx b/api_docs/cloud_experiments.mdx index a6802060ffe9b..2f9e2f7f891aa 100644 --- a/api_docs/cloud_experiments.mdx +++ b/api_docs/cloud_experiments.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudExperiments title: "cloudExperiments" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudExperiments plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudExperiments'] --- import cloudExperimentsObj from './cloud_experiments.devdocs.json'; diff --git a/api_docs/cloud_security_posture.mdx b/api_docs/cloud_security_posture.mdx index 133257b1ea0e2..c918913f93c8e 100644 --- a/api_docs/cloud_security_posture.mdx +++ b/api_docs/cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudSecurityPosture title: "cloudSecurityPosture" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudSecurityPosture plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudSecurityPosture'] --- import cloudSecurityPostureObj from './cloud_security_posture.devdocs.json'; diff --git a/api_docs/console.mdx b/api_docs/console.mdx index 3d1e3c2e8692a..6ab20e88642c0 100644 --- a/api_docs/console.mdx +++ b/api_docs/console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/console title: "console" image: https://source.unsplash.com/400x175/?github description: API docs for the console plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'console'] --- import consoleObj from './console.devdocs.json'; diff --git a/api_docs/content_management.mdx b/api_docs/content_management.mdx index 065454a652510..687bbb3564a0e 100644 --- a/api_docs/content_management.mdx +++ b/api_docs/content_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/contentManagement title: "contentManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the contentManagement plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'contentManagement'] --- import contentManagementObj from './content_management.devdocs.json'; diff --git a/api_docs/controls.mdx b/api_docs/controls.mdx index 1415ab36ff35a..0e78ff8d63bc3 100644 --- a/api_docs/controls.mdx +++ b/api_docs/controls.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/controls title: "controls" image: https://source.unsplash.com/400x175/?github description: API docs for the controls plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'controls'] --- import controlsObj from './controls.devdocs.json'; diff --git a/api_docs/custom_integrations.mdx b/api_docs/custom_integrations.mdx index c990e8cce4b7a..9128f586088e5 100644 --- a/api_docs/custom_integrations.mdx +++ b/api_docs/custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/customIntegrations title: "customIntegrations" image: https://source.unsplash.com/400x175/?github description: API docs for the customIntegrations plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'customIntegrations'] --- import customIntegrationsObj from './custom_integrations.devdocs.json'; diff --git a/api_docs/dashboard.mdx b/api_docs/dashboard.mdx index ada220efed5bd..a468f244085c6 100644 --- a/api_docs/dashboard.mdx +++ b/api_docs/dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboard title: "dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboard plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboard'] --- import dashboardObj from './dashboard.devdocs.json'; diff --git a/api_docs/dashboard_enhanced.mdx b/api_docs/dashboard_enhanced.mdx index ac4f08d110025..c3b9a1685c769 100644 --- a/api_docs/dashboard_enhanced.mdx +++ b/api_docs/dashboard_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboardEnhanced title: "dashboardEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboardEnhanced plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboardEnhanced'] --- import dashboardEnhancedObj from './dashboard_enhanced.devdocs.json'; diff --git a/api_docs/data.mdx b/api_docs/data.mdx index 64d2264b64978..043b2e706493c 100644 --- a/api_docs/data.mdx +++ b/api_docs/data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data title: "data" image: https://source.unsplash.com/400x175/?github description: API docs for the data plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data'] --- import dataObj from './data.devdocs.json'; diff --git a/api_docs/data_query.mdx b/api_docs/data_query.mdx index a8dfba6205174..95d6ffb8041d8 100644 --- a/api_docs/data_query.mdx +++ b/api_docs/data_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-query title: "data.query" image: https://source.unsplash.com/400x175/?github description: API docs for the data.query plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.query'] --- import dataQueryObj from './data_query.devdocs.json'; diff --git a/api_docs/data_search.mdx b/api_docs/data_search.mdx index 453a2de382c4d..1ef69eff529d1 100644 --- a/api_docs/data_search.mdx +++ b/api_docs/data_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-search title: "data.search" image: https://source.unsplash.com/400x175/?github description: API docs for the data.search plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.search'] --- import dataSearchObj from './data_search.devdocs.json'; diff --git a/api_docs/data_view_editor.mdx b/api_docs/data_view_editor.mdx index 4619053dce726..6484d822c69a9 100644 --- a/api_docs/data_view_editor.mdx +++ b/api_docs/data_view_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewEditor title: "dataViewEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewEditor plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewEditor'] --- import dataViewEditorObj from './data_view_editor.devdocs.json'; diff --git a/api_docs/data_view_field_editor.mdx b/api_docs/data_view_field_editor.mdx index 470ce4ee60f4c..7e4a49ec9e83d 100644 --- a/api_docs/data_view_field_editor.mdx +++ b/api_docs/data_view_field_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewFieldEditor title: "dataViewFieldEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewFieldEditor plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewFieldEditor'] --- import dataViewFieldEditorObj from './data_view_field_editor.devdocs.json'; diff --git a/api_docs/data_view_management.mdx b/api_docs/data_view_management.mdx index fda5fc445cc5c..6131c415a04ac 100644 --- a/api_docs/data_view_management.mdx +++ b/api_docs/data_view_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewManagement title: "dataViewManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewManagement plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewManagement'] --- import dataViewManagementObj from './data_view_management.devdocs.json'; diff --git a/api_docs/data_views.mdx b/api_docs/data_views.mdx index 66f0949e9dcb3..4f61e3cce929e 100644 --- a/api_docs/data_views.mdx +++ b/api_docs/data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViews title: "dataViews" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViews plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViews'] --- import dataViewsObj from './data_views.devdocs.json'; diff --git a/api_docs/data_visualizer.mdx b/api_docs/data_visualizer.mdx index 3c6690830099f..8aec0b9b2e31d 100644 --- a/api_docs/data_visualizer.mdx +++ b/api_docs/data_visualizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataVisualizer title: "dataVisualizer" image: https://source.unsplash.com/400x175/?github description: API docs for the dataVisualizer plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataVisualizer'] --- import dataVisualizerObj from './data_visualizer.devdocs.json'; diff --git a/api_docs/dataset_quality.mdx b/api_docs/dataset_quality.mdx index 22c26500372eb..fd897f93822a4 100644 --- a/api_docs/dataset_quality.mdx +++ b/api_docs/dataset_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/datasetQuality title: "datasetQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the datasetQuality plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'datasetQuality'] --- import datasetQualityObj from './dataset_quality.devdocs.json'; diff --git a/api_docs/deprecations_by_api.mdx b/api_docs/deprecations_by_api.mdx index d89f5cb66803e..76ed656e45c0e 100644 --- a/api_docs/deprecations_by_api.mdx +++ b/api_docs/deprecations_by_api.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByApi slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-api title: Deprecated API usage by API description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/deprecations_by_plugin.mdx b/api_docs/deprecations_by_plugin.mdx index 25d0ceeeef16e..498a4fe745f18 100644 --- a/api_docs/deprecations_by_plugin.mdx +++ b/api_docs/deprecations_by_plugin.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByPlugin slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-plugin title: Deprecated API usage by plugin description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/deprecations_by_team.mdx b/api_docs/deprecations_by_team.mdx index 0c39e7944e3cb..7804abf2afe55 100644 --- a/api_docs/deprecations_by_team.mdx +++ b/api_docs/deprecations_by_team.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsDueByTeam slug: /kibana-dev-docs/api-meta/deprecations-due-by-team title: Deprecated APIs due to be removed, by team description: Lists the teams that are referencing deprecated APIs with a remove by date. -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/dev_tools.mdx b/api_docs/dev_tools.mdx index 80fa303565fb8..e09ade4065375 100644 --- a/api_docs/dev_tools.mdx +++ b/api_docs/dev_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/devTools title: "devTools" image: https://source.unsplash.com/400x175/?github description: API docs for the devTools plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'devTools'] --- import devToolsObj from './dev_tools.devdocs.json'; diff --git a/api_docs/discover.mdx b/api_docs/discover.mdx index 0ba7f591189f0..1345ef75ad6ac 100644 --- a/api_docs/discover.mdx +++ b/api_docs/discover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discover title: "discover" image: https://source.unsplash.com/400x175/?github description: API docs for the discover plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discover'] --- import discoverObj from './discover.devdocs.json'; diff --git a/api_docs/discover_enhanced.mdx b/api_docs/discover_enhanced.mdx index b1af3b5c4920a..d557ebe34a18e 100644 --- a/api_docs/discover_enhanced.mdx +++ b/api_docs/discover_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverEnhanced title: "discoverEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverEnhanced plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverEnhanced'] --- import discoverEnhancedObj from './discover_enhanced.devdocs.json'; diff --git a/api_docs/ecs_data_quality_dashboard.mdx b/api_docs/ecs_data_quality_dashboard.mdx index 01ddec3b29d69..44f3dcdddecce 100644 --- a/api_docs/ecs_data_quality_dashboard.mdx +++ b/api_docs/ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ecsDataQualityDashboard title: "ecsDataQualityDashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the ecsDataQualityDashboard plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ecsDataQualityDashboard'] --- import ecsDataQualityDashboardObj from './ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/elastic_assistant.mdx b/api_docs/elastic_assistant.mdx index 67f94a9780f67..34dd65504fd90 100644 --- a/api_docs/elastic_assistant.mdx +++ b/api_docs/elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/elasticAssistant title: "elasticAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the elasticAssistant plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'elasticAssistant'] --- import elasticAssistantObj from './elastic_assistant.devdocs.json'; diff --git a/api_docs/embeddable.mdx b/api_docs/embeddable.mdx index 37f87daa7a06c..50e7440f41381 100644 --- a/api_docs/embeddable.mdx +++ b/api_docs/embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddable title: "embeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddable plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddable'] --- import embeddableObj from './embeddable.devdocs.json'; diff --git a/api_docs/embeddable_enhanced.mdx b/api_docs/embeddable_enhanced.mdx index e35d00acdc4d9..de533bfb6a1ea 100644 --- a/api_docs/embeddable_enhanced.mdx +++ b/api_docs/embeddable_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddableEnhanced title: "embeddableEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddableEnhanced plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddableEnhanced'] --- import embeddableEnhancedObj from './embeddable_enhanced.devdocs.json'; diff --git a/api_docs/encrypted_saved_objects.mdx b/api_docs/encrypted_saved_objects.mdx index 031e9a12b93cc..051d9e2f093e7 100644 --- a/api_docs/encrypted_saved_objects.mdx +++ b/api_docs/encrypted_saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/encryptedSavedObjects title: "encryptedSavedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the encryptedSavedObjects plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'encryptedSavedObjects'] --- import encryptedSavedObjectsObj from './encrypted_saved_objects.devdocs.json'; diff --git a/api_docs/enterprise_search.mdx b/api_docs/enterprise_search.mdx index ea7c2d5bbe3e5..79083831bd706 100644 --- a/api_docs/enterprise_search.mdx +++ b/api_docs/enterprise_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/enterpriseSearch title: "enterpriseSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the enterpriseSearch plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'enterpriseSearch'] --- import enterpriseSearchObj from './enterprise_search.devdocs.json'; diff --git a/api_docs/es_ui_shared.mdx b/api_docs/es_ui_shared.mdx index f238078f1c5be..00276211783ba 100644 --- a/api_docs/es_ui_shared.mdx +++ b/api_docs/es_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esUiShared title: "esUiShared" image: https://source.unsplash.com/400x175/?github description: API docs for the esUiShared plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esUiShared'] --- import esUiSharedObj from './es_ui_shared.devdocs.json'; diff --git a/api_docs/event_annotation.mdx b/api_docs/event_annotation.mdx index f9b9cfcfd2794..3bdc056cfc18a 100644 --- a/api_docs/event_annotation.mdx +++ b/api_docs/event_annotation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotation title: "eventAnnotation" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotation plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotation'] --- import eventAnnotationObj from './event_annotation.devdocs.json'; diff --git a/api_docs/event_annotation_listing.mdx b/api_docs/event_annotation_listing.mdx index 5fbc055ffdf2e..ad63fbc3e4fb1 100644 --- a/api_docs/event_annotation_listing.mdx +++ b/api_docs/event_annotation_listing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotationListing title: "eventAnnotationListing" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotationListing plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotationListing'] --- import eventAnnotationListingObj from './event_annotation_listing.devdocs.json'; diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx index c3fecb25dd392..958b808a50233 100644 --- a/api_docs/event_log.mdx +++ b/api_docs/event_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventLog title: "eventLog" image: https://source.unsplash.com/400x175/?github description: API docs for the eventLog plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventLog'] --- import eventLogObj from './event_log.devdocs.json'; diff --git a/api_docs/exploratory_view.mdx b/api_docs/exploratory_view.mdx index 5f5433788d60a..9baad8ed30a74 100644 --- a/api_docs/exploratory_view.mdx +++ b/api_docs/exploratory_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/exploratoryView title: "exploratoryView" image: https://source.unsplash.com/400x175/?github description: API docs for the exploratoryView plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'exploratoryView'] --- import exploratoryViewObj from './exploratory_view.devdocs.json'; diff --git a/api_docs/expression_error.mdx b/api_docs/expression_error.mdx index 718e883e3ec1a..cd5534e73bd64 100644 --- a/api_docs/expression_error.mdx +++ b/api_docs/expression_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionError title: "expressionError" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionError plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionError'] --- import expressionErrorObj from './expression_error.devdocs.json'; diff --git a/api_docs/expression_gauge.mdx b/api_docs/expression_gauge.mdx index d7966841d2240..1871f53f5df45 100644 --- a/api_docs/expression_gauge.mdx +++ b/api_docs/expression_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionGauge title: "expressionGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionGauge plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionGauge'] --- import expressionGaugeObj from './expression_gauge.devdocs.json'; diff --git a/api_docs/expression_heatmap.mdx b/api_docs/expression_heatmap.mdx index 59de4b3cee365..e5b047559483b 100644 --- a/api_docs/expression_heatmap.mdx +++ b/api_docs/expression_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionHeatmap title: "expressionHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionHeatmap plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionHeatmap'] --- import expressionHeatmapObj from './expression_heatmap.devdocs.json'; diff --git a/api_docs/expression_image.mdx b/api_docs/expression_image.mdx index 995d5c9b995ff..db8a9d719a41b 100644 --- a/api_docs/expression_image.mdx +++ b/api_docs/expression_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionImage title: "expressionImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionImage plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionImage'] --- import expressionImageObj from './expression_image.devdocs.json'; diff --git a/api_docs/expression_legacy_metric_vis.mdx b/api_docs/expression_legacy_metric_vis.mdx index b698209cdc81a..72e1fe6f37c85 100644 --- a/api_docs/expression_legacy_metric_vis.mdx +++ b/api_docs/expression_legacy_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionLegacyMetricVis title: "expressionLegacyMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionLegacyMetricVis plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionLegacyMetricVis'] --- import expressionLegacyMetricVisObj from './expression_legacy_metric_vis.devdocs.json'; diff --git a/api_docs/expression_metric.mdx b/api_docs/expression_metric.mdx index 9ceeecd7b391a..bc0e4be2e99b8 100644 --- a/api_docs/expression_metric.mdx +++ b/api_docs/expression_metric.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetric title: "expressionMetric" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetric plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetric'] --- import expressionMetricObj from './expression_metric.devdocs.json'; diff --git a/api_docs/expression_metric_vis.mdx b/api_docs/expression_metric_vis.mdx index dca5016b57184..0416ed3733bd0 100644 --- a/api_docs/expression_metric_vis.mdx +++ b/api_docs/expression_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetricVis title: "expressionMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetricVis plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetricVis'] --- import expressionMetricVisObj from './expression_metric_vis.devdocs.json'; diff --git a/api_docs/expression_partition_vis.mdx b/api_docs/expression_partition_vis.mdx index 68cbd998dae3b..2448a4e0b4710 100644 --- a/api_docs/expression_partition_vis.mdx +++ b/api_docs/expression_partition_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionPartitionVis title: "expressionPartitionVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionPartitionVis plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionPartitionVis'] --- import expressionPartitionVisObj from './expression_partition_vis.devdocs.json'; diff --git a/api_docs/expression_repeat_image.mdx b/api_docs/expression_repeat_image.mdx index 66e5a36b829f4..114eabcf97d55 100644 --- a/api_docs/expression_repeat_image.mdx +++ b/api_docs/expression_repeat_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRepeatImage title: "expressionRepeatImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRepeatImage plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRepeatImage'] --- import expressionRepeatImageObj from './expression_repeat_image.devdocs.json'; diff --git a/api_docs/expression_reveal_image.mdx b/api_docs/expression_reveal_image.mdx index b243037769a26..24b09175b58b1 100644 --- a/api_docs/expression_reveal_image.mdx +++ b/api_docs/expression_reveal_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRevealImage title: "expressionRevealImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRevealImage plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRevealImage'] --- import expressionRevealImageObj from './expression_reveal_image.devdocs.json'; diff --git a/api_docs/expression_shape.mdx b/api_docs/expression_shape.mdx index e9a41ca5cea52..7d85211b4ad1d 100644 --- a/api_docs/expression_shape.mdx +++ b/api_docs/expression_shape.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionShape title: "expressionShape" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionShape plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionShape'] --- import expressionShapeObj from './expression_shape.devdocs.json'; diff --git a/api_docs/expression_tagcloud.mdx b/api_docs/expression_tagcloud.mdx index 92bc9b333f8e8..3b39a61436890 100644 --- a/api_docs/expression_tagcloud.mdx +++ b/api_docs/expression_tagcloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionTagcloud title: "expressionTagcloud" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionTagcloud plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionTagcloud'] --- import expressionTagcloudObj from './expression_tagcloud.devdocs.json'; diff --git a/api_docs/expression_x_y.mdx b/api_docs/expression_x_y.mdx index 40d421069cd00..1ae39611bd16b 100644 --- a/api_docs/expression_x_y.mdx +++ b/api_docs/expression_x_y.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionXY title: "expressionXY" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionXY plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionXY'] --- import expressionXYObj from './expression_x_y.devdocs.json'; diff --git a/api_docs/expressions.devdocs.json b/api_docs/expressions.devdocs.json index b22b81fce29c4..6c9f54399a958 100644 --- a/api_docs/expressions.devdocs.json +++ b/api_docs/expressions.devdocs.json @@ -3802,7 +3802,7 @@ "id": "def-public.ExpressionRenderHandler.Unnamed.$2", "type": "Object", "tags": [], - "label": "{\n onRenderError,\n renderMode,\n syncColors,\n syncTooltips,\n syncCursor,\n interactive,\n hasCompatibleActions = async () => false,\n getCompatibleCellValueActions = async () => [],\n executionContext,\n shouldShowLegendAction,\n }", + "label": "{\n onRenderError,\n renderMode,\n syncColors,\n syncTooltips,\n syncCursor,\n interactive,\n hasCompatibleActions = async () => false,\n getCompatibleCellValueActions = async () => [],\n executionContext,\n }", "description": [], "signature": [ "ExpressionRenderHandlerParams" @@ -7350,38 +7350,6 @@ } ], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-public.ExecutionContext.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-public.ExecutionContext.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -11012,38 +10980,6 @@ "path": "src/plugins/expressions/public/types/index.ts", "deprecated": false, "trackAdoption": false - }, - { - "parentPluginId": "expressions", - "id": "def-public.IExpressionLoaderParams.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/public/types/index.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-public.IExpressionLoaderParams.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/public/types/index.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -11426,38 +11362,6 @@ "trackAdoption": false, "children": [], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-public.IInterpreterRenderHandlers.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-public.IInterpreterRenderHandlers.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -11801,38 +11705,6 @@ "path": "src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx", "deprecated": false, "trackAdoption": false - }, - { - "parentPluginId": "expressions", - "id": "def-public.ReactExpressionRendererProps.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-public.ReactExpressionRendererProps.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -18885,38 +18757,6 @@ } ], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-server.ExecutionContext.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-server.ExecutionContext.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -21566,38 +21406,6 @@ "trackAdoption": false, "children": [], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-server.IInterpreterRenderHandlers.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-server.IInterpreterRenderHandlers.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -31016,38 +30824,6 @@ } ], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-common.ExecutionContext.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-common.ExecutionContext.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/execution/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false @@ -35922,38 +35698,6 @@ "trackAdoption": false, "children": [], "returnComment": [] - }, - { - "parentPluginId": "expressions", - "id": "def-common.IInterpreterRenderHandlers.shouldShowLegendAction", - "type": "Function", - "tags": [], - "label": "shouldShowLegendAction", - "description": [], - "signature": [ - "((actionId: string) => boolean) | undefined" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "expressions", - "id": "def-common.IInterpreterRenderHandlers.shouldShowLegendAction.$1", - "type": "string", - "tags": [], - "label": "actionId", - "description": [], - "signature": [ - "string" - ], - "path": "src/plugins/expressions/common/expression_renderers/types.ts", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [] } ], "initialIsOpen": false diff --git a/api_docs/expressions.mdx b/api_docs/expressions.mdx index 387b5409e682b..736777d1ac783 100644 --- a/api_docs/expressions.mdx +++ b/api_docs/expressions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressions title: "expressions" image: https://source.unsplash.com/400x175/?github description: API docs for the expressions plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressions'] --- import expressionsObj from './expressions.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/k | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 2224 | 17 | 1765 | 5 | +| 2208 | 17 | 1749 | 5 | ## Client diff --git a/api_docs/features.mdx b/api_docs/features.mdx index 72ff7bff6de08..7e26df9d8ab0a 100644 --- a/api_docs/features.mdx +++ b/api_docs/features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/features title: "features" image: https://source.unsplash.com/400x175/?github description: API docs for the features plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'features'] --- import featuresObj from './features.devdocs.json'; diff --git a/api_docs/field_formats.mdx b/api_docs/field_formats.mdx index 0ef0c5e3af10a..6a2758ad6bbce 100644 --- a/api_docs/field_formats.mdx +++ b/api_docs/field_formats.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldFormats title: "fieldFormats" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldFormats plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldFormats'] --- import fieldFormatsObj from './field_formats.devdocs.json'; diff --git a/api_docs/file_upload.mdx b/api_docs/file_upload.mdx index 03baa71f2952a..9dcda19534d67 100644 --- a/api_docs/file_upload.mdx +++ b/api_docs/file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fileUpload title: "fileUpload" image: https://source.unsplash.com/400x175/?github description: API docs for the fileUpload plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fileUpload'] --- import fileUploadObj from './file_upload.devdocs.json'; diff --git a/api_docs/files.mdx b/api_docs/files.mdx index 8e19e569edd07..465df5bdefa87 100644 --- a/api_docs/files.mdx +++ b/api_docs/files.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/files title: "files" image: https://source.unsplash.com/400x175/?github description: API docs for the files plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'files'] --- import filesObj from './files.devdocs.json'; diff --git a/api_docs/files_management.mdx b/api_docs/files_management.mdx index 374d47ee3513f..c902738572789 100644 --- a/api_docs/files_management.mdx +++ b/api_docs/files_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/filesManagement title: "filesManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the filesManagement plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'filesManagement'] --- import filesManagementObj from './files_management.devdocs.json'; diff --git a/api_docs/fleet.mdx b/api_docs/fleet.mdx index eaf9e5723bb77..1744f38c82daa 100644 --- a/api_docs/fleet.mdx +++ b/api_docs/fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fleet title: "fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the fleet plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fleet'] --- import fleetObj from './fleet.devdocs.json'; diff --git a/api_docs/global_search.mdx b/api_docs/global_search.mdx index c51aa229be501..4a554a725fff8 100644 --- a/api_docs/global_search.mdx +++ b/api_docs/global_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/globalSearch title: "globalSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the globalSearch plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'globalSearch'] --- import globalSearchObj from './global_search.devdocs.json'; diff --git a/api_docs/guided_onboarding.mdx b/api_docs/guided_onboarding.mdx index 4e6ecf30deab5..ac7d8013ba6d3 100644 --- a/api_docs/guided_onboarding.mdx +++ b/api_docs/guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/guidedOnboarding title: "guidedOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the guidedOnboarding plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'guidedOnboarding'] --- import guidedOnboardingObj from './guided_onboarding.devdocs.json'; diff --git a/api_docs/home.mdx b/api_docs/home.mdx index c381da1128055..c4208655916d0 100644 --- a/api_docs/home.mdx +++ b/api_docs/home.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/home title: "home" image: https://source.unsplash.com/400x175/?github description: API docs for the home plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'home'] --- import homeObj from './home.devdocs.json'; diff --git a/api_docs/image_embeddable.mdx b/api_docs/image_embeddable.mdx index 783b474675be8..e49f3b0377704 100644 --- a/api_docs/image_embeddable.mdx +++ b/api_docs/image_embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/imageEmbeddable title: "imageEmbeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the imageEmbeddable plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'imageEmbeddable'] --- import imageEmbeddableObj from './image_embeddable.devdocs.json'; diff --git a/api_docs/index_lifecycle_management.mdx b/api_docs/index_lifecycle_management.mdx index 6f859647c9a67..c96652dc1d2fc 100644 --- a/api_docs/index_lifecycle_management.mdx +++ b/api_docs/index_lifecycle_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexLifecycleManagement title: "indexLifecycleManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexLifecycleManagement plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexLifecycleManagement'] --- import indexLifecycleManagementObj from './index_lifecycle_management.devdocs.json'; diff --git a/api_docs/index_management.mdx b/api_docs/index_management.mdx index e5f76bc58c88f..2639af5535e1e 100644 --- a/api_docs/index_management.mdx +++ b/api_docs/index_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexManagement title: "indexManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexManagement plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexManagement'] --- import indexManagementObj from './index_management.devdocs.json'; diff --git a/api_docs/infra.mdx b/api_docs/infra.mdx index 1c7819b4a2947..71420826df6db 100644 --- a/api_docs/infra.mdx +++ b/api_docs/infra.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/infra title: "infra" image: https://source.unsplash.com/400x175/?github description: API docs for the infra plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'infra'] --- import infraObj from './infra.devdocs.json'; diff --git a/api_docs/inspector.mdx b/api_docs/inspector.mdx index 2dcf79a427122..9660dc20f7aa2 100644 --- a/api_docs/inspector.mdx +++ b/api_docs/inspector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inspector title: "inspector" image: https://source.unsplash.com/400x175/?github description: API docs for the inspector plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inspector'] --- import inspectorObj from './inspector.devdocs.json'; diff --git a/api_docs/interactive_setup.mdx b/api_docs/interactive_setup.mdx index 0dc175595a180..288958199e0b7 100644 --- a/api_docs/interactive_setup.mdx +++ b/api_docs/interactive_setup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/interactiveSetup title: "interactiveSetup" image: https://source.unsplash.com/400x175/?github description: API docs for the interactiveSetup plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'interactiveSetup'] --- import interactiveSetupObj from './interactive_setup.devdocs.json'; diff --git a/api_docs/kbn_ace.mdx b/api_docs/kbn_ace.mdx index 8cb403d5ba132..30af81a5a462f 100644 --- a/api_docs/kbn_ace.mdx +++ b/api_docs/kbn_ace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ace title: "@kbn/ace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ace plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ace'] --- import kbnAceObj from './kbn_ace.devdocs.json'; diff --git a/api_docs/kbn_aiops_components.mdx b/api_docs/kbn_aiops_components.mdx index b447159047da9..498d8b80579c2 100644 --- a/api_docs/kbn_aiops_components.mdx +++ b/api_docs/kbn_aiops_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-components title: "@kbn/aiops-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-components plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-components'] --- import kbnAiopsComponentsObj from './kbn_aiops_components.devdocs.json'; diff --git a/api_docs/kbn_aiops_utils.mdx b/api_docs/kbn_aiops_utils.mdx index cda3eee4a12ff..fe5916c30c0d6 100644 --- a/api_docs/kbn_aiops_utils.mdx +++ b/api_docs/kbn_aiops_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-utils title: "@kbn/aiops-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-utils'] --- import kbnAiopsUtilsObj from './kbn_aiops_utils.devdocs.json'; diff --git a/api_docs/kbn_alerting_api_integration_helpers.mdx b/api_docs/kbn_alerting_api_integration_helpers.mdx index 112b7b2ebe666..02bcc50aa26ed 100644 --- a/api_docs/kbn_alerting_api_integration_helpers.mdx +++ b/api_docs/kbn_alerting_api_integration_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-api-integration-helpers title: "@kbn/alerting-api-integration-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-api-integration-helpers plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-api-integration-helpers'] --- import kbnAlertingApiIntegrationHelpersObj from './kbn_alerting_api_integration_helpers.devdocs.json'; diff --git a/api_docs/kbn_alerting_state_types.mdx b/api_docs/kbn_alerting_state_types.mdx index a07f3c089a77b..91edd2d33adb8 100644 --- a/api_docs/kbn_alerting_state_types.mdx +++ b/api_docs/kbn_alerting_state_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-state-types title: "@kbn/alerting-state-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-state-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-state-types'] --- import kbnAlertingStateTypesObj from './kbn_alerting_state_types.devdocs.json'; diff --git a/api_docs/kbn_alerts_as_data_utils.mdx b/api_docs/kbn_alerts_as_data_utils.mdx index ee4573e7a3ef8..3920ff3bc1987 100644 --- a/api_docs/kbn_alerts_as_data_utils.mdx +++ b/api_docs/kbn_alerts_as_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-as-data-utils title: "@kbn/alerts-as-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-as-data-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-as-data-utils'] --- import kbnAlertsAsDataUtilsObj from './kbn_alerts_as_data_utils.devdocs.json'; diff --git a/api_docs/kbn_alerts_ui_shared.mdx b/api_docs/kbn_alerts_ui_shared.mdx index 2d5143925344a..57fe755400e5b 100644 --- a/api_docs/kbn_alerts_ui_shared.mdx +++ b/api_docs/kbn_alerts_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-ui-shared title: "@kbn/alerts-ui-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-ui-shared plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-ui-shared'] --- import kbnAlertsUiSharedObj from './kbn_alerts_ui_shared.devdocs.json'; diff --git a/api_docs/kbn_analytics.mdx b/api_docs/kbn_analytics.mdx index d1ea4781b4325..accc966ceea3f 100644 --- a/api_docs/kbn_analytics.mdx +++ b/api_docs/kbn_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics title: "@kbn/analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics'] --- import kbnAnalyticsObj from './kbn_analytics.devdocs.json'; diff --git a/api_docs/kbn_analytics_client.mdx b/api_docs/kbn_analytics_client.mdx index cea822ab5f2b4..d4c0814d1c563 100644 --- a/api_docs/kbn_analytics_client.mdx +++ b/api_docs/kbn_analytics_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-client title: "@kbn/analytics-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-client plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-client'] --- import kbnAnalyticsClientObj from './kbn_analytics_client.devdocs.json'; diff --git a/api_docs/kbn_analytics_collection_utils.mdx b/api_docs/kbn_analytics_collection_utils.mdx index d11ac1a971b95..1846fc4942b7f 100644 --- a/api_docs/kbn_analytics_collection_utils.mdx +++ b/api_docs/kbn_analytics_collection_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-collection-utils title: "@kbn/analytics-collection-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-collection-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-collection-utils'] --- import kbnAnalyticsCollectionUtilsObj from './kbn_analytics_collection_utils.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_elastic_v3_browser.mdx b/api_docs/kbn_analytics_shippers_elastic_v3_browser.mdx index a013ca9c5ae32..dd63b24dc0960 100644 --- a/api_docs/kbn_analytics_shippers_elastic_v3_browser.mdx +++ b/api_docs/kbn_analytics_shippers_elastic_v3_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-elastic-v3-browser title: "@kbn/analytics-shippers-elastic-v3-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-elastic-v3-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-elastic-v3-browser'] --- import kbnAnalyticsShippersElasticV3BrowserObj from './kbn_analytics_shippers_elastic_v3_browser.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_elastic_v3_common.mdx b/api_docs/kbn_analytics_shippers_elastic_v3_common.mdx index b6d05e33296d5..9d182ee6d94c3 100644 --- a/api_docs/kbn_analytics_shippers_elastic_v3_common.mdx +++ b/api_docs/kbn_analytics_shippers_elastic_v3_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-elastic-v3-common title: "@kbn/analytics-shippers-elastic-v3-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-elastic-v3-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-elastic-v3-common'] --- import kbnAnalyticsShippersElasticV3CommonObj from './kbn_analytics_shippers_elastic_v3_common.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_elastic_v3_server.mdx b/api_docs/kbn_analytics_shippers_elastic_v3_server.mdx index 50b53e41a8a17..4d3308bc23b7f 100644 --- a/api_docs/kbn_analytics_shippers_elastic_v3_server.mdx +++ b/api_docs/kbn_analytics_shippers_elastic_v3_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-elastic-v3-server title: "@kbn/analytics-shippers-elastic-v3-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-elastic-v3-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-elastic-v3-server'] --- import kbnAnalyticsShippersElasticV3ServerObj from './kbn_analytics_shippers_elastic_v3_server.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_fullstory.mdx b/api_docs/kbn_analytics_shippers_fullstory.mdx index c6208b5a5ac3b..0ea6ed98e604e 100644 --- a/api_docs/kbn_analytics_shippers_fullstory.mdx +++ b/api_docs/kbn_analytics_shippers_fullstory.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-fullstory title: "@kbn/analytics-shippers-fullstory" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-fullstory plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-fullstory'] --- import kbnAnalyticsShippersFullstoryObj from './kbn_analytics_shippers_fullstory.devdocs.json'; diff --git a/api_docs/kbn_analytics_shippers_gainsight.mdx b/api_docs/kbn_analytics_shippers_gainsight.mdx index 677b8fa3f067f..1221a9199f66d 100644 --- a/api_docs/kbn_analytics_shippers_gainsight.mdx +++ b/api_docs/kbn_analytics_shippers_gainsight.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-shippers-gainsight title: "@kbn/analytics-shippers-gainsight" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-shippers-gainsight plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-shippers-gainsight'] --- import kbnAnalyticsShippersGainsightObj from './kbn_analytics_shippers_gainsight.devdocs.json'; diff --git a/api_docs/kbn_apm_config_loader.mdx b/api_docs/kbn_apm_config_loader.mdx index a1c71693787e6..686fe0d0533e3 100644 --- a/api_docs/kbn_apm_config_loader.mdx +++ b/api_docs/kbn_apm_config_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-config-loader title: "@kbn/apm-config-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-config-loader plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-config-loader'] --- import kbnApmConfigLoaderObj from './kbn_apm_config_loader.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace.mdx b/api_docs/kbn_apm_synthtrace.mdx index 777257774094f..5ed1cfcf9888d 100644 --- a/api_docs/kbn_apm_synthtrace.mdx +++ b/api_docs/kbn_apm_synthtrace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace title: "@kbn/apm-synthtrace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace'] --- import kbnApmSynthtraceObj from './kbn_apm_synthtrace.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace_client.devdocs.json b/api_docs/kbn_apm_synthtrace_client.devdocs.json index 46142d3de9ec8..4d7c6ca9c465d 100644 --- a/api_docs/kbn_apm_synthtrace_client.devdocs.json +++ b/api_docs/kbn_apm_synthtrace_client.devdocs.json @@ -2550,7 +2550,7 @@ "label": "LogDocument", "description": [], "signature": [ - "{ '@timestamp'?: number | undefined; } & Partial<{ 'input.type': string; 'log.file.path'?: string | undefined; 'service.name'?: string | undefined; 'data_stream.namespace': string; 'data_stream.type': string; 'data_stream.dataset': string; message?: string | undefined; 'event.dataset': string; 'log.level'?: string | undefined; 'host.name'?: string | undefined; 'trace.id'?: string | undefined; 'agent.name'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.resource.id'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.instance.id'?: string | undefined; }>" + "{ '@timestamp'?: number | undefined; } & Partial<{ 'input.type': string; 'log.file.path'?: string | undefined; 'service.name'?: string | undefined; 'data_stream.namespace': string; 'data_stream.type': string; 'data_stream.dataset': string; message?: string | undefined; 'event.dataset': string; 'log.level'?: string | undefined; 'host.name'?: string | undefined; 'trace.id'?: string | undefined; 'agent.id'?: string | undefined; 'agent.name'?: string | undefined; 'orchestrator.cluster.name'?: string | undefined; 'orchestrator.cluster.id'?: string | undefined; 'orchestrator.resource.id'?: string | undefined; 'cloud.provider'?: string | undefined; 'cloud.region'?: string | undefined; 'cloud.availability_zone'?: string | undefined; 'cloud.project.id'?: string | undefined; 'cloud.instance.id'?: string | undefined; }>" ], "path": "packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts", "deprecated": false, diff --git a/api_docs/kbn_apm_synthtrace_client.mdx b/api_docs/kbn_apm_synthtrace_client.mdx index 858deb335f9cf..ba5f775a98c3f 100644 --- a/api_docs/kbn_apm_synthtrace_client.mdx +++ b/api_docs/kbn_apm_synthtrace_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace-client title: "@kbn/apm-synthtrace-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace-client plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace-client'] --- import kbnApmSynthtraceClientObj from './kbn_apm_synthtrace_client.devdocs.json'; diff --git a/api_docs/kbn_apm_utils.mdx b/api_docs/kbn_apm_utils.mdx index 8ad0ce867a83b..57489e78c1b67 100644 --- a/api_docs/kbn_apm_utils.mdx +++ b/api_docs/kbn_apm_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-utils title: "@kbn/apm-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-utils'] --- import kbnApmUtilsObj from './kbn_apm_utils.devdocs.json'; diff --git a/api_docs/kbn_axe_config.mdx b/api_docs/kbn_axe_config.mdx index 7d6a34efa0255..73c4e91521530 100644 --- a/api_docs/kbn_axe_config.mdx +++ b/api_docs/kbn_axe_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-axe-config title: "@kbn/axe-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/axe-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/axe-config'] --- import kbnAxeConfigObj from './kbn_axe_config.devdocs.json'; diff --git a/api_docs/kbn_calculate_auto.mdx b/api_docs/kbn_calculate_auto.mdx index 947388d7fc80a..70b638105ee80 100644 --- a/api_docs/kbn_calculate_auto.mdx +++ b/api_docs/kbn_calculate_auto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-auto title: "@kbn/calculate-auto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-auto plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-auto'] --- import kbnCalculateAutoObj from './kbn_calculate_auto.devdocs.json'; diff --git a/api_docs/kbn_cases_components.mdx b/api_docs/kbn_cases_components.mdx index 592365fb84c4d..f43cf678c8ddb 100644 --- a/api_docs/kbn_cases_components.mdx +++ b/api_docs/kbn_cases_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cases-components title: "@kbn/cases-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cases-components plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cases-components'] --- import kbnCasesComponentsObj from './kbn_cases_components.devdocs.json'; diff --git a/api_docs/kbn_cell_actions.devdocs.json b/api_docs/kbn_cell_actions.devdocs.json index dcc406e62c1d0..ffa6f3f322ab3 100644 --- a/api_docs/kbn_cell_actions.devdocs.json +++ b/api_docs/kbn_cell_actions.devdocs.json @@ -1309,36 +1309,6 @@ "trackAdoption": false, "initialIsOpen": false }, - { - "parentPluginId": "@kbn/cell-actions", - "id": "def-common.COPY_CELL_ACTION_TYPE", - "type": "string", - "tags": [], - "label": "COPY_CELL_ACTION_TYPE", - "description": [], - "signature": [ - "\"cellAction-copy\"" - ], - "path": "packages/kbn-cell-actions/src/constants.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - }, - { - "parentPluginId": "@kbn/cell-actions", - "id": "def-common.FILTER_CELL_ACTION_TYPE", - "type": "string", - "tags": [], - "label": "FILTER_CELL_ACTION_TYPE", - "description": [], - "signature": [ - "\"cellAction-filter\"" - ], - "path": "packages/kbn-cell-actions/src/constants.ts", - "deprecated": false, - "trackAdoption": false, - "initialIsOpen": false - }, { "parentPluginId": "@kbn/cell-actions", "id": "def-common.UseDataGridColumnsCellActions", diff --git a/api_docs/kbn_cell_actions.mdx b/api_docs/kbn_cell_actions.mdx index a483ecb8e98f8..a224c6e8146b0 100644 --- a/api_docs/kbn_cell_actions.mdx +++ b/api_docs/kbn_cell_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cell-actions title: "@kbn/cell-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cell-actions plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cell-actions'] --- import kbnCellActionsObj from './kbn_cell_actions.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-threat-hunting-explore](https://github.com/orgs/elast | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 62 | 1 | 44 | 3 | +| 60 | 1 | 42 | 3 | ## Common diff --git a/api_docs/kbn_chart_expressions_common.mdx b/api_docs/kbn_chart_expressions_common.mdx index afb6208ef70d8..926ae27abf345 100644 --- a/api_docs/kbn_chart_expressions_common.mdx +++ b/api_docs/kbn_chart_expressions_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-expressions-common title: "@kbn/chart-expressions-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-expressions-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-expressions-common'] --- import kbnChartExpressionsCommonObj from './kbn_chart_expressions_common.devdocs.json'; diff --git a/api_docs/kbn_chart_icons.mdx b/api_docs/kbn_chart_icons.mdx index c7977abb02e6c..6cb6794ed9654 100644 --- a/api_docs/kbn_chart_icons.mdx +++ b/api_docs/kbn_chart_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-icons title: "@kbn/chart-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-icons plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-icons'] --- import kbnChartIconsObj from './kbn_chart_icons.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_core.mdx b/api_docs/kbn_ci_stats_core.mdx index ebcd25b27417f..6d47fa7420b13 100644 --- a/api_docs/kbn_ci_stats_core.mdx +++ b/api_docs/kbn_ci_stats_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-core title: "@kbn/ci-stats-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-core plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-core'] --- import kbnCiStatsCoreObj from './kbn_ci_stats_core.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_performance_metrics.mdx b/api_docs/kbn_ci_stats_performance_metrics.mdx index efda7c81dec8e..f63c9323776a0 100644 --- a/api_docs/kbn_ci_stats_performance_metrics.mdx +++ b/api_docs/kbn_ci_stats_performance_metrics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-performance-metrics title: "@kbn/ci-stats-performance-metrics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-performance-metrics plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-performance-metrics'] --- import kbnCiStatsPerformanceMetricsObj from './kbn_ci_stats_performance_metrics.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_reporter.mdx b/api_docs/kbn_ci_stats_reporter.mdx index 562cdd17ddf7c..f9cad5f3e1e54 100644 --- a/api_docs/kbn_ci_stats_reporter.mdx +++ b/api_docs/kbn_ci_stats_reporter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-reporter title: "@kbn/ci-stats-reporter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-reporter plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-reporter'] --- import kbnCiStatsReporterObj from './kbn_ci_stats_reporter.devdocs.json'; diff --git a/api_docs/kbn_cli_dev_mode.mdx b/api_docs/kbn_cli_dev_mode.mdx index 2649350c51511..c0bde54f9b813 100644 --- a/api_docs/kbn_cli_dev_mode.mdx +++ b/api_docs/kbn_cli_dev_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cli-dev-mode title: "@kbn/cli-dev-mode" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cli-dev-mode plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cli-dev-mode'] --- import kbnCliDevModeObj from './kbn_cli_dev_mode.devdocs.json'; diff --git a/api_docs/kbn_code_editor.mdx b/api_docs/kbn_code_editor.mdx index cc82f1bbac0d3..3609f6ff31454 100644 --- a/api_docs/kbn_code_editor.mdx +++ b/api_docs/kbn_code_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor title: "@kbn/code-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor'] --- import kbnCodeEditorObj from './kbn_code_editor.devdocs.json'; diff --git a/api_docs/kbn_coloring.mdx b/api_docs/kbn_coloring.mdx index c9a1c68c3e6b7..62279636192b7 100644 --- a/api_docs/kbn_coloring.mdx +++ b/api_docs/kbn_coloring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-coloring title: "@kbn/coloring" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/coloring plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/coloring'] --- import kbnColoringObj from './kbn_coloring.devdocs.json'; diff --git a/api_docs/kbn_config.mdx b/api_docs/kbn_config.mdx index fb01b3c44bba8..8a6252e8bc175 100644 --- a/api_docs/kbn_config.mdx +++ b/api_docs/kbn_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config title: "@kbn/config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config'] --- import kbnConfigObj from './kbn_config.devdocs.json'; diff --git a/api_docs/kbn_config_mocks.mdx b/api_docs/kbn_config_mocks.mdx index 16c5271f26bc5..b06fe0ac57e0e 100644 --- a/api_docs/kbn_config_mocks.mdx +++ b/api_docs/kbn_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-mocks title: "@kbn/config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-mocks'] --- import kbnConfigMocksObj from './kbn_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_config_schema.mdx b/api_docs/kbn_config_schema.mdx index 4f60193e62d8c..c0d4871240142 100644 --- a/api_docs/kbn_config_schema.mdx +++ b/api_docs/kbn_config_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-schema title: "@kbn/config-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-schema plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-schema'] --- import kbnConfigSchemaObj from './kbn_config_schema.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_editor.mdx b/api_docs/kbn_content_management_content_editor.mdx index b56938fe8ba24..7dbdaf2822c13 100644 --- a/api_docs/kbn_content_management_content_editor.mdx +++ b/api_docs/kbn_content_management_content_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-editor title: "@kbn/content-management-content-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-editor plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-editor'] --- import kbnContentManagementContentEditorObj from './kbn_content_management_content_editor.devdocs.json'; diff --git a/api_docs/kbn_content_management_tabbed_table_list_view.mdx b/api_docs/kbn_content_management_tabbed_table_list_view.mdx index 48fd2846e6851..40c4610891e86 100644 --- a/api_docs/kbn_content_management_tabbed_table_list_view.mdx +++ b/api_docs/kbn_content_management_tabbed_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-tabbed-table-list-view title: "@kbn/content-management-tabbed-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-tabbed-table-list-view plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-tabbed-table-list-view'] --- import kbnContentManagementTabbedTableListViewObj from './kbn_content_management_tabbed_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view.mdx b/api_docs/kbn_content_management_table_list_view.mdx index e94a4e205d319..dc043b346b6ec 100644 --- a/api_docs/kbn_content_management_table_list_view.mdx +++ b/api_docs/kbn_content_management_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view title: "@kbn/content-management-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view'] --- import kbnContentManagementTableListViewObj from './kbn_content_management_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_table.mdx b/api_docs/kbn_content_management_table_list_view_table.mdx index f0ba75fe72797..c980375149549 100644 --- a/api_docs/kbn_content_management_table_list_view_table.mdx +++ b/api_docs/kbn_content_management_table_list_view_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-table title: "@kbn/content-management-table-list-view-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-table plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-table'] --- import kbnContentManagementTableListViewTableObj from './kbn_content_management_table_list_view_table.devdocs.json'; diff --git a/api_docs/kbn_content_management_utils.mdx b/api_docs/kbn_content_management_utils.mdx index 22e5e1ba8936e..294e4a4fd5dce 100644 --- a/api_docs/kbn_content_management_utils.mdx +++ b/api_docs/kbn_content_management_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-utils title: "@kbn/content-management-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-utils'] --- import kbnContentManagementUtilsObj from './kbn_content_management_utils.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser.mdx b/api_docs/kbn_core_analytics_browser.mdx index 8a5c75a1b8c4e..280bf14c621d3 100644 --- a/api_docs/kbn_core_analytics_browser.mdx +++ b/api_docs/kbn_core_analytics_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser title: "@kbn/core-analytics-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser'] --- import kbnCoreAnalyticsBrowserObj from './kbn_core_analytics_browser.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_internal.mdx b/api_docs/kbn_core_analytics_browser_internal.mdx index 8470b1d017e34..80f5924a22b10 100644 --- a/api_docs/kbn_core_analytics_browser_internal.mdx +++ b/api_docs/kbn_core_analytics_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-internal title: "@kbn/core-analytics-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-internal'] --- import kbnCoreAnalyticsBrowserInternalObj from './kbn_core_analytics_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_mocks.mdx b/api_docs/kbn_core_analytics_browser_mocks.mdx index 8e11ae4edf4fd..0216278dce8b9 100644 --- a/api_docs/kbn_core_analytics_browser_mocks.mdx +++ b/api_docs/kbn_core_analytics_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-mocks title: "@kbn/core-analytics-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-mocks'] --- import kbnCoreAnalyticsBrowserMocksObj from './kbn_core_analytics_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server.mdx b/api_docs/kbn_core_analytics_server.mdx index 2ca7b9d0e9027..afd00cdae09e8 100644 --- a/api_docs/kbn_core_analytics_server.mdx +++ b/api_docs/kbn_core_analytics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server title: "@kbn/core-analytics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server'] --- import kbnCoreAnalyticsServerObj from './kbn_core_analytics_server.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_internal.mdx b/api_docs/kbn_core_analytics_server_internal.mdx index 4cc42da90bc3a..139d3fde7f15b 100644 --- a/api_docs/kbn_core_analytics_server_internal.mdx +++ b/api_docs/kbn_core_analytics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-internal title: "@kbn/core-analytics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-internal'] --- import kbnCoreAnalyticsServerInternalObj from './kbn_core_analytics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_mocks.mdx b/api_docs/kbn_core_analytics_server_mocks.mdx index eab1acfeac211..cb5240ac079f0 100644 --- a/api_docs/kbn_core_analytics_server_mocks.mdx +++ b/api_docs/kbn_core_analytics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-mocks title: "@kbn/core-analytics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-mocks'] --- import kbnCoreAnalyticsServerMocksObj from './kbn_core_analytics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser.mdx b/api_docs/kbn_core_application_browser.mdx index d092707604d7c..9ee4416a12cfc 100644 --- a/api_docs/kbn_core_application_browser.mdx +++ b/api_docs/kbn_core_application_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser title: "@kbn/core-application-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser'] --- import kbnCoreApplicationBrowserObj from './kbn_core_application_browser.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_internal.mdx b/api_docs/kbn_core_application_browser_internal.mdx index 733d0111a617d..f4d440a0af63b 100644 --- a/api_docs/kbn_core_application_browser_internal.mdx +++ b/api_docs/kbn_core_application_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-internal title: "@kbn/core-application-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-internal'] --- import kbnCoreApplicationBrowserInternalObj from './kbn_core_application_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_mocks.mdx b/api_docs/kbn_core_application_browser_mocks.mdx index 7ff05c2333193..782fe473273d6 100644 --- a/api_docs/kbn_core_application_browser_mocks.mdx +++ b/api_docs/kbn_core_application_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-mocks title: "@kbn/core-application-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-mocks'] --- import kbnCoreApplicationBrowserMocksObj from './kbn_core_application_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_common.mdx b/api_docs/kbn_core_application_common.mdx index a7a038a31b770..c132a1d9729cd 100644 --- a/api_docs/kbn_core_application_common.mdx +++ b/api_docs/kbn_core_application_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-common title: "@kbn/core-application-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-common'] --- import kbnCoreApplicationCommonObj from './kbn_core_application_common.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_internal.mdx b/api_docs/kbn_core_apps_browser_internal.mdx index 3b1ea5e73a84d..075bbecb17e05 100644 --- a/api_docs/kbn_core_apps_browser_internal.mdx +++ b/api_docs/kbn_core_apps_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-internal title: "@kbn/core-apps-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-internal'] --- import kbnCoreAppsBrowserInternalObj from './kbn_core_apps_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_mocks.mdx b/api_docs/kbn_core_apps_browser_mocks.mdx index 0640611dcef4b..37544708a1d51 100644 --- a/api_docs/kbn_core_apps_browser_mocks.mdx +++ b/api_docs/kbn_core_apps_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-mocks title: "@kbn/core-apps-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-mocks'] --- import kbnCoreAppsBrowserMocksObj from './kbn_core_apps_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_apps_server_internal.mdx b/api_docs/kbn_core_apps_server_internal.mdx index 5d0f7aff6c2ac..a25c0a9256679 100644 --- a/api_docs/kbn_core_apps_server_internal.mdx +++ b/api_docs/kbn_core_apps_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-server-internal title: "@kbn/core-apps-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-server-internal'] --- import kbnCoreAppsServerInternalObj from './kbn_core_apps_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_browser_mocks.mdx b/api_docs/kbn_core_base_browser_mocks.mdx index 14cb9dc27471c..133fe8d5d0ac6 100644 --- a/api_docs/kbn_core_base_browser_mocks.mdx +++ b/api_docs/kbn_core_base_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-browser-mocks title: "@kbn/core-base-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-browser-mocks'] --- import kbnCoreBaseBrowserMocksObj from './kbn_core_base_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_base_common.mdx b/api_docs/kbn_core_base_common.mdx index 76eaad11e4f3d..0f9fab7f9e10f 100644 --- a/api_docs/kbn_core_base_common.mdx +++ b/api_docs/kbn_core_base_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-common title: "@kbn/core-base-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-common'] --- import kbnCoreBaseCommonObj from './kbn_core_base_common.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_internal.mdx b/api_docs/kbn_core_base_server_internal.mdx index 19db2da306741..49a6bdb798051 100644 --- a/api_docs/kbn_core_base_server_internal.mdx +++ b/api_docs/kbn_core_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-internal title: "@kbn/core-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-internal'] --- import kbnCoreBaseServerInternalObj from './kbn_core_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_mocks.mdx b/api_docs/kbn_core_base_server_mocks.mdx index e11a8fb8c48e0..66724a4ae24ed 100644 --- a/api_docs/kbn_core_base_server_mocks.mdx +++ b/api_docs/kbn_core_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-mocks title: "@kbn/core-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-mocks'] --- import kbnCoreBaseServerMocksObj from './kbn_core_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_browser_mocks.mdx b/api_docs/kbn_core_capabilities_browser_mocks.mdx index d5897ddd1fd40..4e2b39ba4be19 100644 --- a/api_docs/kbn_core_capabilities_browser_mocks.mdx +++ b/api_docs/kbn_core_capabilities_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-browser-mocks title: "@kbn/core-capabilities-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-browser-mocks'] --- import kbnCoreCapabilitiesBrowserMocksObj from './kbn_core_capabilities_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_common.mdx b/api_docs/kbn_core_capabilities_common.mdx index 9e1bf36b53b02..2e5d3e00b298c 100644 --- a/api_docs/kbn_core_capabilities_common.mdx +++ b/api_docs/kbn_core_capabilities_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-common title: "@kbn/core-capabilities-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-common'] --- import kbnCoreCapabilitiesCommonObj from './kbn_core_capabilities_common.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server.mdx b/api_docs/kbn_core_capabilities_server.mdx index bb2c7e19b17ed..a6766739a208c 100644 --- a/api_docs/kbn_core_capabilities_server.mdx +++ b/api_docs/kbn_core_capabilities_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server title: "@kbn/core-capabilities-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server'] --- import kbnCoreCapabilitiesServerObj from './kbn_core_capabilities_server.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server_mocks.mdx b/api_docs/kbn_core_capabilities_server_mocks.mdx index 56ba55b1fd0a9..498ced31dfea0 100644 --- a/api_docs/kbn_core_capabilities_server_mocks.mdx +++ b/api_docs/kbn_core_capabilities_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server-mocks title: "@kbn/core-capabilities-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server-mocks'] --- import kbnCoreCapabilitiesServerMocksObj from './kbn_core_capabilities_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser.mdx b/api_docs/kbn_core_chrome_browser.mdx index 3365545cb7c22..16f1e6544cb75 100644 --- a/api_docs/kbn_core_chrome_browser.mdx +++ b/api_docs/kbn_core_chrome_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser title: "@kbn/core-chrome-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser'] --- import kbnCoreChromeBrowserObj from './kbn_core_chrome_browser.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser_mocks.mdx b/api_docs/kbn_core_chrome_browser_mocks.mdx index ff69c019d508c..94b411a5918f8 100644 --- a/api_docs/kbn_core_chrome_browser_mocks.mdx +++ b/api_docs/kbn_core_chrome_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser-mocks title: "@kbn/core-chrome-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser-mocks'] --- import kbnCoreChromeBrowserMocksObj from './kbn_core_chrome_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_config_server_internal.mdx b/api_docs/kbn_core_config_server_internal.mdx index 345a6726bf2ce..149fa36665049 100644 --- a/api_docs/kbn_core_config_server_internal.mdx +++ b/api_docs/kbn_core_config_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-config-server-internal title: "@kbn/core-config-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-config-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-config-server-internal'] --- import kbnCoreConfigServerInternalObj from './kbn_core_config_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser.mdx b/api_docs/kbn_core_custom_branding_browser.mdx index c7d8c62e4133d..012d3778700f2 100644 --- a/api_docs/kbn_core_custom_branding_browser.mdx +++ b/api_docs/kbn_core_custom_branding_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser title: "@kbn/core-custom-branding-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser'] --- import kbnCoreCustomBrandingBrowserObj from './kbn_core_custom_branding_browser.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_internal.mdx b/api_docs/kbn_core_custom_branding_browser_internal.mdx index 5879c8244d018..17629f45e1a68 100644 --- a/api_docs/kbn_core_custom_branding_browser_internal.mdx +++ b/api_docs/kbn_core_custom_branding_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-internal title: "@kbn/core-custom-branding-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-internal'] --- import kbnCoreCustomBrandingBrowserInternalObj from './kbn_core_custom_branding_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_mocks.mdx b/api_docs/kbn_core_custom_branding_browser_mocks.mdx index 6222ab73c0a7d..08bbfa9b2a7b5 100644 --- a/api_docs/kbn_core_custom_branding_browser_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-mocks title: "@kbn/core-custom-branding-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-mocks'] --- import kbnCoreCustomBrandingBrowserMocksObj from './kbn_core_custom_branding_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_common.mdx b/api_docs/kbn_core_custom_branding_common.mdx index 1eeb9d3788225..25a383ca1fce5 100644 --- a/api_docs/kbn_core_custom_branding_common.mdx +++ b/api_docs/kbn_core_custom_branding_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-common title: "@kbn/core-custom-branding-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-common'] --- import kbnCoreCustomBrandingCommonObj from './kbn_core_custom_branding_common.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server.mdx b/api_docs/kbn_core_custom_branding_server.mdx index fb8156c6ed9cb..f1b9bb01731e1 100644 --- a/api_docs/kbn_core_custom_branding_server.mdx +++ b/api_docs/kbn_core_custom_branding_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server title: "@kbn/core-custom-branding-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server'] --- import kbnCoreCustomBrandingServerObj from './kbn_core_custom_branding_server.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_internal.mdx b/api_docs/kbn_core_custom_branding_server_internal.mdx index 3c1277ac6805b..a684b9c852c0b 100644 --- a/api_docs/kbn_core_custom_branding_server_internal.mdx +++ b/api_docs/kbn_core_custom_branding_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-internal title: "@kbn/core-custom-branding-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-internal'] --- import kbnCoreCustomBrandingServerInternalObj from './kbn_core_custom_branding_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_mocks.mdx b/api_docs/kbn_core_custom_branding_server_mocks.mdx index eb4c1352582f9..d0972edc82561 100644 --- a/api_docs/kbn_core_custom_branding_server_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-mocks title: "@kbn/core-custom-branding-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-mocks'] --- import kbnCoreCustomBrandingServerMocksObj from './kbn_core_custom_branding_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser.mdx b/api_docs/kbn_core_deprecations_browser.mdx index 6fe448363a0e8..a4c0a8e724f3a 100644 --- a/api_docs/kbn_core_deprecations_browser.mdx +++ b/api_docs/kbn_core_deprecations_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser title: "@kbn/core-deprecations-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser'] --- import kbnCoreDeprecationsBrowserObj from './kbn_core_deprecations_browser.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_internal.mdx b/api_docs/kbn_core_deprecations_browser_internal.mdx index 2fc939d09e0fa..31bdd83f4034d 100644 --- a/api_docs/kbn_core_deprecations_browser_internal.mdx +++ b/api_docs/kbn_core_deprecations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-internal title: "@kbn/core-deprecations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-internal'] --- import kbnCoreDeprecationsBrowserInternalObj from './kbn_core_deprecations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_mocks.mdx b/api_docs/kbn_core_deprecations_browser_mocks.mdx index 1a555234bd8c8..158fa04496594 100644 --- a/api_docs/kbn_core_deprecations_browser_mocks.mdx +++ b/api_docs/kbn_core_deprecations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-mocks title: "@kbn/core-deprecations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-mocks'] --- import kbnCoreDeprecationsBrowserMocksObj from './kbn_core_deprecations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_common.mdx b/api_docs/kbn_core_deprecations_common.mdx index ca290971d3106..8d66bf1e64afb 100644 --- a/api_docs/kbn_core_deprecations_common.mdx +++ b/api_docs/kbn_core_deprecations_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-common title: "@kbn/core-deprecations-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-common'] --- import kbnCoreDeprecationsCommonObj from './kbn_core_deprecations_common.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server.mdx b/api_docs/kbn_core_deprecations_server.mdx index f578550b1cc55..fbacc80f479ca 100644 --- a/api_docs/kbn_core_deprecations_server.mdx +++ b/api_docs/kbn_core_deprecations_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server title: "@kbn/core-deprecations-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server'] --- import kbnCoreDeprecationsServerObj from './kbn_core_deprecations_server.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_internal.mdx b/api_docs/kbn_core_deprecations_server_internal.mdx index 5fc1ce71bc5aa..daddc536a39d5 100644 --- a/api_docs/kbn_core_deprecations_server_internal.mdx +++ b/api_docs/kbn_core_deprecations_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-internal title: "@kbn/core-deprecations-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-internal'] --- import kbnCoreDeprecationsServerInternalObj from './kbn_core_deprecations_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_mocks.mdx b/api_docs/kbn_core_deprecations_server_mocks.mdx index 385f63f21a873..89f3589712200 100644 --- a/api_docs/kbn_core_deprecations_server_mocks.mdx +++ b/api_docs/kbn_core_deprecations_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-mocks title: "@kbn/core-deprecations-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-mocks'] --- import kbnCoreDeprecationsServerMocksObj from './kbn_core_deprecations_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser.mdx b/api_docs/kbn_core_doc_links_browser.mdx index ae7a872be277b..71117c0ecb98e 100644 --- a/api_docs/kbn_core_doc_links_browser.mdx +++ b/api_docs/kbn_core_doc_links_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser title: "@kbn/core-doc-links-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser'] --- import kbnCoreDocLinksBrowserObj from './kbn_core_doc_links_browser.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser_mocks.mdx b/api_docs/kbn_core_doc_links_browser_mocks.mdx index 38a2275798ff5..c648ea0f233d2 100644 --- a/api_docs/kbn_core_doc_links_browser_mocks.mdx +++ b/api_docs/kbn_core_doc_links_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser-mocks title: "@kbn/core-doc-links-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser-mocks'] --- import kbnCoreDocLinksBrowserMocksObj from './kbn_core_doc_links_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server.mdx b/api_docs/kbn_core_doc_links_server.mdx index 1bad60bec0fed..234fe1c564340 100644 --- a/api_docs/kbn_core_doc_links_server.mdx +++ b/api_docs/kbn_core_doc_links_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server title: "@kbn/core-doc-links-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server'] --- import kbnCoreDocLinksServerObj from './kbn_core_doc_links_server.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server_mocks.mdx b/api_docs/kbn_core_doc_links_server_mocks.mdx index f3e1f86a1fa38..b4cf0e2960f3c 100644 --- a/api_docs/kbn_core_doc_links_server_mocks.mdx +++ b/api_docs/kbn_core_doc_links_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server-mocks title: "@kbn/core-doc-links-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server-mocks'] --- import kbnCoreDocLinksServerMocksObj from './kbn_core_doc_links_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx index 5183dbc318a21..07637ef174cf4 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-internal title: "@kbn/core-elasticsearch-client-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-internal'] --- import kbnCoreElasticsearchClientServerInternalObj from './kbn_core_elasticsearch_client_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx index 136086f2b2d31..c77a142339c07 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-mocks title: "@kbn/core-elasticsearch-client-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-mocks'] --- import kbnCoreElasticsearchClientServerMocksObj from './kbn_core_elasticsearch_client_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server.mdx b/api_docs/kbn_core_elasticsearch_server.mdx index fd77e427fd186..999e8e7e8de25 100644 --- a/api_docs/kbn_core_elasticsearch_server.mdx +++ b/api_docs/kbn_core_elasticsearch_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server title: "@kbn/core-elasticsearch-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server'] --- import kbnCoreElasticsearchServerObj from './kbn_core_elasticsearch_server.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_internal.mdx b/api_docs/kbn_core_elasticsearch_server_internal.mdx index d2b1dd621053d..840d0a3ff5a01 100644 --- a/api_docs/kbn_core_elasticsearch_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-internal title: "@kbn/core-elasticsearch-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-internal'] --- import kbnCoreElasticsearchServerInternalObj from './kbn_core_elasticsearch_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_server_mocks.mdx index a8c102284ac4d..218f8277240d9 100644 --- a/api_docs/kbn_core_elasticsearch_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-mocks title: "@kbn/core-elasticsearch-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-mocks'] --- import kbnCoreElasticsearchServerMocksObj from './kbn_core_elasticsearch_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_internal.mdx b/api_docs/kbn_core_environment_server_internal.mdx index e8e232df12f36..221ddea8c4fe0 100644 --- a/api_docs/kbn_core_environment_server_internal.mdx +++ b/api_docs/kbn_core_environment_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-internal title: "@kbn/core-environment-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-internal'] --- import kbnCoreEnvironmentServerInternalObj from './kbn_core_environment_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_mocks.mdx b/api_docs/kbn_core_environment_server_mocks.mdx index c8cd55518db0f..f60a07ea83af3 100644 --- a/api_docs/kbn_core_environment_server_mocks.mdx +++ b/api_docs/kbn_core_environment_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-mocks title: "@kbn/core-environment-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-mocks'] --- import kbnCoreEnvironmentServerMocksObj from './kbn_core_environment_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser.mdx b/api_docs/kbn_core_execution_context_browser.mdx index c8fb386003686..52e645c46bcbc 100644 --- a/api_docs/kbn_core_execution_context_browser.mdx +++ b/api_docs/kbn_core_execution_context_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser title: "@kbn/core-execution-context-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser'] --- import kbnCoreExecutionContextBrowserObj from './kbn_core_execution_context_browser.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_internal.mdx b/api_docs/kbn_core_execution_context_browser_internal.mdx index 387d22c4246f5..e8a6d538b2948 100644 --- a/api_docs/kbn_core_execution_context_browser_internal.mdx +++ b/api_docs/kbn_core_execution_context_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-internal title: "@kbn/core-execution-context-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-internal'] --- import kbnCoreExecutionContextBrowserInternalObj from './kbn_core_execution_context_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_mocks.mdx b/api_docs/kbn_core_execution_context_browser_mocks.mdx index 3672308fc4d2d..446f3b905f836 100644 --- a/api_docs/kbn_core_execution_context_browser_mocks.mdx +++ b/api_docs/kbn_core_execution_context_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-mocks title: "@kbn/core-execution-context-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-mocks'] --- import kbnCoreExecutionContextBrowserMocksObj from './kbn_core_execution_context_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_common.mdx b/api_docs/kbn_core_execution_context_common.mdx index bcd3f8c9bd299..6a89b3ba9c051 100644 --- a/api_docs/kbn_core_execution_context_common.mdx +++ b/api_docs/kbn_core_execution_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-common title: "@kbn/core-execution-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-common'] --- import kbnCoreExecutionContextCommonObj from './kbn_core_execution_context_common.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server.mdx b/api_docs/kbn_core_execution_context_server.mdx index 7f173c9cb719b..fc528df2a4b5a 100644 --- a/api_docs/kbn_core_execution_context_server.mdx +++ b/api_docs/kbn_core_execution_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server title: "@kbn/core-execution-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server'] --- import kbnCoreExecutionContextServerObj from './kbn_core_execution_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_internal.mdx b/api_docs/kbn_core_execution_context_server_internal.mdx index 1dba7dd1f2356..e881ccff0771c 100644 --- a/api_docs/kbn_core_execution_context_server_internal.mdx +++ b/api_docs/kbn_core_execution_context_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-internal title: "@kbn/core-execution-context-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-internal'] --- import kbnCoreExecutionContextServerInternalObj from './kbn_core_execution_context_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_mocks.mdx b/api_docs/kbn_core_execution_context_server_mocks.mdx index 1cf904f9082fd..84fbb1d5066ad 100644 --- a/api_docs/kbn_core_execution_context_server_mocks.mdx +++ b/api_docs/kbn_core_execution_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-mocks title: "@kbn/core-execution-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-mocks'] --- import kbnCoreExecutionContextServerMocksObj from './kbn_core_execution_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser.mdx b/api_docs/kbn_core_fatal_errors_browser.mdx index b973e80595c4b..c8da277c442f2 100644 --- a/api_docs/kbn_core_fatal_errors_browser.mdx +++ b/api_docs/kbn_core_fatal_errors_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser title: "@kbn/core-fatal-errors-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser'] --- import kbnCoreFatalErrorsBrowserObj from './kbn_core_fatal_errors_browser.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx index 251e51ff767f3..02f5646698c32 100644 --- a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx +++ b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser-mocks title: "@kbn/core-fatal-errors-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser-mocks'] --- import kbnCoreFatalErrorsBrowserMocksObj from './kbn_core_fatal_errors_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser.mdx b/api_docs/kbn_core_http_browser.mdx index be2c6426d4fef..df3f206cdd49f 100644 --- a/api_docs/kbn_core_http_browser.mdx +++ b/api_docs/kbn_core_http_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser title: "@kbn/core-http-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser'] --- import kbnCoreHttpBrowserObj from './kbn_core_http_browser.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_internal.mdx b/api_docs/kbn_core_http_browser_internal.mdx index a97744adda2a8..6e502193079c9 100644 --- a/api_docs/kbn_core_http_browser_internal.mdx +++ b/api_docs/kbn_core_http_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-internal title: "@kbn/core-http-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-internal'] --- import kbnCoreHttpBrowserInternalObj from './kbn_core_http_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_mocks.mdx b/api_docs/kbn_core_http_browser_mocks.mdx index 90571390b2472..d222022972a9e 100644 --- a/api_docs/kbn_core_http_browser_mocks.mdx +++ b/api_docs/kbn_core_http_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-mocks title: "@kbn/core-http-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-mocks'] --- import kbnCoreHttpBrowserMocksObj from './kbn_core_http_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_common.mdx b/api_docs/kbn_core_http_common.mdx index 2fb133e7b2c2d..e08c254c9782a 100644 --- a/api_docs/kbn_core_http_common.mdx +++ b/api_docs/kbn_core_http_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-common title: "@kbn/core-http-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-common'] --- import kbnCoreHttpCommonObj from './kbn_core_http_common.devdocs.json'; diff --git a/api_docs/kbn_core_http_context_server_mocks.mdx b/api_docs/kbn_core_http_context_server_mocks.mdx index 8d375d9230e83..d086ad563063b 100644 --- a/api_docs/kbn_core_http_context_server_mocks.mdx +++ b/api_docs/kbn_core_http_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-context-server-mocks title: "@kbn/core-http-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-context-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-context-server-mocks'] --- import kbnCoreHttpContextServerMocksObj from './kbn_core_http_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_request_handler_context_server.mdx b/api_docs/kbn_core_http_request_handler_context_server.mdx index a76cf146bb6b7..853e9310ddb7b 100644 --- a/api_docs/kbn_core_http_request_handler_context_server.mdx +++ b/api_docs/kbn_core_http_request_handler_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-request-handler-context-server title: "@kbn/core-http-request-handler-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-request-handler-context-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-request-handler-context-server'] --- import kbnCoreHttpRequestHandlerContextServerObj from './kbn_core_http_request_handler_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server.mdx b/api_docs/kbn_core_http_resources_server.mdx index ea06e36fb8039..23bbbdcf3499b 100644 --- a/api_docs/kbn_core_http_resources_server.mdx +++ b/api_docs/kbn_core_http_resources_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server title: "@kbn/core-http-resources-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server'] --- import kbnCoreHttpResourcesServerObj from './kbn_core_http_resources_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_internal.mdx b/api_docs/kbn_core_http_resources_server_internal.mdx index 82423c8d6e120..8780809e2d14f 100644 --- a/api_docs/kbn_core_http_resources_server_internal.mdx +++ b/api_docs/kbn_core_http_resources_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-internal title: "@kbn/core-http-resources-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-internal'] --- import kbnCoreHttpResourcesServerInternalObj from './kbn_core_http_resources_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_mocks.mdx b/api_docs/kbn_core_http_resources_server_mocks.mdx index 7afd099729732..0a9e58c7ee959 100644 --- a/api_docs/kbn_core_http_resources_server_mocks.mdx +++ b/api_docs/kbn_core_http_resources_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-mocks title: "@kbn/core-http-resources-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-mocks'] --- import kbnCoreHttpResourcesServerMocksObj from './kbn_core_http_resources_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_internal.mdx b/api_docs/kbn_core_http_router_server_internal.mdx index 1eb821e8d27b5..a8a077fd94dc5 100644 --- a/api_docs/kbn_core_http_router_server_internal.mdx +++ b/api_docs/kbn_core_http_router_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-internal title: "@kbn/core-http-router-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-internal'] --- import kbnCoreHttpRouterServerInternalObj from './kbn_core_http_router_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_mocks.mdx b/api_docs/kbn_core_http_router_server_mocks.mdx index f8130e6955962..c640879ca2530 100644 --- a/api_docs/kbn_core_http_router_server_mocks.mdx +++ b/api_docs/kbn_core_http_router_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-mocks title: "@kbn/core-http-router-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-mocks'] --- import kbnCoreHttpRouterServerMocksObj from './kbn_core_http_router_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_server.mdx b/api_docs/kbn_core_http_server.mdx index 6e901cb30bdb7..4805ec40dc10f 100644 --- a/api_docs/kbn_core_http_server.mdx +++ b/api_docs/kbn_core_http_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server title: "@kbn/core-http-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server'] --- import kbnCoreHttpServerObj from './kbn_core_http_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_internal.mdx b/api_docs/kbn_core_http_server_internal.mdx index c86ce53b03273..d52f85a688a12 100644 --- a/api_docs/kbn_core_http_server_internal.mdx +++ b/api_docs/kbn_core_http_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-internal title: "@kbn/core-http-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-internal'] --- import kbnCoreHttpServerInternalObj from './kbn_core_http_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_mocks.mdx b/api_docs/kbn_core_http_server_mocks.mdx index 27dd4d2874bd6..244728d0db23d 100644 --- a/api_docs/kbn_core_http_server_mocks.mdx +++ b/api_docs/kbn_core_http_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-mocks title: "@kbn/core-http-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-mocks'] --- import kbnCoreHttpServerMocksObj from './kbn_core_http_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser.mdx b/api_docs/kbn_core_i18n_browser.mdx index 4289098523fab..f20b13be73b1f 100644 --- a/api_docs/kbn_core_i18n_browser.mdx +++ b/api_docs/kbn_core_i18n_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser title: "@kbn/core-i18n-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser'] --- import kbnCoreI18nBrowserObj from './kbn_core_i18n_browser.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser_mocks.mdx b/api_docs/kbn_core_i18n_browser_mocks.mdx index 4a6e8b5b5df89..14203627e8649 100644 --- a/api_docs/kbn_core_i18n_browser_mocks.mdx +++ b/api_docs/kbn_core_i18n_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser-mocks title: "@kbn/core-i18n-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser-mocks'] --- import kbnCoreI18nBrowserMocksObj from './kbn_core_i18n_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server.mdx b/api_docs/kbn_core_i18n_server.mdx index 27a433428f101..21a460bedc49f 100644 --- a/api_docs/kbn_core_i18n_server.mdx +++ b/api_docs/kbn_core_i18n_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server title: "@kbn/core-i18n-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server'] --- import kbnCoreI18nServerObj from './kbn_core_i18n_server.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_internal.mdx b/api_docs/kbn_core_i18n_server_internal.mdx index 4baac05926ec5..7a93bddca8c08 100644 --- a/api_docs/kbn_core_i18n_server_internal.mdx +++ b/api_docs/kbn_core_i18n_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-internal title: "@kbn/core-i18n-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-internal'] --- import kbnCoreI18nServerInternalObj from './kbn_core_i18n_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_mocks.mdx b/api_docs/kbn_core_i18n_server_mocks.mdx index 5c770d5b92674..270aaa1923d40 100644 --- a/api_docs/kbn_core_i18n_server_mocks.mdx +++ b/api_docs/kbn_core_i18n_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-mocks title: "@kbn/core-i18n-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-mocks'] --- import kbnCoreI18nServerMocksObj from './kbn_core_i18n_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx index f041f2a4fb2d2..e6698ca132b15 100644 --- a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx +++ b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-injected-metadata-browser-mocks title: "@kbn/core-injected-metadata-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-injected-metadata-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-injected-metadata-browser-mocks'] --- import kbnCoreInjectedMetadataBrowserMocksObj from './kbn_core_injected_metadata_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_internal.mdx b/api_docs/kbn_core_integrations_browser_internal.mdx index 668793eb85735..63088b8e229ca 100644 --- a/api_docs/kbn_core_integrations_browser_internal.mdx +++ b/api_docs/kbn_core_integrations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-internal title: "@kbn/core-integrations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-internal'] --- import kbnCoreIntegrationsBrowserInternalObj from './kbn_core_integrations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_mocks.mdx b/api_docs/kbn_core_integrations_browser_mocks.mdx index 93e23ddfa1e39..fc9c382e955b1 100644 --- a/api_docs/kbn_core_integrations_browser_mocks.mdx +++ b/api_docs/kbn_core_integrations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-mocks title: "@kbn/core-integrations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-mocks'] --- import kbnCoreIntegrationsBrowserMocksObj from './kbn_core_integrations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser.mdx b/api_docs/kbn_core_lifecycle_browser.mdx index aa95a7bfe53ef..7747b1cb5305e 100644 --- a/api_docs/kbn_core_lifecycle_browser.mdx +++ b/api_docs/kbn_core_lifecycle_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser title: "@kbn/core-lifecycle-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser'] --- import kbnCoreLifecycleBrowserObj from './kbn_core_lifecycle_browser.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser_mocks.mdx b/api_docs/kbn_core_lifecycle_browser_mocks.mdx index b9ca0262627e0..4fde81e439322 100644 --- a/api_docs/kbn_core_lifecycle_browser_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser-mocks title: "@kbn/core-lifecycle-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser-mocks'] --- import kbnCoreLifecycleBrowserMocksObj from './kbn_core_lifecycle_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server.mdx b/api_docs/kbn_core_lifecycle_server.mdx index 6143147c925cb..c00b4be0ed2ca 100644 --- a/api_docs/kbn_core_lifecycle_server.mdx +++ b/api_docs/kbn_core_lifecycle_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server title: "@kbn/core-lifecycle-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server'] --- import kbnCoreLifecycleServerObj from './kbn_core_lifecycle_server.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server_mocks.mdx b/api_docs/kbn_core_lifecycle_server_mocks.mdx index 6b67656680bba..a903c8f0dc294 100644 --- a/api_docs/kbn_core_lifecycle_server_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server-mocks title: "@kbn/core-lifecycle-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server-mocks'] --- import kbnCoreLifecycleServerMocksObj from './kbn_core_lifecycle_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_browser_mocks.mdx b/api_docs/kbn_core_logging_browser_mocks.mdx index 0ce40120f0d6d..950ed3746892a 100644 --- a/api_docs/kbn_core_logging_browser_mocks.mdx +++ b/api_docs/kbn_core_logging_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-browser-mocks title: "@kbn/core-logging-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-browser-mocks'] --- import kbnCoreLoggingBrowserMocksObj from './kbn_core_logging_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_common_internal.mdx b/api_docs/kbn_core_logging_common_internal.mdx index b3727a3bdbdd1..13e258dc2ca75 100644 --- a/api_docs/kbn_core_logging_common_internal.mdx +++ b/api_docs/kbn_core_logging_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-common-internal title: "@kbn/core-logging-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-common-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-common-internal'] --- import kbnCoreLoggingCommonInternalObj from './kbn_core_logging_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server.mdx b/api_docs/kbn_core_logging_server.mdx index 1808ed5976710..16b640036d70a 100644 --- a/api_docs/kbn_core_logging_server.mdx +++ b/api_docs/kbn_core_logging_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server title: "@kbn/core-logging-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server'] --- import kbnCoreLoggingServerObj from './kbn_core_logging_server.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_internal.mdx b/api_docs/kbn_core_logging_server_internal.mdx index c4c772e24ea6e..044ad95e9350f 100644 --- a/api_docs/kbn_core_logging_server_internal.mdx +++ b/api_docs/kbn_core_logging_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-internal title: "@kbn/core-logging-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-internal'] --- import kbnCoreLoggingServerInternalObj from './kbn_core_logging_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_mocks.mdx b/api_docs/kbn_core_logging_server_mocks.mdx index 2fa0437249c66..f8d000cd6df18 100644 --- a/api_docs/kbn_core_logging_server_mocks.mdx +++ b/api_docs/kbn_core_logging_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-mocks title: "@kbn/core-logging-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-mocks'] --- import kbnCoreLoggingServerMocksObj from './kbn_core_logging_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_internal.mdx b/api_docs/kbn_core_metrics_collectors_server_internal.mdx index dfab2ba72c352..41a8e2cad0d34 100644 --- a/api_docs/kbn_core_metrics_collectors_server_internal.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-internal title: "@kbn/core-metrics-collectors-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-internal'] --- import kbnCoreMetricsCollectorsServerInternalObj from './kbn_core_metrics_collectors_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx index 24d32d6370c06..5f59371d7fa1b 100644 --- a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-mocks title: "@kbn/core-metrics-collectors-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-mocks'] --- import kbnCoreMetricsCollectorsServerMocksObj from './kbn_core_metrics_collectors_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server.mdx b/api_docs/kbn_core_metrics_server.mdx index 61f1549f4b1c8..299a13ed365c8 100644 --- a/api_docs/kbn_core_metrics_server.mdx +++ b/api_docs/kbn_core_metrics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server title: "@kbn/core-metrics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server'] --- import kbnCoreMetricsServerObj from './kbn_core_metrics_server.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_internal.mdx b/api_docs/kbn_core_metrics_server_internal.mdx index 445ec16f23df1..ed8a8a74a0532 100644 --- a/api_docs/kbn_core_metrics_server_internal.mdx +++ b/api_docs/kbn_core_metrics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-internal title: "@kbn/core-metrics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-internal'] --- import kbnCoreMetricsServerInternalObj from './kbn_core_metrics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_mocks.mdx b/api_docs/kbn_core_metrics_server_mocks.mdx index ac50c047c3553..9b9823d005407 100644 --- a/api_docs/kbn_core_metrics_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-mocks title: "@kbn/core-metrics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-mocks'] --- import kbnCoreMetricsServerMocksObj from './kbn_core_metrics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_mount_utils_browser.mdx b/api_docs/kbn_core_mount_utils_browser.mdx index f84b786955948..30d25035043ba 100644 --- a/api_docs/kbn_core_mount_utils_browser.mdx +++ b/api_docs/kbn_core_mount_utils_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-mount-utils-browser title: "@kbn/core-mount-utils-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-mount-utils-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-mount-utils-browser'] --- import kbnCoreMountUtilsBrowserObj from './kbn_core_mount_utils_browser.devdocs.json'; diff --git a/api_docs/kbn_core_node_server.mdx b/api_docs/kbn_core_node_server.mdx index 8f09c6dfdfeef..3e1f5c0c27290 100644 --- a/api_docs/kbn_core_node_server.mdx +++ b/api_docs/kbn_core_node_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server title: "@kbn/core-node-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server'] --- import kbnCoreNodeServerObj from './kbn_core_node_server.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_internal.mdx b/api_docs/kbn_core_node_server_internal.mdx index 59017d8004f87..7c5db21547447 100644 --- a/api_docs/kbn_core_node_server_internal.mdx +++ b/api_docs/kbn_core_node_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-internal title: "@kbn/core-node-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-internal'] --- import kbnCoreNodeServerInternalObj from './kbn_core_node_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_mocks.mdx b/api_docs/kbn_core_node_server_mocks.mdx index 3bc4e2303812a..efd9b5fbbfec0 100644 --- a/api_docs/kbn_core_node_server_mocks.mdx +++ b/api_docs/kbn_core_node_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-mocks title: "@kbn/core-node-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-mocks'] --- import kbnCoreNodeServerMocksObj from './kbn_core_node_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser.mdx b/api_docs/kbn_core_notifications_browser.mdx index 062a8612135cb..fa45a22c1d4a6 100644 --- a/api_docs/kbn_core_notifications_browser.mdx +++ b/api_docs/kbn_core_notifications_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser title: "@kbn/core-notifications-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser'] --- import kbnCoreNotificationsBrowserObj from './kbn_core_notifications_browser.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_internal.mdx b/api_docs/kbn_core_notifications_browser_internal.mdx index 4d3de592e9a4e..4b68cf74c1be9 100644 --- a/api_docs/kbn_core_notifications_browser_internal.mdx +++ b/api_docs/kbn_core_notifications_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-internal title: "@kbn/core-notifications-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-internal'] --- import kbnCoreNotificationsBrowserInternalObj from './kbn_core_notifications_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_mocks.mdx b/api_docs/kbn_core_notifications_browser_mocks.mdx index 22250f11a38f8..5517b40593197 100644 --- a/api_docs/kbn_core_notifications_browser_mocks.mdx +++ b/api_docs/kbn_core_notifications_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-mocks title: "@kbn/core-notifications-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-mocks'] --- import kbnCoreNotificationsBrowserMocksObj from './kbn_core_notifications_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser.mdx b/api_docs/kbn_core_overlays_browser.mdx index de10e0ba022cb..57e71cb66b711 100644 --- a/api_docs/kbn_core_overlays_browser.mdx +++ b/api_docs/kbn_core_overlays_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser title: "@kbn/core-overlays-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser'] --- import kbnCoreOverlaysBrowserObj from './kbn_core_overlays_browser.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_internal.mdx b/api_docs/kbn_core_overlays_browser_internal.mdx index 2ec981ff29a52..23e2fcc52f762 100644 --- a/api_docs/kbn_core_overlays_browser_internal.mdx +++ b/api_docs/kbn_core_overlays_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-internal title: "@kbn/core-overlays-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-internal'] --- import kbnCoreOverlaysBrowserInternalObj from './kbn_core_overlays_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_mocks.mdx b/api_docs/kbn_core_overlays_browser_mocks.mdx index a5976f9ba19c2..b513a6a0210b3 100644 --- a/api_docs/kbn_core_overlays_browser_mocks.mdx +++ b/api_docs/kbn_core_overlays_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-mocks title: "@kbn/core-overlays-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-mocks'] --- import kbnCoreOverlaysBrowserMocksObj from './kbn_core_overlays_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser.mdx b/api_docs/kbn_core_plugins_browser.mdx index 9919953b94c49..80f96840b3a51 100644 --- a/api_docs/kbn_core_plugins_browser.mdx +++ b/api_docs/kbn_core_plugins_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser title: "@kbn/core-plugins-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser'] --- import kbnCorePluginsBrowserObj from './kbn_core_plugins_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser_mocks.mdx b/api_docs/kbn_core_plugins_browser_mocks.mdx index 84bd75f07fdef..653a2a64fa703 100644 --- a/api_docs/kbn_core_plugins_browser_mocks.mdx +++ b/api_docs/kbn_core_plugins_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser-mocks title: "@kbn/core-plugins-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser-mocks'] --- import kbnCorePluginsBrowserMocksObj from './kbn_core_plugins_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_browser.mdx b/api_docs/kbn_core_plugins_contracts_browser.mdx index daab0fc475aad..1249b549641b3 100644 --- a/api_docs/kbn_core_plugins_contracts_browser.mdx +++ b/api_docs/kbn_core_plugins_contracts_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-browser title: "@kbn/core-plugins-contracts-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-browser'] --- import kbnCorePluginsContractsBrowserObj from './kbn_core_plugins_contracts_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_server.mdx b/api_docs/kbn_core_plugins_contracts_server.mdx index eb4413848314a..2cb14668eeeae 100644 --- a/api_docs/kbn_core_plugins_contracts_server.mdx +++ b/api_docs/kbn_core_plugins_contracts_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-server title: "@kbn/core-plugins-contracts-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-server'] --- import kbnCorePluginsContractsServerObj from './kbn_core_plugins_contracts_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server.mdx b/api_docs/kbn_core_plugins_server.mdx index f181861e0bba5..0d7e55ef7fa24 100644 --- a/api_docs/kbn_core_plugins_server.mdx +++ b/api_docs/kbn_core_plugins_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server title: "@kbn/core-plugins-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server'] --- import kbnCorePluginsServerObj from './kbn_core_plugins_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server_mocks.mdx b/api_docs/kbn_core_plugins_server_mocks.mdx index cf450be3af51e..944d0697e3b81 100644 --- a/api_docs/kbn_core_plugins_server_mocks.mdx +++ b/api_docs/kbn_core_plugins_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server-mocks title: "@kbn/core-plugins-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server-mocks'] --- import kbnCorePluginsServerMocksObj from './kbn_core_plugins_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server.mdx b/api_docs/kbn_core_preboot_server.mdx index cb9fd6149bba6..aec40c6dce208 100644 --- a/api_docs/kbn_core_preboot_server.mdx +++ b/api_docs/kbn_core_preboot_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server title: "@kbn/core-preboot-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server'] --- import kbnCorePrebootServerObj from './kbn_core_preboot_server.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server_mocks.mdx b/api_docs/kbn_core_preboot_server_mocks.mdx index ba1508b9fd03a..bdfb9e4732c02 100644 --- a/api_docs/kbn_core_preboot_server_mocks.mdx +++ b/api_docs/kbn_core_preboot_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server-mocks title: "@kbn/core-preboot-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server-mocks'] --- import kbnCorePrebootServerMocksObj from './kbn_core_preboot_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_browser_mocks.mdx b/api_docs/kbn_core_rendering_browser_mocks.mdx index 0036a5f4dbd10..7379d7314fd79 100644 --- a/api_docs/kbn_core_rendering_browser_mocks.mdx +++ b/api_docs/kbn_core_rendering_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-browser-mocks title: "@kbn/core-rendering-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-browser-mocks'] --- import kbnCoreRenderingBrowserMocksObj from './kbn_core_rendering_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_internal.mdx b/api_docs/kbn_core_rendering_server_internal.mdx index 58c6547253067..7af41059a0325 100644 --- a/api_docs/kbn_core_rendering_server_internal.mdx +++ b/api_docs/kbn_core_rendering_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-internal title: "@kbn/core-rendering-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-internal'] --- import kbnCoreRenderingServerInternalObj from './kbn_core_rendering_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_mocks.mdx b/api_docs/kbn_core_rendering_server_mocks.mdx index e1c5986ab0ff2..db90a4d6ba317 100644 --- a/api_docs/kbn_core_rendering_server_mocks.mdx +++ b/api_docs/kbn_core_rendering_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-mocks title: "@kbn/core-rendering-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-mocks'] --- import kbnCoreRenderingServerMocksObj from './kbn_core_rendering_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_root_server_internal.mdx b/api_docs/kbn_core_root_server_internal.mdx index 8b5f5e4aa4311..ad0186fed104e 100644 --- a/api_docs/kbn_core_root_server_internal.mdx +++ b/api_docs/kbn_core_root_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-root-server-internal title: "@kbn/core-root-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-root-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-root-server-internal'] --- import kbnCoreRootServerInternalObj from './kbn_core_root_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_browser.mdx b/api_docs/kbn_core_saved_objects_api_browser.mdx index 3adba19c98769..1a07fde364f1a 100644 --- a/api_docs/kbn_core_saved_objects_api_browser.mdx +++ b/api_docs/kbn_core_saved_objects_api_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-browser title: "@kbn/core-saved-objects-api-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-browser'] --- import kbnCoreSavedObjectsApiBrowserObj from './kbn_core_saved_objects_api_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server.mdx b/api_docs/kbn_core_saved_objects_api_server.mdx index 8a1302ddcbf6a..21939150e979c 100644 --- a/api_docs/kbn_core_saved_objects_api_server.mdx +++ b/api_docs/kbn_core_saved_objects_api_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server title: "@kbn/core-saved-objects-api-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server'] --- import kbnCoreSavedObjectsApiServerObj from './kbn_core_saved_objects_api_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx index da3f36e9522f0..4345d0e2cbd01 100644 --- a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server-mocks title: "@kbn/core-saved-objects-api-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server-mocks'] --- import kbnCoreSavedObjectsApiServerMocksObj from './kbn_core_saved_objects_api_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_internal.mdx b/api_docs/kbn_core_saved_objects_base_server_internal.mdx index 7b2e79c69ff02..7e352ef3cf4c5 100644 --- a/api_docs/kbn_core_saved_objects_base_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-internal title: "@kbn/core-saved-objects-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-internal'] --- import kbnCoreSavedObjectsBaseServerInternalObj from './kbn_core_saved_objects_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx index e2a2c67e1210c..220d3b99b512b 100644 --- a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-mocks title: "@kbn/core-saved-objects-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-mocks'] --- import kbnCoreSavedObjectsBaseServerMocksObj from './kbn_core_saved_objects_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser.mdx b/api_docs/kbn_core_saved_objects_browser.mdx index e46d1031a5018..53c2af1ea4479 100644 --- a/api_docs/kbn_core_saved_objects_browser.mdx +++ b/api_docs/kbn_core_saved_objects_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser title: "@kbn/core-saved-objects-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser'] --- import kbnCoreSavedObjectsBrowserObj from './kbn_core_saved_objects_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_internal.mdx b/api_docs/kbn_core_saved_objects_browser_internal.mdx index 11589af660e63..94af7e2ad0373 100644 --- a/api_docs/kbn_core_saved_objects_browser_internal.mdx +++ b/api_docs/kbn_core_saved_objects_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-internal title: "@kbn/core-saved-objects-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-internal'] --- import kbnCoreSavedObjectsBrowserInternalObj from './kbn_core_saved_objects_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_mocks.mdx b/api_docs/kbn_core_saved_objects_browser_mocks.mdx index ada60acce7c07..45bfa55afa0b0 100644 --- a/api_docs/kbn_core_saved_objects_browser_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-mocks title: "@kbn/core-saved-objects-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-mocks'] --- import kbnCoreSavedObjectsBrowserMocksObj from './kbn_core_saved_objects_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_common.mdx b/api_docs/kbn_core_saved_objects_common.mdx index b2795d820a402..141e41a7ac6a8 100644 --- a/api_docs/kbn_core_saved_objects_common.mdx +++ b/api_docs/kbn_core_saved_objects_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-common title: "@kbn/core-saved-objects-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-common'] --- import kbnCoreSavedObjectsCommonObj from './kbn_core_saved_objects_common.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx index ba9e11b2a3279..8695a33b845d1 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-internal title: "@kbn/core-saved-objects-import-export-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-internal'] --- import kbnCoreSavedObjectsImportExportServerInternalObj from './kbn_core_saved_objects_import_export_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx index e6a3c5d079e5c..76c484025c00b 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-mocks title: "@kbn/core-saved-objects-import-export-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-mocks'] --- import kbnCoreSavedObjectsImportExportServerMocksObj from './kbn_core_saved_objects_import_export_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx index ba89398e3b482..2b10c291ca697 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-internal title: "@kbn/core-saved-objects-migration-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-internal'] --- import kbnCoreSavedObjectsMigrationServerInternalObj from './kbn_core_saved_objects_migration_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx index 44c0feb191ea0..3e4da598757df 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-mocks title: "@kbn/core-saved-objects-migration-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-mocks'] --- import kbnCoreSavedObjectsMigrationServerMocksObj from './kbn_core_saved_objects_migration_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server.mdx b/api_docs/kbn_core_saved_objects_server.mdx index 35f8a78fe751b..87b5b6fd05dd7 100644 --- a/api_docs/kbn_core_saved_objects_server.mdx +++ b/api_docs/kbn_core_saved_objects_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server title: "@kbn/core-saved-objects-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server'] --- import kbnCoreSavedObjectsServerObj from './kbn_core_saved_objects_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_internal.mdx b/api_docs/kbn_core_saved_objects_server_internal.mdx index d0a550c75a930..b52ebd3690a58 100644 --- a/api_docs/kbn_core_saved_objects_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-internal title: "@kbn/core-saved-objects-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-internal'] --- import kbnCoreSavedObjectsServerInternalObj from './kbn_core_saved_objects_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_mocks.mdx b/api_docs/kbn_core_saved_objects_server_mocks.mdx index 48c9b1327002e..0374715542ebc 100644 --- a/api_docs/kbn_core_saved_objects_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-mocks title: "@kbn/core-saved-objects-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-mocks'] --- import kbnCoreSavedObjectsServerMocksObj from './kbn_core_saved_objects_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_utils_server.mdx b/api_docs/kbn_core_saved_objects_utils_server.mdx index aff6dccc7bbab..2786fb415d2a9 100644 --- a/api_docs/kbn_core_saved_objects_utils_server.mdx +++ b/api_docs/kbn_core_saved_objects_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-utils-server title: "@kbn/core-saved-objects-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-utils-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-utils-server'] --- import kbnCoreSavedObjectsUtilsServerObj from './kbn_core_saved_objects_utils_server.devdocs.json'; diff --git a/api_docs/kbn_core_status_common.mdx b/api_docs/kbn_core_status_common.mdx index 5151288186e5c..f322fac4c93f9 100644 --- a/api_docs/kbn_core_status_common.mdx +++ b/api_docs/kbn_core_status_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common title: "@kbn/core-status-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common'] --- import kbnCoreStatusCommonObj from './kbn_core_status_common.devdocs.json'; diff --git a/api_docs/kbn_core_status_common_internal.mdx b/api_docs/kbn_core_status_common_internal.mdx index 3fc4583e22faa..39254035d3ecf 100644 --- a/api_docs/kbn_core_status_common_internal.mdx +++ b/api_docs/kbn_core_status_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common-internal title: "@kbn/core-status-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common-internal'] --- import kbnCoreStatusCommonInternalObj from './kbn_core_status_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server.mdx b/api_docs/kbn_core_status_server.mdx index c1dc341340c8e..7a4fbe9be16c8 100644 --- a/api_docs/kbn_core_status_server.mdx +++ b/api_docs/kbn_core_status_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server title: "@kbn/core-status-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server'] --- import kbnCoreStatusServerObj from './kbn_core_status_server.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_internal.mdx b/api_docs/kbn_core_status_server_internal.mdx index a19a6108e46bc..9f0909d8c8cb6 100644 --- a/api_docs/kbn_core_status_server_internal.mdx +++ b/api_docs/kbn_core_status_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-internal title: "@kbn/core-status-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-internal'] --- import kbnCoreStatusServerInternalObj from './kbn_core_status_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_mocks.mdx b/api_docs/kbn_core_status_server_mocks.mdx index f93500b821cdf..e97e9105b6b3d 100644 --- a/api_docs/kbn_core_status_server_mocks.mdx +++ b/api_docs/kbn_core_status_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-mocks title: "@kbn/core-status-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-mocks'] --- import kbnCoreStatusServerMocksObj from './kbn_core_status_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx index 8596d5aeadd53..4e7d764fef734 100644 --- a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx +++ b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-deprecations-getters title: "@kbn/core-test-helpers-deprecations-getters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-deprecations-getters plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-deprecations-getters'] --- import kbnCoreTestHelpersDeprecationsGettersObj from './kbn_core_test_helpers_deprecations_getters.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx index e2cbc7c068901..8ed48b359e560 100644 --- a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx +++ b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-http-setup-browser title: "@kbn/core-test-helpers-http-setup-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-http-setup-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-http-setup-browser'] --- import kbnCoreTestHelpersHttpSetupBrowserObj from './kbn_core_test_helpers_http_setup_browser.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_kbn_server.mdx b/api_docs/kbn_core_test_helpers_kbn_server.mdx index 640b5a3a06124..664d859671cfd 100644 --- a/api_docs/kbn_core_test_helpers_kbn_server.mdx +++ b/api_docs/kbn_core_test_helpers_kbn_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-kbn-server title: "@kbn/core-test-helpers-kbn-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-kbn-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-kbn-server'] --- import kbnCoreTestHelpersKbnServerObj from './kbn_core_test_helpers_kbn_server.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_model_versions.mdx b/api_docs/kbn_core_test_helpers_model_versions.mdx index 9449b97fdaead..9df89898c6b22 100644 --- a/api_docs/kbn_core_test_helpers_model_versions.mdx +++ b/api_docs/kbn_core_test_helpers_model_versions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-model-versions title: "@kbn/core-test-helpers-model-versions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-model-versions plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-model-versions'] --- import kbnCoreTestHelpersModelVersionsObj from './kbn_core_test_helpers_model_versions.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx index a20a4117bf77c..6e6e0657bcfa8 100644 --- a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx +++ b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-so-type-serializer title: "@kbn/core-test-helpers-so-type-serializer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-so-type-serializer plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-so-type-serializer'] --- import kbnCoreTestHelpersSoTypeSerializerObj from './kbn_core_test_helpers_so_type_serializer.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_test_utils.mdx b/api_docs/kbn_core_test_helpers_test_utils.mdx index fcec763599ced..fc47046cc49a3 100644 --- a/api_docs/kbn_core_test_helpers_test_utils.mdx +++ b/api_docs/kbn_core_test_helpers_test_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-test-utils title: "@kbn/core-test-helpers-test-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-test-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-test-utils'] --- import kbnCoreTestHelpersTestUtilsObj from './kbn_core_test_helpers_test_utils.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser.mdx b/api_docs/kbn_core_theme_browser.mdx index 0871e12f73c67..6cd0189708317 100644 --- a/api_docs/kbn_core_theme_browser.mdx +++ b/api_docs/kbn_core_theme_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser title: "@kbn/core-theme-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser'] --- import kbnCoreThemeBrowserObj from './kbn_core_theme_browser.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser_mocks.mdx b/api_docs/kbn_core_theme_browser_mocks.mdx index f0ce540e58ad0..875904cd6ff04 100644 --- a/api_docs/kbn_core_theme_browser_mocks.mdx +++ b/api_docs/kbn_core_theme_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser-mocks title: "@kbn/core-theme-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser-mocks'] --- import kbnCoreThemeBrowserMocksObj from './kbn_core_theme_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser.mdx b/api_docs/kbn_core_ui_settings_browser.mdx index 42fbf5711a520..473388766ad74 100644 --- a/api_docs/kbn_core_ui_settings_browser.mdx +++ b/api_docs/kbn_core_ui_settings_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser title: "@kbn/core-ui-settings-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser'] --- import kbnCoreUiSettingsBrowserObj from './kbn_core_ui_settings_browser.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_internal.mdx b/api_docs/kbn_core_ui_settings_browser_internal.mdx index d5e4b7477cbce..50f0f34e9ca64 100644 --- a/api_docs/kbn_core_ui_settings_browser_internal.mdx +++ b/api_docs/kbn_core_ui_settings_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-internal title: "@kbn/core-ui-settings-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-internal'] --- import kbnCoreUiSettingsBrowserInternalObj from './kbn_core_ui_settings_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_mocks.mdx b/api_docs/kbn_core_ui_settings_browser_mocks.mdx index f3bda94773549..c508938617385 100644 --- a/api_docs/kbn_core_ui_settings_browser_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-mocks title: "@kbn/core-ui-settings-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-mocks'] --- import kbnCoreUiSettingsBrowserMocksObj from './kbn_core_ui_settings_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_common.mdx b/api_docs/kbn_core_ui_settings_common.mdx index 11e0c1879000a..d43b7d6dd1154 100644 --- a/api_docs/kbn_core_ui_settings_common.mdx +++ b/api_docs/kbn_core_ui_settings_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-common title: "@kbn/core-ui-settings-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-common'] --- import kbnCoreUiSettingsCommonObj from './kbn_core_ui_settings_common.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server.mdx b/api_docs/kbn_core_ui_settings_server.mdx index d87d0da26c69b..48680842fbb92 100644 --- a/api_docs/kbn_core_ui_settings_server.mdx +++ b/api_docs/kbn_core_ui_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server title: "@kbn/core-ui-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server'] --- import kbnCoreUiSettingsServerObj from './kbn_core_ui_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_internal.mdx b/api_docs/kbn_core_ui_settings_server_internal.mdx index b7b601282072b..76cb0ea66e0b6 100644 --- a/api_docs/kbn_core_ui_settings_server_internal.mdx +++ b/api_docs/kbn_core_ui_settings_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-internal title: "@kbn/core-ui-settings-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-internal'] --- import kbnCoreUiSettingsServerInternalObj from './kbn_core_ui_settings_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_mocks.mdx b/api_docs/kbn_core_ui_settings_server_mocks.mdx index 67a6a755eaee6..f89be556c9535 100644 --- a/api_docs/kbn_core_ui_settings_server_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-mocks title: "@kbn/core-ui-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-mocks'] --- import kbnCoreUiSettingsServerMocksObj from './kbn_core_ui_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server.mdx b/api_docs/kbn_core_usage_data_server.mdx index 1c2475e9ddb86..5404408358408 100644 --- a/api_docs/kbn_core_usage_data_server.mdx +++ b/api_docs/kbn_core_usage_data_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server title: "@kbn/core-usage-data-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server'] --- import kbnCoreUsageDataServerObj from './kbn_core_usage_data_server.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_internal.mdx b/api_docs/kbn_core_usage_data_server_internal.mdx index 4495a2c46c514..ddd3619d913f1 100644 --- a/api_docs/kbn_core_usage_data_server_internal.mdx +++ b/api_docs/kbn_core_usage_data_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-internal title: "@kbn/core-usage-data-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-internal'] --- import kbnCoreUsageDataServerInternalObj from './kbn_core_usage_data_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_mocks.mdx b/api_docs/kbn_core_usage_data_server_mocks.mdx index fb4575e708304..46d50523cf977 100644 --- a/api_docs/kbn_core_usage_data_server_mocks.mdx +++ b/api_docs/kbn_core_usage_data_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-mocks title: "@kbn/core-usage-data-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-mocks'] --- import kbnCoreUsageDataServerMocksObj from './kbn_core_usage_data_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server.mdx b/api_docs/kbn_core_user_settings_server.mdx index 37a047e1ee1cc..ea81db9b5bc57 100644 --- a/api_docs/kbn_core_user_settings_server.mdx +++ b/api_docs/kbn_core_user_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server title: "@kbn/core-user-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server'] --- import kbnCoreUserSettingsServerObj from './kbn_core_user_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server_internal.mdx b/api_docs/kbn_core_user_settings_server_internal.mdx index 372e5940ef48a..9140b5058ddb7 100644 --- a/api_docs/kbn_core_user_settings_server_internal.mdx +++ b/api_docs/kbn_core_user_settings_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-internal title: "@kbn/core-user-settings-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server-internal plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-internal'] --- import kbnCoreUserSettingsServerInternalObj from './kbn_core_user_settings_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server_mocks.mdx b/api_docs/kbn_core_user_settings_server_mocks.mdx index 07fbc8c472879..91ba8ef78cf36 100644 --- a/api_docs/kbn_core_user_settings_server_mocks.mdx +++ b/api_docs/kbn_core_user_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-mocks title: "@kbn/core-user-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-mocks'] --- import kbnCoreUserSettingsServerMocksObj from './kbn_core_user_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_crypto.mdx b/api_docs/kbn_crypto.mdx index 9bc2f6e85ec3e..bb4e27dbdc21e 100644 --- a/api_docs/kbn_crypto.mdx +++ b/api_docs/kbn_crypto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto title: "@kbn/crypto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto'] --- import kbnCryptoObj from './kbn_crypto.devdocs.json'; diff --git a/api_docs/kbn_crypto_browser.mdx b/api_docs/kbn_crypto_browser.mdx index 507a1ab7e381f..9473e6ef4e7da 100644 --- a/api_docs/kbn_crypto_browser.mdx +++ b/api_docs/kbn_crypto_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto-browser title: "@kbn/crypto-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto-browser'] --- import kbnCryptoBrowserObj from './kbn_crypto_browser.devdocs.json'; diff --git a/api_docs/kbn_custom_icons.devdocs.json b/api_docs/kbn_custom_icons.devdocs.json new file mode 100644 index 0000000000000..7bf78ecff15a2 --- /dev/null +++ b/api_docs/kbn_custom_icons.devdocs.json @@ -0,0 +1,369 @@ +{ + "id": "@kbn/custom-icons", + "client": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "server": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "common": { + "classes": [], + "functions": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.AgentIcon", + "type": "Function", + "tags": [], + "label": "AgentIcon", + "description": [], + "signature": [ + "({ agentName, size = 'l', ...props }: ", + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.AgentIconProps", + "text": "AgentIconProps" + }, + ") => JSX.Element" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.AgentIcon.$1", + "type": "Object", + "tags": [], + "label": "{ agentName, size = 'l', ...props }", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.AgentIconProps", + "text": "AgentIconProps" + } + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProviderIcon", + "type": "Function", + "tags": [], + "label": "CloudProviderIcon", + "description": [], + "signature": [ + "({ cloudProvider, ...props }: ", + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProviderIconProps", + "text": "CloudProviderIconProps" + }, + ") => JSX.Element" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProviderIcon.$1", + "type": "Object", + "tags": [], + "label": "{ cloudProvider, ...props }", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProviderIconProps", + "text": "CloudProviderIconProps" + } + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getAgentIcon", + "type": "Function", + "tags": [], + "label": "getAgentIcon", + "description": [], + "signature": [ + "(agentName: string | undefined, isDarkMode: boolean) => string" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getAgentIcon.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getAgentIcon.$2", + "type": "boolean", + "tags": [], + "label": "isDarkMode", + "description": [], + "signature": [ + "boolean" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getCloudProviderIcon", + "type": "Function", + "tags": [], + "label": "getCloudProviderIcon", + "description": [], + "signature": [ + "(cloudProvider: ", + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProvider", + "text": "CloudProvider" + }, + ") => \"cloudSunny\" | \"logoAWS\" | \"logoAzure\" | \"logoGCP\"" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getCloudProviderIcon.$1", + "type": "CompoundType", + "tags": [], + "label": "cloudProvider", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProvider", + "text": "CloudProvider" + } + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getServerlessIcon", + "type": "Function", + "tags": [], + "label": "getServerlessIcon", + "description": [], + "signature": [ + "(serverlessType: ", + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.ServerlessType", + "text": "ServerlessType" + }, + " | undefined) => string" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.getServerlessIcon.$1", + "type": "CompoundType", + "tags": [], + "label": "serverlessType", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.ServerlessType", + "text": "ServerlessType" + }, + " | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + } + ], + "interfaces": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.AgentIconProps", + "type": "Interface", + "tags": [], + "label": "AgentIconProps", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.AgentIconProps", + "text": "AgentIconProps" + }, + " extends Omit<", + "EuiIconProps", + ", \"type\">" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.AgentIconProps.agentName", + "type": "CompoundType", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.AgentName", + "text": "AgentName" + }, + " | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/agent_icon/index.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProviderIconProps", + "type": "Interface", + "tags": [], + "label": "CloudProviderIconProps", + "description": [], + "signature": [ + { + "pluginId": "@kbn/custom-icons", + "scope": "common", + "docId": "kibKbnCustomIconsPluginApi", + "section": "def-common.CloudProviderIconProps", + "text": "CloudProviderIconProps" + }, + " extends Omit<", + "EuiIconProps", + ", \"type\">" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProviderIconProps.cloudProvider", + "type": "CompoundType", + "tags": [], + "label": "cloudProvider", + "description": [], + "signature": [ + "\"aws\" | \"azure\" | \"gcp\" | \"unknownProvider\" | null | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + } + ], + "enums": [], + "misc": [ + { + "parentPluginId": "@kbn/custom-icons", + "id": "def-common.CloudProvider", + "type": "Type", + "tags": [], + "label": "CloudProvider", + "description": [], + "signature": [ + "\"aws\" | \"azure\" | \"gcp\" | \"unknownProvider\" | null | undefined" + ], + "path": "packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ], + "objects": [] + } +} \ No newline at end of file diff --git a/api_docs/kbn_custom_icons.mdx b/api_docs/kbn_custom_icons.mdx new file mode 100644 index 0000000000000..a530c63b54ce1 --- /dev/null +++ b/api_docs/kbn_custom_icons.mdx @@ -0,0 +1,36 @@ +--- +#### +#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. +#### Reach out in #docs-engineering for more info. +#### +id: kibKbnCustomIconsPluginApi +slug: /kibana-dev-docs/api/kbn-custom-icons +title: "@kbn/custom-icons" +image: https://source.unsplash.com/400x175/?github +description: API docs for the @kbn/custom-icons plugin +date: 2023-11-21 +tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-icons'] +--- +import kbnCustomIconsObj from './kbn_custom_icons.devdocs.json'; + + + +Contact [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) for questions regarding this plugin. + +**Code health stats** + +| Public API count | Any count | Items lacking comments | Missing exports | +|-------------------|-----------|------------------------|-----------------| +| 16 | 0 | 16 | 0 | + +## Common + +### Functions + + +### Interfaces + + +### Consts, variables and types + + diff --git a/api_docs/kbn_custom_integrations.mdx b/api_docs/kbn_custom_integrations.mdx index 0ce2be33a4a27..9bd7f13098f0f 100644 --- a/api_docs/kbn_custom_integrations.mdx +++ b/api_docs/kbn_custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-integrations title: "@kbn/custom-integrations" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-integrations plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-integrations'] --- import kbnCustomIntegrationsObj from './kbn_custom_integrations.devdocs.json'; diff --git a/api_docs/kbn_cypress_config.mdx b/api_docs/kbn_cypress_config.mdx index 950404ec267f7..c475e84616e81 100644 --- a/api_docs/kbn_cypress_config.mdx +++ b/api_docs/kbn_cypress_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cypress-config title: "@kbn/cypress-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cypress-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cypress-config'] --- import kbnCypressConfigObj from './kbn_cypress_config.devdocs.json'; diff --git a/api_docs/kbn_data_service.mdx b/api_docs/kbn_data_service.mdx index e19a4ed026ac9..dafcb8cc1ca20 100644 --- a/api_docs/kbn_data_service.mdx +++ b/api_docs/kbn_data_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-service title: "@kbn/data-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-service plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-service'] --- import kbnDataServiceObj from './kbn_data_service.devdocs.json'; diff --git a/api_docs/kbn_datemath.mdx b/api_docs/kbn_datemath.mdx index 49f51f35ad8a7..f7261735ec03b 100644 --- a/api_docs/kbn_datemath.mdx +++ b/api_docs/kbn_datemath.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-datemath title: "@kbn/datemath" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/datemath plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/datemath'] --- import kbnDatemathObj from './kbn_datemath.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_analytics.mdx b/api_docs/kbn_deeplinks_analytics.mdx index 5071da97e5009..2c5af8a45f1bf 100644 --- a/api_docs/kbn_deeplinks_analytics.mdx +++ b/api_docs/kbn_deeplinks_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-analytics title: "@kbn/deeplinks-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-analytics plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-analytics'] --- import kbnDeeplinksAnalyticsObj from './kbn_deeplinks_analytics.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_devtools.mdx b/api_docs/kbn_deeplinks_devtools.mdx index 168f404df3635..a38d853a60d42 100644 --- a/api_docs/kbn_deeplinks_devtools.mdx +++ b/api_docs/kbn_deeplinks_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-devtools title: "@kbn/deeplinks-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-devtools plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-devtools'] --- import kbnDeeplinksDevtoolsObj from './kbn_deeplinks_devtools.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_management.mdx b/api_docs/kbn_deeplinks_management.mdx index db2f47965df08..76c725964ca1b 100644 --- a/api_docs/kbn_deeplinks_management.mdx +++ b/api_docs/kbn_deeplinks_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-management title: "@kbn/deeplinks-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-management plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-management'] --- import kbnDeeplinksManagementObj from './kbn_deeplinks_management.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_ml.mdx b/api_docs/kbn_deeplinks_ml.mdx index a50c1616f4610..5348a11f084bc 100644 --- a/api_docs/kbn_deeplinks_ml.mdx +++ b/api_docs/kbn_deeplinks_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-ml title: "@kbn/deeplinks-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-ml plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-ml'] --- import kbnDeeplinksMlObj from './kbn_deeplinks_ml.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_observability.mdx b/api_docs/kbn_deeplinks_observability.mdx index 39001f6283a03..e9bc7f0f987ea 100644 --- a/api_docs/kbn_deeplinks_observability.mdx +++ b/api_docs/kbn_deeplinks_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-observability title: "@kbn/deeplinks-observability" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-observability plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-observability'] --- import kbnDeeplinksObservabilityObj from './kbn_deeplinks_observability.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_search.mdx b/api_docs/kbn_deeplinks_search.mdx index 2d363bf7ac7e7..5c8c6e826fbab 100644 --- a/api_docs/kbn_deeplinks_search.mdx +++ b/api_docs/kbn_deeplinks_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-search title: "@kbn/deeplinks-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-search plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-search'] --- import kbnDeeplinksSearchObj from './kbn_deeplinks_search.devdocs.json'; diff --git a/api_docs/kbn_default_nav_analytics.mdx b/api_docs/kbn_default_nav_analytics.mdx index ba59b93be9a9d..5e25be6d1e5d6 100644 --- a/api_docs/kbn_default_nav_analytics.mdx +++ b/api_docs/kbn_default_nav_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-analytics title: "@kbn/default-nav-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-analytics plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-analytics'] --- import kbnDefaultNavAnalyticsObj from './kbn_default_nav_analytics.devdocs.json'; diff --git a/api_docs/kbn_default_nav_devtools.mdx b/api_docs/kbn_default_nav_devtools.mdx index dcbe7f8e50d8a..274bdac280424 100644 --- a/api_docs/kbn_default_nav_devtools.mdx +++ b/api_docs/kbn_default_nav_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-devtools title: "@kbn/default-nav-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-devtools plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-devtools'] --- import kbnDefaultNavDevtoolsObj from './kbn_default_nav_devtools.devdocs.json'; diff --git a/api_docs/kbn_default_nav_management.mdx b/api_docs/kbn_default_nav_management.mdx index 47e1153c1600d..124d5f509930c 100644 --- a/api_docs/kbn_default_nav_management.mdx +++ b/api_docs/kbn_default_nav_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-management title: "@kbn/default-nav-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-management plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-management'] --- import kbnDefaultNavManagementObj from './kbn_default_nav_management.devdocs.json'; diff --git a/api_docs/kbn_default_nav_ml.mdx b/api_docs/kbn_default_nav_ml.mdx index 314f767f82a32..510f1601fdd72 100644 --- a/api_docs/kbn_default_nav_ml.mdx +++ b/api_docs/kbn_default_nav_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-ml title: "@kbn/default-nav-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-ml plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-ml'] --- import kbnDefaultNavMlObj from './kbn_default_nav_ml.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_errors.mdx b/api_docs/kbn_dev_cli_errors.mdx index 53f15aee449a1..154ca5c93227d 100644 --- a/api_docs/kbn_dev_cli_errors.mdx +++ b/api_docs/kbn_dev_cli_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-errors title: "@kbn/dev-cli-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-errors plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-errors'] --- import kbnDevCliErrorsObj from './kbn_dev_cli_errors.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_runner.mdx b/api_docs/kbn_dev_cli_runner.mdx index 0e0aacc0aa972..9de640d5709aa 100644 --- a/api_docs/kbn_dev_cli_runner.mdx +++ b/api_docs/kbn_dev_cli_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-runner title: "@kbn/dev-cli-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-runner plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-runner'] --- import kbnDevCliRunnerObj from './kbn_dev_cli_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_proc_runner.mdx b/api_docs/kbn_dev_proc_runner.mdx index 94df57f9c173c..adfc178275a9c 100644 --- a/api_docs/kbn_dev_proc_runner.mdx +++ b/api_docs/kbn_dev_proc_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-proc-runner title: "@kbn/dev-proc-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-proc-runner plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-proc-runner'] --- import kbnDevProcRunnerObj from './kbn_dev_proc_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_utils.mdx b/api_docs/kbn_dev_utils.mdx index a2aad52e75d29..dcd983d3ceb07 100644 --- a/api_docs/kbn_dev_utils.mdx +++ b/api_docs/kbn_dev_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-utils title: "@kbn/dev-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-utils'] --- import kbnDevUtilsObj from './kbn_dev_utils.devdocs.json'; diff --git a/api_docs/kbn_discover_utils.mdx b/api_docs/kbn_discover_utils.mdx index d5018e3107693..693ffd9fc197b 100644 --- a/api_docs/kbn_discover_utils.mdx +++ b/api_docs/kbn_discover_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-utils title: "@kbn/discover-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/discover-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-utils'] --- import kbnDiscoverUtilsObj from './kbn_discover_utils.devdocs.json'; diff --git a/api_docs/kbn_doc_links.mdx b/api_docs/kbn_doc_links.mdx index 17b2089b33fa4..421f67945b045 100644 --- a/api_docs/kbn_doc_links.mdx +++ b/api_docs/kbn_doc_links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-doc-links title: "@kbn/doc-links" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/doc-links plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/doc-links'] --- import kbnDocLinksObj from './kbn_doc_links.devdocs.json'; diff --git a/api_docs/kbn_docs_utils.mdx b/api_docs/kbn_docs_utils.mdx index 004afa9afd313..42347b3f85b09 100644 --- a/api_docs/kbn_docs_utils.mdx +++ b/api_docs/kbn_docs_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-docs-utils title: "@kbn/docs-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/docs-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/docs-utils'] --- import kbnDocsUtilsObj from './kbn_docs_utils.devdocs.json'; diff --git a/api_docs/kbn_dom_drag_drop.mdx b/api_docs/kbn_dom_drag_drop.mdx index d9e54a13b876b..76a5ecbf01a14 100644 --- a/api_docs/kbn_dom_drag_drop.mdx +++ b/api_docs/kbn_dom_drag_drop.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dom-drag-drop title: "@kbn/dom-drag-drop" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dom-drag-drop plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dom-drag-drop'] --- import kbnDomDragDropObj from './kbn_dom_drag_drop.devdocs.json'; diff --git a/api_docs/kbn_ebt_tools.mdx b/api_docs/kbn_ebt_tools.mdx index 49bbe4ec1a751..97065406dcbc8 100644 --- a/api_docs/kbn_ebt_tools.mdx +++ b/api_docs/kbn_ebt_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt-tools title: "@kbn/ebt-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ebt-tools plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt-tools'] --- import kbnEbtToolsObj from './kbn_ebt_tools.devdocs.json'; diff --git a/api_docs/kbn_ecs.mdx b/api_docs/kbn_ecs.mdx index 076f057a892df..91447abe9e29e 100644 --- a/api_docs/kbn_ecs.mdx +++ b/api_docs/kbn_ecs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs title: "@kbn/ecs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ecs plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs'] --- import kbnEcsObj from './kbn_ecs.devdocs.json'; diff --git a/api_docs/kbn_ecs_data_quality_dashboard.mdx b/api_docs/kbn_ecs_data_quality_dashboard.mdx index 520c1fcb1ad40..4110be8a06e80 100644 --- a/api_docs/kbn_ecs_data_quality_dashboard.mdx +++ b/api_docs/kbn_ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs-data-quality-dashboard title: "@kbn/ecs-data-quality-dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ecs-data-quality-dashboard plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs-data-quality-dashboard'] --- import kbnEcsDataQualityDashboardObj from './kbn_ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/kbn_elastic_agent_utils.devdocs.json b/api_docs/kbn_elastic_agent_utils.devdocs.json new file mode 100644 index 0000000000000..84eff4c15229a --- /dev/null +++ b/api_docs/kbn_elastic_agent_utils.devdocs.json @@ -0,0 +1,631 @@ +{ + "id": "@kbn/elastic-agent-utils", + "client": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "server": { + "classes": [], + "functions": [], + "interfaces": [], + "enums": [], + "misc": [], + "objects": [] + }, + "common": { + "classes": [], + "functions": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAndroidAgentName", + "type": "Function", + "tags": [], + "label": "isAndroidAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAndroidAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAWSLambdaAgentName", + "type": "Function", + "tags": [], + "label": "isAWSLambdaAgentName", + "description": [], + "signature": [ + "(serverlessType: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAWSLambdaAgentName.$1", + "type": "string", + "tags": [], + "label": "serverlessType", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAzureFunctionsAgentName", + "type": "Function", + "tags": [], + "label": "isAzureFunctionsAgentName", + "description": [], + "signature": [ + "(serverlessType: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isAzureFunctionsAgentName.$1", + "type": "string", + "tags": [], + "label": "serverlessType", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isIosAgentName", + "type": "Function", + "tags": [], + "label": "isIosAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isIosAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJavaAgentName", + "type": "Function", + "tags": [], + "label": "isJavaAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJavaAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJRubyAgentName", + "type": "Function", + "tags": [], + "label": "isJRubyAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined, runtimeName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJRubyAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isJRubyAgentName.$2", + "type": "string", + "tags": [], + "label": "runtimeName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isMobileAgentName", + "type": "Function", + "tags": [], + "label": "isMobileAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isMobileAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isOpenTelemetryAgentName", + "type": "Function", + "tags": [], + "label": "isOpenTelemetryAgentName", + "description": [], + "signature": [ + "(agentName: string) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isOpenTelemetryAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isRumAgentName", + "type": "Function", + "tags": [], + "label": "isRumAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isRumAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isRumOrMobileAgentName", + "type": "Function", + "tags": [], + "label": "isRumOrMobileAgentName", + "description": [], + "signature": [ + "(agentName: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isRumOrMobileAgentName.$1", + "type": "string", + "tags": [], + "label": "agentName", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isServerlessAgentName", + "type": "Function", + "tags": [], + "label": "isServerlessAgentName", + "description": [], + "signature": [ + "(serverlessType: string | undefined) => boolean" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.isServerlessAgentName.$1", + "type": "string", + "tags": [], + "label": "serverlessType", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_guards.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": false + } + ], + "returnComment": [], + "initialIsOpen": false + } + ], + "interfaces": [], + "enums": [], + "misc": [ + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.AgentName", + "text": "AgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.AgentName", + "type": "Type", + "tags": [], + "label": "AgentName", + "description": [], + "signature": [ + "\"java\" | \"go\" | \"dotnet\" | \"php\" | \"ruby\" | \"otlp\" | \"android/java\" | \"iOS/swift\" | \"rum-js\" | \"js-base\" | \"opentelemetry/webjs\" | \"opentelemetry/java\" | \"nodejs\" | \"python\" | \"opentelemetry/cpp\" | \"opentelemetry/dotnet\" | \"opentelemetry/erlang\" | \"opentelemetry/go\" | \"opentelemetry/nodejs\" | \"opentelemetry/php\" | \"opentelemetry/python\" | \"opentelemetry/ruby\" | \"opentelemetry/rust\" | \"opentelemetry/swift\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.ELASTIC_AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "ELASTIC_AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.ElasticAgentName", + "text": "ElasticAgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.ElasticAgentName", + "type": "Type", + "tags": [], + "label": "ElasticAgentName", + "description": [ + "\nWe cannot mark these arrays as const and derive their type\nbecause we need to be able to assign them as mutable entities for ES queries." + ], + "signature": [ + "\"java\" | \"go\" | \"dotnet\" | \"php\" | \"ruby\" | \"android/java\" | \"iOS/swift\" | \"rum-js\" | \"js-base\" | \"nodejs\" | \"python\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.JAVA_AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "JAVA_AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.JavaAgentName", + "text": "JavaAgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.JavaAgentName", + "type": "Type", + "tags": [], + "label": "JavaAgentName", + "description": [], + "signature": [ + "\"java\" | \"opentelemetry/java\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.OPEN_TELEMETRY_AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "OPEN_TELEMETRY_AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.OpenTelemetryAgentName", + "text": "OpenTelemetryAgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.OpenTelemetryAgentName", + "type": "Type", + "tags": [], + "label": "OpenTelemetryAgentName", + "description": [], + "signature": [ + "\"otlp\" | \"opentelemetry/webjs\" | \"opentelemetry/java\" | \"opentelemetry/cpp\" | \"opentelemetry/dotnet\" | \"opentelemetry/erlang\" | \"opentelemetry/go\" | \"opentelemetry/nodejs\" | \"opentelemetry/php\" | \"opentelemetry/python\" | \"opentelemetry/ruby\" | \"opentelemetry/rust\" | \"opentelemetry/swift\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.RUM_AGENT_NAMES", + "type": "Array", + "tags": [], + "label": "RUM_AGENT_NAMES", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.RumAgentName", + "text": "RumAgentName" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.RumAgentName", + "type": "Type", + "tags": [], + "label": "RumAgentName", + "description": [], + "signature": [ + "\"rum-js\" | \"js-base\" | \"opentelemetry/webjs\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.SERVERLESS_TYPE", + "type": "Array", + "tags": [], + "label": "SERVERLESS_TYPE", + "description": [], + "signature": [ + { + "pluginId": "@kbn/elastic-agent-utils", + "scope": "common", + "docId": "kibKbnElasticAgentUtilsPluginApi", + "section": "def-common.ServerlessType", + "text": "ServerlessType" + }, + "[]" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/elastic-agent-utils", + "id": "def-common.ServerlessType", + "type": "Type", + "tags": [], + "label": "ServerlessType", + "description": [], + "signature": [ + "\"aws.lambda\" | \"azure.functions\"" + ], + "path": "packages/kbn-elastic-agent-utils/src/agent_names.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + } + ], + "objects": [] + } +} \ No newline at end of file diff --git a/api_docs/kbn_elastic_agent_utils.mdx b/api_docs/kbn_elastic_agent_utils.mdx new file mode 100644 index 0000000000000..f96d2d23ad4f8 --- /dev/null +++ b/api_docs/kbn_elastic_agent_utils.mdx @@ -0,0 +1,33 @@ +--- +#### +#### This document is auto-generated and is meant to be viewed inside our experimental, new docs system. +#### Reach out in #docs-engineering for more info. +#### +id: kibKbnElasticAgentUtilsPluginApi +slug: /kibana-dev-docs/api/kbn-elastic-agent-utils +title: "@kbn/elastic-agent-utils" +image: https://source.unsplash.com/400x175/?github +description: API docs for the @kbn/elastic-agent-utils plugin +date: 2023-11-21 +tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-agent-utils'] +--- +import kbnElasticAgentUtilsObj from './kbn_elastic_agent_utils.devdocs.json'; + + + +Contact [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) for questions regarding this plugin. + +**Code health stats** + +| Public API count | Any count | Items lacking comments | Missing exports | +|-------------------|-----------|------------------------|-----------------| +| 35 | 0 | 34 | 0 | + +## Common + +### Functions + + +### Consts, variables and types + + diff --git a/api_docs/kbn_elastic_assistant.mdx b/api_docs/kbn_elastic_assistant.mdx index 7defc586d805e..486a464a743cb 100644 --- a/api_docs/kbn_elastic_assistant.mdx +++ b/api_docs/kbn_elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant title: "@kbn/elastic-assistant" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant'] --- import kbnElasticAssistantObj from './kbn_elastic_assistant.devdocs.json'; diff --git a/api_docs/kbn_es.mdx b/api_docs/kbn_es.mdx index 9b96f9cb53ab8..4d715135fc154 100644 --- a/api_docs/kbn_es.mdx +++ b/api_docs/kbn_es.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es title: "@kbn/es" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es'] --- import kbnEsObj from './kbn_es.devdocs.json'; diff --git a/api_docs/kbn_es_archiver.mdx b/api_docs/kbn_es_archiver.mdx index 5243dbbed68b3..3adc0ff6f3560 100644 --- a/api_docs/kbn_es_archiver.mdx +++ b/api_docs/kbn_es_archiver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-archiver title: "@kbn/es-archiver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-archiver plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-archiver'] --- import kbnEsArchiverObj from './kbn_es_archiver.devdocs.json'; diff --git a/api_docs/kbn_es_errors.mdx b/api_docs/kbn_es_errors.mdx index 375737e46c6b9..80a922840dbd3 100644 --- a/api_docs/kbn_es_errors.mdx +++ b/api_docs/kbn_es_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-errors title: "@kbn/es-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-errors plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-errors'] --- import kbnEsErrorsObj from './kbn_es_errors.devdocs.json'; diff --git a/api_docs/kbn_es_query.mdx b/api_docs/kbn_es_query.mdx index f7b5ab70acb8d..b37e32f1b3927 100644 --- a/api_docs/kbn_es_query.mdx +++ b/api_docs/kbn_es_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-query title: "@kbn/es-query" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-query plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-query'] --- import kbnEsQueryObj from './kbn_es_query.devdocs.json'; diff --git a/api_docs/kbn_es_types.mdx b/api_docs/kbn_es_types.mdx index 95ddbbdf650e7..84dafa401b1ff 100644 --- a/api_docs/kbn_es_types.mdx +++ b/api_docs/kbn_es_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-types title: "@kbn/es-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-types'] --- import kbnEsTypesObj from './kbn_es_types.devdocs.json'; diff --git a/api_docs/kbn_eslint_plugin_imports.mdx b/api_docs/kbn_eslint_plugin_imports.mdx index 7e687a9064d44..8efe7adb44186 100644 --- a/api_docs/kbn_eslint_plugin_imports.mdx +++ b/api_docs/kbn_eslint_plugin_imports.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-eslint-plugin-imports title: "@kbn/eslint-plugin-imports" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/eslint-plugin-imports plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/eslint-plugin-imports'] --- import kbnEslintPluginImportsObj from './kbn_eslint_plugin_imports.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_common.mdx b/api_docs/kbn_event_annotation_common.mdx index e15e6a809005b..4580d05fb467a 100644 --- a/api_docs/kbn_event_annotation_common.mdx +++ b/api_docs/kbn_event_annotation_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-common title: "@kbn/event-annotation-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-common'] --- import kbnEventAnnotationCommonObj from './kbn_event_annotation_common.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_components.mdx b/api_docs/kbn_event_annotation_components.mdx index 2853503edc1c8..019d146888085 100644 --- a/api_docs/kbn_event_annotation_components.mdx +++ b/api_docs/kbn_event_annotation_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-components title: "@kbn/event-annotation-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-components plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-components'] --- import kbnEventAnnotationComponentsObj from './kbn_event_annotation_components.devdocs.json'; diff --git a/api_docs/kbn_expandable_flyout.mdx b/api_docs/kbn_expandable_flyout.mdx index df2d68f6533f2..166f3ed0b0b14 100644 --- a/api_docs/kbn_expandable_flyout.mdx +++ b/api_docs/kbn_expandable_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-expandable-flyout title: "@kbn/expandable-flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/expandable-flyout plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/expandable-flyout'] --- import kbnExpandableFlyoutObj from './kbn_expandable_flyout.devdocs.json'; diff --git a/api_docs/kbn_field_types.mdx b/api_docs/kbn_field_types.mdx index 3078ef80d1337..6530d67e74dfb 100644 --- a/api_docs/kbn_field_types.mdx +++ b/api_docs/kbn_field_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-types title: "@kbn/field-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-types'] --- import kbnFieldTypesObj from './kbn_field_types.devdocs.json'; diff --git a/api_docs/kbn_field_utils.mdx b/api_docs/kbn_field_utils.mdx index 73e882742c319..94632df85bc83 100644 --- a/api_docs/kbn_field_utils.mdx +++ b/api_docs/kbn_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-utils title: "@kbn/field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-utils'] --- import kbnFieldUtilsObj from './kbn_field_utils.devdocs.json'; diff --git a/api_docs/kbn_find_used_node_modules.mdx b/api_docs/kbn_find_used_node_modules.mdx index 5146f0108affb..a0e32b9946466 100644 --- a/api_docs/kbn_find_used_node_modules.mdx +++ b/api_docs/kbn_find_used_node_modules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-find-used-node-modules title: "@kbn/find-used-node-modules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/find-used-node-modules plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/find-used-node-modules'] --- import kbnFindUsedNodeModulesObj from './kbn_find_used_node_modules.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_services.mdx b/api_docs/kbn_ftr_common_functional_services.mdx index 6c00c775527d4..75f8fe4cf2b7b 100644 --- a/api_docs/kbn_ftr_common_functional_services.mdx +++ b/api_docs/kbn_ftr_common_functional_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-services title: "@kbn/ftr-common-functional-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-services plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-services'] --- import kbnFtrCommonFunctionalServicesObj from './kbn_ftr_common_functional_services.devdocs.json'; diff --git a/api_docs/kbn_generate.mdx b/api_docs/kbn_generate.mdx index 2c13459152756..001b92ac1b31c 100644 --- a/api_docs/kbn_generate.mdx +++ b/api_docs/kbn_generate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate title: "@kbn/generate" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate'] --- import kbnGenerateObj from './kbn_generate.devdocs.json'; diff --git a/api_docs/kbn_generate_console_definitions.mdx b/api_docs/kbn_generate_console_definitions.mdx index 64c0a9b45bc03..a128e75d2bc35 100644 --- a/api_docs/kbn_generate_console_definitions.mdx +++ b/api_docs/kbn_generate_console_definitions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-console-definitions title: "@kbn/generate-console-definitions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-console-definitions plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-console-definitions'] --- import kbnGenerateConsoleDefinitionsObj from './kbn_generate_console_definitions.devdocs.json'; diff --git a/api_docs/kbn_generate_csv.mdx b/api_docs/kbn_generate_csv.mdx index 41c737b6664ec..7a478239e9988 100644 --- a/api_docs/kbn_generate_csv.mdx +++ b/api_docs/kbn_generate_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-csv title: "@kbn/generate-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-csv plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-csv'] --- import kbnGenerateCsvObj from './kbn_generate_csv.devdocs.json'; diff --git a/api_docs/kbn_guided_onboarding.mdx b/api_docs/kbn_guided_onboarding.mdx index dec9bf5c718b9..a795592fc5d1c 100644 --- a/api_docs/kbn_guided_onboarding.mdx +++ b/api_docs/kbn_guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-guided-onboarding title: "@kbn/guided-onboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/guided-onboarding plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/guided-onboarding'] --- import kbnGuidedOnboardingObj from './kbn_guided_onboarding.devdocs.json'; diff --git a/api_docs/kbn_handlebars.mdx b/api_docs/kbn_handlebars.mdx index 92a86a53f20cd..cf41bad68261a 100644 --- a/api_docs/kbn_handlebars.mdx +++ b/api_docs/kbn_handlebars.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-handlebars title: "@kbn/handlebars" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/handlebars plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/handlebars'] --- import kbnHandlebarsObj from './kbn_handlebars.devdocs.json'; diff --git a/api_docs/kbn_hapi_mocks.mdx b/api_docs/kbn_hapi_mocks.mdx index 6e0235fcb33c9..16796582f8a72 100644 --- a/api_docs/kbn_hapi_mocks.mdx +++ b/api_docs/kbn_hapi_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-hapi-mocks title: "@kbn/hapi-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/hapi-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/hapi-mocks'] --- import kbnHapiMocksObj from './kbn_hapi_mocks.devdocs.json'; diff --git a/api_docs/kbn_health_gateway_server.mdx b/api_docs/kbn_health_gateway_server.mdx index c1f422a6950a8..aacda0ded28a6 100644 --- a/api_docs/kbn_health_gateway_server.mdx +++ b/api_docs/kbn_health_gateway_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-health-gateway-server title: "@kbn/health-gateway-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/health-gateway-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/health-gateway-server'] --- import kbnHealthGatewayServerObj from './kbn_health_gateway_server.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_card.mdx b/api_docs/kbn_home_sample_data_card.mdx index df9b7818eed41..9a85a0f5cf515 100644 --- a/api_docs/kbn_home_sample_data_card.mdx +++ b/api_docs/kbn_home_sample_data_card.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-card title: "@kbn/home-sample-data-card" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-card plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-card'] --- import kbnHomeSampleDataCardObj from './kbn_home_sample_data_card.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_tab.mdx b/api_docs/kbn_home_sample_data_tab.mdx index 70d95c9c153bb..94f5421a77cde 100644 --- a/api_docs/kbn_home_sample_data_tab.mdx +++ b/api_docs/kbn_home_sample_data_tab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-tab title: "@kbn/home-sample-data-tab" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-tab plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-tab'] --- import kbnHomeSampleDataTabObj from './kbn_home_sample_data_tab.devdocs.json'; diff --git a/api_docs/kbn_i18n.mdx b/api_docs/kbn_i18n.mdx index f8fbbacd7f47b..c5f3b626d6c46 100644 --- a/api_docs/kbn_i18n.mdx +++ b/api_docs/kbn_i18n.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n title: "@kbn/i18n" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n'] --- import kbnI18nObj from './kbn_i18n.devdocs.json'; diff --git a/api_docs/kbn_i18n_react.mdx b/api_docs/kbn_i18n_react.mdx index df159a98b23b3..855686c7e7515 100644 --- a/api_docs/kbn_i18n_react.mdx +++ b/api_docs/kbn_i18n_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n-react title: "@kbn/i18n-react" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n-react plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n-react'] --- import kbnI18nReactObj from './kbn_i18n_react.devdocs.json'; diff --git a/api_docs/kbn_import_resolver.mdx b/api_docs/kbn_import_resolver.mdx index b2e271da27abe..6b2df4490beac 100644 --- a/api_docs/kbn_import_resolver.mdx +++ b/api_docs/kbn_import_resolver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-import-resolver title: "@kbn/import-resolver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/import-resolver plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/import-resolver'] --- import kbnImportResolverObj from './kbn_import_resolver.devdocs.json'; diff --git a/api_docs/kbn_infra_forge.mdx b/api_docs/kbn_infra_forge.mdx index 1e9c3cadca521..71a9a3c9628ce 100644 --- a/api_docs/kbn_infra_forge.mdx +++ b/api_docs/kbn_infra_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-infra-forge title: "@kbn/infra-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/infra-forge plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/infra-forge'] --- import kbnInfraForgeObj from './kbn_infra_forge.devdocs.json'; diff --git a/api_docs/kbn_interpreter.mdx b/api_docs/kbn_interpreter.mdx index 29e393817a5ae..81cbf3de7a0bc 100644 --- a/api_docs/kbn_interpreter.mdx +++ b/api_docs/kbn_interpreter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-interpreter title: "@kbn/interpreter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/interpreter plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/interpreter'] --- import kbnInterpreterObj from './kbn_interpreter.devdocs.json'; diff --git a/api_docs/kbn_io_ts_utils.mdx b/api_docs/kbn_io_ts_utils.mdx index 45d92c2894c5c..baa2b7c59236b 100644 --- a/api_docs/kbn_io_ts_utils.mdx +++ b/api_docs/kbn_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-io-ts-utils title: "@kbn/io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/io-ts-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/io-ts-utils'] --- import kbnIoTsUtilsObj from './kbn_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_jest_serializers.mdx b/api_docs/kbn_jest_serializers.mdx index 73ac47a475a70..7134a6b5111b3 100644 --- a/api_docs/kbn_jest_serializers.mdx +++ b/api_docs/kbn_jest_serializers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-jest-serializers title: "@kbn/jest-serializers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/jest-serializers plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/jest-serializers'] --- import kbnJestSerializersObj from './kbn_jest_serializers.devdocs.json'; diff --git a/api_docs/kbn_journeys.mdx b/api_docs/kbn_journeys.mdx index 53fc4b372c95d..4516c2a6fbcee 100644 --- a/api_docs/kbn_journeys.mdx +++ b/api_docs/kbn_journeys.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-journeys title: "@kbn/journeys" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/journeys plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/journeys'] --- import kbnJourneysObj from './kbn_journeys.devdocs.json'; diff --git a/api_docs/kbn_json_ast.mdx b/api_docs/kbn_json_ast.mdx index 5aabe99afc6cf..f7fc8909007f5 100644 --- a/api_docs/kbn_json_ast.mdx +++ b/api_docs/kbn_json_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-ast title: "@kbn/json-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-ast plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-ast'] --- import kbnJsonAstObj from './kbn_json_ast.devdocs.json'; diff --git a/api_docs/kbn_kibana_manifest_schema.mdx b/api_docs/kbn_kibana_manifest_schema.mdx index e5f7836601b02..920d818e7209e 100644 --- a/api_docs/kbn_kibana_manifest_schema.mdx +++ b/api_docs/kbn_kibana_manifest_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-kibana-manifest-schema title: "@kbn/kibana-manifest-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/kibana-manifest-schema plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/kibana-manifest-schema'] --- import kbnKibanaManifestSchemaObj from './kbn_kibana_manifest_schema.devdocs.json'; diff --git a/api_docs/kbn_language_documentation_popover.mdx b/api_docs/kbn_language_documentation_popover.mdx index 350bcbd2dbf8f..839aaebe18787 100644 --- a/api_docs/kbn_language_documentation_popover.mdx +++ b/api_docs/kbn_language_documentation_popover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-language-documentation-popover title: "@kbn/language-documentation-popover" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/language-documentation-popover plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/language-documentation-popover'] --- import kbnLanguageDocumentationPopoverObj from './kbn_language_documentation_popover.devdocs.json'; diff --git a/api_docs/kbn_lens_embeddable_utils.mdx b/api_docs/kbn_lens_embeddable_utils.mdx index 9e4585da316bc..25bf0d6391481 100644 --- a/api_docs/kbn_lens_embeddable_utils.mdx +++ b/api_docs/kbn_lens_embeddable_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-embeddable-utils title: "@kbn/lens-embeddable-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-embeddable-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-embeddable-utils'] --- import kbnLensEmbeddableUtilsObj from './kbn_lens_embeddable_utils.devdocs.json'; diff --git a/api_docs/kbn_logging.mdx b/api_docs/kbn_logging.mdx index f5e8c3e9f8064..3843787a91b24 100644 --- a/api_docs/kbn_logging.mdx +++ b/api_docs/kbn_logging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging title: "@kbn/logging" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging'] --- import kbnLoggingObj from './kbn_logging.devdocs.json'; diff --git a/api_docs/kbn_logging_mocks.mdx b/api_docs/kbn_logging_mocks.mdx index d967a060cbc0f..1c4747f8f5128 100644 --- a/api_docs/kbn_logging_mocks.mdx +++ b/api_docs/kbn_logging_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging-mocks title: "@kbn/logging-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging-mocks'] --- import kbnLoggingMocksObj from './kbn_logging_mocks.devdocs.json'; diff --git a/api_docs/kbn_managed_vscode_config.mdx b/api_docs/kbn_managed_vscode_config.mdx index 88cada93d88dd..cc618d8400811 100644 --- a/api_docs/kbn_managed_vscode_config.mdx +++ b/api_docs/kbn_managed_vscode_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-vscode-config title: "@kbn/managed-vscode-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-vscode-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-vscode-config'] --- import kbnManagedVscodeConfigObj from './kbn_managed_vscode_config.devdocs.json'; diff --git a/api_docs/kbn_management_cards_navigation.mdx b/api_docs/kbn_management_cards_navigation.mdx index 6048817f25b31..e3f1292bdaf72 100644 --- a/api_docs/kbn_management_cards_navigation.mdx +++ b/api_docs/kbn_management_cards_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-cards-navigation title: "@kbn/management-cards-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-cards-navigation plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-cards-navigation'] --- import kbnManagementCardsNavigationObj from './kbn_management_cards_navigation.devdocs.json'; diff --git a/api_docs/kbn_management_settings_application.mdx b/api_docs/kbn_management_settings_application.mdx index 535f33f58a657..c89f2595278ca 100644 --- a/api_docs/kbn_management_settings_application.mdx +++ b/api_docs/kbn_management_settings_application.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-application title: "@kbn/management-settings-application" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-application plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-application'] --- import kbnManagementSettingsApplicationObj from './kbn_management_settings_application.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_category.mdx b/api_docs/kbn_management_settings_components_field_category.mdx index c58807461694e..a77ff49637cd5 100644 --- a/api_docs/kbn_management_settings_components_field_category.mdx +++ b/api_docs/kbn_management_settings_components_field_category.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-category title: "@kbn/management-settings-components-field-category" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-category plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-category'] --- import kbnManagementSettingsComponentsFieldCategoryObj from './kbn_management_settings_components_field_category.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_input.mdx b/api_docs/kbn_management_settings_components_field_input.mdx index 01a006aba4c5e..93c1faa74c0a3 100644 --- a/api_docs/kbn_management_settings_components_field_input.mdx +++ b/api_docs/kbn_management_settings_components_field_input.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-input title: "@kbn/management-settings-components-field-input" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-input plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-input'] --- import kbnManagementSettingsComponentsFieldInputObj from './kbn_management_settings_components_field_input.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_row.mdx b/api_docs/kbn_management_settings_components_field_row.mdx index 8dd729c875288..d2c50166a0b27 100644 --- a/api_docs/kbn_management_settings_components_field_row.mdx +++ b/api_docs/kbn_management_settings_components_field_row.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-row title: "@kbn/management-settings-components-field-row" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-row plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-row'] --- import kbnManagementSettingsComponentsFieldRowObj from './kbn_management_settings_components_field_row.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_form.mdx b/api_docs/kbn_management_settings_components_form.mdx index 16cd9f7f2705c..a4a182216dd2c 100644 --- a/api_docs/kbn_management_settings_components_form.mdx +++ b/api_docs/kbn_management_settings_components_form.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-form title: "@kbn/management-settings-components-form" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-form plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-form'] --- import kbnManagementSettingsComponentsFormObj from './kbn_management_settings_components_form.devdocs.json'; diff --git a/api_docs/kbn_management_settings_field_definition.mdx b/api_docs/kbn_management_settings_field_definition.mdx index 398e551c5f5b3..477bd6ec44800 100644 --- a/api_docs/kbn_management_settings_field_definition.mdx +++ b/api_docs/kbn_management_settings_field_definition.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-field-definition title: "@kbn/management-settings-field-definition" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-field-definition plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-field-definition'] --- import kbnManagementSettingsFieldDefinitionObj from './kbn_management_settings_field_definition.devdocs.json'; diff --git a/api_docs/kbn_management_settings_ids.mdx b/api_docs/kbn_management_settings_ids.mdx index e5b15f2b49f34..ddec605878f9d 100644 --- a/api_docs/kbn_management_settings_ids.mdx +++ b/api_docs/kbn_management_settings_ids.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-ids title: "@kbn/management-settings-ids" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-ids plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-ids'] --- import kbnManagementSettingsIdsObj from './kbn_management_settings_ids.devdocs.json'; diff --git a/api_docs/kbn_management_settings_section_registry.mdx b/api_docs/kbn_management_settings_section_registry.mdx index fb7d41f6243de..5f198ea5cdc0f 100644 --- a/api_docs/kbn_management_settings_section_registry.mdx +++ b/api_docs/kbn_management_settings_section_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-section-registry title: "@kbn/management-settings-section-registry" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-section-registry plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-section-registry'] --- import kbnManagementSettingsSectionRegistryObj from './kbn_management_settings_section_registry.devdocs.json'; diff --git a/api_docs/kbn_management_settings_types.mdx b/api_docs/kbn_management_settings_types.mdx index 6c5173263b948..5a4e3b875f24f 100644 --- a/api_docs/kbn_management_settings_types.mdx +++ b/api_docs/kbn_management_settings_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-types title: "@kbn/management-settings-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-types'] --- import kbnManagementSettingsTypesObj from './kbn_management_settings_types.devdocs.json'; diff --git a/api_docs/kbn_management_settings_utilities.mdx b/api_docs/kbn_management_settings_utilities.mdx index 8a9d08e1aa036..b4655ad105d36 100644 --- a/api_docs/kbn_management_settings_utilities.mdx +++ b/api_docs/kbn_management_settings_utilities.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-utilities title: "@kbn/management-settings-utilities" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-utilities plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-utilities'] --- import kbnManagementSettingsUtilitiesObj from './kbn_management_settings_utilities.devdocs.json'; diff --git a/api_docs/kbn_management_storybook_config.mdx b/api_docs/kbn_management_storybook_config.mdx index 12ecbec635db3..99d70b50b4948 100644 --- a/api_docs/kbn_management_storybook_config.mdx +++ b/api_docs/kbn_management_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-storybook-config title: "@kbn/management-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-storybook-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-storybook-config'] --- import kbnManagementStorybookConfigObj from './kbn_management_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_mapbox_gl.mdx b/api_docs/kbn_mapbox_gl.mdx index 23d7657722cb9..d9461dc0769ce 100644 --- a/api_docs/kbn_mapbox_gl.mdx +++ b/api_docs/kbn_mapbox_gl.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mapbox-gl title: "@kbn/mapbox-gl" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mapbox-gl plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mapbox-gl'] --- import kbnMapboxGlObj from './kbn_mapbox_gl.devdocs.json'; diff --git a/api_docs/kbn_maps_vector_tile_utils.mdx b/api_docs/kbn_maps_vector_tile_utils.mdx index 1908f83a48fbf..5b6c9864c4479 100644 --- a/api_docs/kbn_maps_vector_tile_utils.mdx +++ b/api_docs/kbn_maps_vector_tile_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-maps-vector-tile-utils title: "@kbn/maps-vector-tile-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/maps-vector-tile-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/maps-vector-tile-utils'] --- import kbnMapsVectorTileUtilsObj from './kbn_maps_vector_tile_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_agg_utils.mdx b/api_docs/kbn_ml_agg_utils.mdx index e2af14fd172e2..66af525b30c8d 100644 --- a/api_docs/kbn_ml_agg_utils.mdx +++ b/api_docs/kbn_ml_agg_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-agg-utils title: "@kbn/ml-agg-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-agg-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-agg-utils'] --- import kbnMlAggUtilsObj from './kbn_ml_agg_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_anomaly_utils.mdx b/api_docs/kbn_ml_anomaly_utils.mdx index e9f88cbe8a148..87766229e87e4 100644 --- a/api_docs/kbn_ml_anomaly_utils.mdx +++ b/api_docs/kbn_ml_anomaly_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-anomaly-utils title: "@kbn/ml-anomaly-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-anomaly-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-anomaly-utils'] --- import kbnMlAnomalyUtilsObj from './kbn_ml_anomaly_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_category_validator.mdx b/api_docs/kbn_ml_category_validator.mdx index 133a3ea4ceea4..5b2662c1db45b 100644 --- a/api_docs/kbn_ml_category_validator.mdx +++ b/api_docs/kbn_ml_category_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-category-validator title: "@kbn/ml-category-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-category-validator plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-category-validator'] --- import kbnMlCategoryValidatorObj from './kbn_ml_category_validator.devdocs.json'; diff --git a/api_docs/kbn_ml_chi2test.mdx b/api_docs/kbn_ml_chi2test.mdx index 9d3eab5ac6e9d..171e8d674af98 100644 --- a/api_docs/kbn_ml_chi2test.mdx +++ b/api_docs/kbn_ml_chi2test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-chi2test title: "@kbn/ml-chi2test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-chi2test plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-chi2test'] --- import kbnMlChi2testObj from './kbn_ml_chi2test.devdocs.json'; diff --git a/api_docs/kbn_ml_data_frame_analytics_utils.mdx b/api_docs/kbn_ml_data_frame_analytics_utils.mdx index e40ec6b64a925..a34d9281ce7ad 100644 --- a/api_docs/kbn_ml_data_frame_analytics_utils.mdx +++ b/api_docs/kbn_ml_data_frame_analytics_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-frame-analytics-utils title: "@kbn/ml-data-frame-analytics-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-frame-analytics-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-frame-analytics-utils'] --- import kbnMlDataFrameAnalyticsUtilsObj from './kbn_ml_data_frame_analytics_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_data_grid.mdx b/api_docs/kbn_ml_data_grid.mdx index 62449b5c112fd..034a469710ce3 100644 --- a/api_docs/kbn_ml_data_grid.mdx +++ b/api_docs/kbn_ml_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-grid title: "@kbn/ml-data-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-grid plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-grid'] --- import kbnMlDataGridObj from './kbn_ml_data_grid.devdocs.json'; diff --git a/api_docs/kbn_ml_date_picker.mdx b/api_docs/kbn_ml_date_picker.mdx index 98e967f892af8..a109a459e6ebb 100644 --- a/api_docs/kbn_ml_date_picker.mdx +++ b/api_docs/kbn_ml_date_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-picker title: "@kbn/ml-date-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-picker plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-picker'] --- import kbnMlDatePickerObj from './kbn_ml_date_picker.devdocs.json'; diff --git a/api_docs/kbn_ml_date_utils.mdx b/api_docs/kbn_ml_date_utils.mdx index 85c53c8dda49b..b77d4ec655867 100644 --- a/api_docs/kbn_ml_date_utils.mdx +++ b/api_docs/kbn_ml_date_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-utils title: "@kbn/ml-date-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-utils'] --- import kbnMlDateUtilsObj from './kbn_ml_date_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_error_utils.mdx b/api_docs/kbn_ml_error_utils.mdx index cc8ce8a4fea9b..a5b4715dfc9a3 100644 --- a/api_docs/kbn_ml_error_utils.mdx +++ b/api_docs/kbn_ml_error_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-error-utils title: "@kbn/ml-error-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-error-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-error-utils'] --- import kbnMlErrorUtilsObj from './kbn_ml_error_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_in_memory_table.mdx b/api_docs/kbn_ml_in_memory_table.mdx index 0c0d40c891369..489901c47b997 100644 --- a/api_docs/kbn_ml_in_memory_table.mdx +++ b/api_docs/kbn_ml_in_memory_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-in-memory-table title: "@kbn/ml-in-memory-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-in-memory-table plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-in-memory-table'] --- import kbnMlInMemoryTableObj from './kbn_ml_in_memory_table.devdocs.json'; diff --git a/api_docs/kbn_ml_is_defined.mdx b/api_docs/kbn_ml_is_defined.mdx index 71e1ba2ce592a..fb06e1275927e 100644 --- a/api_docs/kbn_ml_is_defined.mdx +++ b/api_docs/kbn_ml_is_defined.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-defined title: "@kbn/ml-is-defined" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-defined plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-defined'] --- import kbnMlIsDefinedObj from './kbn_ml_is_defined.devdocs.json'; diff --git a/api_docs/kbn_ml_is_populated_object.mdx b/api_docs/kbn_ml_is_populated_object.mdx index 4d192354bdce3..0c038656400e1 100644 --- a/api_docs/kbn_ml_is_populated_object.mdx +++ b/api_docs/kbn_ml_is_populated_object.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-populated-object title: "@kbn/ml-is-populated-object" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-populated-object plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-populated-object'] --- import kbnMlIsPopulatedObjectObj from './kbn_ml_is_populated_object.devdocs.json'; diff --git a/api_docs/kbn_ml_kibana_theme.mdx b/api_docs/kbn_ml_kibana_theme.mdx index 3ea04a1905774..216fbeb7d9488 100644 --- a/api_docs/kbn_ml_kibana_theme.mdx +++ b/api_docs/kbn_ml_kibana_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-kibana-theme title: "@kbn/ml-kibana-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-kibana-theme plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-kibana-theme'] --- import kbnMlKibanaThemeObj from './kbn_ml_kibana_theme.devdocs.json'; diff --git a/api_docs/kbn_ml_local_storage.mdx b/api_docs/kbn_ml_local_storage.mdx index c9d0e1059ece5..f01a54d575548 100644 --- a/api_docs/kbn_ml_local_storage.mdx +++ b/api_docs/kbn_ml_local_storage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-local-storage title: "@kbn/ml-local-storage" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-local-storage plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-local-storage'] --- import kbnMlLocalStorageObj from './kbn_ml_local_storage.devdocs.json'; diff --git a/api_docs/kbn_ml_nested_property.mdx b/api_docs/kbn_ml_nested_property.mdx index ba545f8374d18..0f8736f232a40 100644 --- a/api_docs/kbn_ml_nested_property.mdx +++ b/api_docs/kbn_ml_nested_property.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-nested-property title: "@kbn/ml-nested-property" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-nested-property plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-nested-property'] --- import kbnMlNestedPropertyObj from './kbn_ml_nested_property.devdocs.json'; diff --git a/api_docs/kbn_ml_number_utils.mdx b/api_docs/kbn_ml_number_utils.mdx index d5406d6ecb96c..e56bbc95d1a70 100644 --- a/api_docs/kbn_ml_number_utils.mdx +++ b/api_docs/kbn_ml_number_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-number-utils title: "@kbn/ml-number-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-number-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-number-utils'] --- import kbnMlNumberUtilsObj from './kbn_ml_number_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_query_utils.mdx b/api_docs/kbn_ml_query_utils.mdx index d1fcaf51577f1..9709c86c6b4d5 100644 --- a/api_docs/kbn_ml_query_utils.mdx +++ b/api_docs/kbn_ml_query_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-query-utils title: "@kbn/ml-query-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-query-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-query-utils'] --- import kbnMlQueryUtilsObj from './kbn_ml_query_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_random_sampler_utils.mdx b/api_docs/kbn_ml_random_sampler_utils.mdx index 2750bf6b8ea80..7df33cf629bc6 100644 --- a/api_docs/kbn_ml_random_sampler_utils.mdx +++ b/api_docs/kbn_ml_random_sampler_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-random-sampler-utils title: "@kbn/ml-random-sampler-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-random-sampler-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-random-sampler-utils'] --- import kbnMlRandomSamplerUtilsObj from './kbn_ml_random_sampler_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_route_utils.mdx b/api_docs/kbn_ml_route_utils.mdx index 7794fad66a235..c4be68e7cb07e 100644 --- a/api_docs/kbn_ml_route_utils.mdx +++ b/api_docs/kbn_ml_route_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-route-utils title: "@kbn/ml-route-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-route-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-route-utils'] --- import kbnMlRouteUtilsObj from './kbn_ml_route_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_runtime_field_utils.mdx b/api_docs/kbn_ml_runtime_field_utils.mdx index dc5cc7b2159bd..f25c7a6feeeee 100644 --- a/api_docs/kbn_ml_runtime_field_utils.mdx +++ b/api_docs/kbn_ml_runtime_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-runtime-field-utils title: "@kbn/ml-runtime-field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-runtime-field-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-runtime-field-utils'] --- import kbnMlRuntimeFieldUtilsObj from './kbn_ml_runtime_field_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_string_hash.mdx b/api_docs/kbn_ml_string_hash.mdx index 7650303f2c928..ed89de867e986 100644 --- a/api_docs/kbn_ml_string_hash.mdx +++ b/api_docs/kbn_ml_string_hash.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-string-hash title: "@kbn/ml-string-hash" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-string-hash plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-string-hash'] --- import kbnMlStringHashObj from './kbn_ml_string_hash.devdocs.json'; diff --git a/api_docs/kbn_ml_trained_models_utils.mdx b/api_docs/kbn_ml_trained_models_utils.mdx index e4aba42fec862..46ce7fb3d70fb 100644 --- a/api_docs/kbn_ml_trained_models_utils.mdx +++ b/api_docs/kbn_ml_trained_models_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-trained-models-utils title: "@kbn/ml-trained-models-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-trained-models-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-trained-models-utils'] --- import kbnMlTrainedModelsUtilsObj from './kbn_ml_trained_models_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_url_state.mdx b/api_docs/kbn_ml_url_state.mdx index 467f6a114d21d..5bccc23c234fe 100644 --- a/api_docs/kbn_ml_url_state.mdx +++ b/api_docs/kbn_ml_url_state.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-url-state title: "@kbn/ml-url-state" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-url-state plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-url-state'] --- import kbnMlUrlStateObj from './kbn_ml_url_state.devdocs.json'; diff --git a/api_docs/kbn_monaco.mdx b/api_docs/kbn_monaco.mdx index b43e3ddf4ac6f..583c7100a45f1 100644 --- a/api_docs/kbn_monaco.mdx +++ b/api_docs/kbn_monaco.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-monaco title: "@kbn/monaco" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/monaco plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/monaco'] --- import kbnMonacoObj from './kbn_monaco.devdocs.json'; diff --git a/api_docs/kbn_object_versioning.mdx b/api_docs/kbn_object_versioning.mdx index c6df329b3a4b8..112b328fe2149 100644 --- a/api_docs/kbn_object_versioning.mdx +++ b/api_docs/kbn_object_versioning.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning title: "@kbn/object-versioning" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning'] --- import kbnObjectVersioningObj from './kbn_object_versioning.devdocs.json'; diff --git a/api_docs/kbn_observability_alert_details.mdx b/api_docs/kbn_observability_alert_details.mdx index 884a8e18e6c6f..34e4428fac029 100644 --- a/api_docs/kbn_observability_alert_details.mdx +++ b/api_docs/kbn_observability_alert_details.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alert-details title: "@kbn/observability-alert-details" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alert-details plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alert-details'] --- import kbnObservabilityAlertDetailsObj from './kbn_observability_alert_details.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_test_data.mdx b/api_docs/kbn_observability_alerting_test_data.mdx index 63adbaef5fdd6..71d1e7bd002b6 100644 --- a/api_docs/kbn_observability_alerting_test_data.mdx +++ b/api_docs/kbn_observability_alerting_test_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-test-data title: "@kbn/observability-alerting-test-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-test-data plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-test-data'] --- import kbnObservabilityAlertingTestDataObj from './kbn_observability_alerting_test_data.devdocs.json'; diff --git a/api_docs/kbn_openapi_generator.mdx b/api_docs/kbn_openapi_generator.mdx index 2d05867a1bbc0..8e71595b35ad2 100644 --- a/api_docs/kbn_openapi_generator.mdx +++ b/api_docs/kbn_openapi_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-generator title: "@kbn/openapi-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-generator plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-generator'] --- import kbnOpenapiGeneratorObj from './kbn_openapi_generator.devdocs.json'; diff --git a/api_docs/kbn_optimizer.mdx b/api_docs/kbn_optimizer.mdx index 60ecb39e0f6a1..9b0aadadedec8 100644 --- a/api_docs/kbn_optimizer.mdx +++ b/api_docs/kbn_optimizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer title: "@kbn/optimizer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer'] --- import kbnOptimizerObj from './kbn_optimizer.devdocs.json'; diff --git a/api_docs/kbn_optimizer_webpack_helpers.mdx b/api_docs/kbn_optimizer_webpack_helpers.mdx index 7f984214107a3..10273abb264f8 100644 --- a/api_docs/kbn_optimizer_webpack_helpers.mdx +++ b/api_docs/kbn_optimizer_webpack_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer-webpack-helpers title: "@kbn/optimizer-webpack-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer-webpack-helpers plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer-webpack-helpers'] --- import kbnOptimizerWebpackHelpersObj from './kbn_optimizer_webpack_helpers.devdocs.json'; diff --git a/api_docs/kbn_osquery_io_ts_types.mdx b/api_docs/kbn_osquery_io_ts_types.mdx index 9a7a19ef00a26..5bc660b19cc35 100644 --- a/api_docs/kbn_osquery_io_ts_types.mdx +++ b/api_docs/kbn_osquery_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-osquery-io-ts-types title: "@kbn/osquery-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/osquery-io-ts-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/osquery-io-ts-types'] --- import kbnOsqueryIoTsTypesObj from './kbn_osquery_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_performance_testing_dataset_extractor.mdx b/api_docs/kbn_performance_testing_dataset_extractor.mdx index e68b47ca3edfe..a43e7de1ab37c 100644 --- a/api_docs/kbn_performance_testing_dataset_extractor.mdx +++ b/api_docs/kbn_performance_testing_dataset_extractor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-performance-testing-dataset-extractor title: "@kbn/performance-testing-dataset-extractor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/performance-testing-dataset-extractor plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/performance-testing-dataset-extractor'] --- import kbnPerformanceTestingDatasetExtractorObj from './kbn_performance_testing_dataset_extractor.devdocs.json'; diff --git a/api_docs/kbn_plugin_generator.mdx b/api_docs/kbn_plugin_generator.mdx index c9a524430389d..28ad7e5eb1553 100644 --- a/api_docs/kbn_plugin_generator.mdx +++ b/api_docs/kbn_plugin_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-generator title: "@kbn/plugin-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-generator plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-generator'] --- import kbnPluginGeneratorObj from './kbn_plugin_generator.devdocs.json'; diff --git a/api_docs/kbn_plugin_helpers.mdx b/api_docs/kbn_plugin_helpers.mdx index a3a3916542ceb..2daa6c51a19ce 100644 --- a/api_docs/kbn_plugin_helpers.mdx +++ b/api_docs/kbn_plugin_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-helpers title: "@kbn/plugin-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-helpers plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-helpers'] --- import kbnPluginHelpersObj from './kbn_plugin_helpers.devdocs.json'; diff --git a/api_docs/kbn_profiling_utils.mdx b/api_docs/kbn_profiling_utils.mdx index fd10a672a4c92..dc85eb5abc3ae 100644 --- a/api_docs/kbn_profiling_utils.mdx +++ b/api_docs/kbn_profiling_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-profiling-utils title: "@kbn/profiling-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/profiling-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/profiling-utils'] --- import kbnProfilingUtilsObj from './kbn_profiling_utils.devdocs.json'; diff --git a/api_docs/kbn_random_sampling.mdx b/api_docs/kbn_random_sampling.mdx index 11657e72e4d5f..afa6ab1eb712c 100644 --- a/api_docs/kbn_random_sampling.mdx +++ b/api_docs/kbn_random_sampling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-random-sampling title: "@kbn/random-sampling" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/random-sampling plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/random-sampling'] --- import kbnRandomSamplingObj from './kbn_random_sampling.devdocs.json'; diff --git a/api_docs/kbn_react_field.mdx b/api_docs/kbn_react_field.mdx index 6467907104836..0ad9f12676fe7 100644 --- a/api_docs/kbn_react_field.mdx +++ b/api_docs/kbn_react_field.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-field title: "@kbn/react-field" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-field plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-field'] --- import kbnReactFieldObj from './kbn_react_field.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_common.mdx b/api_docs/kbn_react_kibana_context_common.mdx index 7dbf489fa47f6..e8723b1caa787 100644 --- a/api_docs/kbn_react_kibana_context_common.mdx +++ b/api_docs/kbn_react_kibana_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-common title: "@kbn/react-kibana-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-common'] --- import kbnReactKibanaContextCommonObj from './kbn_react_kibana_context_common.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_render.mdx b/api_docs/kbn_react_kibana_context_render.mdx index ee7da10e73b78..cb89b8b76c61d 100644 --- a/api_docs/kbn_react_kibana_context_render.mdx +++ b/api_docs/kbn_react_kibana_context_render.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-render title: "@kbn/react-kibana-context-render" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-render plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-render'] --- import kbnReactKibanaContextRenderObj from './kbn_react_kibana_context_render.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_root.mdx b/api_docs/kbn_react_kibana_context_root.mdx index 3835c663e5fb2..21e251bbfff34 100644 --- a/api_docs/kbn_react_kibana_context_root.mdx +++ b/api_docs/kbn_react_kibana_context_root.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-root title: "@kbn/react-kibana-context-root" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-root plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-root'] --- import kbnReactKibanaContextRootObj from './kbn_react_kibana_context_root.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_styled.mdx b/api_docs/kbn_react_kibana_context_styled.mdx index 8346ae98b24cd..6dc5aa790f3be 100644 --- a/api_docs/kbn_react_kibana_context_styled.mdx +++ b/api_docs/kbn_react_kibana_context_styled.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-styled title: "@kbn/react-kibana-context-styled" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-styled plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-styled'] --- import kbnReactKibanaContextStyledObj from './kbn_react_kibana_context_styled.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_theme.mdx b/api_docs/kbn_react_kibana_context_theme.mdx index 7c146b223ac17..89d12c222a308 100644 --- a/api_docs/kbn_react_kibana_context_theme.mdx +++ b/api_docs/kbn_react_kibana_context_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-theme title: "@kbn/react-kibana-context-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-theme plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-theme'] --- import kbnReactKibanaContextThemeObj from './kbn_react_kibana_context_theme.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_mount.mdx b/api_docs/kbn_react_kibana_mount.mdx index 8e69a46e45c63..476500b25aba3 100644 --- a/api_docs/kbn_react_kibana_mount.mdx +++ b/api_docs/kbn_react_kibana_mount.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-mount title: "@kbn/react-kibana-mount" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-mount plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-mount'] --- import kbnReactKibanaMountObj from './kbn_react_kibana_mount.devdocs.json'; diff --git a/api_docs/kbn_repo_file_maps.mdx b/api_docs/kbn_repo_file_maps.mdx index 29da7a72e5a11..96615412bf988 100644 --- a/api_docs/kbn_repo_file_maps.mdx +++ b/api_docs/kbn_repo_file_maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-file-maps title: "@kbn/repo-file-maps" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-file-maps plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-file-maps'] --- import kbnRepoFileMapsObj from './kbn_repo_file_maps.devdocs.json'; diff --git a/api_docs/kbn_repo_linter.mdx b/api_docs/kbn_repo_linter.mdx index 9cd72eb03985d..e27847ef6a5bd 100644 --- a/api_docs/kbn_repo_linter.mdx +++ b/api_docs/kbn_repo_linter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-linter title: "@kbn/repo-linter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-linter plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-linter'] --- import kbnRepoLinterObj from './kbn_repo_linter.devdocs.json'; diff --git a/api_docs/kbn_repo_path.mdx b/api_docs/kbn_repo_path.mdx index d49d02db8372a..6386639f48ccf 100644 --- a/api_docs/kbn_repo_path.mdx +++ b/api_docs/kbn_repo_path.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-path title: "@kbn/repo-path" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-path plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-path'] --- import kbnRepoPathObj from './kbn_repo_path.devdocs.json'; diff --git a/api_docs/kbn_repo_source_classifier.mdx b/api_docs/kbn_repo_source_classifier.mdx index 9b11c6fae68b0..494b1d70e6f4b 100644 --- a/api_docs/kbn_repo_source_classifier.mdx +++ b/api_docs/kbn_repo_source_classifier.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-source-classifier title: "@kbn/repo-source-classifier" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-source-classifier plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-source-classifier'] --- import kbnRepoSourceClassifierObj from './kbn_repo_source_classifier.devdocs.json'; diff --git a/api_docs/kbn_reporting_common.mdx b/api_docs/kbn_reporting_common.mdx index 2b00c1d5bd823..bd31938fc50b2 100644 --- a/api_docs/kbn_reporting_common.mdx +++ b/api_docs/kbn_reporting_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-common title: "@kbn/reporting-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-common'] --- import kbnReportingCommonObj from './kbn_reporting_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv.mdx b/api_docs/kbn_reporting_export_types_csv.mdx index 7b823cd7b5051..4ec8465eb1a71 100644 --- a/api_docs/kbn_reporting_export_types_csv.mdx +++ b/api_docs/kbn_reporting_export_types_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv title: "@kbn/reporting-export-types-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv'] --- import kbnReportingExportTypesCsvObj from './kbn_reporting_export_types_csv.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv_common.mdx b/api_docs/kbn_reporting_export_types_csv_common.mdx index b41d01a51dec2..13af8078f5af5 100644 --- a/api_docs/kbn_reporting_export_types_csv_common.mdx +++ b/api_docs/kbn_reporting_export_types_csv_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv-common title: "@kbn/reporting-export-types-csv-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv-common'] --- import kbnReportingExportTypesCsvCommonObj from './kbn_reporting_export_types_csv_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf.mdx b/api_docs/kbn_reporting_export_types_pdf.mdx index 65b9c183f2c30..8c0c8851048c0 100644 --- a/api_docs/kbn_reporting_export_types_pdf.mdx +++ b/api_docs/kbn_reporting_export_types_pdf.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf title: "@kbn/reporting-export-types-pdf" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf'] --- import kbnReportingExportTypesPdfObj from './kbn_reporting_export_types_pdf.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf_common.mdx b/api_docs/kbn_reporting_export_types_pdf_common.mdx index 6a59eb7014f70..5e8aedd41972a 100644 --- a/api_docs/kbn_reporting_export_types_pdf_common.mdx +++ b/api_docs/kbn_reporting_export_types_pdf_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf-common title: "@kbn/reporting-export-types-pdf-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf-common'] --- import kbnReportingExportTypesPdfCommonObj from './kbn_reporting_export_types_pdf_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png.mdx b/api_docs/kbn_reporting_export_types_png.mdx index caa916f00b7aa..ab823856b9e5d 100644 --- a/api_docs/kbn_reporting_export_types_png.mdx +++ b/api_docs/kbn_reporting_export_types_png.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png title: "@kbn/reporting-export-types-png" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png'] --- import kbnReportingExportTypesPngObj from './kbn_reporting_export_types_png.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png_common.mdx b/api_docs/kbn_reporting_export_types_png_common.mdx index 0e5c5cac2881b..1e47c43bd02c2 100644 --- a/api_docs/kbn_reporting_export_types_png_common.mdx +++ b/api_docs/kbn_reporting_export_types_png_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png-common title: "@kbn/reporting-export-types-png-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png-common plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png-common'] --- import kbnReportingExportTypesPngCommonObj from './kbn_reporting_export_types_png_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_mocks_server.mdx b/api_docs/kbn_reporting_mocks_server.mdx index 01b0a64562b62..7efa8bd0e3791 100644 --- a/api_docs/kbn_reporting_mocks_server.mdx +++ b/api_docs/kbn_reporting_mocks_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-mocks-server title: "@kbn/reporting-mocks-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-mocks-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-mocks-server'] --- import kbnReportingMocksServerObj from './kbn_reporting_mocks_server.devdocs.json'; diff --git a/api_docs/kbn_reporting_public.mdx b/api_docs/kbn_reporting_public.mdx index 62b0ffeef5089..cc5685246d8c0 100644 --- a/api_docs/kbn_reporting_public.mdx +++ b/api_docs/kbn_reporting_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-public title: "@kbn/reporting-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-public plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-public'] --- import kbnReportingPublicObj from './kbn_reporting_public.devdocs.json'; diff --git a/api_docs/kbn_reporting_server.mdx b/api_docs/kbn_reporting_server.mdx index dc8ac40fe60f6..53127310cf997 100644 --- a/api_docs/kbn_reporting_server.mdx +++ b/api_docs/kbn_reporting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-server title: "@kbn/reporting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-server plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-server'] --- import kbnReportingServerObj from './kbn_reporting_server.devdocs.json'; diff --git a/api_docs/kbn_resizable_layout.mdx b/api_docs/kbn_resizable_layout.mdx index 30c87abd1091a..7f4c0213c2c39 100644 --- a/api_docs/kbn_resizable_layout.mdx +++ b/api_docs/kbn_resizable_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-resizable-layout title: "@kbn/resizable-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/resizable-layout plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/resizable-layout'] --- import kbnResizableLayoutObj from './kbn_resizable_layout.devdocs.json'; diff --git a/api_docs/kbn_rison.mdx b/api_docs/kbn_rison.mdx index fcf33bdbd1bf1..7e6fea8f1c189 100644 --- a/api_docs/kbn_rison.mdx +++ b/api_docs/kbn_rison.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rison title: "@kbn/rison" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rison plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rison'] --- import kbnRisonObj from './kbn_rison.devdocs.json'; diff --git a/api_docs/kbn_rrule.mdx b/api_docs/kbn_rrule.mdx index 4377aecfaeb63..4c5ad7bc8637b 100644 --- a/api_docs/kbn_rrule.mdx +++ b/api_docs/kbn_rrule.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rrule title: "@kbn/rrule" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rrule plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rrule'] --- import kbnRruleObj from './kbn_rrule.devdocs.json'; diff --git a/api_docs/kbn_rule_data_utils.mdx b/api_docs/kbn_rule_data_utils.mdx index aaaa95e2a74d6..468c67967ce83 100644 --- a/api_docs/kbn_rule_data_utils.mdx +++ b/api_docs/kbn_rule_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rule-data-utils title: "@kbn/rule-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rule-data-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rule-data-utils'] --- import kbnRuleDataUtilsObj from './kbn_rule_data_utils.devdocs.json'; diff --git a/api_docs/kbn_saved_objects_settings.mdx b/api_docs/kbn_saved_objects_settings.mdx index 7ca1e15828ace..930579816d658 100644 --- a/api_docs/kbn_saved_objects_settings.mdx +++ b/api_docs/kbn_saved_objects_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-saved-objects-settings title: "@kbn/saved-objects-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/saved-objects-settings plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/saved-objects-settings'] --- import kbnSavedObjectsSettingsObj from './kbn_saved_objects_settings.devdocs.json'; diff --git a/api_docs/kbn_search_api_panels.mdx b/api_docs/kbn_search_api_panels.mdx index b1897d44d6bff..985b62362071b 100644 --- a/api_docs/kbn_search_api_panels.mdx +++ b/api_docs/kbn_search_api_panels.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-panels title: "@kbn/search-api-panels" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-panels plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-panels'] --- import kbnSearchApiPanelsObj from './kbn_search_api_panels.devdocs.json'; diff --git a/api_docs/kbn_search_connectors.mdx b/api_docs/kbn_search_connectors.mdx index b5da64a28cb68..24f1c1909efcc 100644 --- a/api_docs/kbn_search_connectors.mdx +++ b/api_docs/kbn_search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-connectors title: "@kbn/search-connectors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-connectors plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-connectors'] --- import kbnSearchConnectorsObj from './kbn_search_connectors.devdocs.json'; diff --git a/api_docs/kbn_search_response_warnings.mdx b/api_docs/kbn_search_response_warnings.mdx index 4fa173c02ec2c..f87a2cb615af5 100644 --- a/api_docs/kbn_search_response_warnings.mdx +++ b/api_docs/kbn_search_response_warnings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-response-warnings title: "@kbn/search-response-warnings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-response-warnings plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-response-warnings'] --- import kbnSearchResponseWarningsObj from './kbn_search_response_warnings.devdocs.json'; diff --git a/api_docs/kbn_security_solution_features.mdx b/api_docs/kbn_security_solution_features.mdx index 573f579f5d8fe..44bcf2e3c7213 100644 --- a/api_docs/kbn_security_solution_features.mdx +++ b/api_docs/kbn_security_solution_features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-features title: "@kbn/security-solution-features" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-features plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-features'] --- import kbnSecuritySolutionFeaturesObj from './kbn_security_solution_features.devdocs.json'; diff --git a/api_docs/kbn_security_solution_navigation.mdx b/api_docs/kbn_security_solution_navigation.mdx index ca6201db0c4f0..ad8a5390022e2 100644 --- a/api_docs/kbn_security_solution_navigation.mdx +++ b/api_docs/kbn_security_solution_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-navigation title: "@kbn/security-solution-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-navigation plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-navigation'] --- import kbnSecuritySolutionNavigationObj from './kbn_security_solution_navigation.devdocs.json'; diff --git a/api_docs/kbn_security_solution_side_nav.mdx b/api_docs/kbn_security_solution_side_nav.mdx index 190e63f01e27e..dcd439b728551 100644 --- a/api_docs/kbn_security_solution_side_nav.mdx +++ b/api_docs/kbn_security_solution_side_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-side-nav title: "@kbn/security-solution-side-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-side-nav plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-side-nav'] --- import kbnSecuritySolutionSideNavObj from './kbn_security_solution_side_nav.devdocs.json'; diff --git a/api_docs/kbn_security_solution_storybook_config.mdx b/api_docs/kbn_security_solution_storybook_config.mdx index 8235532fa2ed9..1c90ef6ef1f5c 100644 --- a/api_docs/kbn_security_solution_storybook_config.mdx +++ b/api_docs/kbn_security_solution_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-storybook-config title: "@kbn/security-solution-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-storybook-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-storybook-config'] --- import kbnSecuritySolutionStorybookConfigObj from './kbn_security_solution_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_autocomplete.mdx b/api_docs/kbn_securitysolution_autocomplete.mdx index 2b74bf6ebba74..9da8887a096df 100644 --- a/api_docs/kbn_securitysolution_autocomplete.mdx +++ b/api_docs/kbn_securitysolution_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-autocomplete title: "@kbn/securitysolution-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-autocomplete plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-autocomplete'] --- import kbnSecuritysolutionAutocompleteObj from './kbn_securitysolution_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_data_table.mdx b/api_docs/kbn_securitysolution_data_table.mdx index c1d1551ba8ef7..e7ea75549ee48 100644 --- a/api_docs/kbn_securitysolution_data_table.mdx +++ b/api_docs/kbn_securitysolution_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-data-table title: "@kbn/securitysolution-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-data-table plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-data-table'] --- import kbnSecuritysolutionDataTableObj from './kbn_securitysolution_data_table.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_ecs.mdx b/api_docs/kbn_securitysolution_ecs.mdx index c1f14f1d61caa..9b2b7c58cde22 100644 --- a/api_docs/kbn_securitysolution_ecs.mdx +++ b/api_docs/kbn_securitysolution_ecs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-ecs title: "@kbn/securitysolution-ecs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-ecs plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-ecs'] --- import kbnSecuritysolutionEcsObj from './kbn_securitysolution_ecs.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_es_utils.mdx b/api_docs/kbn_securitysolution_es_utils.mdx index 32c4e5970c2b9..afb4c599cbd33 100644 --- a/api_docs/kbn_securitysolution_es_utils.mdx +++ b/api_docs/kbn_securitysolution_es_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-es-utils title: "@kbn/securitysolution-es-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-es-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-es-utils'] --- import kbnSecuritysolutionEsUtilsObj from './kbn_securitysolution_es_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_exception_list_components.mdx b/api_docs/kbn_securitysolution_exception_list_components.mdx index 8e11b2acb71f0..0ddc8aa14343f 100644 --- a/api_docs/kbn_securitysolution_exception_list_components.mdx +++ b/api_docs/kbn_securitysolution_exception_list_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-exception-list-components title: "@kbn/securitysolution-exception-list-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-exception-list-components plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-exception-list-components'] --- import kbnSecuritysolutionExceptionListComponentsObj from './kbn_securitysolution_exception_list_components.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_grouping.mdx b/api_docs/kbn_securitysolution_grouping.mdx index 3f4e192d17318..8550f363fe228 100644 --- a/api_docs/kbn_securitysolution_grouping.mdx +++ b/api_docs/kbn_securitysolution_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-grouping title: "@kbn/securitysolution-grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-grouping plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-grouping'] --- import kbnSecuritysolutionGroupingObj from './kbn_securitysolution_grouping.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_hook_utils.mdx b/api_docs/kbn_securitysolution_hook_utils.mdx index 699b909146419..4da7a082bf9c3 100644 --- a/api_docs/kbn_securitysolution_hook_utils.mdx +++ b/api_docs/kbn_securitysolution_hook_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-hook-utils title: "@kbn/securitysolution-hook-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-hook-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-hook-utils'] --- import kbnSecuritysolutionHookUtilsObj from './kbn_securitysolution_hook_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx index baabacbd5c0b4..d454a89e70d85 100644 --- a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-alerting-types title: "@kbn/securitysolution-io-ts-alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-alerting-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-alerting-types'] --- import kbnSecuritysolutionIoTsAlertingTypesObj from './kbn_securitysolution_io_ts_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_list_types.mdx b/api_docs/kbn_securitysolution_io_ts_list_types.mdx index d29de8baefb72..ceef74614e7f6 100644 --- a/api_docs/kbn_securitysolution_io_ts_list_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_list_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-list-types title: "@kbn/securitysolution-io-ts-list-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-list-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-list-types'] --- import kbnSecuritysolutionIoTsListTypesObj from './kbn_securitysolution_io_ts_list_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_types.mdx b/api_docs/kbn_securitysolution_io_ts_types.mdx index ec6e3562fdffc..01a9adc1acf56 100644 --- a/api_docs/kbn_securitysolution_io_ts_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-types title: "@kbn/securitysolution-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-types'] --- import kbnSecuritysolutionIoTsTypesObj from './kbn_securitysolution_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_utils.mdx b/api_docs/kbn_securitysolution_io_ts_utils.mdx index a679551130480..f0981d3a9212d 100644 --- a/api_docs/kbn_securitysolution_io_ts_utils.mdx +++ b/api_docs/kbn_securitysolution_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-utils title: "@kbn/securitysolution-io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-utils'] --- import kbnSecuritysolutionIoTsUtilsObj from './kbn_securitysolution_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_api.mdx b/api_docs/kbn_securitysolution_list_api.mdx index 0f12c6097c216..36f572d4bc477 100644 --- a/api_docs/kbn_securitysolution_list_api.mdx +++ b/api_docs/kbn_securitysolution_list_api.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-api title: "@kbn/securitysolution-list-api" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-api plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-api'] --- import kbnSecuritysolutionListApiObj from './kbn_securitysolution_list_api.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_constants.mdx b/api_docs/kbn_securitysolution_list_constants.mdx index 75bb761b678d1..00049806daf0d 100644 --- a/api_docs/kbn_securitysolution_list_constants.mdx +++ b/api_docs/kbn_securitysolution_list_constants.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-constants title: "@kbn/securitysolution-list-constants" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-constants plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-constants'] --- import kbnSecuritysolutionListConstantsObj from './kbn_securitysolution_list_constants.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_hooks.mdx b/api_docs/kbn_securitysolution_list_hooks.mdx index 2039fc59dbfa8..9e714b1852350 100644 --- a/api_docs/kbn_securitysolution_list_hooks.mdx +++ b/api_docs/kbn_securitysolution_list_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-hooks title: "@kbn/securitysolution-list-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-hooks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-hooks'] --- import kbnSecuritysolutionListHooksObj from './kbn_securitysolution_list_hooks.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_utils.mdx b/api_docs/kbn_securitysolution_list_utils.mdx index 2970cb949d229..1d89917256ea9 100644 --- a/api_docs/kbn_securitysolution_list_utils.mdx +++ b/api_docs/kbn_securitysolution_list_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-utils title: "@kbn/securitysolution-list-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-utils'] --- import kbnSecuritysolutionListUtilsObj from './kbn_securitysolution_list_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_rules.mdx b/api_docs/kbn_securitysolution_rules.mdx index 7b4f878f23c81..c2649d95a964c 100644 --- a/api_docs/kbn_securitysolution_rules.mdx +++ b/api_docs/kbn_securitysolution_rules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-rules title: "@kbn/securitysolution-rules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-rules plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-rules'] --- import kbnSecuritysolutionRulesObj from './kbn_securitysolution_rules.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_t_grid.mdx b/api_docs/kbn_securitysolution_t_grid.mdx index a970efc244d87..a9333f01a8309 100644 --- a/api_docs/kbn_securitysolution_t_grid.mdx +++ b/api_docs/kbn_securitysolution_t_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-t-grid title: "@kbn/securitysolution-t-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-t-grid plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-t-grid'] --- import kbnSecuritysolutionTGridObj from './kbn_securitysolution_t_grid.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_utils.mdx b/api_docs/kbn_securitysolution_utils.mdx index 74b6326283f98..315665ac90541 100644 --- a/api_docs/kbn_securitysolution_utils.mdx +++ b/api_docs/kbn_securitysolution_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-utils title: "@kbn/securitysolution-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-utils'] --- import kbnSecuritysolutionUtilsObj from './kbn_securitysolution_utils.devdocs.json'; diff --git a/api_docs/kbn_server_http_tools.mdx b/api_docs/kbn_server_http_tools.mdx index d20c8c15b2df6..8ebf8129ead4c 100644 --- a/api_docs/kbn_server_http_tools.mdx +++ b/api_docs/kbn_server_http_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-http-tools title: "@kbn/server-http-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-http-tools plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-http-tools'] --- import kbnServerHttpToolsObj from './kbn_server_http_tools.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository.mdx b/api_docs/kbn_server_route_repository.mdx index aa8574a45f0eb..572897df0e4c9 100644 --- a/api_docs/kbn_server_route_repository.mdx +++ b/api_docs/kbn_server_route_repository.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository title: "@kbn/server-route-repository" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository'] --- import kbnServerRouteRepositoryObj from './kbn_server_route_repository.devdocs.json'; diff --git a/api_docs/kbn_serverless_common_settings.mdx b/api_docs/kbn_serverless_common_settings.mdx index 69a230a5426dd..b4993205dc039 100644 --- a/api_docs/kbn_serverless_common_settings.mdx +++ b/api_docs/kbn_serverless_common_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-common-settings title: "@kbn/serverless-common-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-common-settings plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-common-settings'] --- import kbnServerlessCommonSettingsObj from './kbn_serverless_common_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_observability_settings.mdx b/api_docs/kbn_serverless_observability_settings.mdx index 838f72862dbb5..d83199ba1a4d2 100644 --- a/api_docs/kbn_serverless_observability_settings.mdx +++ b/api_docs/kbn_serverless_observability_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-observability-settings title: "@kbn/serverless-observability-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-observability-settings plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-observability-settings'] --- import kbnServerlessObservabilitySettingsObj from './kbn_serverless_observability_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_project_switcher.mdx b/api_docs/kbn_serverless_project_switcher.mdx index 09dca86e988f0..cf0f23471f868 100644 --- a/api_docs/kbn_serverless_project_switcher.mdx +++ b/api_docs/kbn_serverless_project_switcher.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-project-switcher title: "@kbn/serverless-project-switcher" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-project-switcher plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-project-switcher'] --- import kbnServerlessProjectSwitcherObj from './kbn_serverless_project_switcher.devdocs.json'; diff --git a/api_docs/kbn_serverless_search_settings.mdx b/api_docs/kbn_serverless_search_settings.mdx index a980144df2330..78d35f9df9692 100644 --- a/api_docs/kbn_serverless_search_settings.mdx +++ b/api_docs/kbn_serverless_search_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-search-settings title: "@kbn/serverless-search-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-search-settings plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-search-settings'] --- import kbnServerlessSearchSettingsObj from './kbn_serverless_search_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_security_settings.mdx b/api_docs/kbn_serverless_security_settings.mdx index 76dcaa25ebfd8..4c28b96785192 100644 --- a/api_docs/kbn_serverless_security_settings.mdx +++ b/api_docs/kbn_serverless_security_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-security-settings title: "@kbn/serverless-security-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-security-settings plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-security-settings'] --- import kbnServerlessSecuritySettingsObj from './kbn_serverless_security_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_storybook_config.mdx b/api_docs/kbn_serverless_storybook_config.mdx index 81af7a16d1cbe..ccc464bbb29ca 100644 --- a/api_docs/kbn_serverless_storybook_config.mdx +++ b/api_docs/kbn_serverless_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-storybook-config title: "@kbn/serverless-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-storybook-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-storybook-config'] --- import kbnServerlessStorybookConfigObj from './kbn_serverless_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_svg.mdx b/api_docs/kbn_shared_svg.mdx index df54595490380..f39e950bb881d 100644 --- a/api_docs/kbn_shared_svg.mdx +++ b/api_docs/kbn_shared_svg.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-svg title: "@kbn/shared-svg" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-svg plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-svg'] --- import kbnSharedSvgObj from './kbn_shared_svg.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_avatar_solution.mdx b/api_docs/kbn_shared_ux_avatar_solution.mdx index 63980e3d53ced..044babbc061fe 100644 --- a/api_docs/kbn_shared_ux_avatar_solution.mdx +++ b/api_docs/kbn_shared_ux_avatar_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-avatar-solution title: "@kbn/shared-ux-avatar-solution" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-avatar-solution plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-avatar-solution'] --- import kbnSharedUxAvatarSolutionObj from './kbn_shared_ux_avatar_solution.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx index f24b91102a77f..e1c0809aaa7d6 100644 --- a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx +++ b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-exit-full-screen title: "@kbn/shared-ux-button-exit-full-screen" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-exit-full-screen plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-exit-full-screen'] --- import kbnSharedUxButtonExitFullScreenObj from './kbn_shared_ux_button_exit_full_screen.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_toolbar.mdx b/api_docs/kbn_shared_ux_button_toolbar.mdx index 97a394dc48fdc..44e04bb592dd2 100644 --- a/api_docs/kbn_shared_ux_button_toolbar.mdx +++ b/api_docs/kbn_shared_ux_button_toolbar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-toolbar title: "@kbn/shared-ux-button-toolbar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-toolbar plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-toolbar'] --- import kbnSharedUxButtonToolbarObj from './kbn_shared_ux_button_toolbar.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data.mdx b/api_docs/kbn_shared_ux_card_no_data.mdx index 97a7d5ca72b6f..f5a7ce28fcf1b 100644 --- a/api_docs/kbn_shared_ux_card_no_data.mdx +++ b/api_docs/kbn_shared_ux_card_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data title: "@kbn/shared-ux-card-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data'] --- import kbnSharedUxCardNoDataObj from './kbn_shared_ux_card_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx index 651fd9efb17a3..5b28cc95d6e2b 100644 --- a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data-mocks title: "@kbn/shared-ux-card-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data-mocks'] --- import kbnSharedUxCardNoDataMocksObj from './kbn_shared_ux_card_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_chrome_navigation.mdx b/api_docs/kbn_shared_ux_chrome_navigation.mdx index 61359dba745f3..5d07ffe90bcf3 100644 --- a/api_docs/kbn_shared_ux_chrome_navigation.mdx +++ b/api_docs/kbn_shared_ux_chrome_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-chrome-navigation title: "@kbn/shared-ux-chrome-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-chrome-navigation plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-chrome-navigation'] --- import kbnSharedUxChromeNavigationObj from './kbn_shared_ux_chrome_navigation.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_error_boundary.mdx b/api_docs/kbn_shared_ux_error_boundary.mdx index 7ca626d4b599c..9cb4bb95c3ee0 100644 --- a/api_docs/kbn_shared_ux_error_boundary.mdx +++ b/api_docs/kbn_shared_ux_error_boundary.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-error-boundary title: "@kbn/shared-ux-error-boundary" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-error-boundary plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-error-boundary'] --- import kbnSharedUxErrorBoundaryObj from './kbn_shared_ux_error_boundary.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_context.mdx b/api_docs/kbn_shared_ux_file_context.mdx index bc48193c22d19..48cde294cc598 100644 --- a/api_docs/kbn_shared_ux_file_context.mdx +++ b/api_docs/kbn_shared_ux_file_context.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-context title: "@kbn/shared-ux-file-context" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-context plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-context'] --- import kbnSharedUxFileContextObj from './kbn_shared_ux_file_context.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image.mdx b/api_docs/kbn_shared_ux_file_image.mdx index 77b72f11bd7b1..5ebbe3a3a2e45 100644 --- a/api_docs/kbn_shared_ux_file_image.mdx +++ b/api_docs/kbn_shared_ux_file_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image title: "@kbn/shared-ux-file-image" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image'] --- import kbnSharedUxFileImageObj from './kbn_shared_ux_file_image.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image_mocks.mdx b/api_docs/kbn_shared_ux_file_image_mocks.mdx index 9fa698293b6d4..ebf709b516c0d 100644 --- a/api_docs/kbn_shared_ux_file_image_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_image_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image-mocks title: "@kbn/shared-ux-file-image-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image-mocks'] --- import kbnSharedUxFileImageMocksObj from './kbn_shared_ux_file_image_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_mocks.mdx b/api_docs/kbn_shared_ux_file_mocks.mdx index 3cb7f404d87d1..f4d07e35c15b4 100644 --- a/api_docs/kbn_shared_ux_file_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-mocks title: "@kbn/shared-ux-file-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-mocks'] --- import kbnSharedUxFileMocksObj from './kbn_shared_ux_file_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_picker.mdx b/api_docs/kbn_shared_ux_file_picker.mdx index bea9313da6593..4f5c6b375d507 100644 --- a/api_docs/kbn_shared_ux_file_picker.mdx +++ b/api_docs/kbn_shared_ux_file_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-picker title: "@kbn/shared-ux-file-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-picker plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-picker'] --- import kbnSharedUxFilePickerObj from './kbn_shared_ux_file_picker.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_types.mdx b/api_docs/kbn_shared_ux_file_types.mdx index 16e0a4d39b45e..482d2c34d828e 100644 --- a/api_docs/kbn_shared_ux_file_types.mdx +++ b/api_docs/kbn_shared_ux_file_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-types title: "@kbn/shared-ux-file-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-types'] --- import kbnSharedUxFileTypesObj from './kbn_shared_ux_file_types.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_upload.mdx b/api_docs/kbn_shared_ux_file_upload.mdx index 7d41b20065425..1bb6f2fe5a029 100644 --- a/api_docs/kbn_shared_ux_file_upload.mdx +++ b/api_docs/kbn_shared_ux_file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-upload title: "@kbn/shared-ux-file-upload" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-upload plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-upload'] --- import kbnSharedUxFileUploadObj from './kbn_shared_ux_file_upload.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_util.mdx b/api_docs/kbn_shared_ux_file_util.mdx index 76fb4f7cbd789..c5d4aa744aff6 100644 --- a/api_docs/kbn_shared_ux_file_util.mdx +++ b/api_docs/kbn_shared_ux_file_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-util title: "@kbn/shared-ux-file-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-util plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-util'] --- import kbnSharedUxFileUtilObj from './kbn_shared_ux_file_util.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app.mdx b/api_docs/kbn_shared_ux_link_redirect_app.mdx index c6cf27e59a895..33898faff6450 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app title: "@kbn/shared-ux-link-redirect-app" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app'] --- import kbnSharedUxLinkRedirectAppObj from './kbn_shared_ux_link_redirect_app.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx index 454aa210ac8a8..b3929fd1d94a9 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app-mocks title: "@kbn/shared-ux-link-redirect-app-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app-mocks'] --- import kbnSharedUxLinkRedirectAppMocksObj from './kbn_shared_ux_link_redirect_app_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown.mdx b/api_docs/kbn_shared_ux_markdown.mdx index 66a72f7179f38..8c6c28af8793a 100644 --- a/api_docs/kbn_shared_ux_markdown.mdx +++ b/api_docs/kbn_shared_ux_markdown.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown title: "@kbn/shared-ux-markdown" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown'] --- import kbnSharedUxMarkdownObj from './kbn_shared_ux_markdown.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown_mocks.mdx b/api_docs/kbn_shared_ux_markdown_mocks.mdx index eacfa0403ec1e..dae4a7a431af8 100644 --- a/api_docs/kbn_shared_ux_markdown_mocks.mdx +++ b/api_docs/kbn_shared_ux_markdown_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown-mocks title: "@kbn/shared-ux-markdown-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown-mocks'] --- import kbnSharedUxMarkdownMocksObj from './kbn_shared_ux_markdown_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx index f50914267f7a5..69f1a53e99773 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data title: "@kbn/shared-ux-page-analytics-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data'] --- import kbnSharedUxPageAnalyticsNoDataObj from './kbn_shared_ux_page_analytics_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx index 8b0a4456a70a2..9565f422810d8 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data-mocks title: "@kbn/shared-ux-page-analytics-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data-mocks'] --- import kbnSharedUxPageAnalyticsNoDataMocksObj from './kbn_shared_ux_page_analytics_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx index cf487285cd744..2612e20256c19 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data title: "@kbn/shared-ux-page-kibana-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data'] --- import kbnSharedUxPageKibanaNoDataObj from './kbn_shared_ux_page_kibana_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx index 719cb94bace72..01c42b69b0959 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data-mocks title: "@kbn/shared-ux-page-kibana-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data-mocks'] --- import kbnSharedUxPageKibanaNoDataMocksObj from './kbn_shared_ux_page_kibana_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template.mdx b/api_docs/kbn_shared_ux_page_kibana_template.mdx index 5479aee5e4a31..6286732801e10 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template title: "@kbn/shared-ux-page-kibana-template" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template'] --- import kbnSharedUxPageKibanaTemplateObj from './kbn_shared_ux_page_kibana_template.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx index e5a1fa0296a08..e90b7cb6e700a 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template-mocks title: "@kbn/shared-ux-page-kibana-template-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template-mocks'] --- import kbnSharedUxPageKibanaTemplateMocksObj from './kbn_shared_ux_page_kibana_template_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data.mdx b/api_docs/kbn_shared_ux_page_no_data.mdx index 57c1da11d03b1..7a6ea0b4710ac 100644 --- a/api_docs/kbn_shared_ux_page_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data title: "@kbn/shared-ux-page-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data'] --- import kbnSharedUxPageNoDataObj from './kbn_shared_ux_page_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config.mdx b/api_docs/kbn_shared_ux_page_no_data_config.mdx index 5226e94e824a7..fac085487858d 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config title: "@kbn/shared-ux-page-no-data-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config'] --- import kbnSharedUxPageNoDataConfigObj from './kbn_shared_ux_page_no_data_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx index 8113c08d7c381..c5ee65582d264 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config-mocks title: "@kbn/shared-ux-page-no-data-config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config-mocks'] --- import kbnSharedUxPageNoDataConfigMocksObj from './kbn_shared_ux_page_no_data_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx index 64b610bd67cd9..28e34a5504d25 100644 --- a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-mocks title: "@kbn/shared-ux-page-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-mocks'] --- import kbnSharedUxPageNoDataMocksObj from './kbn_shared_ux_page_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_solution_nav.mdx b/api_docs/kbn_shared_ux_page_solution_nav.mdx index 32521b37f4b00..38fe94ee77ae2 100644 --- a/api_docs/kbn_shared_ux_page_solution_nav.mdx +++ b/api_docs/kbn_shared_ux_page_solution_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-solution-nav title: "@kbn/shared-ux-page-solution-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-solution-nav plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-solution-nav'] --- import kbnSharedUxPageSolutionNavObj from './kbn_shared_ux_page_solution_nav.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx index 747a8a092627c..ebf52258593cc 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views title: "@kbn/shared-ux-prompt-no-data-views" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views'] --- import kbnSharedUxPromptNoDataViewsObj from './kbn_shared_ux_prompt_no_data_views.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx index 787a622c8efea..af53fa0f9cb15 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views-mocks title: "@kbn/shared-ux-prompt-no-data-views-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views-mocks'] --- import kbnSharedUxPromptNoDataViewsMocksObj from './kbn_shared_ux_prompt_no_data_views_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_not_found.mdx b/api_docs/kbn_shared_ux_prompt_not_found.mdx index 9380b19ba12e5..f88cf7ca6300d 100644 --- a/api_docs/kbn_shared_ux_prompt_not_found.mdx +++ b/api_docs/kbn_shared_ux_prompt_not_found.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-not-found title: "@kbn/shared-ux-prompt-not-found" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-not-found plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-not-found'] --- import kbnSharedUxPromptNotFoundObj from './kbn_shared_ux_prompt_not_found.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router.mdx b/api_docs/kbn_shared_ux_router.mdx index 71f3d3e04b933..9bbb77007d7e7 100644 --- a/api_docs/kbn_shared_ux_router.mdx +++ b/api_docs/kbn_shared_ux_router.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router title: "@kbn/shared-ux-router" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router'] --- import kbnSharedUxRouterObj from './kbn_shared_ux_router.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router_mocks.mdx b/api_docs/kbn_shared_ux_router_mocks.mdx index 0a9b73f1fa6eb..432e103cf09b8 100644 --- a/api_docs/kbn_shared_ux_router_mocks.mdx +++ b/api_docs/kbn_shared_ux_router_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router-mocks title: "@kbn/shared-ux-router-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router-mocks plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router-mocks'] --- import kbnSharedUxRouterMocksObj from './kbn_shared_ux_router_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_config.mdx b/api_docs/kbn_shared_ux_storybook_config.mdx index 74ff091729563..4b5d1525d6b7b 100644 --- a/api_docs/kbn_shared_ux_storybook_config.mdx +++ b/api_docs/kbn_shared_ux_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-config title: "@kbn/shared-ux-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-config'] --- import kbnSharedUxStorybookConfigObj from './kbn_shared_ux_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_mock.mdx b/api_docs/kbn_shared_ux_storybook_mock.mdx index 27ea229b8eb8e..feba597cc96dd 100644 --- a/api_docs/kbn_shared_ux_storybook_mock.mdx +++ b/api_docs/kbn_shared_ux_storybook_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-mock title: "@kbn/shared-ux-storybook-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-mock plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-mock'] --- import kbnSharedUxStorybookMockObj from './kbn_shared_ux_storybook_mock.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_utility.mdx b/api_docs/kbn_shared_ux_utility.mdx index 4bf004213c29c..33a3c406786f4 100644 --- a/api_docs/kbn_shared_ux_utility.mdx +++ b/api_docs/kbn_shared_ux_utility.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-utility title: "@kbn/shared-ux-utility" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-utility plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-utility'] --- import kbnSharedUxUtilityObj from './kbn_shared_ux_utility.devdocs.json'; diff --git a/api_docs/kbn_slo_schema.mdx b/api_docs/kbn_slo_schema.mdx index 864d55c977f27..30f7bc3efe588 100644 --- a/api_docs/kbn_slo_schema.mdx +++ b/api_docs/kbn_slo_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-slo-schema title: "@kbn/slo-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/slo-schema plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/slo-schema'] --- import kbnSloSchemaObj from './kbn_slo_schema.devdocs.json'; diff --git a/api_docs/kbn_some_dev_log.mdx b/api_docs/kbn_some_dev_log.mdx index 3787a17f57c1f..ba0a18d372048 100644 --- a/api_docs/kbn_some_dev_log.mdx +++ b/api_docs/kbn_some_dev_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-some-dev-log title: "@kbn/some-dev-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/some-dev-log plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/some-dev-log'] --- import kbnSomeDevLogObj from './kbn_some_dev_log.devdocs.json'; diff --git a/api_docs/kbn_std.mdx b/api_docs/kbn_std.mdx index 914326529ae97..f9d1c61dd66db 100644 --- a/api_docs/kbn_std.mdx +++ b/api_docs/kbn_std.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-std title: "@kbn/std" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/std plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/std'] --- import kbnStdObj from './kbn_std.devdocs.json'; diff --git a/api_docs/kbn_stdio_dev_helpers.mdx b/api_docs/kbn_stdio_dev_helpers.mdx index 762f61992898f..45e0e1f4abdc7 100644 --- a/api_docs/kbn_stdio_dev_helpers.mdx +++ b/api_docs/kbn_stdio_dev_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-stdio-dev-helpers title: "@kbn/stdio-dev-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/stdio-dev-helpers plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/stdio-dev-helpers'] --- import kbnStdioDevHelpersObj from './kbn_stdio_dev_helpers.devdocs.json'; diff --git a/api_docs/kbn_storybook.mdx b/api_docs/kbn_storybook.mdx index 9bbff91675204..9798e5c54454c 100644 --- a/api_docs/kbn_storybook.mdx +++ b/api_docs/kbn_storybook.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-storybook title: "@kbn/storybook" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/storybook plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/storybook'] --- import kbnStorybookObj from './kbn_storybook.devdocs.json'; diff --git a/api_docs/kbn_subscription_tracking.mdx b/api_docs/kbn_subscription_tracking.mdx index 51cd6a354cec6..9273dfdfa1a6d 100644 --- a/api_docs/kbn_subscription_tracking.mdx +++ b/api_docs/kbn_subscription_tracking.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-subscription-tracking title: "@kbn/subscription-tracking" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/subscription-tracking plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/subscription-tracking'] --- import kbnSubscriptionTrackingObj from './kbn_subscription_tracking.devdocs.json'; diff --git a/api_docs/kbn_telemetry_tools.mdx b/api_docs/kbn_telemetry_tools.mdx index 0464036b19879..35cc27ca79e45 100644 --- a/api_docs/kbn_telemetry_tools.mdx +++ b/api_docs/kbn_telemetry_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-telemetry-tools title: "@kbn/telemetry-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/telemetry-tools plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/telemetry-tools'] --- import kbnTelemetryToolsObj from './kbn_telemetry_tools.devdocs.json'; diff --git a/api_docs/kbn_test.mdx b/api_docs/kbn_test.mdx index 38ad2ff10202b..782ec763571ea 100644 --- a/api_docs/kbn_test.mdx +++ b/api_docs/kbn_test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test title: "@kbn/test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test'] --- import kbnTestObj from './kbn_test.devdocs.json'; diff --git a/api_docs/kbn_test_jest_helpers.mdx b/api_docs/kbn_test_jest_helpers.mdx index 9aae2321ed75c..3dd1da7d64aaa 100644 --- a/api_docs/kbn_test_jest_helpers.mdx +++ b/api_docs/kbn_test_jest_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-jest-helpers title: "@kbn/test-jest-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-jest-helpers plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-jest-helpers'] --- import kbnTestJestHelpersObj from './kbn_test_jest_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_subj_selector.mdx b/api_docs/kbn_test_subj_selector.mdx index ae6e12251a858..f63211ae1df14 100644 --- a/api_docs/kbn_test_subj_selector.mdx +++ b/api_docs/kbn_test_subj_selector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-subj-selector title: "@kbn/test-subj-selector" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-subj-selector plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-subj-selector'] --- import kbnTestSubjSelectorObj from './kbn_test_subj_selector.devdocs.json'; diff --git a/api_docs/kbn_text_based_editor.mdx b/api_docs/kbn_text_based_editor.mdx index 8ce835138269d..1d29acdde4aff 100644 --- a/api_docs/kbn_text_based_editor.mdx +++ b/api_docs/kbn_text_based_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-text-based-editor title: "@kbn/text-based-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/text-based-editor plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/text-based-editor'] --- import kbnTextBasedEditorObj from './kbn_text_based_editor.devdocs.json'; diff --git a/api_docs/kbn_tooling_log.mdx b/api_docs/kbn_tooling_log.mdx index 96f55ba950a24..da958cebd845d 100644 --- a/api_docs/kbn_tooling_log.mdx +++ b/api_docs/kbn_tooling_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-tooling-log title: "@kbn/tooling-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/tooling-log plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/tooling-log'] --- import kbnToolingLogObj from './kbn_tooling_log.devdocs.json'; diff --git a/api_docs/kbn_ts_projects.mdx b/api_docs/kbn_ts_projects.mdx index c9f6be0995956..1d8534e9fb3ac 100644 --- a/api_docs/kbn_ts_projects.mdx +++ b/api_docs/kbn_ts_projects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ts-projects title: "@kbn/ts-projects" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ts-projects plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ts-projects'] --- import kbnTsProjectsObj from './kbn_ts_projects.devdocs.json'; diff --git a/api_docs/kbn_typed_react_router_config.mdx b/api_docs/kbn_typed_react_router_config.mdx index 52435bb7ecff7..20708e11cee2c 100644 --- a/api_docs/kbn_typed_react_router_config.mdx +++ b/api_docs/kbn_typed_react_router_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-typed-react-router-config title: "@kbn/typed-react-router-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/typed-react-router-config plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/typed-react-router-config'] --- import kbnTypedReactRouterConfigObj from './kbn_typed_react_router_config.devdocs.json'; diff --git a/api_docs/kbn_ui_actions_browser.mdx b/api_docs/kbn_ui_actions_browser.mdx index b7ffee1b96649..030069abf84c0 100644 --- a/api_docs/kbn_ui_actions_browser.mdx +++ b/api_docs/kbn_ui_actions_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-actions-browser title: "@kbn/ui-actions-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-actions-browser plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-actions-browser'] --- import kbnUiActionsBrowserObj from './kbn_ui_actions_browser.devdocs.json'; diff --git a/api_docs/kbn_ui_shared_deps_src.mdx b/api_docs/kbn_ui_shared_deps_src.mdx index 3d1c103563b22..0d69082ef1ca3 100644 --- a/api_docs/kbn_ui_shared_deps_src.mdx +++ b/api_docs/kbn_ui_shared_deps_src.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-shared-deps-src title: "@kbn/ui-shared-deps-src" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-shared-deps-src plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-shared-deps-src'] --- import kbnUiSharedDepsSrcObj from './kbn_ui_shared_deps_src.devdocs.json'; diff --git a/api_docs/kbn_ui_theme.mdx b/api_docs/kbn_ui_theme.mdx index b5cec14505137..f067c6d18e68f 100644 --- a/api_docs/kbn_ui_theme.mdx +++ b/api_docs/kbn_ui_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-theme title: "@kbn/ui-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-theme plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-theme'] --- import kbnUiThemeObj from './kbn_ui_theme.devdocs.json'; diff --git a/api_docs/kbn_unified_data_table.mdx b/api_docs/kbn_unified_data_table.mdx index 6bfe045e8843d..e072f1adf9c16 100644 --- a/api_docs/kbn_unified_data_table.mdx +++ b/api_docs/kbn_unified_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-data-table title: "@kbn/unified-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-data-table plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-data-table'] --- import kbnUnifiedDataTableObj from './kbn_unified_data_table.devdocs.json'; diff --git a/api_docs/kbn_unified_doc_viewer.mdx b/api_docs/kbn_unified_doc_viewer.mdx index 6b13865360a45..113cc75baeae1 100644 --- a/api_docs/kbn_unified_doc_viewer.mdx +++ b/api_docs/kbn_unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-doc-viewer title: "@kbn/unified-doc-viewer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-doc-viewer plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-doc-viewer'] --- import kbnUnifiedDocViewerObj from './kbn_unified_doc_viewer.devdocs.json'; diff --git a/api_docs/kbn_unified_field_list.mdx b/api_docs/kbn_unified_field_list.mdx index c6f87f3da26ee..9e49d8e9b662d 100644 --- a/api_docs/kbn_unified_field_list.mdx +++ b/api_docs/kbn_unified_field_list.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-field-list title: "@kbn/unified-field-list" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-field-list plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-field-list'] --- import kbnUnifiedFieldListObj from './kbn_unified_field_list.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_badge.mdx b/api_docs/kbn_unsaved_changes_badge.mdx index fda91a9e69875..37ea9f303e50c 100644 --- a/api_docs/kbn_unsaved_changes_badge.mdx +++ b/api_docs/kbn_unsaved_changes_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-badge title: "@kbn/unsaved-changes-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-badge plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-badge'] --- import kbnUnsavedChangesBadgeObj from './kbn_unsaved_changes_badge.devdocs.json'; diff --git a/api_docs/kbn_url_state.mdx b/api_docs/kbn_url_state.mdx index 88625391edff9..58bb87a765ad3 100644 --- a/api_docs/kbn_url_state.mdx +++ b/api_docs/kbn_url_state.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-url-state title: "@kbn/url-state" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/url-state plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/url-state'] --- import kbnUrlStateObj from './kbn_url_state.devdocs.json'; diff --git a/api_docs/kbn_use_tracked_promise.mdx b/api_docs/kbn_use_tracked_promise.mdx index 09423379cec43..3d63e715cb4fa 100644 --- a/api_docs/kbn_use_tracked_promise.mdx +++ b/api_docs/kbn_use_tracked_promise.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-use-tracked-promise title: "@kbn/use-tracked-promise" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/use-tracked-promise plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/use-tracked-promise'] --- import kbnUseTrackedPromiseObj from './kbn_use_tracked_promise.devdocs.json'; diff --git a/api_docs/kbn_user_profile_components.mdx b/api_docs/kbn_user_profile_components.mdx index b990f119b3395..cb8eb608b9412 100644 --- a/api_docs/kbn_user_profile_components.mdx +++ b/api_docs/kbn_user_profile_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-user-profile-components title: "@kbn/user-profile-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/user-profile-components plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/user-profile-components'] --- import kbnUserProfileComponentsObj from './kbn_user_profile_components.devdocs.json'; diff --git a/api_docs/kbn_utility_types.mdx b/api_docs/kbn_utility_types.mdx index 5daeeb74bd4ab..1cfc9e7bd1638 100644 --- a/api_docs/kbn_utility_types.mdx +++ b/api_docs/kbn_utility_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types title: "@kbn/utility-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types'] --- import kbnUtilityTypesObj from './kbn_utility_types.devdocs.json'; diff --git a/api_docs/kbn_utility_types_jest.mdx b/api_docs/kbn_utility_types_jest.mdx index 40bf5abc1b4d0..c1f18027fc667 100644 --- a/api_docs/kbn_utility_types_jest.mdx +++ b/api_docs/kbn_utility_types_jest.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types-jest title: "@kbn/utility-types-jest" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types-jest plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types-jest'] --- import kbnUtilityTypesJestObj from './kbn_utility_types_jest.devdocs.json'; diff --git a/api_docs/kbn_utils.mdx b/api_docs/kbn_utils.mdx index 6fa21307a20b3..ae9f9ea0ee5ec 100644 --- a/api_docs/kbn_utils.mdx +++ b/api_docs/kbn_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utils title: "@kbn/utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utils'] --- import kbnUtilsObj from './kbn_utils.devdocs.json'; diff --git a/api_docs/kbn_visualization_ui_components.mdx b/api_docs/kbn_visualization_ui_components.mdx index f938836e337da..73830e2d04dbc 100644 --- a/api_docs/kbn_visualization_ui_components.mdx +++ b/api_docs/kbn_visualization_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-ui-components title: "@kbn/visualization-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-ui-components plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-ui-components'] --- import kbnVisualizationUiComponentsObj from './kbn_visualization_ui_components.devdocs.json'; diff --git a/api_docs/kbn_xstate_utils.mdx b/api_docs/kbn_xstate_utils.mdx index 0cffa15cbbbd7..486044b0a279f 100644 --- a/api_docs/kbn_xstate_utils.mdx +++ b/api_docs/kbn_xstate_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-xstate-utils title: "@kbn/xstate-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/xstate-utils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/xstate-utils'] --- import kbnXstateUtilsObj from './kbn_xstate_utils.devdocs.json'; diff --git a/api_docs/kbn_yarn_lock_validator.mdx b/api_docs/kbn_yarn_lock_validator.mdx index ae3e5f833997b..9debee10dff4c 100644 --- a/api_docs/kbn_yarn_lock_validator.mdx +++ b/api_docs/kbn_yarn_lock_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-yarn-lock-validator title: "@kbn/yarn-lock-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/yarn-lock-validator plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/yarn-lock-validator'] --- import kbnYarnLockValidatorObj from './kbn_yarn_lock_validator.devdocs.json'; diff --git a/api_docs/kbn_zod_helpers.mdx b/api_docs/kbn_zod_helpers.mdx index 0511987d9332f..045dc345ae558 100644 --- a/api_docs/kbn_zod_helpers.mdx +++ b/api_docs/kbn_zod_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod-helpers title: "@kbn/zod-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod-helpers plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod-helpers'] --- import kbnZodHelpersObj from './kbn_zod_helpers.devdocs.json'; diff --git a/api_docs/kibana_overview.mdx b/api_docs/kibana_overview.mdx index 126d4823edfd9..64c56fa357f4f 100644 --- a/api_docs/kibana_overview.mdx +++ b/api_docs/kibana_overview.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaOverview title: "kibanaOverview" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaOverview plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaOverview'] --- import kibanaOverviewObj from './kibana_overview.devdocs.json'; diff --git a/api_docs/kibana_react.mdx b/api_docs/kibana_react.mdx index e6a4c3e50df4b..15e6f3725eab1 100644 --- a/api_docs/kibana_react.mdx +++ b/api_docs/kibana_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaReact title: "kibanaReact" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaReact plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaReact'] --- import kibanaReactObj from './kibana_react.devdocs.json'; diff --git a/api_docs/kibana_utils.mdx b/api_docs/kibana_utils.mdx index b1c9bc35557be..0d76b07b1a558 100644 --- a/api_docs/kibana_utils.mdx +++ b/api_docs/kibana_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaUtils title: "kibanaUtils" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaUtils plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaUtils'] --- import kibanaUtilsObj from './kibana_utils.devdocs.json'; diff --git a/api_docs/kubernetes_security.mdx b/api_docs/kubernetes_security.mdx index 7157810b680b7..dfa21718784ca 100644 --- a/api_docs/kubernetes_security.mdx +++ b/api_docs/kubernetes_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kubernetesSecurity title: "kubernetesSecurity" image: https://source.unsplash.com/400x175/?github description: API docs for the kubernetesSecurity plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kubernetesSecurity'] --- import kubernetesSecurityObj from './kubernetes_security.devdocs.json'; diff --git a/api_docs/lens.mdx b/api_docs/lens.mdx index fb84d73cea9d8..f15b4eca50c2e 100644 --- a/api_docs/lens.mdx +++ b/api_docs/lens.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lens title: "lens" image: https://source.unsplash.com/400x175/?github description: API docs for the lens plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lens'] --- import lensObj from './lens.devdocs.json'; diff --git a/api_docs/license_api_guard.mdx b/api_docs/license_api_guard.mdx index 1396d07670ff6..091d06c133ae3 100644 --- a/api_docs/license_api_guard.mdx +++ b/api_docs/license_api_guard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseApiGuard title: "licenseApiGuard" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseApiGuard plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseApiGuard'] --- import licenseApiGuardObj from './license_api_guard.devdocs.json'; diff --git a/api_docs/license_management.mdx b/api_docs/license_management.mdx index 14e011d979c93..d44c992a0c2c9 100644 --- a/api_docs/license_management.mdx +++ b/api_docs/license_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseManagement title: "licenseManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseManagement plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseManagement'] --- import licenseManagementObj from './license_management.devdocs.json'; diff --git a/api_docs/licensing.mdx b/api_docs/licensing.mdx index 84f7c74036ee7..b23db6581fdcd 100644 --- a/api_docs/licensing.mdx +++ b/api_docs/licensing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licensing title: "licensing" image: https://source.unsplash.com/400x175/?github description: API docs for the licensing plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licensing'] --- import licensingObj from './licensing.devdocs.json'; diff --git a/api_docs/links.mdx b/api_docs/links.mdx index 6bf7ed9c854fc..e77b2d86d9bd5 100644 --- a/api_docs/links.mdx +++ b/api_docs/links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/links title: "links" image: https://source.unsplash.com/400x175/?github description: API docs for the links plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'links'] --- import linksObj from './links.devdocs.json'; diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx index fc0353734b485..5b5a940efadcd 100644 --- a/api_docs/lists.mdx +++ b/api_docs/lists.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lists title: "lists" image: https://source.unsplash.com/400x175/?github description: API docs for the lists plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lists'] --- import listsObj from './lists.devdocs.json'; diff --git a/api_docs/log_explorer.mdx b/api_docs/log_explorer.mdx index 20155b43544cd..24d9d3b82f0b9 100644 --- a/api_docs/log_explorer.mdx +++ b/api_docs/log_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logExplorer title: "logExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the logExplorer plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logExplorer'] --- import logExplorerObj from './log_explorer.devdocs.json'; diff --git a/api_docs/logs_shared.mdx b/api_docs/logs_shared.mdx index d07ab3a0ae301..599557e17c8c2 100644 --- a/api_docs/logs_shared.mdx +++ b/api_docs/logs_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsShared title: "logsShared" image: https://source.unsplash.com/400x175/?github description: API docs for the logsShared plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsShared'] --- import logsSharedObj from './logs_shared.devdocs.json'; diff --git a/api_docs/management.mdx b/api_docs/management.mdx index 595c960edaa37..8d362cce9f08e 100644 --- a/api_docs/management.mdx +++ b/api_docs/management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/management title: "management" image: https://source.unsplash.com/400x175/?github description: API docs for the management plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'management'] --- import managementObj from './management.devdocs.json'; diff --git a/api_docs/maps.mdx b/api_docs/maps.mdx index 40e04d5620817..a301fe2968307 100644 --- a/api_docs/maps.mdx +++ b/api_docs/maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/maps title: "maps" image: https://source.unsplash.com/400x175/?github description: API docs for the maps plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'maps'] --- import mapsObj from './maps.devdocs.json'; diff --git a/api_docs/maps_ems.mdx b/api_docs/maps_ems.mdx index bd093adbb0116..b107dbfa783da 100644 --- a/api_docs/maps_ems.mdx +++ b/api_docs/maps_ems.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mapsEms title: "mapsEms" image: https://source.unsplash.com/400x175/?github description: API docs for the mapsEms plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mapsEms'] --- import mapsEmsObj from './maps_ems.devdocs.json'; diff --git a/api_docs/metrics_data_access.mdx b/api_docs/metrics_data_access.mdx index b729339a22e2f..b3baddff3454a 100644 --- a/api_docs/metrics_data_access.mdx +++ b/api_docs/metrics_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/metricsDataAccess title: "metricsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the metricsDataAccess plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'metricsDataAccess'] --- import metricsDataAccessObj from './metrics_data_access.devdocs.json'; diff --git a/api_docs/ml.mdx b/api_docs/ml.mdx index 36af24a35d6ab..fd51fef94cf70 100644 --- a/api_docs/ml.mdx +++ b/api_docs/ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ml title: "ml" image: https://source.unsplash.com/400x175/?github description: API docs for the ml plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ml'] --- import mlObj from './ml.devdocs.json'; diff --git a/api_docs/monitoring.mdx b/api_docs/monitoring.mdx index 20fe65cba8c21..b3da30cf84ebb 100644 --- a/api_docs/monitoring.mdx +++ b/api_docs/monitoring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoring title: "monitoring" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoring plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoring'] --- import monitoringObj from './monitoring.devdocs.json'; diff --git a/api_docs/monitoring_collection.mdx b/api_docs/monitoring_collection.mdx index 232bafad736d6..69a47820bf089 100644 --- a/api_docs/monitoring_collection.mdx +++ b/api_docs/monitoring_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoringCollection title: "monitoringCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoringCollection plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoringCollection'] --- import monitoringCollectionObj from './monitoring_collection.devdocs.json'; diff --git a/api_docs/navigation.mdx b/api_docs/navigation.mdx index 131be5a3ba821..f4a834374010b 100644 --- a/api_docs/navigation.mdx +++ b/api_docs/navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/navigation title: "navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the navigation plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'navigation'] --- import navigationObj from './navigation.devdocs.json'; diff --git a/api_docs/newsfeed.mdx b/api_docs/newsfeed.mdx index 3aaf5685ebc8d..515bcb3e629af 100644 --- a/api_docs/newsfeed.mdx +++ b/api_docs/newsfeed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/newsfeed title: "newsfeed" image: https://source.unsplash.com/400x175/?github description: API docs for the newsfeed plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'newsfeed'] --- import newsfeedObj from './newsfeed.devdocs.json'; diff --git a/api_docs/no_data_page.mdx b/api_docs/no_data_page.mdx index 935a3e68266a2..3ab4fa66b297c 100644 --- a/api_docs/no_data_page.mdx +++ b/api_docs/no_data_page.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/noDataPage title: "noDataPage" image: https://source.unsplash.com/400x175/?github description: API docs for the noDataPage plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'noDataPage'] --- import noDataPageObj from './no_data_page.devdocs.json'; diff --git a/api_docs/notifications.mdx b/api_docs/notifications.mdx index 41b64134e904c..36b41b51f574e 100644 --- a/api_docs/notifications.mdx +++ b/api_docs/notifications.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/notifications title: "notifications" image: https://source.unsplash.com/400x175/?github description: API docs for the notifications plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'notifications'] --- import notificationsObj from './notifications.devdocs.json'; diff --git a/api_docs/observability.mdx b/api_docs/observability.mdx index b74c31c0fa097..b664fe6968a18 100644 --- a/api_docs/observability.mdx +++ b/api_docs/observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observability title: "observability" image: https://source.unsplash.com/400x175/?github description: API docs for the observability plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observability'] --- import observabilityObj from './observability.devdocs.json'; diff --git a/api_docs/observability_a_i_assistant.mdx b/api_docs/observability_a_i_assistant.mdx index 19c4b60058c0a..2be9d6e631565 100644 --- a/api_docs/observability_a_i_assistant.mdx +++ b/api_docs/observability_a_i_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistant title: "observabilityAIAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistant plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistant'] --- import observabilityAIAssistantObj from './observability_a_i_assistant.devdocs.json'; diff --git a/api_docs/observability_log_explorer.mdx b/api_docs/observability_log_explorer.mdx index ea7325b02e6e0..9053799ca3c53 100644 --- a/api_docs/observability_log_explorer.mdx +++ b/api_docs/observability_log_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityLogExplorer title: "observabilityLogExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityLogExplorer plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityLogExplorer'] --- import observabilityLogExplorerObj from './observability_log_explorer.devdocs.json'; diff --git a/api_docs/observability_onboarding.mdx b/api_docs/observability_onboarding.mdx index 34460f0757b2c..d53de7acc2f48 100644 --- a/api_docs/observability_onboarding.mdx +++ b/api_docs/observability_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityOnboarding title: "observabilityOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityOnboarding plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityOnboarding'] --- import observabilityOnboardingObj from './observability_onboarding.devdocs.json'; diff --git a/api_docs/observability_shared.mdx b/api_docs/observability_shared.mdx index 85355545a1aa2..d81c20b490014 100644 --- a/api_docs/observability_shared.mdx +++ b/api_docs/observability_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityShared title: "observabilityShared" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityShared plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityShared'] --- import observabilitySharedObj from './observability_shared.devdocs.json'; diff --git a/api_docs/osquery.mdx b/api_docs/osquery.mdx index 18e6100366b87..631e0b0971062 100644 --- a/api_docs/osquery.mdx +++ b/api_docs/osquery.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/osquery title: "osquery" image: https://source.unsplash.com/400x175/?github description: API docs for the osquery plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'osquery'] --- import osqueryObj from './osquery.devdocs.json'; diff --git a/api_docs/painless_lab.mdx b/api_docs/painless_lab.mdx index efe0ebf7f04a3..e9fbdf587dbf6 100644 --- a/api_docs/painless_lab.mdx +++ b/api_docs/painless_lab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/painlessLab title: "painlessLab" image: https://source.unsplash.com/400x175/?github description: API docs for the painlessLab plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'painlessLab'] --- import painlessLabObj from './painless_lab.devdocs.json'; diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx index 00fd804bcba38..631c90f2dd3f3 100644 --- a/api_docs/plugin_directory.mdx +++ b/api_docs/plugin_directory.mdx @@ -7,7 +7,7 @@ id: kibDevDocsPluginDirectory slug: /kibana-dev-docs/api-meta/plugin-api-directory title: Directory description: Directory of public APIs available through plugins or packages. -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -15,13 +15,13 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | Count | Plugins or Packages with a
public API | Number of teams | |--------------|----------|------------------------| -| 712 | 604 | 40 | +| 714 | 606 | 40 | ### Public API health stats | API Count | Any Count | Missing comments | Missing exports | |--------------|----------|-----------------|--------| -| 76393 | 235 | 65329 | 1606 | +| 76426 | 235 | 65361 | 1606 | ## Plugin Directory @@ -90,7 +90,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds 'shape' function and renderer to expressions | 148 | 0 | 146 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Expression Tagcloud plugin adds a `tagcloud` renderer and function to the expression plugin. The renderer will display the `Wordcloud` chart. | 6 | 0 | 6 | 2 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Expression XY plugin adds a `xy` renderer and function to the expression plugin. The renderer will display the `xy` chart. | 176 | 0 | 166 | 13 | -| | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Adds expression runtime to Kibana | 2224 | 17 | 1765 | 5 | +| | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | Adds expression runtime to Kibana | 2208 | 17 | 1749 | 5 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 235 | 0 | 99 | 2 | | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | Index pattern fields and ambiguous values formatters | 292 | 5 | 253 | 3 | | | [@elastic/kibana-gis](https://github.com/orgs/elastic/teams/kibana-gis) | The file upload plugin contains components and services for uploading a file, analyzing its data, and then importing the data into an Elasticsearch index. Supported file types include CSV, TSV, newline-delimited JSON and GeoJSON. | 59 | 0 | 59 | 2 | @@ -240,7 +240,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-qa](https://github.com/orgs/elastic/teams/kibana-qa) | - | 12 | 0 | 12 | 0 | | | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 10 | 0 | 10 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 19 | 0 | 16 | 0 | -| | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 62 | 1 | 44 | 3 | +| | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 60 | 1 | 42 | 3 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 14 | 0 | 10 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 78 | 0 | 78 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 7 | 0 | 2 | 0 | @@ -418,6 +418,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 3 | 0 | 3 | 0 | | | [@elastic/kibana-security](https://github.com/orgs/elastic/teams/kibana-security) | - | 13 | 0 | 7 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 10 | 0 | 10 | 0 | +| | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 16 | 0 | 16 | 0 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 19 | 0 | 17 | 6 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 2 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 14 | 0 | 9 | 0 | @@ -443,6 +444,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 19 | 0 | 11 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 35125 | 0 | 34718 | 0 | | | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 13 | 0 | 5 | 0 | +| | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 35 | 0 | 34 | 0 | | | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | - | 96 | 0 | 76 | 6 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 48 | 0 | 33 | 7 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 27 | 0 | 14 | 1 | diff --git a/api_docs/presentation_util.mdx b/api_docs/presentation_util.mdx index 007dd8b3ca09a..23946072908f8 100644 --- a/api_docs/presentation_util.mdx +++ b/api_docs/presentation_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationUtil title: "presentationUtil" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationUtil plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationUtil'] --- import presentationUtilObj from './presentation_util.devdocs.json'; diff --git a/api_docs/profiling.mdx b/api_docs/profiling.mdx index 4f86bb6bee4a0..53f9e92add84d 100644 --- a/api_docs/profiling.mdx +++ b/api_docs/profiling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profiling title: "profiling" image: https://source.unsplash.com/400x175/?github description: API docs for the profiling plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profiling'] --- import profilingObj from './profiling.devdocs.json'; diff --git a/api_docs/profiling_data_access.mdx b/api_docs/profiling_data_access.mdx index ac538d3227fc1..3b7404480742e 100644 --- a/api_docs/profiling_data_access.mdx +++ b/api_docs/profiling_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profilingDataAccess title: "profilingDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the profilingDataAccess plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profilingDataAccess'] --- import profilingDataAccessObj from './profiling_data_access.devdocs.json'; diff --git a/api_docs/remote_clusters.mdx b/api_docs/remote_clusters.mdx index 9096da495a97c..070cf277c3d28 100644 --- a/api_docs/remote_clusters.mdx +++ b/api_docs/remote_clusters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/remoteClusters title: "remoteClusters" image: https://source.unsplash.com/400x175/?github description: API docs for the remoteClusters plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'remoteClusters'] --- import remoteClustersObj from './remote_clusters.devdocs.json'; diff --git a/api_docs/reporting.mdx b/api_docs/reporting.mdx index af1b6c6954de4..57e1d42fc6648 100644 --- a/api_docs/reporting.mdx +++ b/api_docs/reporting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/reporting title: "reporting" image: https://source.unsplash.com/400x175/?github description: API docs for the reporting plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'reporting'] --- import reportingObj from './reporting.devdocs.json'; diff --git a/api_docs/rollup.mdx b/api_docs/rollup.mdx index 4c5442ce29e9b..93c8309731e92 100644 --- a/api_docs/rollup.mdx +++ b/api_docs/rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/rollup title: "rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the rollup plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'rollup'] --- import rollupObj from './rollup.devdocs.json'; diff --git a/api_docs/rule_registry.mdx b/api_docs/rule_registry.mdx index f53ed69511ea6..82412e0806e8d 100644 --- a/api_docs/rule_registry.mdx +++ b/api_docs/rule_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ruleRegistry title: "ruleRegistry" image: https://source.unsplash.com/400x175/?github description: API docs for the ruleRegistry plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ruleRegistry'] --- import ruleRegistryObj from './rule_registry.devdocs.json'; diff --git a/api_docs/runtime_fields.mdx b/api_docs/runtime_fields.mdx index de3075aa26b9b..ba2aa31e60037 100644 --- a/api_docs/runtime_fields.mdx +++ b/api_docs/runtime_fields.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/runtimeFields title: "runtimeFields" image: https://source.unsplash.com/400x175/?github description: API docs for the runtimeFields plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'runtimeFields'] --- import runtimeFieldsObj from './runtime_fields.devdocs.json'; diff --git a/api_docs/saved_objects.mdx b/api_docs/saved_objects.mdx index 9b467f6997ca8..60d9a14501a71 100644 --- a/api_docs/saved_objects.mdx +++ b/api_docs/saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjects title: "savedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjects plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjects'] --- import savedObjectsObj from './saved_objects.devdocs.json'; diff --git a/api_docs/saved_objects_finder.mdx b/api_docs/saved_objects_finder.mdx index aa0e76d57343b..baa06ee207dd2 100644 --- a/api_docs/saved_objects_finder.mdx +++ b/api_docs/saved_objects_finder.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsFinder title: "savedObjectsFinder" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsFinder plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsFinder'] --- import savedObjectsFinderObj from './saved_objects_finder.devdocs.json'; diff --git a/api_docs/saved_objects_management.mdx b/api_docs/saved_objects_management.mdx index 62159992eff4d..1005a80975a94 100644 --- a/api_docs/saved_objects_management.mdx +++ b/api_docs/saved_objects_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsManagement title: "savedObjectsManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsManagement plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsManagement'] --- import savedObjectsManagementObj from './saved_objects_management.devdocs.json'; diff --git a/api_docs/saved_objects_tagging.mdx b/api_docs/saved_objects_tagging.mdx index 130068ee65e3c..aacaabfc7dede 100644 --- a/api_docs/saved_objects_tagging.mdx +++ b/api_docs/saved_objects_tagging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTagging title: "savedObjectsTagging" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTagging plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTagging'] --- import savedObjectsTaggingObj from './saved_objects_tagging.devdocs.json'; diff --git a/api_docs/saved_objects_tagging_oss.mdx b/api_docs/saved_objects_tagging_oss.mdx index 2f7df1e1ec2a1..80cef8add385e 100644 --- a/api_docs/saved_objects_tagging_oss.mdx +++ b/api_docs/saved_objects_tagging_oss.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTaggingOss title: "savedObjectsTaggingOss" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTaggingOss plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTaggingOss'] --- import savedObjectsTaggingOssObj from './saved_objects_tagging_oss.devdocs.json'; diff --git a/api_docs/saved_search.mdx b/api_docs/saved_search.mdx index f7d9fe51e2b54..0440633fabda5 100644 --- a/api_docs/saved_search.mdx +++ b/api_docs/saved_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedSearch title: "savedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the savedSearch plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedSearch'] --- import savedSearchObj from './saved_search.devdocs.json'; diff --git a/api_docs/screenshot_mode.mdx b/api_docs/screenshot_mode.mdx index 02b2a387631e8..6f704e31c384f 100644 --- a/api_docs/screenshot_mode.mdx +++ b/api_docs/screenshot_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotMode title: "screenshotMode" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotMode plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotMode'] --- import screenshotModeObj from './screenshot_mode.devdocs.json'; diff --git a/api_docs/screenshotting.mdx b/api_docs/screenshotting.mdx index 7903a56212a80..9794c59a12298 100644 --- a/api_docs/screenshotting.mdx +++ b/api_docs/screenshotting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotting title: "screenshotting" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotting plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotting'] --- import screenshottingObj from './screenshotting.devdocs.json'; diff --git a/api_docs/security.mdx b/api_docs/security.mdx index f988056294eea..71afdc49a95c6 100644 --- a/api_docs/security.mdx +++ b/api_docs/security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/security title: "security" image: https://source.unsplash.com/400x175/?github description: API docs for the security plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'security'] --- import securityObj from './security.devdocs.json'; diff --git a/api_docs/security_solution.mdx b/api_docs/security_solution.mdx index 33059413f27ed..5450e147125ad 100644 --- a/api_docs/security_solution.mdx +++ b/api_docs/security_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolution title: "securitySolution" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolution plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolution'] --- import securitySolutionObj from './security_solution.devdocs.json'; diff --git a/api_docs/security_solution_ess.mdx b/api_docs/security_solution_ess.mdx index 69ec14a280183..5bbfe83899cea 100644 --- a/api_docs/security_solution_ess.mdx +++ b/api_docs/security_solution_ess.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionEss title: "securitySolutionEss" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionEss plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionEss'] --- import securitySolutionEssObj from './security_solution_ess.devdocs.json'; diff --git a/api_docs/security_solution_serverless.mdx b/api_docs/security_solution_serverless.mdx index ce6fac29570c2..9fe12f3dda992 100644 --- a/api_docs/security_solution_serverless.mdx +++ b/api_docs/security_solution_serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionServerless title: "securitySolutionServerless" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionServerless plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionServerless'] --- import securitySolutionServerlessObj from './security_solution_serverless.devdocs.json'; diff --git a/api_docs/serverless.mdx b/api_docs/serverless.mdx index 5d81f1744dad7..3b5ace3dee12b 100644 --- a/api_docs/serverless.mdx +++ b/api_docs/serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverless title: "serverless" image: https://source.unsplash.com/400x175/?github description: API docs for the serverless plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverless'] --- import serverlessObj from './serverless.devdocs.json'; diff --git a/api_docs/serverless_observability.mdx b/api_docs/serverless_observability.mdx index 4cc26dfa16b2b..87d382dc7db13 100644 --- a/api_docs/serverless_observability.mdx +++ b/api_docs/serverless_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessObservability title: "serverlessObservability" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessObservability plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessObservability'] --- import serverlessObservabilityObj from './serverless_observability.devdocs.json'; diff --git a/api_docs/serverless_search.mdx b/api_docs/serverless_search.mdx index 7473993789432..6efa6ca0697be 100644 --- a/api_docs/serverless_search.mdx +++ b/api_docs/serverless_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessSearch title: "serverlessSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessSearch plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessSearch'] --- import serverlessSearchObj from './serverless_search.devdocs.json'; diff --git a/api_docs/session_view.mdx b/api_docs/session_view.mdx index 230ec35b3e176..5faff7bc9428f 100644 --- a/api_docs/session_view.mdx +++ b/api_docs/session_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/sessionView title: "sessionView" image: https://source.unsplash.com/400x175/?github description: API docs for the sessionView plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'sessionView'] --- import sessionViewObj from './session_view.devdocs.json'; diff --git a/api_docs/share.mdx b/api_docs/share.mdx index c42d516c67405..8481b3fb9a2cb 100644 --- a/api_docs/share.mdx +++ b/api_docs/share.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/share title: "share" image: https://source.unsplash.com/400x175/?github description: API docs for the share plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'share'] --- import shareObj from './share.devdocs.json'; diff --git a/api_docs/snapshot_restore.mdx b/api_docs/snapshot_restore.mdx index b3cc960350148..0159382bf9e20 100644 --- a/api_docs/snapshot_restore.mdx +++ b/api_docs/snapshot_restore.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/snapshotRestore title: "snapshotRestore" image: https://source.unsplash.com/400x175/?github description: API docs for the snapshotRestore plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'snapshotRestore'] --- import snapshotRestoreObj from './snapshot_restore.devdocs.json'; diff --git a/api_docs/spaces.mdx b/api_docs/spaces.mdx index 26cf49bf65ea9..e70cdce709a49 100644 --- a/api_docs/spaces.mdx +++ b/api_docs/spaces.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/spaces title: "spaces" image: https://source.unsplash.com/400x175/?github description: API docs for the spaces plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'spaces'] --- import spacesObj from './spaces.devdocs.json'; diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx index 0c8a4638c233c..792699a25fe93 100644 --- a/api_docs/stack_alerts.mdx +++ b/api_docs/stack_alerts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackAlerts title: "stackAlerts" image: https://source.unsplash.com/400x175/?github description: API docs for the stackAlerts plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackAlerts'] --- import stackAlertsObj from './stack_alerts.devdocs.json'; diff --git a/api_docs/stack_connectors.mdx b/api_docs/stack_connectors.mdx index 25de526b331d3..b3ea1b2a30e19 100644 --- a/api_docs/stack_connectors.mdx +++ b/api_docs/stack_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackConnectors title: "stackConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the stackConnectors plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackConnectors'] --- import stackConnectorsObj from './stack_connectors.devdocs.json'; diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx index 4b5927759d582..684fa40edd9db 100644 --- a/api_docs/task_manager.mdx +++ b/api_docs/task_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/taskManager title: "taskManager" image: https://source.unsplash.com/400x175/?github description: API docs for the taskManager plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'taskManager'] --- import taskManagerObj from './task_manager.devdocs.json'; diff --git a/api_docs/telemetry.mdx b/api_docs/telemetry.mdx index 37de2e1802524..b8ad82872374e 100644 --- a/api_docs/telemetry.mdx +++ b/api_docs/telemetry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetry title: "telemetry" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetry plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetry'] --- import telemetryObj from './telemetry.devdocs.json'; diff --git a/api_docs/telemetry_collection_manager.mdx b/api_docs/telemetry_collection_manager.mdx index 542af867fa910..70e3e36ba45c6 100644 --- a/api_docs/telemetry_collection_manager.mdx +++ b/api_docs/telemetry_collection_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionManager title: "telemetryCollectionManager" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionManager plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionManager'] --- import telemetryCollectionManagerObj from './telemetry_collection_manager.devdocs.json'; diff --git a/api_docs/telemetry_collection_xpack.mdx b/api_docs/telemetry_collection_xpack.mdx index 863a472f20206..fb2e7b5b1ab5a 100644 --- a/api_docs/telemetry_collection_xpack.mdx +++ b/api_docs/telemetry_collection_xpack.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionXpack title: "telemetryCollectionXpack" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionXpack plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionXpack'] --- import telemetryCollectionXpackObj from './telemetry_collection_xpack.devdocs.json'; diff --git a/api_docs/telemetry_management_section.mdx b/api_docs/telemetry_management_section.mdx index 060418ad3a4dc..920b305812976 100644 --- a/api_docs/telemetry_management_section.mdx +++ b/api_docs/telemetry_management_section.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryManagementSection title: "telemetryManagementSection" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryManagementSection plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryManagementSection'] --- import telemetryManagementSectionObj from './telemetry_management_section.devdocs.json'; diff --git a/api_docs/text_based_languages.mdx b/api_docs/text_based_languages.mdx index d9a8f595a8b1e..0cd5b475d9197 100644 --- a/api_docs/text_based_languages.mdx +++ b/api_docs/text_based_languages.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/textBasedLanguages title: "textBasedLanguages" image: https://source.unsplash.com/400x175/?github description: API docs for the textBasedLanguages plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'textBasedLanguages'] --- import textBasedLanguagesObj from './text_based_languages.devdocs.json'; diff --git a/api_docs/threat_intelligence.mdx b/api_docs/threat_intelligence.mdx index 1695d9c9a00b5..c0bb245253e83 100644 --- a/api_docs/threat_intelligence.mdx +++ b/api_docs/threat_intelligence.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/threatIntelligence title: "threatIntelligence" image: https://source.unsplash.com/400x175/?github description: API docs for the threatIntelligence plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'threatIntelligence'] --- import threatIntelligenceObj from './threat_intelligence.devdocs.json'; diff --git a/api_docs/timelines.mdx b/api_docs/timelines.mdx index 11da8f9954133..cbbd6f3001ea0 100644 --- a/api_docs/timelines.mdx +++ b/api_docs/timelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/timelines title: "timelines" image: https://source.unsplash.com/400x175/?github description: API docs for the timelines plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'timelines'] --- import timelinesObj from './timelines.devdocs.json'; diff --git a/api_docs/transform.mdx b/api_docs/transform.mdx index f904850c9b68f..b62fb485b5428 100644 --- a/api_docs/transform.mdx +++ b/api_docs/transform.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/transform title: "transform" image: https://source.unsplash.com/400x175/?github description: API docs for the transform plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'transform'] --- import transformObj from './transform.devdocs.json'; diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx index ee4a92cb075cf..0d0c10fe2d7d7 100644 --- a/api_docs/triggers_actions_ui.mdx +++ b/api_docs/triggers_actions_ui.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/triggersActionsUi title: "triggersActionsUi" image: https://source.unsplash.com/400x175/?github description: API docs for the triggersActionsUi plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'triggersActionsUi'] --- import triggersActionsUiObj from './triggers_actions_ui.devdocs.json'; diff --git a/api_docs/ui_actions.mdx b/api_docs/ui_actions.mdx index 1f0936cc5e589..119d19b676dd8 100644 --- a/api_docs/ui_actions.mdx +++ b/api_docs/ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActions title: "uiActions" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActions plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActions'] --- import uiActionsObj from './ui_actions.devdocs.json'; diff --git a/api_docs/ui_actions_enhanced.mdx b/api_docs/ui_actions_enhanced.mdx index 5c7f910fc1a24..b35189fa9f338 100644 --- a/api_docs/ui_actions_enhanced.mdx +++ b/api_docs/ui_actions_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActionsEnhanced title: "uiActionsEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActionsEnhanced plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActionsEnhanced'] --- import uiActionsEnhancedObj from './ui_actions_enhanced.devdocs.json'; diff --git a/api_docs/unified_doc_viewer.mdx b/api_docs/unified_doc_viewer.mdx index 95407048737d7..fcb42f4995b93 100644 --- a/api_docs/unified_doc_viewer.mdx +++ b/api_docs/unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedDocViewer title: "unifiedDocViewer" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedDocViewer plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedDocViewer'] --- import unifiedDocViewerObj from './unified_doc_viewer.devdocs.json'; diff --git a/api_docs/unified_histogram.mdx b/api_docs/unified_histogram.mdx index 332084f21d5b3..435cf6852c1f3 100644 --- a/api_docs/unified_histogram.mdx +++ b/api_docs/unified_histogram.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedHistogram title: "unifiedHistogram" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedHistogram plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedHistogram'] --- import unifiedHistogramObj from './unified_histogram.devdocs.json'; diff --git a/api_docs/unified_search.mdx b/api_docs/unified_search.mdx index 1aab722e2924c..e25eb9f07c792 100644 --- a/api_docs/unified_search.mdx +++ b/api_docs/unified_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch title: "unifiedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch'] --- import unifiedSearchObj from './unified_search.devdocs.json'; diff --git a/api_docs/unified_search_autocomplete.mdx b/api_docs/unified_search_autocomplete.mdx index f4bf2f5940a3f..80770fd0906a8 100644 --- a/api_docs/unified_search_autocomplete.mdx +++ b/api_docs/unified_search_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch-autocomplete title: "unifiedSearch.autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch.autocomplete plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch.autocomplete'] --- import unifiedSearchAutocompleteObj from './unified_search_autocomplete.devdocs.json'; diff --git a/api_docs/uptime.mdx b/api_docs/uptime.mdx index 1db984a08cdcf..eb3d2fe74b6b8 100644 --- a/api_docs/uptime.mdx +++ b/api_docs/uptime.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uptime title: "uptime" image: https://source.unsplash.com/400x175/?github description: API docs for the uptime plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uptime'] --- import uptimeObj from './uptime.devdocs.json'; diff --git a/api_docs/url_forwarding.mdx b/api_docs/url_forwarding.mdx index c2db6794f1a1e..0adcc2b86110b 100644 --- a/api_docs/url_forwarding.mdx +++ b/api_docs/url_forwarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/urlForwarding title: "urlForwarding" image: https://source.unsplash.com/400x175/?github description: API docs for the urlForwarding plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'urlForwarding'] --- import urlForwardingObj from './url_forwarding.devdocs.json'; diff --git a/api_docs/usage_collection.mdx b/api_docs/usage_collection.mdx index 23fcba7342888..64a089c595d76 100644 --- a/api_docs/usage_collection.mdx +++ b/api_docs/usage_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/usageCollection title: "usageCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the usageCollection plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'usageCollection'] --- import usageCollectionObj from './usage_collection.devdocs.json'; diff --git a/api_docs/ux.mdx b/api_docs/ux.mdx index 8889598891e88..e4620d3b85b51 100644 --- a/api_docs/ux.mdx +++ b/api_docs/ux.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ux title: "ux" image: https://source.unsplash.com/400x175/?github description: API docs for the ux plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ux'] --- import uxObj from './ux.devdocs.json'; diff --git a/api_docs/vis_default_editor.mdx b/api_docs/vis_default_editor.mdx index 0f10f1ade3525..b053b0378685c 100644 --- a/api_docs/vis_default_editor.mdx +++ b/api_docs/vis_default_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visDefaultEditor title: "visDefaultEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the visDefaultEditor plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visDefaultEditor'] --- import visDefaultEditorObj from './vis_default_editor.devdocs.json'; diff --git a/api_docs/vis_type_gauge.mdx b/api_docs/vis_type_gauge.mdx index adffab052b2c4..750deacc01e93 100644 --- a/api_docs/vis_type_gauge.mdx +++ b/api_docs/vis_type_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeGauge title: "visTypeGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeGauge plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeGauge'] --- import visTypeGaugeObj from './vis_type_gauge.devdocs.json'; diff --git a/api_docs/vis_type_heatmap.mdx b/api_docs/vis_type_heatmap.mdx index 40b208fce1696..57fa856dc54de 100644 --- a/api_docs/vis_type_heatmap.mdx +++ b/api_docs/vis_type_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeHeatmap title: "visTypeHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeHeatmap plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeHeatmap'] --- import visTypeHeatmapObj from './vis_type_heatmap.devdocs.json'; diff --git a/api_docs/vis_type_pie.mdx b/api_docs/vis_type_pie.mdx index 3ad5bc370b335..0f0badc0c5568 100644 --- a/api_docs/vis_type_pie.mdx +++ b/api_docs/vis_type_pie.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypePie title: "visTypePie" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypePie plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypePie'] --- import visTypePieObj from './vis_type_pie.devdocs.json'; diff --git a/api_docs/vis_type_table.mdx b/api_docs/vis_type_table.mdx index 676838bccac14..d7550681770c1 100644 --- a/api_docs/vis_type_table.mdx +++ b/api_docs/vis_type_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTable title: "visTypeTable" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTable plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTable'] --- import visTypeTableObj from './vis_type_table.devdocs.json'; diff --git a/api_docs/vis_type_timelion.mdx b/api_docs/vis_type_timelion.mdx index 6257a7883544d..c0159abeeaa67 100644 --- a/api_docs/vis_type_timelion.mdx +++ b/api_docs/vis_type_timelion.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimelion title: "visTypeTimelion" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimelion plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimelion'] --- import visTypeTimelionObj from './vis_type_timelion.devdocs.json'; diff --git a/api_docs/vis_type_timeseries.mdx b/api_docs/vis_type_timeseries.mdx index 74a7c940ed3ed..bf4e8cbb0c907 100644 --- a/api_docs/vis_type_timeseries.mdx +++ b/api_docs/vis_type_timeseries.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimeseries title: "visTypeTimeseries" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimeseries plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimeseries'] --- import visTypeTimeseriesObj from './vis_type_timeseries.devdocs.json'; diff --git a/api_docs/vis_type_vega.mdx b/api_docs/vis_type_vega.mdx index fc9795e4c9514..215b508740525 100644 --- a/api_docs/vis_type_vega.mdx +++ b/api_docs/vis_type_vega.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVega title: "visTypeVega" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVega plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVega'] --- import visTypeVegaObj from './vis_type_vega.devdocs.json'; diff --git a/api_docs/vis_type_vislib.mdx b/api_docs/vis_type_vislib.mdx index a806f5e3a9818..9c92d4649afd2 100644 --- a/api_docs/vis_type_vislib.mdx +++ b/api_docs/vis_type_vislib.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVislib title: "visTypeVislib" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVislib plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVislib'] --- import visTypeVislibObj from './vis_type_vislib.devdocs.json'; diff --git a/api_docs/vis_type_xy.mdx b/api_docs/vis_type_xy.mdx index face08c87a3f6..c1e88b69f7acb 100644 --- a/api_docs/vis_type_xy.mdx +++ b/api_docs/vis_type_xy.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeXy title: "visTypeXy" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeXy plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeXy'] --- import visTypeXyObj from './vis_type_xy.devdocs.json'; diff --git a/api_docs/visualizations.mdx b/api_docs/visualizations.mdx index bc6c3f1193d42..678ee4d217f20 100644 --- a/api_docs/visualizations.mdx +++ b/api_docs/visualizations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visualizations title: "visualizations" image: https://source.unsplash.com/400x175/?github description: API docs for the visualizations plugin -date: 2023-11-18 +date: 2023-11-21 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visualizations'] --- import visualizationsObj from './visualizations.devdocs.json'; diff --git a/catalog-info.yaml b/catalog-info.yaml index e7aa120004486..96b4c146590a6 100644 --- a/catalog-info.yaml +++ b/catalog-info.yaml @@ -54,6 +54,8 @@ spec: provider_settings: trigger_mode: none teams: + kibana-release-operators: + access_level: MANAGE_BUILD_AND_READ kibana-operations: access_level: MANAGE_BUILD_AND_READ appex-qa: diff --git a/docs/user/dashboard/images/dashboard_links_panel.png b/docs/user/dashboard/images/dashboard_links_panel.png index f6334f4df29f4..23b37879378ef 100644 Binary files a/docs/user/dashboard/images/dashboard_links_panel.png and b/docs/user/dashboard/images/dashboard_links_panel.png differ diff --git a/package.json b/package.json index 8e428639f61cb..bb4ab04e42adf 100644 --- a/package.json +++ b/package.json @@ -74,12 +74,12 @@ "url": "https://github.com/elastic/kibana.git" }, "engines": { - "node": "18.18.2", + "node": "20.9.0", "yarn": "^1.22.19" }, "resolutions": { "**/@hello-pangea/dnd": "16.2.0", - "**/@types/node": "18.18.5", + "**/@types/node": "20.9.0", "**/@typescript-eslint/utils": "5.62.0", "**/chokidar": "^3.5.3", "**/globule/minimatch": "^3.1.2", @@ -353,6 +353,7 @@ "@kbn/crypto": "link:packages/kbn-crypto", "@kbn/crypto-browser": "link:packages/kbn-crypto-browser", "@kbn/custom-branding-plugin": "link:x-pack/plugins/custom_branding", + "@kbn/custom-icons": "link:packages/kbn-custom-icons", "@kbn/custom-integrations": "link:packages/kbn-custom-integrations", "@kbn/custom-integrations-plugin": "link:src/plugins/custom_integrations", "@kbn/dashboard-enhanced-plugin": "link:x-pack/plugins/dashboard_enhanced", @@ -390,6 +391,7 @@ "@kbn/ecs": "link:packages/kbn-ecs", "@kbn/ecs-data-quality-dashboard": "link:x-pack/packages/security-solution/ecs_data_quality_dashboard", "@kbn/ecs-data-quality-dashboard-plugin": "link:x-pack/plugins/ecs_data_quality_dashboard", + "@kbn/elastic-agent-utils": "link:packages/kbn-elastic-agent-utils", "@kbn/elastic-assistant": "link:x-pack/packages/kbn-elastic-assistant", "@kbn/elastic-assistant-plugin": "link:x-pack/plugins/elastic_assistant", "@kbn/elasticsearch-client-plugin": "link:test/plugin_functional/plugins/elasticsearch_client_plugin", @@ -505,7 +507,7 @@ "@kbn/lists-plugin": "link:x-pack/plugins/lists", "@kbn/locator-examples-plugin": "link:examples/locator_examples", "@kbn/locator-explorer-plugin": "link:examples/locator_explorer", - "@kbn/log-explorer-plugin": "link:x-pack/plugins/observability_solution/log_explorer", + "@kbn/log-explorer-plugin": "link:x-pack/plugins/log_explorer", "@kbn/logging": "link:packages/kbn-logging", "@kbn/logging-mocks": "link:packages/kbn-logging-mocks", "@kbn/logs-shared-plugin": "link:x-pack/plugins/observability_solution/logs_shared", @@ -567,9 +569,9 @@ "@kbn/observability-alert-details": "link:x-pack/packages/observability/alert_details", "@kbn/observability-alerting-test-data": "link:x-pack/packages/observability/alerting_test_data", "@kbn/observability-fixtures-plugin": "link:x-pack/test/cases_api_integration/common/plugins/observability", - "@kbn/observability-log-explorer-plugin": "link:x-pack/plugins/observability_solution/observability_log_explorer", + "@kbn/observability-log-explorer-plugin": "link:x-pack/plugins/observability_log_explorer", "@kbn/observability-onboarding-plugin": "link:x-pack/plugins/observability_solution/observability_onboarding", - "@kbn/observability-plugin": "link:x-pack/plugins/observability_solution/observability", + "@kbn/observability-plugin": "link:x-pack/plugins/observability", "@kbn/observability-shared-plugin": "link:x-pack/plugins/observability_solution/observability_shared", "@kbn/oidc-provider-plugin": "link:x-pack/test/security_api_integration/plugins/oidc_provider", "@kbn/open-telemetry-instrumented-plugin": "link:test/common/plugins/otel_metrics", @@ -922,7 +924,7 @@ "getos": "^3.1.0", "globby": "^11.1.0", "gpt-tokenizer": "^2.1.2", - "handlebars": "4.7.7", + "handlebars": "4.7.8", "he": "^1.2.0", "history": "^4.9.0", "hjson": "3.2.1", @@ -1377,7 +1379,7 @@ "@types/multistream": "^4.1.0", "@types/mustache": "^0.8.31", "@types/nock": "^10.0.3", - "@types/node": "18.18.5", + "@types/node": "20.9.0", "@types/node-fetch": "2.6.4", "@types/node-forge": "^1.3.1", "@types/nodemailer": "^6.4.0", diff --git a/packages/core/plugins/core-plugins-server-internal/src/discovery/plugin_manifest_parser.test.ts b/packages/core/plugins/core-plugins-server-internal/src/discovery/plugin_manifest_parser.test.ts index f940e49805cd5..202cef2ca09d4 100644 --- a/packages/core/plugins/core-plugins-server-internal/src/discovery/plugin_manifest_parser.test.ts +++ b/packages/core/plugins/core-plugins-server-internal/src/discovery/plugin_manifest_parser.test.ts @@ -59,7 +59,7 @@ test('return error when manifest content is not a valid JSON', async () => { }); await expect(parseManifest(pluginPath, packageInfo)).rejects.toMatchObject({ - message: `Unexpected token o in JSON at position 1 (invalid-manifest, ${pluginManifestPath})`, + message: `Unexpected token 'o', "not-json" is not valid JSON (invalid-manifest, ${pluginManifestPath})`, type: PluginDiscoveryErrorType.InvalidManifest, path: pluginManifestPath, }); diff --git a/packages/core/plugins/core-plugins-server-internal/src/discovery/plugins_discovery.test.ts b/packages/core/plugins/core-plugins-server-internal/src/discovery/plugins_discovery.test.ts index 9ab50d8786cca..93657a1f2533e 100644 --- a/packages/core/plugins/core-plugins-server-internal/src/discovery/plugins_discovery.test.ts +++ b/packages/core/plugins/core-plugins-server-internal/src/discovery/plugins_discovery.test.ts @@ -278,7 +278,7 @@ describe('plugins discovery system', () => { .toPromise(); expect(errors).toContain( - `Error: Unexpected token o in JSON at position 1 (invalid-manifest, ${manifestPath( + `Error: Unexpected token 'o', "not-json" is not valid JSON (invalid-manifest, ${manifestPath( 'plugin_a' )})` ); diff --git a/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts b/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts index 8a1476cd58277..3453bee1d7369 100644 --- a/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts +++ b/packages/kbn-apm-synthtrace-client/src/lib/logs/index.ts @@ -22,6 +22,7 @@ export type LogDocument = Fields & 'log.level'?: string; 'host.name'?: string; 'trace.id'?: string; + 'agent.id'?: string; 'agent.name'?: string; 'orchestrator.cluster.name'?: string; 'orchestrator.cluster.id'?: string; diff --git a/packages/kbn-apm-synthtrace/src/scenarios/trace_with_orphan_items.ts b/packages/kbn-apm-synthtrace/src/scenarios/trace_with_orphan_items.ts new file mode 100644 index 0000000000000..ca853f9e73549 --- /dev/null +++ b/packages/kbn-apm-synthtrace/src/scenarios/trace_with_orphan_items.ts @@ -0,0 +1,153 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { apm, ApmFields, httpExitSpan, Serializable } from '@kbn/apm-synthtrace-client'; +import { Readable } from 'stream'; +import { Scenario } from '../cli/scenario'; + +import { RunOptions } from '../cli/utils/parse_run_cli_flags'; +import { getSynthtraceEnvironment } from '../lib/utils/get_synthtrace_environment'; +import { withClient } from '../lib/utils/with_client'; + +const ENVIRONMENT = getSynthtraceEnvironment(__filename); + +const scenario: Scenario = async (runOptions: RunOptions) => { + return { + generate: ({ range, clients: { apmEsClient } }) => { + const transactionName = 'trace with orphans'; + const successfulTimestamps = range.interval('1s').rate(3); + + const synthRum = apm + .service({ name: 'synth-rum', environment: ENVIRONMENT, agentName: 'rum-js' }) + .instance('my-instance'); + const synthNode = apm + .service({ name: 'synth-node', environment: ENVIRONMENT, agentName: 'nodejs' }) + .instance('my-instance'); + const synthGo = apm + .service({ name: 'synth-go', environment: ENVIRONMENT, agentName: 'go' }) + .instance('my-instance'); + + const traces = successfulTimestamps.generator((timestamp) => { + // synth-rum + return synthGo + .transaction({ transactionName }) + .duration(400) + .timestamp(timestamp) + .children( + // synth-rum -> synth-node + synthRum + .span( + httpExitSpan({ + spanName: 'GET /api/products/top', + destinationUrl: 'http://synth-node:3000', + }) + ) + .duration(300) + .timestamp(timestamp) + .children( + synthRum + .transaction({ transactionName: 'Child Transaction' }) + .timestamp(timestamp) + .duration(200) + .children( + synthGo + .span({ spanName: 'custom_operation', spanType: 'custom' }) + .timestamp(timestamp) + .duration(100) + .success() + ), + // synth-node + synthNode + .transaction({ transactionName: 'Initial transaction in synth-node' }) + .duration(300) + .timestamp(timestamp) + .children( + synthNode + // synth-node -> synth-go + .span( + httpExitSpan({ + spanName: 'GET synth-go:3000', + destinationUrl: 'http://synth-go:3000', + }) + ) + .timestamp(timestamp) + .duration(400) + + .children( + // synth-go + synthGo + .transaction({ transactionName: 'Child Transaction' }) + .timestamp(timestamp) + .duration(200) + .children( + synthGo + .span({ spanName: 'custom_operation', spanType: 'custom' }) + .timestamp(timestamp) + .duration(100) + .success(), + synthGo + .span({ spanName: 'custom_new_operation', spanType: 'custom' }) + .timestamp(timestamp) + .duration(100) + .success() + ) + ) + ) + ) + ); + }); + + const successfulTraceEvents = Array.from( + successfulTimestamps.generator((timestamp) => + synthNode + .transaction({ transactionName: 'successful trace' }) + .timestamp(timestamp) + .duration(1000) + .success() + .children( + synthNode + .span({ + spanName: 'GET apm-*/_search', + spanType: 'db', + spanSubtype: 'elasticsearch', + }) + .duration(1000) + .success() + .destination('elasticsearch') + .timestamp(timestamp), + synthNode + .span({ spanName: 'custom_operation', spanType: 'custom' }) + .duration(100) + .success() + .timestamp(timestamp) + ) + ) + ); + + const unserialized = Array.from(traces); + + const serialized = unserialized + .flatMap((event) => event.serialize()) + .filter((trace) => trace['transaction.name'] !== 'Child Transaction'); + + const unserializedChanged = serialized.map((event) => ({ + fields: event, + serialize: () => { + return [event]; + }, + })) as Array>; + + return withClient( + apmEsClient, + Readable.from([...unserializedChanged, ...successfulTraceEvents]) + ); + }, + }; +}; + +export default scenario; diff --git a/packages/kbn-cell-actions/constants.ts b/packages/kbn-cell-actions/constants.ts new file mode 100644 index 0000000000000..c78869a471cb0 --- /dev/null +++ b/packages/kbn-cell-actions/constants.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +export * from './src/constants'; diff --git a/packages/kbn-cell-actions/src/index.ts b/packages/kbn-cell-actions/src/index.ts index dfd1d83937c0f..4e478baec441f 100644 --- a/packages/kbn-cell-actions/src/index.ts +++ b/packages/kbn-cell-actions/src/index.ts @@ -20,7 +20,7 @@ export type { export type { UseDataGridColumnsCellActions, UseDataGridColumnsCellActionsProps } from './hooks'; // Constants -export { CellActionsMode, FILTER_CELL_ACTION_TYPE, COPY_CELL_ACTION_TYPE } from './constants'; +export { CellActionsMode } from './constants'; // Components and hooks export { CellActionsProvider } from './context'; diff --git a/packages/kbn-custom-icons/.storybook/main.js b/packages/kbn-custom-icons/.storybook/main.js new file mode 100644 index 0000000000000..8dc3c5d1518f4 --- /dev/null +++ b/packages/kbn-custom-icons/.storybook/main.js @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = require('@kbn/storybook').defaultConfig; diff --git a/packages/kbn-custom-icons/README.md b/packages/kbn-custom-icons/README.md new file mode 100644 index 0000000000000..ec48e8b8558cb --- /dev/null +++ b/packages/kbn-custom-icons/README.md @@ -0,0 +1,29 @@ +# @kbn/custom-icons + +A utility package, `@kbn/custom-icons`, that provides components for rendering icons related to Elastic Agents, Cloud Providers and more. + +## Components + +### `` + +```jsx + +``` + +This component renders an icon corresponding to the specified Elastic Agent name (`agentName`). + +#### Props + +- **`agentName`**: The name of the Elastic Agent for which the icon should be rendered. + +### `` + +```jsx + +``` + +This component renders an icon associated with the specified Cloud Provider (`cloudProvider`). + +#### Props + +- **`cloudProvider`**: The name of the Cloud Provider for which the icon should be rendered. diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/android.svg b/packages/kbn-custom-icons/assets/android.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/android.svg rename to packages/kbn-custom-icons/assets/android.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/cpp.svg b/packages/kbn-custom-icons/assets/cpp.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/cpp.svg rename to packages/kbn-custom-icons/assets/cpp.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/cpp_dark.svg b/packages/kbn-custom-icons/assets/cpp_dark.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/cpp_dark.svg rename to packages/kbn-custom-icons/assets/cpp_dark.svg diff --git a/packages/kbn-custom-icons/assets/default.svg b/packages/kbn-custom-icons/assets/default.svg new file mode 100644 index 0000000000000..08bc5331e083b --- /dev/null +++ b/packages/kbn-custom-icons/assets/default.svg @@ -0,0 +1,3 @@ + + + diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/dot_net.svg b/packages/kbn-custom-icons/assets/dot_net.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/dot_net.svg rename to packages/kbn-custom-icons/assets/dot_net.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/erlang.svg b/packages/kbn-custom-icons/assets/erlang.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/erlang.svg rename to packages/kbn-custom-icons/assets/erlang.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/erlang_dark.svg b/packages/kbn-custom-icons/assets/erlang_dark.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/erlang_dark.svg rename to packages/kbn-custom-icons/assets/erlang_dark.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/functions.svg b/packages/kbn-custom-icons/assets/functions.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/functions.svg rename to packages/kbn-custom-icons/assets/functions.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/go.svg b/packages/kbn-custom-icons/assets/go.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/go.svg rename to packages/kbn-custom-icons/assets/go.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/ios.svg b/packages/kbn-custom-icons/assets/ios.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/ios.svg rename to packages/kbn-custom-icons/assets/ios.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/ios_dark.svg b/packages/kbn-custom-icons/assets/ios_dark.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/ios_dark.svg rename to packages/kbn-custom-icons/assets/ios_dark.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/java.svg b/packages/kbn-custom-icons/assets/java.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/java.svg rename to packages/kbn-custom-icons/assets/java.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/lambda.svg b/packages/kbn-custom-icons/assets/lambda.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/lambda.svg rename to packages/kbn-custom-icons/assets/lambda.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/nodejs.svg b/packages/kbn-custom-icons/assets/nodejs.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/nodejs.svg rename to packages/kbn-custom-icons/assets/nodejs.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/ocaml.svg b/packages/kbn-custom-icons/assets/ocaml.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/ocaml.svg rename to packages/kbn-custom-icons/assets/ocaml.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/opentelemetry.svg b/packages/kbn-custom-icons/assets/opentelemetry.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/opentelemetry.svg rename to packages/kbn-custom-icons/assets/opentelemetry.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/otel_default.svg b/packages/kbn-custom-icons/assets/otel_default.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/otel_default.svg rename to packages/kbn-custom-icons/assets/otel_default.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/php.svg b/packages/kbn-custom-icons/assets/php.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/php.svg rename to packages/kbn-custom-icons/assets/php.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/php_dark.svg b/packages/kbn-custom-icons/assets/php_dark.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/php_dark.svg rename to packages/kbn-custom-icons/assets/php_dark.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/python.svg b/packages/kbn-custom-icons/assets/python.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/python.svg rename to packages/kbn-custom-icons/assets/python.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/ruby.svg b/packages/kbn-custom-icons/assets/ruby.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/ruby.svg rename to packages/kbn-custom-icons/assets/ruby.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/rumjs.svg b/packages/kbn-custom-icons/assets/rumjs.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/rumjs.svg rename to packages/kbn-custom-icons/assets/rumjs.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/rumjs_dark.svg b/packages/kbn-custom-icons/assets/rumjs_dark.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/rumjs_dark.svg rename to packages/kbn-custom-icons/assets/rumjs_dark.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/rust.svg b/packages/kbn-custom-icons/assets/rust.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/rust.svg rename to packages/kbn-custom-icons/assets/rust.svg diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/rust_dark.svg b/packages/kbn-custom-icons/assets/rust_dark.svg similarity index 100% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/icons/rust_dark.svg rename to packages/kbn-custom-icons/assets/rust_dark.svg diff --git a/packages/kbn-custom-icons/index.ts b/packages/kbn-custom-icons/index.ts new file mode 100644 index 0000000000000..d6bc468b66524 --- /dev/null +++ b/packages/kbn-custom-icons/index.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ +export { getAgentIcon } from './src/components/agent_icon/get_agent_icon'; +export { getServerlessIcon } from './src/components/agent_icon/get_serverless_icon'; +export { AgentIcon } from './src/components/agent_icon'; +export type { AgentIconProps } from './src/components/agent_icon'; + +export { getCloudProviderIcon } from './src/components/cloud_provider_icon/get_cloud_provider_icon'; +export type { CloudProvider } from './src/components/cloud_provider_icon/get_cloud_provider_icon'; +export { CloudProviderIcon } from './src/components/cloud_provider_icon'; +export type { CloudProviderIconProps } from './src/components/cloud_provider_icon'; diff --git a/packages/kbn-custom-icons/jest.config.js b/packages/kbn-custom-icons/jest.config.js new file mode 100644 index 0000000000000..518564ce1dbbd --- /dev/null +++ b/packages/kbn-custom-icons/jest.config.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-custom-icons'], +}; diff --git a/packages/kbn-custom-icons/kibana.jsonc b/packages/kbn-custom-icons/kibana.jsonc new file mode 100644 index 0000000000000..7bd9eaa57e871 --- /dev/null +++ b/packages/kbn-custom-icons/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/custom-icons", + "owner": "@elastic/obs-ux-logs-team" +} diff --git a/packages/kbn-custom-icons/package.json b/packages/kbn-custom-icons/package.json new file mode 100644 index 0000000000000..d6952600c0afd --- /dev/null +++ b/packages/kbn-custom-icons/package.json @@ -0,0 +1,7 @@ +{ + "name": "@kbn/custom-icons", + "private": true, + "version": "1.0.0", + "license": "SSPL-1.0 OR Elastic License 2.0", + "sideEffects": false +} \ No newline at end of file diff --git a/packages/kbn-custom-icons/src/components/agent_icon/agent_icon.stories.tsx b/packages/kbn-custom-icons/src/components/agent_icon/agent_icon.stories.tsx new file mode 100644 index 0000000000000..45ba59137a6c2 --- /dev/null +++ b/packages/kbn-custom-icons/src/components/agent_icon/agent_icon.stories.tsx @@ -0,0 +1,53 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { EuiCard, EuiFlexGroup, EuiFlexItem, EuiImage, EuiToolTip } from '@elastic/eui'; +import type { Story } from '@storybook/react'; +import React from 'react'; +import { AGENT_NAMES } from '@kbn/elastic-agent-utils'; +import { EuiThemeProvider } from '@kbn/kibana-react-plugin/common'; +import { getAgentIcon } from './get_agent_icon'; +import { AgentIcon } from '.'; + +export default { + title: 'Custom Icons/AgentIcon', + component: AgentIcon, +}; + +export const List: Story = () => { + return ( + + + {AGENT_NAMES.map((agentName) => { + return ( + + + + + } + title={agentName} + description={ + + + + } + /> + + ); + })} + + + ); +}; diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_agent_icon.test.ts b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts similarity index 86% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_agent_icon.test.ts rename to packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts index aac5fc19ca37b..58dff1afb1095 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_agent_icon.test.ts +++ b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts @@ -1,8 +1,9 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. */ import { getAgentIconKey } from './get_agent_icon'; diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_agent_icon.ts b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts similarity index 53% rename from x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_agent_icon.ts rename to packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts index 04bc276dcfa65..7c37f1a86a056 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_agent_icon.ts +++ b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts @@ -1,40 +1,40 @@ /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. */ - import { + isAndroidAgentName, isIosAgentName, - isRumAgentName, isJavaAgentName, - isAndroidAgentName, + isRumAgentName, + OpenTelemetryAgentName, OPEN_TELEMETRY_AGENT_NAMES, -} from '../../../../common/agent_name'; -import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; -import defaultIcon from '../span_icon/icons/default.svg'; -import cppIcon from './icons/cpp.svg'; -import darkCppIcon from './icons/cpp_dark.svg'; -import dotNetIcon from './icons/dot_net.svg'; -import erlangIcon from './icons/erlang.svg'; -import darkErlangIcon from './icons/erlang_dark.svg'; -import goIcon from './icons/go.svg'; -import iosIcon from './icons/ios.svg'; -import darkIosIcon from './icons/ios_dark.svg'; -import javaIcon from './icons/java.svg'; -import nodeJsIcon from './icons/nodejs.svg'; -import ocamlIcon from './icons/ocaml.svg'; -import openTelemetryIcon from './icons/otel_default.svg'; -import phpIcon from './icons/php.svg'; -import pythonIcon from './icons/python.svg'; -import rubyIcon from './icons/ruby.svg'; -import rumJsIcon from './icons/rumjs.svg'; -import darkPhpIcon from './icons/php_dark.svg'; -import darkRumJsIcon from './icons/rumjs_dark.svg'; -import rustIcon from './icons/rust.svg'; -import darkRustIcon from './icons/rust_dark.svg'; -import androidIcon from './icons/android.svg'; +} from '@kbn/elastic-agent-utils'; +import defaultIcon from '../../../assets/default.svg'; +import cppIcon from '../../../assets/cpp.svg'; +import darkCppIcon from '../../../assets/cpp_dark.svg'; +import dotNetIcon from '../../../assets/dot_net.svg'; +import erlangIcon from '../../../assets/erlang.svg'; +import darkErlangIcon from '../../../assets/erlang_dark.svg'; +import goIcon from '../../../assets/go.svg'; +import iosIcon from '../../../assets/ios.svg'; +import darkIosIcon from '../../../assets/ios_dark.svg'; +import javaIcon from '../../../assets/java.svg'; +import nodeJsIcon from '../../../assets/nodejs.svg'; +import ocamlIcon from '../../../assets/ocaml.svg'; +import openTelemetryIcon from '../../../assets/otel_default.svg'; +import phpIcon from '../../../assets/php.svg'; +import pythonIcon from '../../../assets/python.svg'; +import rubyIcon from '../../../assets/ruby.svg'; +import rumJsIcon from '../../../assets/rumjs.svg'; +import darkPhpIcon from '../../../assets/php_dark.svg'; +import darkRumJsIcon from '../../../assets/rumjs_dark.svg'; +import rustIcon from '../../../assets/rust.svg'; +import darkRustIcon from '../../../assets/rust_dark.svg'; +import androidIcon from '../../../assets/android.svg'; const agentIcons: { [key: string]: string } = { cpp: cppIcon, @@ -89,25 +89,19 @@ export function getAgentIconKey(agentName: string) { } // Remove "opentelemetry/" prefix - const agentNameWithoutPrefix = lowercasedAgentName.replace( - /^opentelemetry\//, - '' - ); + const agentNameWithoutPrefix = lowercasedAgentName.replace(/^opentelemetry\//, ''); if (Object.keys(agentIcons).includes(agentNameWithoutPrefix)) { return agentNameWithoutPrefix; } // OpenTelemetry-only agents - if (OPEN_TELEMETRY_AGENT_NAMES.includes(lowercasedAgentName as AgentName)) { + if (OPEN_TELEMETRY_AGENT_NAMES.includes(lowercasedAgentName as OpenTelemetryAgentName)) { return 'opentelemetry'; } } -export function getAgentIcon( - agentName: string | undefined, - isDarkMode: boolean -) { +export function getAgentIcon(agentName: string | undefined, isDarkMode: boolean = false) { const key = agentName && getAgentIconKey(agentName); if (!key) { return defaultIcon; diff --git a/packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts b/packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts new file mode 100644 index 0000000000000..26268d3c7dce1 --- /dev/null +++ b/packages/kbn-custom-icons/src/components/agent_icon/get_serverless_icon.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ +import { ServerlessType } from '@kbn/elastic-agent-utils'; +import defaultIcon from '../../../assets/default.svg'; +import lambdaIcon from '../../../assets/lambda.svg'; +import azureFunctionsIcon from '../../../assets/functions.svg'; + +const serverlessIcons: Record = { + 'aws.lambda': lambdaIcon, + 'azure.functions': azureFunctionsIcon, +} as const; + +export function getServerlessIcon(serverlessType?: ServerlessType) { + if (!serverlessType) { + return defaultIcon; + } + return serverlessIcons[serverlessType] ?? defaultIcon; +} diff --git a/packages/kbn-custom-icons/src/components/agent_icon/index.tsx b/packages/kbn-custom-icons/src/components/agent_icon/index.tsx new file mode 100644 index 0000000000000..bd34aa7f3a32e --- /dev/null +++ b/packages/kbn-custom-icons/src/components/agent_icon/index.tsx @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { EuiIcon, EuiIconProps, useEuiTheme } from '@elastic/eui'; +import { AgentName } from '@kbn/elastic-agent-utils'; +import { getAgentIcon } from './get_agent_icon'; + +export interface AgentIconProps extends Omit { + agentName?: AgentName; +} + +export function AgentIcon({ agentName, size = 'l', ...props }: AgentIconProps) { + const theme = useEuiTheme(); + const icon = getAgentIcon(agentName, theme.colorMode === 'DARK'); + + return ; +} diff --git a/packages/kbn-custom-icons/src/components/cloud_provider_icon/cloud_provider_icon.stories.tsx b/packages/kbn-custom-icons/src/components/cloud_provider_icon/cloud_provider_icon.stories.tsx new file mode 100644 index 0000000000000..e84e865fb55fd --- /dev/null +++ b/packages/kbn-custom-icons/src/components/cloud_provider_icon/cloud_provider_icon.stories.tsx @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { EuiCard, EuiFlexGroup, EuiFlexItem, EuiToolTip } from '@elastic/eui'; +import type { Story } from '@storybook/react'; +import React from 'react'; +import { CloudProviderIcon } from '.'; +import { CloudProvider } from './get_cloud_provider_icon'; + +export default { + title: 'Custom Icons/CloudProviderIcon', + component: CloudProviderIcon, +}; + +const providers: CloudProvider[] = ['gcp', 'aws', 'azure', 'unknownProvider']; + +export const List: Story = () => { + return ( + + {providers.map((cloudProvider) => { + return ( + + + + + } + /> + + ); + })} + + ); +}; diff --git a/packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts b/packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts new file mode 100644 index 0000000000000..7c4bcd2ec3f7c --- /dev/null +++ b/packages/kbn-custom-icons/src/components/cloud_provider_icon/get_cloud_provider_icon.ts @@ -0,0 +1,23 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ +const CLOUD_PROVIDER_ICONS = { + gcp: 'logoGCP', + aws: 'logoAWS', + azure: 'logoAzure', + unknownProvider: 'cloudSunny', +} as const; + +export type CloudProvider = keyof typeof CLOUD_PROVIDER_ICONS | null | undefined; + +export function getCloudProviderIcon(cloudProvider?: CloudProvider) { + if (cloudProvider === undefined || cloudProvider === null) { + return CLOUD_PROVIDER_ICONS.unknownProvider; + } + + return CLOUD_PROVIDER_ICONS[cloudProvider]; +} diff --git a/packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx b/packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx new file mode 100644 index 0000000000000..bf90704e4f644 --- /dev/null +++ b/packages/kbn-custom-icons/src/components/cloud_provider_icon/index.tsx @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import React from 'react'; +import { EuiIcon, EuiIconProps } from '@elastic/eui'; +import { CloudProvider, getCloudProviderIcon } from './get_cloud_provider_icon'; + +export interface CloudProviderIconProps extends Omit { + cloudProvider?: CloudProvider; +} + +export function CloudProviderIcon({ cloudProvider, ...props }: CloudProviderIconProps) { + const computedProps: Pick = { + type: getCloudProviderIcon(cloudProvider), + }; + + if (cloudProvider) computedProps.title = cloudProvider; + + return ; +} diff --git a/packages/kbn-custom-icons/tsconfig.json b/packages/kbn-custom-icons/tsconfig.json new file mode 100644 index 0000000000000..5cd845d4948c6 --- /dev/null +++ b/packages/kbn-custom-icons/tsconfig.json @@ -0,0 +1,23 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node", + "react", + "@kbn/ambient-ui-types" + ] + }, + "include": [ + "**/*.ts", + "**/*.tsx" + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/elastic-agent-utils", + "@kbn/kibana-react-plugin" + ] +} diff --git a/packages/kbn-elastic-agent-utils/README.md b/packages/kbn-elastic-agent-utils/README.md new file mode 100644 index 0000000000000..f5b99bf1b1594 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/README.md @@ -0,0 +1,141 @@ +# @kbn/elastic-agent-utils + +A utility package providing functions for working with Elastic Agents. This package focuses on agent names used in various contexts, such as OpenTelemetry, Java, Rum (Real User Monitoring), Mobile, JRuby, and Serverless environments. + +## Functions + +- **`isOpenTelemetryAgentName`** + + ```typescript + export function isOpenTelemetryAgentName(agentName: string): agentName is OpenTelemetryAgentName; + ``` + + Check if the provided agent name is part of the OpenTelemetry agents. + +- **`isJavaAgentName`** + + ```typescript + export function isJavaAgentName(agentName?: string): agentName is JavaAgentName; + ``` + + Check if the provided agent name is part of the Java agents. + +- **`isRumAgentName`** + + ```typescript + export function isRumAgentName(agentName?: string): agentName is RumAgentName; + ``` + + Check if the provided agent name is part of the Rum (Real User Monitoring) agents. + +- **`isMobileAgentName`** + + ```typescript + export function isMobileAgentName(agentName?: string): boolean; + ``` + + Check if the provided agent name is either an iOS or Android agent. + +- **`isRumOrMobileAgentName`** + + ```typescript + export function isRumOrMobileAgentName(agentName?: string): boolean; + ``` + + Check if the provided agent name is either a Rum agent or a Mobile agent. + +- **`isIosAgentName`** + + ```typescript + export function isIosAgentName(agentName?: string): boolean; + ``` + + Check if the provided agent name is "ios/swift." + +- **`isAndroidAgentName`** + + ```typescript + export function isAndroidAgentName(agentName?: string): boolean; + ``` + + Check if the provided agent name is "android/java." + +- **`isJRubyAgentName`** + + ```typescript + export function isJRubyAgentName(agentName?: string, runtimeName?: string): boolean; + ``` + + Check if the provided agent name is "ruby" and the runtime name is "jruby." + +- **`isServerlessAgentName`** + + ```typescript + export function isServerlessAgentName(serverlessType?: string): serverlessType is ServerlessType; + ``` + + Check if the provided serverless type is part of the supported Serverless environments. + +- **`isAWSLambdaAgentName`** + + ```typescript + export function isAWSLambdaAgentName(serverlessType?: string): serverlessType is ServerlessType; + ``` + + Check if the provided serverless type is "aws.lambda." + +- **`isAzureFunctionsAgentName`** + + ```typescript + export function isAzureFunctionsAgentName( + serverlessType?: string + ): serverlessType is ServerlessType; + ``` + + Check if the provided serverless type is "azure.functions." + +## Additional Exports + +The `@kbn/elastic-agent-utils` package also exports several constants and types for commonly used agent names. These exports can be utilized for broader categorizations and validations within your Elastic Agent projects. + +### Agent Names Constants + +- **`ELASTIC_AGENT_NAMES`** + + An array of Elastic Agent names, including various programming languages and platforms. + +- **`OPEN_TELEMETRY_AGENT_NAMES`** + + An array of OpenTelemetry agent names, covering different languages and platforms supporting OpenTelemetry. + +- **`JAVA_AGENT_NAMES`** + + An array of Java agent names, including both generic Java and OpenTelemetry Java agents. + +- **`RUM_AGENT_NAMES`** + + An array of Real User Monitoring (RUM) agent names, encompassing both base JavaScript and specific RUM agents. + +- **`SERVERLESS_TYPE`** + + An array of supported Serverless types, including AWS Lambda and Azure Functions. + +### Agent Name Types + +- **`ElasticAgentName`** +- **`OpenTelemetryAgentName`** +- **`JavaAgentName`** +- **`RumAgentName`** +- **`ServerlessType`** + + These types represent the available agent name categories, providing TypeScript type safety for agent name usage. + +### Combined Agent Names + +- **`AgentName`** + + A union type combining all agent name categories. + +- **`AGENT_NAMES`** + + An array containing all available agent names from the combined categories. diff --git a/packages/kbn-elastic-agent-utils/index.ts b/packages/kbn-elastic-agent-utils/index.ts new file mode 100644 index 0000000000000..62e7a6cd59688 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/index.ts @@ -0,0 +1,38 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ +export { + isOpenTelemetryAgentName, + isJavaAgentName, + isRumAgentName, + isMobileAgentName, + isRumOrMobileAgentName, + isIosAgentName, + isAndroidAgentName, + isJRubyAgentName, + isServerlessAgentName, + isAWSLambdaAgentName, + isAzureFunctionsAgentName, +} from './src/agent_guards'; + +export { + ELASTIC_AGENT_NAMES, + OPEN_TELEMETRY_AGENT_NAMES, + JAVA_AGENT_NAMES, + RUM_AGENT_NAMES, + SERVERLESS_TYPE, + AGENT_NAMES, +} from './src/agent_names'; + +export type { + ElasticAgentName, + OpenTelemetryAgentName, + JavaAgentName, + RumAgentName, + ServerlessType, + AgentName, +} from './src/agent_names'; diff --git a/packages/kbn-elastic-agent-utils/jest.config.js b/packages/kbn-elastic-agent-utils/jest.config.js new file mode 100644 index 0000000000000..787036bd78da7 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/jest.config.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-elastic-agent-utils'], +}; diff --git a/packages/kbn-elastic-agent-utils/kibana.jsonc b/packages/kbn-elastic-agent-utils/kibana.jsonc new file mode 100644 index 0000000000000..cf8dc4c03f59d --- /dev/null +++ b/packages/kbn-elastic-agent-utils/kibana.jsonc @@ -0,0 +1,5 @@ +{ + "type": "shared-common", + "id": "@kbn/elastic-agent-utils", + "owner": "@elastic/obs-ux-logs-team" +} diff --git a/packages/kbn-elastic-agent-utils/package.json b/packages/kbn-elastic-agent-utils/package.json new file mode 100644 index 0000000000000..df029eb7db2dc --- /dev/null +++ b/packages/kbn-elastic-agent-utils/package.json @@ -0,0 +1,6 @@ +{ + "name": "@kbn/elastic-agent-utils", + "private": true, + "version": "1.0.0", + "license": "SSPL-1.0 OR Elastic License 2.0" +} \ No newline at end of file diff --git a/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts b/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts new file mode 100644 index 0000000000000..0de2ea225ce81 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { + isAndroidAgentName, + isAWSLambdaAgentName, + isAzureFunctionsAgentName, + isIosAgentName, + isJavaAgentName, + isJRubyAgentName, + isMobileAgentName, + isOpenTelemetryAgentName, + isRumAgentName, + isRumOrMobileAgentName, + isServerlessAgentName, +} from './agent_guards'; + +describe('Agents guards', () => { + it('isOpenTelemetryAgentName should guard if the passed agent is an OpenTelemetry one.', () => { + expect(isOpenTelemetryAgentName('otlp')).toBe(true); + expect(isOpenTelemetryAgentName('not-an-agent')).toBe(false); + }); + + it('isJavaAgentName should guard if the passed agent is an Java one.', () => { + expect(isJavaAgentName('java')).toBe(true); + expect(isJavaAgentName('not-an-agent')).toBe(false); + }); + + it('isRumAgentName should guard if the passed agent is an Rum one.', () => { + expect(isRumAgentName('rum-js')).toBe(true); + expect(isRumAgentName('not-an-agent')).toBe(false); + }); + + it('isMobileAgentName should guard if the passed agent is an Mobile one.', () => { + expect(isMobileAgentName('ios/swift')).toBe(true); + expect(isMobileAgentName('android/java')).toBe(true); + expect(isMobileAgentName('not-an-agent')).toBe(false); + }); + + it('isRumOrMobileAgentName should guard if the passed agent is an RumOrMobile one.', () => { + expect(isRumOrMobileAgentName('ios/swift')).toBe(true); + expect(isRumOrMobileAgentName('android/java')).toBe(true); + expect(isRumOrMobileAgentName('rum-js')).toBe(true); + expect(isRumOrMobileAgentName('not-an-agent')).toBe(false); + }); + + it('isIosAgentName should guard if the passed agent is an Ios one.', () => { + expect(isIosAgentName('ios/swift')).toBe(true); + expect(isIosAgentName('not-an-agent')).toBe(false); + }); + + it('isAndroidAgentName should guard if the passed agent is an Android one.', () => { + expect(isAndroidAgentName('android/java')).toBe(true); + expect(isAndroidAgentName('not-an-agent')).toBe(false); + }); + + it('isJRubyAgentName should guard if the passed agent is an JRuby one.', () => { + expect(isJRubyAgentName('ruby', 'jruby')).toBe(true); + expect(isJRubyAgentName('ruby')).toBe(false); + expect(isJRubyAgentName('not-an-agent')).toBe(false); + }); + + it('isServerlessAgentName should guard if the passed agent is an Serverless one.', () => { + expect(isServerlessAgentName('aws.lambda')).toBe(true); + expect(isServerlessAgentName('azure.functions')).toBe(true); + expect(isServerlessAgentName('not-an-agent')).toBe(false); + }); + + it('isAWSLambdaAgentName should guard if the passed agent is an AWSLambda one.', () => { + expect(isAWSLambdaAgentName('aws.lambda')).toBe(true); + expect(isAWSLambdaAgentName('not-an-agent')).toBe(false); + }); + + it('isAzureFunctionsAgentName should guard if the passed agent is an AzureFunctions one.', () => { + expect(isAzureFunctionsAgentName('azure.functions')).toBe(true); + expect(isAzureFunctionsAgentName('not-an-agent')).toBe(false); + }); +}); diff --git a/packages/kbn-elastic-agent-utils/src/agent_guards.ts b/packages/kbn-elastic-agent-utils/src/agent_guards.ts new file mode 100644 index 0000000000000..6997cbd81c42c --- /dev/null +++ b/packages/kbn-elastic-agent-utils/src/agent_guards.ts @@ -0,0 +1,63 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +import { JAVA_AGENT_NAMES, OPEN_TELEMETRY_AGENT_NAMES, RUM_AGENT_NAMES } from './agent_names'; + +import type { + JavaAgentName, + OpenTelemetryAgentName, + RumAgentName, + ServerlessType, +} from './agent_names'; + +export function isOpenTelemetryAgentName(agentName: string): agentName is OpenTelemetryAgentName { + return OPEN_TELEMETRY_AGENT_NAMES.includes(agentName as OpenTelemetryAgentName); +} + +export function isJavaAgentName(agentName?: string): agentName is JavaAgentName { + return JAVA_AGENT_NAMES.includes(agentName! as JavaAgentName); +} + +export function isRumAgentName(agentName?: string): agentName is RumAgentName { + return RUM_AGENT_NAMES.includes(agentName! as RumAgentName); +} + +export function isMobileAgentName(agentName?: string) { + return isIosAgentName(agentName) || isAndroidAgentName(agentName); +} + +export function isRumOrMobileAgentName(agentName?: string) { + return isRumAgentName(agentName) || isMobileAgentName(agentName); +} + +export function isIosAgentName(agentName?: string) { + return agentName?.toLowerCase() === 'ios/swift'; +} + +export function isAndroidAgentName(agentName?: string) { + const lowercased = agentName && agentName.toLowerCase(); + return lowercased === 'android/java'; +} + +export function isJRubyAgentName(agentName?: string, runtimeName?: string) { + return agentName === 'ruby' && runtimeName?.toLowerCase() === 'jruby'; +} + +export function isServerlessAgentName(serverlessType?: string): serverlessType is ServerlessType { + return isAWSLambdaAgentName(serverlessType) || isAzureFunctionsAgentName(serverlessType); +} + +export function isAWSLambdaAgentName(serverlessType?: string): serverlessType is ServerlessType { + return serverlessType === 'aws.lambda'; +} + +export function isAzureFunctionsAgentName( + serverlessType?: string +): serverlessType is ServerlessType { + return serverlessType === 'azure.functions'; +} diff --git a/packages/kbn-elastic-agent-utils/src/agent_names.ts b/packages/kbn-elastic-agent-utils/src/agent_names.ts new file mode 100644 index 0000000000000..f29160699a241 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/src/agent_names.ts @@ -0,0 +1,84 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +/** + * We cannot mark these arrays as const and derive their type + * because we need to be able to assign them as mutable entities for ES queries. + */ +export type ElasticAgentName = + | 'dotnet' + | 'go' + | 'iOS/swift' + | 'java' + | 'js-base' + | 'nodejs' + | 'php' + | 'python' + | 'ruby' + | 'rum-js' + | 'android/java'; +export const ELASTIC_AGENT_NAMES: ElasticAgentName[] = [ + 'dotnet', + 'go', + 'iOS/swift', + 'java', + 'js-base', + 'nodejs', + 'php', + 'python', + 'ruby', + 'rum-js', + 'android/java', +]; + +export type OpenTelemetryAgentName = + | 'otlp' + | 'opentelemetry/cpp' + | 'opentelemetry/dotnet' + | 'opentelemetry/erlang' + | 'opentelemetry/go' + | 'opentelemetry/java' + | 'opentelemetry/nodejs' + | 'opentelemetry/php' + | 'opentelemetry/python' + | 'opentelemetry/ruby' + | 'opentelemetry/rust' + | 'opentelemetry/swift' + | 'opentelemetry/webjs'; +export const OPEN_TELEMETRY_AGENT_NAMES: OpenTelemetryAgentName[] = [ + 'otlp', + 'opentelemetry/cpp', + 'opentelemetry/dotnet', + 'opentelemetry/erlang', + 'opentelemetry/go', + 'opentelemetry/java', + 'opentelemetry/nodejs', + 'opentelemetry/php', + 'opentelemetry/python', + 'opentelemetry/ruby', + 'opentelemetry/rust', + 'opentelemetry/swift', + 'opentelemetry/webjs', +]; + +export type JavaAgentName = 'java' | 'opentelemetry/java'; +export const JAVA_AGENT_NAMES: JavaAgentName[] = ['java', 'opentelemetry/java']; + +export type RumAgentName = 'js-base' | 'rum-js' | 'opentelemetry/webjs'; +export const RUM_AGENT_NAMES: RumAgentName[] = ['js-base', 'rum-js', 'opentelemetry/webjs']; + +export type ServerlessType = 'aws.lambda' | 'azure.functions'; +export const SERVERLESS_TYPE: ServerlessType[] = ['aws.lambda', 'azure.functions']; + +export type AgentName = ElasticAgentName | OpenTelemetryAgentName | JavaAgentName | RumAgentName; +export const AGENT_NAMES: AgentName[] = [ + ...ELASTIC_AGENT_NAMES, + ...OPEN_TELEMETRY_AGENT_NAMES, + ...JAVA_AGENT_NAMES, + ...RUM_AGENT_NAMES, +]; diff --git a/packages/kbn-elastic-agent-utils/tsconfig.json b/packages/kbn-elastic-agent-utils/tsconfig.json new file mode 100644 index 0000000000000..9754544771806 --- /dev/null +++ b/packages/kbn-elastic-agent-utils/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node" + ] + }, + "include": [ + "**/*.ts", + "**/*.tsx" + ], + "exclude": [ + "target/**/*" + ] +} diff --git a/packages/kbn-es-archiver/src/lib/archives/parse.test.ts b/packages/kbn-es-archiver/src/lib/archives/parse.test.ts index b87e6f71400e0..9e0d5c02238b8 100644 --- a/packages/kbn-es-archiver/src/lib/archives/parse.test.ts +++ b/packages/kbn-es-archiver/src/lib/archives/parse.test.ts @@ -98,7 +98,7 @@ describe('esArchiver createParseArchiveStreams', () => { ] as [Readable, ...Writable[]]); throw new Error('should have failed'); } catch (err) { - expect(err.message).toEqual(expect.stringContaining('Unexpected number')); + expect(err.message).toEqual(`Expected property name or '}' in JSON at position 1`); } }); }); diff --git a/packages/kbn-es/src/integration_tests/__fixtures__/es_bin.js b/packages/kbn-es/src/integration_tests/__fixtures__/es_bin.js index 5ef6145698811..0d44b8a775b25 100644 --- a/packages/kbn-es/src/integration_tests/__fixtures__/es_bin.js +++ b/packages/kbn-es/src/integration_tests/__fixtures__/es_bin.js @@ -87,11 +87,11 @@ const { ES_KEY_PATH, ES_CERT_PATH } = require('@kbn/dev-utils'); } ); - // setup server auto close after 1 second of silence + // setup server auto close after 5 second of silence let serverCloseTimer; const delayServerClose = () => { clearTimeout(serverCloseTimer); - serverCloseTimer = setTimeout(() => server.close(), 1000); + serverCloseTimer = setTimeout(() => server.close(), 5000); }; server.on('request', delayServerClose); server.on('listening', delayServerClose); diff --git a/packages/kbn-es/src/utils/docker.test.ts b/packages/kbn-es/src/utils/docker.test.ts index 2d71a4e628e11..2def181febb58 100644 --- a/packages/kbn-es/src/utils/docker.test.ts +++ b/packages/kbn-es/src/utils/docker.test.ts @@ -7,8 +7,7 @@ */ import mockFs from 'mock-fs'; -import { existsSync } from 'fs'; -import { stat } from 'fs/promises'; +import Fsp from 'fs/promises'; import { basename } from 'path'; import { @@ -109,7 +108,7 @@ const volumeCmdTest = async (volumeCmd: string[]) => { // extract only permission from mode // eslint-disable-next-line no-bitwise - expect((await stat(serverlessObjectStorePath)).mode & 0o777).toBe(0o777); + expect((await Fsp.stat(serverlessObjectStorePath)).mode & 0o777).toBe(0o777); }; describe('resolveDockerImage()', () => { @@ -442,7 +441,7 @@ describe('setupServerlessVolumes()', () => { const volumeCmd = await setupServerlessVolumes(log, { basePath: baseEsPath }); volumeCmdTest(volumeCmd); - expect(existsSync(serverlessObjectStorePath)).toBe(true); + await expect(Fsp.access(serverlessObjectStorePath)).resolves.not.toThrow(); }); test('should use an existing object store', async () => { @@ -451,7 +450,9 @@ describe('setupServerlessVolumes()', () => { const volumeCmd = await setupServerlessVolumes(log, { basePath: baseEsPath }); volumeCmdTest(volumeCmd); - expect(existsSync(`${serverlessObjectStorePath}/cluster_state/lease`)).toBe(true); + await expect( + Fsp.access(`${serverlessObjectStorePath}/cluster_state/lease`) + ).resolves.not.toThrow(); }); test('should remove an existing object store when clean is passed', async () => { @@ -460,7 +461,9 @@ describe('setupServerlessVolumes()', () => { const volumeCmd = await setupServerlessVolumes(log, { basePath: baseEsPath, clean: true }); volumeCmdTest(volumeCmd); - expect(existsSync(`${serverlessObjectStorePath}/cluster_state/lease`)).toBe(false); + await expect( + Fsp.access(`${serverlessObjectStorePath}/cluster_state/lease`) + ).rejects.toThrowError(); }); test('should add SSL volumes when ssl is passed', async () => { diff --git a/packages/kbn-es/src/utils/docker.ts b/packages/kbn-es/src/utils/docker.ts index 1c89339e1a567..2981acb56d0f4 100644 --- a/packages/kbn-es/src/utils/docker.ts +++ b/packages/kbn-es/src/utils/docker.ts @@ -486,12 +486,19 @@ export async function setupServerlessVolumes(log: ToolingLog, options: Serverles log.info(chalk.bold(`Checking for local serverless ES object store at ${objectStorePath}`)); log.indent(4); - if (clean && fs.existsSync(objectStorePath)) { + let exists = null; + try { + await Fsp.access(objectStorePath); + exists = true; + } catch (e) { + exists = false; + } + if (clean && exists) { log.info('Cleaning existing object store.'); await Fsp.rm(objectStorePath, { recursive: true, force: true }); } - if (clean || !fs.existsSync(objectStorePath)) { + if (clean || !exists) { await Fsp.mkdir(objectStorePath, { recursive: true }).then(() => log.info('Created new object store.') ); diff --git a/packages/kbn-handlebars/__snapshots__/index.test.ts.snap b/packages/kbn-handlebars/__snapshots__/index.test.ts.snap index b9a8c27e45911..d25a455699fd6 100644 --- a/packages/kbn-handlebars/__snapshots__/index.test.ts.snap +++ b/packages/kbn-handlebars/__snapshots__/index.test.ts.snap @@ -42,7 +42,7 @@ HandlebarsEnvironment { "isFunction": [Function], "toString": [Function], }, - "VERSION": "4.7.7", + "VERSION": "4.7.8", "VM": Object { "__esModule": true, "checkRevision": [Function], diff --git a/packages/kbn-handlebars/scripts/check_for_upstream_updates.sh b/packages/kbn-handlebars/scripts/check_for_upstream_updates.sh index 73f7376ab4312..7f2bf784f863e 100755 --- a/packages/kbn-handlebars/scripts/check_for_upstream_updates.sh +++ b/packages/kbn-handlebars/scripts/check_for_upstream_updates.sh @@ -34,7 +34,7 @@ else echo " our local versions of these files (located in" echo " 'packages/kbn-handlebars/src/spec')." echo - echo " https://github.com/handlebars-lang/handlebars.js/compare/$hash...4.x" + echo " https://github.com/handlebars-lang/handlebars.js/compare/$expected_hash...4.x" echo echo " 2. Execute the following script and commit the updated '$HASH_FILE'" echo " file including any changes you made to our own spec files." diff --git a/packages/kbn-handlebars/src/spec/.upstream_git_hash b/packages/kbn-handlebars/src/spec/.upstream_git_hash index 5a6b183166d46..0d4d453a0c5c3 100644 --- a/packages/kbn-handlebars/src/spec/.upstream_git_hash +++ b/packages/kbn-handlebars/src/spec/.upstream_git_hash @@ -1 +1 @@ -c65c6cce3f626e4896a9d59250f0908be695adae \ No newline at end of file +eab1d141cb4a1d93375d7380ed070aa1f576a2c9 \ No newline at end of file diff --git a/packages/kbn-management/settings/components/field_category/__stories__/use_category_story.tsx b/packages/kbn-management/settings/components/field_category/__stories__/use_category_story.tsx index a04e2aa93177e..fe65004f551cc 100644 --- a/packages/kbn-management/settings/components/field_category/__stories__/use_category_story.tsx +++ b/packages/kbn-management/settings/components/field_category/__stories__/use_category_story.tsx @@ -59,8 +59,13 @@ export const useCategoryStory = ({ isFiltered, isSavingEnabled }: Params) => { setUnsavedChanges((changes) => ({ ...changes, [id]: change })); }; - // This is only needed for when a search query is present - const categoryCounts = {}; + const categoryCounts = Object.keys(categorizedFields).reduce( + (acc, category) => ({ + ...acc, + [category]: categorizedFields[category].count, + }), + {} + ); return { onClearQuery, diff --git a/packages/kbn-management/settings/components/form/storybook/form.stories.tsx b/packages/kbn-management/settings/components/form/storybook/form.stories.tsx index 235ca90f9bef1..d239c862a6317 100644 --- a/packages/kbn-management/settings/components/form/storybook/form.stories.tsx +++ b/packages/kbn-management/settings/components/form/storybook/form.stories.tsx @@ -12,6 +12,7 @@ import { FieldDefinition } from '@kbn/management-settings-types'; import { getFieldDefinitions } from '@kbn/management-settings-field-definition'; import { getSettingsMock } from '@kbn/management-settings-utilities/mocks/settings.mock'; +import { categorizeFields } from '@kbn/management-settings-utilities'; import { uiSettingsClientMock } from '../mocks'; import { Form as Component } from '../form'; import { FormProvider } from '../services'; @@ -69,8 +70,16 @@ export const Form = ({ isSavingEnabled, requirePageReload }: FormStoryProps) => uiSettingsClientMock ); - // This is only needed for when a search query is present - const categoryCounts = {}; + const categorizedFields = categorizeFields(fields); + + const categoryCounts = Object.keys(categorizedFields).reduce( + (acc, category) => ({ + ...acc, + [category]: categorizedFields[category].count, + }), + {} + ); + const onClearQuery = () => {}; return ; diff --git a/preinstall_check.js b/preinstall_check.js index d6d0cdf1ffb49..59a4cfd2aa4a7 100644 --- a/preinstall_check.js +++ b/preinstall_check.js @@ -10,7 +10,7 @@ const isUsingNpm = process.env.npm_config_git !== undefined; if (isUsingNpm) { - throw `Use Yarn instead of npm, see Kibana's contributing guidelines`; + throw new Error(`Use Yarn instead of npm, see Kibana's contributing guidelines`); } // The value of the `npm_config_argv` env for each command: diff --git a/src/dev/build/lib/config.ts b/src/dev/build/lib/config.ts index a33540ce00c5f..a27592e3f6427 100644 --- a/src/dev/build/lib/config.ts +++ b/src/dev/build/lib/config.ts @@ -251,6 +251,6 @@ export class Config { } getDistPluginsFromRepo() { - return getPackages(this.repoRoot).filter(this.pluginFilter); + return getPackages(this.repoRoot).filter((p) => !p.isDevOnly() && this.pluginFilter(p)); } } diff --git a/src/dev/build/tasks/package_json/create_package_json_tasks.ts b/src/dev/build/tasks/package_json/create_package_json_tasks.ts index d5f4ee94e049b..fae14c14e3db5 100644 --- a/src/dev/build/tasks/package_json/create_package_json_tasks.ts +++ b/src/dev/build/tasks/package_json/create_package_json_tasks.ts @@ -6,6 +6,7 @@ * Side Public License, v 1. */ +import { PluginPackage } from '@kbn/repo-packages'; import { findUsedDependencies } from './find_used_dependencies'; import { read, write, Task } from '../../lib'; @@ -13,7 +14,7 @@ export const CreatePackageJson: Task = { description: 'Creating build-ready version of package.json', async run(config, log, build) { - const plugins = config.getDistPluginsFromRepo(); + const plugins = config.getDistPluginsFromRepo() as PluginPackage[]; const distPkgIds = new Set(config.getDistPackagesFromRepo().map((p) => p.id)); const pkg = config.getKibanaPkg(); diff --git a/src/dev/build/tasks/patch_native_modules_task.ts b/src/dev/build/tasks/patch_native_modules_task.ts index 24ab98d132203..c928d8a5b4d06 100644 --- a/src/dev/build/tasks/patch_native_modules_task.ts +++ b/src/dev/build/tasks/patch_native_modules_task.ts @@ -47,8 +47,8 @@ const packages: Package[] = [ extractMethod: 'gunzip', archives: { 'linux-x64': { - url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/linux-x64-108.gz', - sha256: 'e14f274f73ede22f170bfe9e57a0645ebf7ed320042a27361fa158bc239a5563', + url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/linux-x64-115.gz', + sha256: '7a4821ef7e9ddbafe5bba6beb54b100c233242f0dbf5a7268f55beea5f845f97', }, // Linux ARM builds are currently done manually as Github Actions used in upstream project // do not natively support an Linux ARM target. @@ -63,20 +63,20 @@ const packages: Package[] = [ // * capture the sha256 with: `shasum -a 256 linux-arm64-*` // * upload the `linux-arm64-*.gz` artifact to the `yarn-prebuilt-artifacts` bucket in GCS using the correct version number 'linux-arm64': { - url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/linux-arm64-108.gz', - sha256: 'cbdf3f75a331c601ac0bd34715814d0a1fd17612c6d6b5269f176d46044defd5', + url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/linux-arm64-115.gz', + sha256: '8d753d6ac15d95d6d236dce2f986f4a6b2f9945ba0d927ab972eb82da68d14b1', }, 'darwin-x64': { - url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/darwin-x64-108.gz', - sha256: 'f88c09e98f152ac15c593b3b923b7fbe28d448cfde5986da40c34461bede5a09', + url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/darwin-x64-115.gz', + sha256: '91823077c510c6da9c428038bfd210846373bcd0ab6851f7408add67864785a9', }, 'darwin-arm64': { - url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/darwin-arm64-108.gz', - sha256: '80700aecbe63052149aba721449a8ce30c24d884e414025124bb4602efe708be', + url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/darwin-arm64-115.gz', + sha256: '935e2a5590e93e6f52f41d40ae4115fbd2f130a4d61afb0a6549ed17adb1dd84', }, 'win32-x64': { - url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/win32-x64-108.gz', - sha256: 'cadc4713907f3ad1de45f470810ec8e13e08f32c1a1e45e5d5ab5e9d7fcb9763', + url: 'https://us-central1-elastic-kibana-184716.cloudfunctions.net/kibana-ci-proxy-cache/node-re2/uhop/node-re2/releases/download/1.20.1/win32-x64-115.gz', + sha256: '120c2663bcab4803f8405d9aa2cb97fa181d90b4ff176827cc7295667aa2e9c2', }, }, }, diff --git a/src/dev/storybook/aliases.ts b/src/dev/storybook/aliases.ts index 9f0380211ce50..b64c5c9a70271 100644 --- a/src/dev/storybook/aliases.ts +++ b/src/dev/storybook/aliases.ts @@ -22,6 +22,7 @@ export const storybookAliases = { chart_icons: 'packages/kbn-chart-icons/.storybook', content_management_examples: 'examples/content_management_examples/.storybook', controls: 'src/plugins/controls/storybook', + custom_icons: 'packages/kbn-custom-icons/.storybook', custom_integrations: 'src/plugins/custom_integrations/storybook', dashboard_enhanced: 'x-pack/plugins/dashboard_enhanced/.storybook', dashboard: 'src/plugins/dashboard/.storybook', diff --git a/src/plugins/bfetch/public/batching/create_streaming_batched_function.test.ts b/src/plugins/bfetch/public/batching/create_streaming_batched_function.test.ts index fb9db4490144b..f4eeca4bc5ba6 100644 --- a/src/plugins/bfetch/public/batching/create_streaming_batched_function.test.ts +++ b/src/plugins/bfetch/public/batching/create_streaming_batched_function.test.ts @@ -744,7 +744,7 @@ describe('createStreamingBatchedFunction()', () => { const [, error1] = await promise1; const [result1] = await promise2; expect(error1).toMatchObject({ - message: 'Unexpected token N in JSON at position 0', + message: `Unexpected token 'N', "Not a JSON\n" is not valid JSON`, code: 'STREAM', }); expect(result1).toMatchObject({ diff --git a/src/plugins/chart_expressions/expression_partition_vis/public/types.ts b/src/plugins/chart_expressions/expression_partition_vis/public/types.ts index 0beca2e79de8d..7b139df576d6e 100755 --- a/src/plugins/chart_expressions/expression_partition_vis/public/types.ts +++ b/src/plugins/chart_expressions/expression_partition_vis/public/types.ts @@ -47,6 +47,7 @@ export interface MultiFilterEvent { export interface CellValueAction { id: string; + type?: string; iconType: string; displayName: string; execute: (data: CellValueContext['data']) => void; diff --git a/src/plugins/chart_expressions/expression_partition_vis/public/utils/get_legend_actions.tsx b/src/plugins/chart_expressions/expression_partition_vis/public/utils/get_legend_actions.tsx index 778c2003de4f1..b734e1b07a0c0 100644 --- a/src/plugins/chart_expressions/expression_partition_vis/public/utils/get_legend_actions.tsx +++ b/src/plugins/chart_expressions/expression_partition_vis/public/utils/get_legend_actions.tsx @@ -14,10 +14,15 @@ import { LegendAction, SeriesIdentifier, useLegendAction } from '@elastic/charts import { DataPublicPluginStart } from '@kbn/data-plugin/public'; import { Datatable } from '@kbn/expressions-plugin/public'; import { FieldFormatsStart } from '@kbn/field-formats-plugin/public'; +import { FILTER_CELL_ACTION_TYPE } from '@kbn/cell-actions/constants'; import { PartitionVisParams } from '../../common/types'; -import { ColumnCellValueActions, FilterEvent } from '../types'; +import { CellValueAction, ColumnCellValueActions, FilterEvent } from '../types'; import { getSeriesValueColumnIndex, getFilterPopoverTitle } from './filter_helpers'; +const hasFilterCellAction = (actions: CellValueAction[]) => { + return actions.some(({ type }) => type === FILTER_CELL_ACTION_TYPE); +}; + export const getLegendActions = ( canFilter: ( data: FilterEvent | null, @@ -58,9 +63,10 @@ export const getLegendActions = ( pieSeries.key ); - const panelItems: EuiContextMenuPanelDescriptor['items'] = []; + const compatibleCellActions = columnCellValueActions[columnIndex] ?? []; - if (isFilterable && filterData) { + const panelItems: EuiContextMenuPanelDescriptor['items'] = []; + if (!hasFilterCellAction(compatibleCellActions) && isFilterable && filterData) { panelItems.push( { name: i18n.translate('expressionPartitionVis.legend.filterForValueButtonAriaLabel', { @@ -87,20 +93,18 @@ export const getLegendActions = ( ); } - if (columnCellValueActions[columnIndex]) { - const columnMeta = visData.columns[columnIndex].meta; - columnCellValueActions[columnIndex].forEach((action) => { - panelItems.push({ - name: action.displayName, - 'data-test-subj': `legend-${title}-${action.id}`, - icon: , - onClick: () => { - action.execute([{ columnMeta, value: pieSeries.key }]); - setPopoverOpen(false); - }, - }); + const columnMeta = visData.columns[columnIndex].meta; + compatibleCellActions.forEach((action) => { + panelItems.push({ + name: action.displayName, + 'data-test-subj': `legend-${title}-${action.id}`, + icon: , + onClick: () => { + action.execute([{ columnMeta, value: pieSeries.key }]); + setPopoverOpen(false); + }, }); - } + }); if (panelItems.length === 0) { return null; diff --git a/src/plugins/chart_expressions/expression_partition_vis/tsconfig.json b/src/plugins/chart_expressions/expression_partition_vis/tsconfig.json index bfb4774a1676e..59b7893879ced 100644 --- a/src/plugins/chart_expressions/expression_partition_vis/tsconfig.json +++ b/src/plugins/chart_expressions/expression_partition_vis/tsconfig.json @@ -29,6 +29,7 @@ "@kbn/analytics", "@kbn/chart-icons", "@kbn/chart-expressions-common", + "@kbn/cell-actions", ], "exclude": [ "target/**/*", diff --git a/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis.test.ts b/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis.test.ts index 78eb7c54ebf8a..eae70ea54f0c9 100644 --- a/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis.test.ts +++ b/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis.test.ts @@ -10,7 +10,6 @@ import { layeredXyVisFunction } from '.'; import { createMockExecutionContext } from '@kbn/expressions-plugin/common/mocks'; import { sampleArgs, sampleExtendedLayer } from '../__mocks__'; import { XY_VIS } from '../constants'; -import { shouldShowLegendActionDefault } from '../helpers/visualization'; describe('layeredXyVis', () => { test('it renders with the specified data and args', async () => { @@ -31,7 +30,6 @@ describe('layeredXyVis', () => { syncTooltips: false, syncCursor: true, canNavigateToLens: false, - shouldShowLegendAction: shouldShowLegendActionDefault, }, }); }); diff --git a/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis_fn.ts b/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis_fn.ts index 5a1a79ef984fc..cf1325f09bf22 100644 --- a/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis_fn.ts +++ b/src/plugins/chart_expressions/expression_xy/common/expression_functions/layered_xy_vis_fn.ts @@ -18,7 +18,6 @@ import { validateAxes, } from './validate'; import { appendLayerIds, getDataLayers } from '../helpers'; -import { shouldShowLegendActionDefault } from '../helpers/visualization'; export const layeredXyVisFn: LayeredXyVisFn['fn'] = async (data, args, handlers) => { const layers = appendLayerIds(args.layers ?? [], 'layers'); @@ -67,7 +66,6 @@ export const layeredXyVisFn: LayeredXyVisFn['fn'] = async (data, args, handlers) syncTooltips: handlers?.isSyncTooltipsEnabled?.() ?? false, syncCursor: handlers?.isSyncCursorEnabled?.() ?? true, overrides: handlers.variables?.overrides as XYRender['value']['overrides'], - shouldShowLegendAction: handlers?.shouldShowLegendAction ?? shouldShowLegendActionDefault, }, }; }; diff --git a/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis.test.ts b/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis.test.ts index e0c825597d328..9a71ec92d7a51 100644 --- a/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis.test.ts +++ b/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis.test.ts @@ -10,7 +10,6 @@ import { xyVisFunction } from '.'; import { createMockExecutionContext } from '@kbn/expressions-plugin/common/mocks'; import { sampleArgs, sampleLayer } from '../__mocks__'; import { XY_VIS } from '../constants'; -import { shouldShowLegendActionDefault } from '../helpers/visualization'; describe('xyVis', () => { test('it renders with the specified data and args', async () => { @@ -43,7 +42,6 @@ describe('xyVis', () => { syncColors: false, syncTooltips: false, syncCursor: true, - shouldShowLegendAction: shouldShowLegendActionDefault, }, }); }); @@ -354,7 +352,6 @@ describe('xyVis', () => { syncColors: false, syncTooltips: false, syncCursor: true, - shouldShowLegendAction: shouldShowLegendActionDefault, }, }); }); @@ -404,7 +401,6 @@ describe('xyVis', () => { syncTooltips: false, syncCursor: true, overrides, - shouldShowLegendAction: shouldShowLegendActionDefault, }, }); }); diff --git a/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis_fn.ts b/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis_fn.ts index 1eb4357e57c84..03df575b3c653 100644 --- a/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis_fn.ts +++ b/src/plugins/chart_expressions/expression_xy/common/expression_functions/xy_vis_fn.ts @@ -30,7 +30,6 @@ import { validateAxes, } from './validate'; import { logDatatable } from '../utils'; -import { shouldShowLegendActionDefault } from '../helpers/visualization'; const createDataLayer = (args: XYArgs, table: Datatable): DataLayerConfigResult => { const accessors = getAccessors(args, table); @@ -140,7 +139,6 @@ export const xyVisFn: XyVisFn['fn'] = async (data, args, handlers) => { syncTooltips: handlers?.isSyncTooltipsEnabled?.() ?? false, syncCursor: handlers?.isSyncCursorEnabled?.() ?? true, overrides: handlers.variables?.overrides as XYRender['value']['overrides'], - shouldShowLegendAction: handlers?.shouldShowLegendAction ?? shouldShowLegendActionDefault, }, }; }; diff --git a/src/plugins/chart_expressions/expression_xy/common/helpers/visualization.ts b/src/plugins/chart_expressions/expression_xy/common/helpers/visualization.ts index 8f740c2578d7e..66d4c11a9f7ae 100644 --- a/src/plugins/chart_expressions/expression_xy/common/helpers/visualization.ts +++ b/src/plugins/chart_expressions/expression_xy/common/helpers/visualization.ts @@ -19,5 +19,3 @@ export function isTimeChart(layers: CommonXYDataLayerConfigResult[]) { (!l.xScaleType || l.xScaleType === XScaleTypes.TIME) ); } - -export const shouldShowLegendActionDefault = () => true; diff --git a/src/plugins/chart_expressions/expression_xy/public/components/legend_action.test.tsx b/src/plugins/chart_expressions/expression_xy/public/components/legend_action.test.tsx index 47e36adab06f8..1398fc64357cb 100644 --- a/src/plugins/chart_expressions/expression_xy/public/components/legend_action.test.tsx +++ b/src/plugins/chart_expressions/expression_xy/public/components/legend_action.test.tsx @@ -203,8 +203,7 @@ describe('getLegendAction', function () { formattedColumns: {}, }, }, - {}, - () => true + {} ); let wrapper: ReactWrapper; diff --git a/src/plugins/chart_expressions/expression_xy/public/components/legend_action.tsx b/src/plugins/chart_expressions/expression_xy/public/components/legend_action.tsx index 2ae2c21b8c0d8..f5b00f696d04f 100644 --- a/src/plugins/chart_expressions/expression_xy/public/components/legend_action.tsx +++ b/src/plugins/chart_expressions/expression_xy/public/components/legend_action.tsx @@ -28,7 +28,6 @@ export const getLegendAction = ( fieldFormats: LayersFieldFormats, formattedDatatables: DatatablesWithFormatInfo, titles: LayersAccessorsTitles, - shouldShowLegendAction?: (actionId: string) => boolean, singleTable?: boolean ): LegendAction => React.memo(({ series: [xySeries] }) => { @@ -110,7 +109,6 @@ export const getLegendAction = ( } onFilter={filterHandler} legendCellValueActions={legendCellValueActions} - shouldShowLegendAction={shouldShowLegendAction} /> ); }); diff --git a/src/plugins/chart_expressions/expression_xy/public/components/legend_action_popover.tsx b/src/plugins/chart_expressions/expression_xy/public/components/legend_action_popover.tsx index aa2db4c4eb47c..268a7051bd4c3 100644 --- a/src/plugins/chart_expressions/expression_xy/public/components/legend_action_popover.tsx +++ b/src/plugins/chart_expressions/expression_xy/public/components/legend_action_popover.tsx @@ -8,16 +8,14 @@ import React, { useState, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; -import { - EuiContextMenuPanelDescriptor, - EuiIcon, - EuiPopover, - EuiContextMenu, - EuiContextMenuPanelItemDescriptor, -} from '@elastic/eui'; +import { FILTER_CELL_ACTION_TYPE } from '@kbn/cell-actions/constants'; +import { EuiContextMenuPanelDescriptor, EuiIcon, EuiPopover, EuiContextMenu } from '@elastic/eui'; import { useLegendAction } from '@elastic/charts'; import type { CellValueAction } from '../types'; -import { shouldShowLegendActionDefault } from '../../common/helpers/visualization'; + +const hasFilterCellAction = (actions: CellValueAction[]) => { + return actions.some(({ type }) => type === FILTER_CELL_ACTION_TYPE); +}; export type LegendCellValueActions = Array< Omit & { execute: () => void } @@ -36,20 +34,18 @@ export interface LegendActionPopoverProps { * Compatible actions to be added to the popover actions */ legendCellValueActions?: LegendCellValueActions; - shouldShowLegendAction?: (actionId: string) => boolean; } export const LegendActionPopover: React.FunctionComponent = ({ label, onFilter, legendCellValueActions = [], - shouldShowLegendAction = shouldShowLegendActionDefault, }) => { const [popoverOpen, setPopoverOpen] = useState(false); const [ref, onClose] = useLegendAction(); const panels: EuiContextMenuPanelDescriptor[] = useMemo(() => { - const defaultActions = [ + const defaultFilterActions = [ { id: 'filterIn', displayName: i18n.translate('expressionXY.legend.filterForValueButtonAriaLabel', { @@ -76,22 +72,21 @@ export const LegendActionPopover: React.FunctionComponent((acc, action) => { - if (shouldShowLegendAction(action.id)) { - acc.push({ - name: action.displayName, - 'data-test-subj': `legend-${label}-${action.id}`, - icon: , - onClick: () => { - action.execute(); - setPopoverOpen(false); - }, - }); - } - return acc; - }, []); + const allActions = [ + ...(!hasFilterCellAction(legendCellValueActions) ? defaultFilterActions : []), + ...legendCellValueActions, + ]; + + const legendCellValueActionPanelItems = allActions.map((action) => ({ + name: action.displayName, + 'data-test-subj': `legend-${label}-${action.id}`, + icon: , + onClick: () => { + action.execute(); + setPopoverOpen(false); + }, + })); + return [ { id: 'main', @@ -99,7 +94,7 @@ export const LegendActionPopover: React.FunctionComponent & { renderComplete: () => void; uiState?: PersistedState; timeFormat: string; - shouldShowLegendAction?: (actionId: string) => boolean; }; function nonNullable(v: T): v is NonNullable { @@ -208,7 +207,6 @@ export function XYChart({ uiState, timeFormat, overrides, - shouldShowLegendAction, }: XYChartRenderProps) { const { legend, @@ -841,7 +839,6 @@ export function XYChart({ fieldFormats, formattedDatatables, titles, - shouldShowLegendAction, singleTable ) : undefined diff --git a/src/plugins/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx b/src/plugins/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx index 401af740375b2..c2561191deb9a 100644 --- a/src/plugins/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx +++ b/src/plugins/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx @@ -277,7 +277,6 @@ export const getXyChartRenderer = ({ syncCursor={config.syncCursor} uiState={handlers.uiState as PersistedState} renderComplete={renderComplete} - shouldShowLegendAction={handlers.shouldShowLegendAction} /> diff --git a/src/plugins/chart_expressions/expression_xy/public/types.ts b/src/plugins/chart_expressions/expression_xy/public/types.ts index 733dba9400bf2..14aa84768efea 100755 --- a/src/plugins/chart_expressions/expression_xy/public/types.ts +++ b/src/plugins/chart_expressions/expression_xy/public/types.ts @@ -120,6 +120,7 @@ export interface VisualizationType { export interface CellValueAction { id: string; + type?: string; iconType: string; displayName: string; execute: (data: CellValueContext['data']) => void; diff --git a/src/plugins/chart_expressions/expression_xy/tsconfig.json b/src/plugins/chart_expressions/expression_xy/tsconfig.json index 901b7eb0568c6..a0e7e207f92c0 100644 --- a/src/plugins/chart_expressions/expression_xy/tsconfig.json +++ b/src/plugins/chart_expressions/expression_xy/tsconfig.json @@ -34,6 +34,7 @@ "@kbn/event-annotation-common", "@kbn/visualization-ui-components", "@kbn/es-query", + "@kbn/cell-actions", ], "exclude": [ "target/**/*", diff --git a/src/plugins/console/public/lib/autocomplete/body_completer.js b/src/plugins/console/public/lib/autocomplete/body_completer.js index 9759eb9b629da..d9355db85f4d8 100644 --- a/src/plugins/console/public/lib/autocomplete/body_completer.js +++ b/src/plugins/console/public/lib/autocomplete/body_completer.js @@ -266,7 +266,7 @@ function compileCondition(description, compiledObject) { return new RegExp(description.lines_regex, 'm').test(lines); }, compiledObject); } else { - throw 'unknown condition type - got: ' + JSON.stringify(description); + throw new Error(`unknown condition type - got: ${JSON.stringify(description)}`); } } diff --git a/src/plugins/data/public/search/expressions/esdsl.test.ts b/src/plugins/data/public/search/expressions/esdsl.test.ts index 2bf2ef1148507..603dbf1e8f3eb 100644 --- a/src/plugins/data/public/search/expressions/esdsl.test.ts +++ b/src/plugins/data/public/search/expressions/esdsl.test.ts @@ -63,7 +63,7 @@ describe('esdsl', () => { } catch (error) { errorMessage = error.message; } - expect(errorMessage).toEqual('Unexpected token i in JSON at position 0'); + expect(errorMessage).toEqual(`Unexpected token 'i', "invalid json" is not valid JSON`); }); test('adds filters', async () => { diff --git a/src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx b/src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx index 71ff8ce38636c..7ce1c9ccbc66d 100644 --- a/src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx +++ b/src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx @@ -30,6 +30,7 @@ import { } from '@kbn/saved-objects-management-plugin/public'; import { pickBy } from 'lodash'; import { setStateToKbnUrl } from '@kbn/kibana-utils-plugin/public'; +import type * as CSS from 'csstype'; import { IndexPatternManagmentContext } from '../../types'; import { Tabs } from './tabs'; import { IndexHeader } from './index_header'; @@ -37,8 +38,9 @@ import { getTags } from '../utils'; import { removeDataView, RemoveDataViewProps } from './remove_data_view'; import { APP_STATE_STORAGE_KEY } from './edit_index_pattern_state_container'; -const codeStyle = { +const codeStyle: CSS.Properties = { marginLeft: '8px', + overflowWrap: 'anywhere', }; export interface EditIndexPatternProps extends RouteComponentProps { diff --git a/src/plugins/expressions/common/execution/types.ts b/src/plugins/expressions/common/execution/types.ts index eed9628444cc7..dddc503285942 100644 --- a/src/plugins/expressions/common/execution/types.ts +++ b/src/plugins/expressions/common/execution/types.ts @@ -84,8 +84,6 @@ export interface ExecutionContext< * Logs datatable. */ logDatatable?(name: string, datatable: Datatable): void; - - shouldShowLegendAction?: (actionId: string) => boolean; } /** diff --git a/src/plugins/expressions/common/expression_renderers/types.ts b/src/plugins/expressions/common/expression_renderers/types.ts index e75e0af849ed3..7dae307aa6c01 100644 --- a/src/plugins/expressions/common/expression_renderers/types.ts +++ b/src/plugins/expressions/common/expression_renderers/types.ts @@ -105,5 +105,4 @@ export interface IInterpreterRenderHandlers { uiState?: unknown; getExecutionContext(): KibanaExecutionContext | undefined; - shouldShowLegendAction?: (actionId: string) => boolean; } diff --git a/src/plugins/expressions/public/loader.ts b/src/plugins/expressions/public/loader.ts index c3d7b1fb9920d..f10b8db1f1287 100644 --- a/src/plugins/expressions/public/loader.ts +++ b/src/plugins/expressions/public/loader.ts @@ -63,7 +63,6 @@ export class ExpressionLoader { hasCompatibleActions: params?.hasCompatibleActions, getCompatibleCellValueActions: params?.getCompatibleCellValueActions, executionContext: params?.executionContext, - shouldShowLegendAction: params?.shouldShowLegendAction, }); this.render$ = this.renderHandler.render$; this.update$ = this.renderHandler.update$; diff --git a/src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx b/src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx index 7c299e1bc7240..1d479bd9b4c1c 100644 --- a/src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx +++ b/src/plugins/expressions/public/react_expression_renderer/react_expression_renderer.tsx @@ -24,7 +24,6 @@ export interface ReactExpressionRendererProps error?: ExpressionRenderError | null ) => React.ReactElement | React.ReactElement[]; padding?: 'xs' | 's' | 'm' | 'l' | 'xl'; - shouldShowLegendAction?: (actionId: string) => boolean; } export type ReactExpressionRendererType = React.ComponentType; diff --git a/src/plugins/expressions/public/render.ts b/src/plugins/expressions/public/render.ts index 6bb9c4d0836ba..a7b919625b8d6 100644 --- a/src/plugins/expressions/public/render.ts +++ b/src/plugins/expressions/public/render.ts @@ -36,7 +36,6 @@ export interface ExpressionRenderHandlerParams { hasCompatibleActions?: (event: ExpressionRendererEvent) => Promise; getCompatibleCellValueActions?: (data: object[]) => Promise; executionContext?: KibanaExecutionContext; - shouldShowLegendAction?: (actionId: string) => boolean; } type UpdateValue = IInterpreterRenderUpdateParams; @@ -67,7 +66,6 @@ export class ExpressionRenderHandler { hasCompatibleActions = async () => false, getCompatibleCellValueActions = async () => [], executionContext, - shouldShowLegendAction, }: ExpressionRenderHandlerParams = {} ) { this.element = element; @@ -120,9 +118,6 @@ export class ExpressionRenderHandler { }, hasCompatibleActions, getCompatibleCellValueActions, - shouldShowLegendAction: (actionId: string) => { - return shouldShowLegendAction?.(actionId) ?? true; - }, }; } diff --git a/src/plugins/expressions/public/types/index.ts b/src/plugins/expressions/public/types/index.ts index a96c0629ce8a3..870b44e9bc02c 100644 --- a/src/plugins/expressions/public/types/index.ts +++ b/src/plugins/expressions/public/types/index.ts @@ -67,7 +67,6 @@ export interface IExpressionLoaderParams { * By default, it equals 1000. */ throttle?: number; - shouldShowLegendAction?: (actionId: string) => boolean; } export interface ExpressionRenderError extends Error { diff --git a/src/plugins/links/common/persistable_state/references.ts b/src/plugins/links/common/persistable_state/references.ts index 1410cdc53d234..3c527465a2868 100644 --- a/src/plugins/links/common/persistable_state/references.ts +++ b/src/plugins/links/common/persistable_state/references.ts @@ -7,6 +7,7 @@ */ import { Reference } from '@kbn/content-management-utils'; +import { omit } from 'lodash'; import { DASHBOARD_LINK_TYPE, LinksAttributes } from '../content_management'; export function extractReferences({ @@ -22,23 +23,24 @@ export function extractReferences({ const { links } = attributes; const extractedReferences: Reference[] = []; - links.forEach((link) => { + + const newLinks = links.map((link) => { if (link.type === DASHBOARD_LINK_TYPE && link.destination) { const refName = `link_${link.id}_dashboard`; - link.destinationRefName = refName; extractedReferences.push({ name: refName, type: 'dashboard', id: link.destination, }); - delete link.destination; + return { ...omit(link, 'destination'), destinationRefName: refName }; } + return link; }); return { attributes: { ...attributes, - links, + links: newLinks, }, references: references.concat(extractedReferences), }; diff --git a/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_suggestor.tsx b/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_suggestor.tsx index f25ce0cb28cad..3f542be18d9f8 100644 --- a/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_suggestor.tsx +++ b/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_suggestor.tsx @@ -71,6 +71,7 @@ export class PhraseSuggestorUI extends React.Com } protected onSearchChange = (value: string | number | boolean) => { + this.setState({ isLoading: true }); this.updateSuggestions(`${value}`); }; diff --git a/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_value_input.tsx b/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_value_input.tsx index 62648ae50d26a..adb80df6cf543 100644 --- a/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_value_input.tsx +++ b/src/plugins/unified_search/public/filter_bar/filter_editor/phrase_value_input.tsx @@ -54,7 +54,7 @@ class PhraseValueInputUI extends PhraseSuggestorUI { } private renderWithSuggestions() { - const { suggestions } = this.state; + const { suggestions, isLoading } = this.state; const { value, intl, onChange, fullWidth } = this.props; // there are cases when the value is a number, this would cause an exception const valueAsStr = String(value); @@ -62,6 +62,8 @@ class PhraseValueInputUI extends PhraseSuggestorUI { return (
{ this.inputRef = ref; }} diff --git a/src/plugins/unified_search/public/filter_bar/filter_editor/phrases_values_input.tsx b/src/plugins/unified_search/public/filter_bar/filter_editor/phrases_values_input.tsx index 513dad1445823..500b875f42667 100644 --- a/src/plugins/unified_search/public/filter_bar/filter_editor/phrases_values_input.tsx +++ b/src/plugins/unified_search/public/filter_bar/filter_editor/phrases_values_input.tsx @@ -31,13 +31,15 @@ class PhrasesValuesInputUI extends PhraseSuggestorUI { comboBoxWrapperRef = React.createRef(); public render() { - const { suggestions } = this.state; + const { suggestions, isLoading } = this.state; const { values, intl, onChange, fullWidth, onParamsUpdate, compressed, disabled } = this.props; const options = values ? uniq([...values, ...suggestions]) : suggestions; return (
{ - await dashboardAddPanel.clickEditorMenuButton(); - await dashboardAddPanel.clickAddNewEmbeddableLink('links'); - await dashboardLinks.setLayout('horizontal'); - await createSomeLinks(); - await dashboardLinks.toggleSaveByReference(false); - await dashboardLinks.clickPanelEditorSaveButton(); - await testSubjects.exists('addObjectToDashboardSuccess'); - - expect(await testSubjects.existOrFail('links--component')); - expect(await dashboardLinks.getNumberOfLinksInPanel()).to.equal(4); - await dashboard.clickDiscardChanges(); + describe('by-value links panel', async () => { + it('can create a new by-value links panel', async () => { + await dashboardAddPanel.clickEditorMenuButton(); + await dashboardAddPanel.clickAddNewEmbeddableLink('links'); + await dashboardLinks.setLayout('horizontal'); + await createSomeLinks(); + await dashboardLinks.toggleSaveByReference(false); + await dashboardLinks.clickPanelEditorSaveButton(); + await testSubjects.exists('addObjectToDashboardSuccess'); + + expect(await testSubjects.existOrFail('links--component')); + expect(await dashboardLinks.getNumberOfLinksInPanel()).to.equal(4); + }); + + it('can save by-value links panel to the library', async () => { + /** Navigate away to test non-extensible input */ + await dashboard.gotoDashboardLandingPage(); + await dashboard.clickUnsavedChangesContinueEditing(DASHBOARD_NAME); + + await dashboard.waitForRenderComplete(); + await dashboardPanelActions.saveToLibrary('Some more links'); + await testSubjects.existOrFail('addPanelToLibrarySuccess'); + }); + + after(async () => { + await dashboard.clickDiscardChanges(); + }); }); }); diff --git a/tsconfig.base.json b/tsconfig.base.json index 4dfd8436fc708..06b8c62c4d0b7 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -598,6 +598,8 @@ "@kbn/crypto-browser/*": ["packages/kbn-crypto-browser/*"], "@kbn/custom-branding-plugin": ["x-pack/plugins/custom_branding"], "@kbn/custom-branding-plugin/*": ["x-pack/plugins/custom_branding/*"], + "@kbn/custom-icons": ["packages/kbn-custom-icons"], + "@kbn/custom-icons/*": ["packages/kbn-custom-icons/*"], "@kbn/custom-integrations": ["packages/kbn-custom-integrations"], "@kbn/custom-integrations/*": ["packages/kbn-custom-integrations/*"], "@kbn/custom-integrations-plugin": ["src/plugins/custom_integrations"], @@ -684,6 +686,8 @@ "@kbn/ecs-data-quality-dashboard/*": ["x-pack/packages/security-solution/ecs_data_quality_dashboard/*"], "@kbn/ecs-data-quality-dashboard-plugin": ["x-pack/plugins/ecs_data_quality_dashboard"], "@kbn/ecs-data-quality-dashboard-plugin/*": ["x-pack/plugins/ecs_data_quality_dashboard/*"], + "@kbn/elastic-agent-utils": ["packages/kbn-elastic-agent-utils"], + "@kbn/elastic-agent-utils/*": ["packages/kbn-elastic-agent-utils/*"], "@kbn/elastic-assistant": ["x-pack/packages/kbn-elastic-assistant"], "@kbn/elastic-assistant/*": ["x-pack/packages/kbn-elastic-assistant/*"], "@kbn/elastic-assistant-plugin": ["x-pack/plugins/elastic_assistant"], @@ -960,8 +964,8 @@ "@kbn/locator-examples-plugin/*": ["examples/locator_examples/*"], "@kbn/locator-explorer-plugin": ["examples/locator_explorer"], "@kbn/locator-explorer-plugin/*": ["examples/locator_explorer/*"], - "@kbn/log-explorer-plugin": ["x-pack/plugins/observability_solution/log_explorer"], - "@kbn/log-explorer-plugin/*": ["x-pack/plugins/observability_solution/log_explorer/*"], + "@kbn/log-explorer-plugin": ["x-pack/plugins/log_explorer"], + "@kbn/log-explorer-plugin/*": ["x-pack/plugins/log_explorer/*"], "@kbn/logging": ["packages/kbn-logging"], "@kbn/logging/*": ["packages/kbn-logging/*"], "@kbn/logging-mocks": ["packages/kbn-logging-mocks"], @@ -1090,12 +1094,12 @@ "@kbn/observability-alerting-test-data/*": ["x-pack/packages/observability/alerting_test_data/*"], "@kbn/observability-fixtures-plugin": ["x-pack/test/cases_api_integration/common/plugins/observability"], "@kbn/observability-fixtures-plugin/*": ["x-pack/test/cases_api_integration/common/plugins/observability/*"], - "@kbn/observability-log-explorer-plugin": ["x-pack/plugins/observability_solution/observability_log_explorer"], - "@kbn/observability-log-explorer-plugin/*": ["x-pack/plugins/observability_solution/observability_log_explorer/*"], + "@kbn/observability-log-explorer-plugin": ["x-pack/plugins/observability_log_explorer"], + "@kbn/observability-log-explorer-plugin/*": ["x-pack/plugins/observability_log_explorer/*"], "@kbn/observability-onboarding-plugin": ["x-pack/plugins/observability_solution/observability_onboarding"], "@kbn/observability-onboarding-plugin/*": ["x-pack/plugins/observability_solution/observability_onboarding/*"], - "@kbn/observability-plugin": ["x-pack/plugins/observability_solution/observability"], - "@kbn/observability-plugin/*": ["x-pack/plugins/observability_solution/observability/*"], + "@kbn/observability-plugin": ["x-pack/plugins/observability"], + "@kbn/observability-plugin/*": ["x-pack/plugins/observability/*"], "@kbn/observability-shared-plugin": ["x-pack/plugins/observability_solution/observability_shared"], "@kbn/observability-shared-plugin/*": ["x-pack/plugins/observability_solution/observability_shared/*"], "@kbn/oidc-provider-plugin": ["x-pack/test/security_api_integration/plugins/oidc_provider"], diff --git a/x-pack/packages/security-solution/data_table/common/types/data_table/index.ts b/x-pack/packages/security-solution/data_table/common/types/data_table/index.ts index f86b3ecc98eef..e9625d39f2690 100644 --- a/x-pack/packages/security-solution/data_table/common/types/data_table/index.ts +++ b/x-pack/packages/security-solution/data_table/common/types/data_table/index.ts @@ -31,6 +31,8 @@ export enum TableId { kubernetesPageSessions = 'kubernetes-page-sessions', alertsOnCasePage = 'alerts-case-page', alertsRiskInputs = 'alerts-risk-inputs', + // New version of `alertsRiskInputs` designed to support multiple kinds of risk inputs + riskInputs = 'risk-inputs', } export enum TableEntityType { @@ -52,6 +54,7 @@ export const tableEntity: Record = { [TableId.hostsPageSessions]: TableEntityType.session, [TableId.kubernetesPageSessions]: TableEntityType.session, [TableId.alertsRiskInputs]: TableEntityType.alert, + [TableId.riskInputs]: TableEntityType.alert, } as const; const TableIdLiteralRt = runtimeTypes.union([ diff --git a/x-pack/plugins/cases/server/saved_object_types/migrations/user_actions/connector_id.test.ts b/x-pack/plugins/cases/server/saved_object_types/migrations/user_actions/connector_id.test.ts index ed43cc40649c6..2ed37837f5100 100644 --- a/x-pack/plugins/cases/server/saved_object_types/migrations/user_actions/connector_id.test.ts +++ b/x-pack/plugins/cases/server/saved_object_types/migrations/user_actions/connector_id.test.ts @@ -254,7 +254,7 @@ describe('user action migrations', () => { const log = context.log as jest.Mocked; expect(log.error.mock.calls[0]).toMatchInlineSnapshot(` Array [ - "Failed to migrate user action connector with doc id: 1 version: 8.0.0 error: Unexpected token a in JSON at position 1", + "Failed to migrate user action connector with doc id: 1 version: 8.0.0 error: Expected property name or '}' in JSON at position 1", Object { "migrations": Object { "userAction": Object { @@ -448,7 +448,7 @@ describe('user action migrations', () => { const log = context.log as jest.Mocked; expect(log.error.mock.calls[0]).toMatchInlineSnapshot(` Array [ - "Failed to migrate user action connector with doc id: 1 version: 8.0.0 error: Unexpected token b in JSON at position 1", + "Failed to migrate user action connector with doc id: 1 version: 8.0.0 error: Expected property name or '}' in JSON at position 1", Object { "migrations": Object { "userAction": Object { @@ -644,7 +644,7 @@ describe('user action migrations', () => { const log = context.log as jest.Mocked; expect(log.error.mock.calls[0]).toMatchInlineSnapshot(` Array [ - "Failed to migrate user action connector with doc id: 1 version: 8.0.0 error: Unexpected token e in JSON at position 1", + "Failed to migrate user action connector with doc id: 1 version: 8.0.0 error: Unexpected token 'e', \\"new json value\\" is not valid JSON", Object { "migrations": Object { "userAction": Object { diff --git a/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts b/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts index 95dca041521e0..ebce74d89b2dc 100644 --- a/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts +++ b/x-pack/plugins/cloud_security_posture/server/lib/check_index_status.ts @@ -9,25 +9,45 @@ import { ElasticsearchClient, type Logger } from '@kbn/core/server'; import { getSafePostureTypeRuntimeMapping } from '../../common/runtime_mappings/get_safe_posture_type_runtime_mapping'; import { IndexStatus, PostureTypes } from '../../common/types'; +export interface PostureTypeAndRetention { + postureType?: PostureTypes; + retentionTime?: string; +} + export const checkIndexStatus = async ( esClient: ElasticsearchClient, index: string, logger: Logger, - postureType?: PostureTypes + PostureTypeAndRetention?: PostureTypeAndRetention ): Promise => { - const query = - !postureType || postureType === 'all' || postureType === 'vuln_mgmt' - ? undefined - : { - bool: { - filter: { - term: { - safe_posture_type: postureType, + const isNotKspmOrCspm = + !PostureTypeAndRetention?.postureType || + PostureTypeAndRetention?.postureType === 'all' || + PostureTypeAndRetention?.postureType === 'vuln_mgmt'; + + const query = { + bool: { + filter: [ + ...(isNotKspmOrCspm + ? [] + : [ + { + term: { + safe_posture_type: PostureTypeAndRetention?.postureType, + }, }, + ]), + { + range: { + '@timestamp': { + gte: `now-${PostureTypeAndRetention?.retentionTime}`, + lte: 'now', }, }, - }; - + }, + ], + }, + }; try { const queryResult = await esClient.search({ index, @@ -37,7 +57,6 @@ export const checkIndexStatus = async ( query, size: 1, }); - return queryResult.hits.hits.length ? 'not-empty' : 'empty'; } catch (e) { logger.debug(e); diff --git a/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts b/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts index 86b0d0a66802b..ed3bcd99746fc 100644 --- a/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts +++ b/x-pack/plugins/cloud_security_posture/server/routes/status/status.ts @@ -29,6 +29,9 @@ import { POSTURE_TYPES, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, VULN_MGMT_POLICY_TEMPLATE, + POSTURE_TYPE_ALL, + LATEST_VULNERABILITIES_RETENTION_POLICY, + LATEST_FINDINGS_RETENTION_POLICY, } from '../../../common/constants'; import type { CspApiRequestHandlerContext, @@ -168,20 +171,53 @@ export const getCspStatus = async ({ installedPackagePoliciesVulnMgmt, installedPolicyTemplates, ] = await Promise.all([ - checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger), - checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger), - checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger), - - checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, 'cspm'), - checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, 'cspm'), - checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, 'cspm'), - - checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, 'kspm'), - checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, 'kspm'), - checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, 'kspm'), - - checkIndexStatus(esClient, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, logger), - checkIndexStatus(esClient, VULNERABILITIES_INDEX_PATTERN, logger, VULN_MGMT_POLICY_TEMPLATE), + checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, { + postureType: POSTURE_TYPE_ALL, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), + checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, { + postureType: POSTURE_TYPE_ALL, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), + checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, { + postureType: POSTURE_TYPE_ALL, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), + + checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, { + postureType: CSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, { + postureType: CSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, { + postureType: CSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + + checkIndexStatus(esClient, LATEST_FINDINGS_INDEX_DEFAULT_NS, logger, { + postureType: KSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + checkIndexStatus(esClient, FINDINGS_INDEX_PATTERN, logger, { + postureType: KSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + checkIndexStatus(esClient, BENCHMARK_SCORE_INDEX_DEFAULT_NS, logger, { + postureType: KSPM_POLICY_TEMPLATE, + retentionTime: LATEST_FINDINGS_RETENTION_POLICY, + }), + + checkIndexStatus(esClient, LATEST_VULNERABILITIES_INDEX_DEFAULT_NS, logger, { + postureType: VULN_MGMT_POLICY_TEMPLATE, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), + checkIndexStatus(esClient, VULNERABILITIES_INDEX_PATTERN, logger, { + postureType: VULN_MGMT_POLICY_TEMPLATE, + retentionTime: LATEST_VULNERABILITIES_RETENTION_POLICY, + }), packageService.asInternalUser.getInstallation(CLOUD_SECURITY_POSTURE_PACKAGE_NAME), packageService.asInternalUser.fetchFindLatestPackage(CLOUD_SECURITY_POSTURE_PACKAGE_NAME), @@ -295,6 +331,7 @@ export const getCspStatus = async ({ { latest: vulnerabilitiesLatestIndexStatus, stream: vulnerabilitiesIndexStatus, + score: scoreIndexStatus, }, installation, healthyAgentsVulMgmt, diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/document_creation/document_creation_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/document_creation/document_creation_logic.test.ts index 3e39c50ff8de7..925f5af35ff48 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/document_creation/document_creation_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/document_creation/document_creation_logic.test.ts @@ -404,7 +404,7 @@ describe('DocumentCreationLogic', () => { DocumentCreationLogic.actions.onSubmitJson(); expect(DocumentCreationLogic.actions.setErrors).toHaveBeenCalledWith([ - 'Unexpected token i in JSON at position 0', + `Unexpected token 'i', "invalid JSON" is not valid JSON`, ]); expect(DocumentCreationLogic.actions.uploadDocuments).not.toHaveBeenCalled(); }); diff --git a/x-pack/plugins/features/server/feature_registry.test.ts b/x-pack/plugins/features/server/feature_registry.test.ts index d3021bf339473..e0d0591c67d88 100644 --- a/x-pack/plugins/features/server/feature_registry.test.ts +++ b/x-pack/plugins/features/server/feature_registry.test.ts @@ -52,7 +52,7 @@ describe('FeatureRegistry', () => { app: ['app1'], savedObject: { all: ['space', 'etc', 'telemetry'], - read: ['canvas', 'config', 'url'], + read: ['canvas', 'config', 'config-global', 'url'], }, api: ['someApiEndpointTag', 'anotherEndpointTag'], ui: ['allowsFoo', 'showBar', 'showBaz'], @@ -60,7 +60,7 @@ describe('FeatureRegistry', () => { read: { savedObject: { all: [], - read: ['config', 'url', 'telemetry'], + read: ['config', 'config-global', 'url', 'telemetry'], }, ui: [], }, @@ -125,7 +125,7 @@ describe('FeatureRegistry', () => { app: ['app1'], savedObject: { all: ['space', 'etc', 'telemetry'], - read: ['canvas', 'config', 'url'], + read: ['canvas', 'config', 'config-global', 'url'], }, api: ['someApiEndpointTag', 'anotherEndpointTag'], ui: ['allowsFoo', 'showBar', 'showBaz'], @@ -290,7 +290,7 @@ describe('FeatureRegistry', () => { expect(allPrivilege?.savedObject.all).toEqual(['telemetry']); }); - it(`automatically grants access to config, url, and telemetry saved objects`, () => { + it(`automatically grants access to config, config-global, url, and telemetry saved objects`, () => { const feature: KibanaFeatureConfig = { id: 'test-feature', name: 'Test Feature', @@ -324,11 +324,16 @@ describe('FeatureRegistry', () => { const allPrivilege = result[0].privileges?.all; const readPrivilege = result[0].privileges?.read; - expect(allPrivilege?.savedObject.read).toEqual(['config', 'url']); - expect(readPrivilege?.savedObject.read).toEqual(['config', 'telemetry', 'url']); + expect(allPrivilege?.savedObject.read).toEqual(['config', 'config-global', 'url']); + expect(readPrivilege?.savedObject.read).toEqual([ + 'config', + 'config-global', + 'telemetry', + 'url', + ]); }); - it(`automatically grants 'all' access to telemetry and 'read' to [config, url] saved objects for the reserved privilege`, () => { + it(`automatically grants 'all' access to telemetry and 'read' to [config, config-global, url] saved objects for the reserved privilege`, () => { const feature: KibanaFeatureConfig = { id: 'test-feature', name: 'Test Feature', @@ -359,7 +364,7 @@ describe('FeatureRegistry', () => { const reservedPrivilege = result[0]!.reserved!.privileges[0].privilege; expect(reservedPrivilege.savedObject.all).toEqual(['telemetry']); - expect(reservedPrivilege.savedObject.read).toEqual(['config', 'url']); + expect(reservedPrivilege.savedObject.read).toEqual(['config', 'config-global', 'url']); }); it(`does not duplicate the automatic grants if specified on the incoming feature`, () => { @@ -373,14 +378,14 @@ describe('FeatureRegistry', () => { ui: [], savedObject: { all: ['telemetry'], - read: ['config', 'url'], + read: ['config', 'config-global', 'url'], }, }, read: { ui: [], savedObject: { all: [], - read: ['config', 'url'], + read: ['config', 'config-global', 'url'], }, }, }, @@ -397,8 +402,13 @@ describe('FeatureRegistry', () => { const allPrivilege = result[0].privileges!.all; const readPrivilege = result[0].privileges!.read; expect(allPrivilege?.savedObject.all).toEqual(['telemetry']); - expect(allPrivilege?.savedObject.read).toEqual(['config', 'url']); - expect(readPrivilege?.savedObject.read).toEqual(['config', 'url', 'telemetry']); + expect(allPrivilege?.savedObject.read).toEqual(['config', 'config-global', 'url']); + expect(readPrivilege?.savedObject.read).toEqual([ + 'config', + 'config-global', + 'url', + 'telemetry', + ]); }); it(`does not allow duplicate features to be registered`, () => { @@ -484,7 +494,7 @@ describe('FeatureRegistry', () => { name: 'Foo', app: ['app1', 'app2'], savedObject: { - all: ['config', 'space', 'etc'], + all: ['config', 'config-global', 'space', 'etc'], read: ['canvas'], }, api: ['someApiEndpointTag', 'anotherEndpointTag'], diff --git a/x-pack/plugins/features/server/feature_registry.ts b/x-pack/plugins/features/server/feature_registry.ts index cbcd426f6accf..40c278b2fe4ed 100644 --- a/x-pack/plugins/features/server/feature_registry.ts +++ b/x-pack/plugins/features/server/feature_registry.ts @@ -118,7 +118,12 @@ function applyAutomaticAllPrivilegeGrants( allPrivileges.forEach((allPrivilege) => { if (allPrivilege) { allPrivilege.savedObject.all = uniq([...allPrivilege.savedObject.all, 'telemetry']); - allPrivilege.savedObject.read = uniq([...allPrivilege.savedObject.read, 'config', 'url']); + allPrivilege.savedObject.read = uniq([ + ...allPrivilege.savedObject.read, + 'config', + 'config-global', + 'url', + ]); } }); } @@ -131,6 +136,7 @@ function applyAutomaticReadPrivilegeGrants( readPrivilege.savedObject.read = uniq([ ...readPrivilege.savedObject.read, 'config', + 'config-global', 'telemetry', 'url', ]); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.test.tsx index 6de1a3caaa2c1..6e965dc9eca6a 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.test.tsx @@ -63,6 +63,8 @@ describe('AgentLogsUI', () => { const state = { datasets: ['elastic_agent'], logLevels: ['info', 'error'], + start: '2023-20-04T14:00:00.340Z', + end: '2023-20-04T14:20:00.340Z', query: '', } as any; return render(); @@ -97,7 +99,10 @@ describe('AgentLogsUI', () => { it('should render Open in Logs UI if capabilities not set', () => { mockStartServices(); const result = renderComponent(); - expect(result.getByTestId('viewInLogsBtn')).not.toBeNull(); + expect(result.getByTestId('viewInLogsBtn')).toHaveAttribute( + 'href', + `http://localhost:5620/app/logs/stream?logPosition=(end%3A'2023-20-04T14%3A20%3A00.340Z'%2Cstart%3A'2023-20-04T14%3A00%3A00.340Z'%2CstreamLive%3A!f)&logFilter=(expression%3A'elastic_agent.id%3Aagent1%20and%20(data_stream.dataset%3Aelastic_agent)%20and%20(log.level%3Ainfo%20or%20log.level%3Aerror)'%2Ckind%3Akuery)` + ); }); it('should render Open in Discover if serverless enabled', () => { @@ -106,7 +111,7 @@ describe('AgentLogsUI', () => { const viewInDiscover = result.getByTestId('viewInDiscoverBtn'); expect(viewInDiscover).toHaveAttribute( 'href', - `http://localhost:5620/app/discover#/?_a=(index:'logs-*',query:(language:kuery,query:'data_stream.dataset:elastic_agent%20AND%20elastic_agent.id:agent1'))` + `http://localhost:5620/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:'2023-20-04T14:00:00.340Z',to:'2023-20-04T14:20:00.340Z'))&_a=(columns:!(event.dataset,message),index:'logs-*',query:(language:kuery,query:'elastic_agent.id:agent1 and (data_stream.dataset:elastic_agent) and (log.level:info or log.level:error)'))` ); }); }); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.tsx index 8efef6592f870..05efb3abfdcaa 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/agent_logs.tsx @@ -4,21 +4,14 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ - -import url from 'url'; -import { stringify } from 'querystring'; - import React, { memo, useMemo, useState, useCallback, useEffect } from 'react'; import styled from 'styled-components'; -import { encode } from '@kbn/rison'; import { EuiFlexGroup, EuiFlexItem, EuiSuperDatePicker, EuiFilterGroup, EuiPanel, - EuiButton, - EuiButtonEmpty, EuiCallOut, EuiLink, } from '@elastic/eui'; @@ -42,6 +35,7 @@ import { LogLevelFilter } from './filter_log_level'; import { LogQueryBar } from './query_bar'; import { buildQuery } from './build_query'; import { SelectLogLevel } from './select_log_level'; +import { ViewLogsButton } from './view_logs_button'; const WrapperFlexGroup = styled(EuiFlexGroup)` height: 100%; @@ -118,7 +112,7 @@ const AgentPolicyLogsNotEnabledCallout: React.FunctionComponent<{ agentPolicy: A export const AgentLogsUI: React.FunctionComponent = memo( ({ agent, agentPolicy, state }) => { - const { data, application, http, cloud } = useStartServices(); + const { data, application, cloud } = useStartServices(); const { update: updateState } = AgentLogsUrlStateHelper.useTransitions(); const isLogsUIAvailable = !cloud?.isServerlessEnabled; @@ -218,37 +212,6 @@ export const AgentLogsUI: React.FunctionComponent = memo( [agent.id, state.datasets, state.logLevels, state.query] ); - // Generate URL to pass page state to Logs UI - const viewInLogsUrl = useMemo( - () => - http.basePath.prepend( - url.format({ - pathname: '/app/logs/stream', - search: stringify({ - logPosition: encode({ - start: state.start, - end: state.end, - streamLive: false, - }), - logFilter: encode({ - expression: logStreamQuery, - kind: 'kuery', - }), - }), - }) - ), - [http.basePath, state.start, state.end, logStreamQuery] - ); - - const viewInDiscoverUrl = useMemo(() => { - const index = 'logs-*'; - const datasetQuery = 'data_stream.dataset:elastic_agent'; - const agentIdQuery = `elastic_agent.id:${agent.id}`; - return http.basePath.prepend( - `/app/discover#/?_a=(index:'${index}',query:(language:kuery,query:'${datasetQuery}%20AND%20${agentIdQuery}'))` - ); - }, [http.basePath, agent.id]); - const agentVersion = agent.local_metadata?.elastic?.agent?.version; const isLogFeatureAvailable = useMemo(() => { if (!agentVersion) { @@ -357,30 +320,12 @@ export const AgentLogsUI: React.FunctionComponent = memo( application, }} > - {isLogsUIAvailable ? ( - - - - ) : ( - - - - )} + diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/view_logs_button.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/view_logs_button.tsx new file mode 100644 index 0000000000000..762c34ad7bc36 --- /dev/null +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/agent_logs/view_logs_button.tsx @@ -0,0 +1,85 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import url from 'url'; +import { stringify } from 'querystring'; + +import React, { useMemo } from 'react'; +import { encode } from '@kbn/rison'; +import { EuiButton } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; + +import { useStartServices } from '../../../../../hooks'; + +interface ViewLogsProps { + viewInLogs: boolean; + logStreamQuery: string; + startTime: string; + endTime: string; +} + +/* + Button that takes to the Logs view Ui when that is available, otherwise fallback to the Discover UI + The urls are built using same logStreamQuery (provided by a prop), startTime and endTime, ensuring that they'll both will target same log lines +*/ +export const ViewLogsButton: React.FunctionComponent = ({ + viewInLogs, + logStreamQuery, + startTime, + endTime, +}) => { + const { http } = useStartServices(); + + // Generate URL to pass page state to Logs UI + const viewInLogsUrl = useMemo( + () => + http.basePath.prepend( + url.format({ + pathname: '/app/logs/stream', + search: stringify({ + logPosition: encode({ + start: startTime, + end: endTime, + streamLive: false, + }), + logFilter: encode({ + expression: logStreamQuery, + kind: 'kuery', + }), + }), + }) + ), + [http.basePath, startTime, endTime, logStreamQuery] + ); + + const viewInDiscoverUrl = useMemo(() => { + const index = 'logs-*'; + const query = encode({ + query: logStreamQuery, + language: 'kuery', + }); + return http.basePath.prepend( + `/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:'${startTime}',to:'${endTime}'))&_a=(columns:!(event.dataset,message),index:'${index}',query:${query})` + ); + }, [logStreamQuery, http.basePath, startTime, endTime]); + + return viewInLogs ? ( + + + + ) : ( + + + + ); +}; diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.test.tsx index dffa4bc665bdb..1518a68fd6f0c 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.test.tsx @@ -244,8 +244,7 @@ describe('AgentUpgradeStatus', () => { expect(results.queryAllByText('Info')).toEqual([]); }); - // Unskip this test when minVersion is set. - it.skip('should render an icon with tooltip if the agent is upgrading', async () => { + it('should render an icon with tooltip if the agent is upgrading', async () => { const results = render({ agentUpgradeStartedAt: '2023-10-03T14:34:12Z', agentUpgradedAt: null, diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.tsx index 572b86d62c73d..ab4835757f94d 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/agent_upgrade_status.tsx @@ -225,7 +225,7 @@ export const AgentUpgradeStatus: React.FC<{ [agentUpgradeStartedAt, agentUpgradedAt] ); const status = useMemo(() => getStatusComponents(agentUpgradeDetails), [agentUpgradeDetails]); - const minVersion = undefined; // Change this to a string in order for a tooltip to render for upgrading agents with no upgrade details. + const minVersion = '8.12'; if (isAgentUpgradable) { return ( @@ -249,7 +249,7 @@ export const AgentUpgradeStatus: React.FC<{ ); } - if (minVersion && isAgentUpgrading) { + if (isAgentUpgrading) { return ( { + return { + ...jest.requireActual('../../../../hooks'), + useLink: jest.fn(), + useStartServices: jest.fn(), + }; +}); + +const mockUseStartServices = useStartServices as jest.Mock; + jest.mock('@kbn/shared-ux-link-redirect-app', () => ({ RedirectAppLinks: (props: any) => { return
{props.children}
; }, })); -jest.mock('../../../../hooks', () => { - return { - useStartServices: jest.fn().mockReturnValue({ - http: { - basePath: { - prepend: jest.fn().mockImplementation((str) => 'http://localhost' + str), +const mockStartServices = (isServerlessEnabled?: boolean) => { + mockUseStartServices.mockReturnValue({ + application: {}, + data: { + query: { + timefilter: { + timefilter: { + calculateBounds: jest.fn().mockReturnValue({ + min: '2023-10-04T13:08:53.340Z', + max: '2023-10-05T13:08:53.340Z', + }), + }, }, }, - }), - }; -}); + }, + http: { + basePath: { + prepend: (url: string) => 'http://localhost:5620' + url, + }, + }, + cloud: { + isServerlessEnabled, + }, + }); +}; describe('ViewErrors', () => { const renderComponent = (action: ActionStatus) => { @@ -41,7 +67,30 @@ describe('ViewErrors', () => { ); }; - it('should render error message with btn to logs', () => { + it('should render error message with btn to Logs view if serverless not enabled', () => { + mockStartServices(); + const result = renderComponent({ + actionId: 'action1', + latestErrors: [ + { + agentId: 'agent1', + error: 'Agent agent1 is not upgradeable', + timestamp: '2023-03-06T14:51:24.709Z', + }, + ], + } as any); + + const errorText = result.getByTestId('errorText'); + expect(errorText.textContent).toEqual('Agent agent1 is not upgradeable'); + + const viewErrorBtn = result.getByTestId('viewInLogsBtn'); + expect(viewErrorBtn.getAttribute('href')).toEqual( + `http://localhost:5620/app/logs/stream?logPosition=(end%3A'2023-03-06T14%3A56%3A24.709Z'%2Cstart%3A'2023-03-06T14%3A46%3A24.709Z'%2CstreamLive%3A!f)&logFilter=(expression%3A'elastic_agent.id%3Aagent1%20and%20(data_stream.dataset%3Aelastic_agent)%20and%20(log.level%3Aerror)'%2Ckind%3Akuery)` + ); + }); + + it('should render error message with btn to Discover view if serverless enabled', () => { + mockStartServices(true); const result = renderComponent({ actionId: 'action1', latestErrors: [ @@ -56,9 +105,9 @@ describe('ViewErrors', () => { const errorText = result.getByTestId('errorText'); expect(errorText.textContent).toEqual('Agent agent1 is not upgradeable'); - const viewErrorBtn = result.getByTestId('viewLogsBtn'); + const viewErrorBtn = result.getByTestId('viewInDiscoverBtn'); expect(viewErrorBtn.getAttribute('href')).toEqual( - `http://localhost/app/logs/stream?logPosition=(position%3A(time%3A1678114284709)%2CstreamLive%3A!f)&logFilter=(expression%3A'elastic_agent.id%3Aagent1%20and%20(data_stream.dataset%3Aelastic_agent)%20and%20(log.level%3Aerror)'%2Ckind%3Akuery)` + `http://localhost:5620/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:'2023-03-06T14:46:24.709Z',to:'2023-03-06T14:56:24.709Z'))&_a=(columns:!(event.dataset,message),index:'logs-*',query:(language:kuery,query:'elastic_agent.id:agent1 and (data_stream.dataset:elastic_agent) and (log.level:error)'))` ); }); }); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/view_errors.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/view_errors.tsx index d49be8d4cacda..4d43c9a60a618 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/view_errors.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/view_errors.tsx @@ -5,21 +5,19 @@ * 2.0. */ -import { stringify } from 'querystring'; - import styled from 'styled-components'; import React from 'react'; -import { encode } from '@kbn/rison'; import type { EuiBasicTableProps } from '@elastic/eui'; -import { EuiButton, EuiAccordion, EuiToolTip, EuiText, EuiBasicTable } from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n-react'; +import { EuiAccordion, EuiToolTip, EuiText, EuiBasicTable } from '@elastic/eui'; import { RedirectAppLinks } from '@kbn/shared-ux-link-redirect-app'; +import moment from 'moment'; import { i18n } from '@kbn/i18n'; import type { ActionErrorResult } from '../../../../../../../common/types'; import { buildQuery } from '../../agent_details_page/components/agent_logs/build_query'; +import { ViewLogsButton } from '../../agent_details_page/components/agent_logs/view_logs_button'; import type { ActionStatus } from '../../../../types'; import { useStartServices } from '../../../../hooks'; @@ -32,27 +30,26 @@ const TruncatedEuiText = styled(EuiText)` export const ViewErrors: React.FunctionComponent<{ action: ActionStatus }> = ({ action }) => { const coreStart = useStartServices(); + const isLogsUIAvailable = !coreStart.cloud?.isServerlessEnabled; + + const getLogsButton = (agentId: string, timestamp: string, viewInLogs: boolean) => { + const startTime = moment(timestamp).subtract(5, 'm').toISOString(); + const endTime = moment(timestamp).add(5, 'm').toISOString(); - const logStreamQuery = (agentId: string) => - buildQuery({ + const logStreamQuery = buildQuery({ agentId, datasets: ['elastic_agent'], logLevels: ['error'], userQuery: '', }); - - const getErrorLogsUrl = (agentId: string, timestamp: string) => { - const queryParams = stringify({ - logPosition: encode({ - position: { time: Date.parse(timestamp) }, - streamLive: false, - }), - logFilter: encode({ - expression: logStreamQuery(agentId), - kind: 'kuery', - }), - }); - return coreStart.http.basePath.prepend(`/app/logs/stream?${queryParams}`); + return ( + + ); }; const columns: EuiBasicTableProps['columns'] = [ @@ -89,16 +86,7 @@ export const ViewErrors: React.FunctionComponent<{ action: ActionStatus }> = ({ const errorItem = (action.latestErrors ?? []).find((item) => item.agentId === agentId); return ( - - - + {getLogsButton(agentId, errorItem!.timestamp, !!isLogsUIAvailable)} ); }, diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx index ddd68d8380419..2308cc824db6d 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.test.tsx @@ -11,6 +11,7 @@ import type { Output } from '../../../../types'; import { createFleetTestRendererMock } from '../../../../../../mock'; import { useFleetStatus } from '../../../../../../hooks/use_fleet_status'; import { ExperimentalFeaturesService } from '../../../../../../services'; +import { useStartServices } from '../../../../hooks'; import { EditOutputFlyout } from '.'; @@ -25,6 +26,16 @@ jest.mock('../../../../../../hooks/use_fleet_status', () => ({ useFleetStatus: jest.fn().mockReturnValue({}), })); +jest.mock('../../../../hooks', () => { + return { + ...jest.requireActual('../../../../hooks'), + useBreadcrumbs: jest.fn(), + useStartServices: jest.fn(), + }; +}); + +const mockUseStartServices = useStartServices as jest.Mock; + const mockedUsedFleetStatus = useFleetStatus as jest.MockedFunction; function renderFlyout(output?: Output) { @@ -67,6 +78,22 @@ const kafkaSectionsLabels = [ const remoteEsOutputLabels = ['Hosts', 'Service Token']; describe('EditOutputFlyout', () => { + const mockStartServices = (isServerlessEnabled?: boolean) => { + mockUseStartServices.mockReturnValue({ + notifications: { toasts: {} }, + docLinks: { + links: { fleet: {}, logstash: {}, kibana: {} }, + }, + cloud: { + isServerlessEnabled, + }, + }); + }; + + beforeEach(() => { + mockStartServices(false); + }); + it('should render the flyout if there is not output provided', async () => { renderFlyout(); }); @@ -177,5 +204,26 @@ describe('EditOutputFlyout', () => { expect(utils.queryByLabelText(label)).not.toBeNull(); }); expect(utils.queryByTestId('serviceTokenCallout')).not.toBeNull(); + + expect(utils.queryByTestId('settingsOutputsFlyout.typeInput')?.textContent).toContain( + 'Remote Elasticsearch' + ); + }); + + it('should not display remote ES output in type lists if serverless', async () => { + jest.spyOn(ExperimentalFeaturesService, 'get').mockReturnValue({ remoteESOutput: true }); + mockUseStartServices.mockReset(); + mockStartServices(true); + const { utils } = renderFlyout({ + type: 'elasticsearch', + name: 'dummy', + id: 'output', + is_default: false, + is_default_monitoring: false, + }); + + expect(utils.queryByTestId('settingsOutputsFlyout.typeInput')?.textContent).not.toContain( + 'Remote Elasticsearch' + ); }); }); diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.tsx index b35162bc51667..0346986f3abbe 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/edit_output_flyout/index.tsx @@ -70,7 +70,7 @@ export const EditOutputFlyout: React.FunctionComponent = useBreadcrumbs('settings'); const form = useOutputForm(onClose, output); const inputs = form.inputs; - const { docLinks } = useStartServices(); + const { docLinks, cloud } = useStartServices(); const { euiTheme } = useEuiTheme(); const { outputSecretsStorage: isOutputSecretsStorageEnabled } = ExperimentalFeaturesService.get(); const [useSecretsStorage, setUseSecretsStorage] = React.useState(isOutputSecretsStorageEnabled); @@ -87,10 +87,12 @@ export const EditOutputFlyout: React.FunctionComponent = const { kafkaOutput: isKafkaOutputEnabled, remoteESOutput: isRemoteESOutputEnabled } = ExperimentalFeaturesService.get(); const isRemoteESOutput = inputs.typeInput.value === outputType.RemoteElasticsearch; + // Remote ES output not yet supported in serverless + const isStateful = !cloud?.isServerlessEnabled; const OUTPUT_TYPE_OPTIONS = [ { value: outputType.Elasticsearch, text: 'Elasticsearch' }, - ...(isRemoteESOutputEnabled + ...(isRemoteESOutputEnabled && isStateful ? [{ value: outputType.RemoteElasticsearch, text: 'Remote Elasticsearch' }] : []), { value: outputType.Logstash, text: 'Logstash' }, diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx index 9c2ca98479a85..adeb17a5efdcc 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/settings.tsx @@ -141,6 +141,11 @@ export const SettingsPage: React.FC = memo(({ packageInfo, theme$ }: Prop [packagePoliciesData] ); + const agentPolicyIds = useMemo( + () => packagePoliciesData?.items.map(({ policy_id: agentPolicyId }) => agentPolicyId) ?? [], + [packagePoliciesData] + ); + const { data: dryRunData } = useUpgradePackagePolicyDryRunQuery( packagePolicyIds ?? [], latestVersion, @@ -329,6 +334,7 @@ export const SettingsPage: React.FC = memo(({ packageInfo, theme$ }: Prop { dryRunData?: UpgradePackagePolicyDryRunResponse | null; packagePolicyIds?: string[]; + agentPolicyIds: string[]; isUpgradingPackagePolicies?: boolean; setIsUpgradingPackagePolicies?: React.Dispatch>; theme$: Observable; @@ -73,6 +73,7 @@ export const UpdateButton: React.FunctionComponent = ({ isUpgradingPackagePolicies = false, name, packagePolicyIds = [], + agentPolicyIds = [], setIsUpgradingPackagePolicies = () => {}, title, version, @@ -92,16 +93,7 @@ export const UpdateButton: React.FunctionComponent = ({ const [isUpdateModalVisible, setIsUpdateModalVisible] = useState(false); const [upgradePackagePolicies, setUpgradePackagePolicies] = useState(true); - const { data: agentPolicyData } = useGetAgentPoliciesQuery({ - perPage: SO_SEARCH_LIMIT, - page: 1, - // Fetch all agent policies that include one of the eligible package policies - kuery: packagePolicyIds.length - ? `${AGENT_POLICY_SAVED_OBJECT_TYPE}.package_policies:${packagePolicyIds - .map((id) => `"${id}"`) - .join(' or ')}` - : '', - }); + const { data: agentPolicyData } = useBulkGetAgentPoliciesQuery(agentPolicyIds, { full: true }); const packagePolicyCount = useMemo(() => packagePolicyIds.length, [packagePolicyIds]); diff --git a/x-pack/plugins/fleet/public/custom_logs_assets_extension.tsx b/x-pack/plugins/fleet/public/custom_logs_assets_extension.tsx index 4090c4520bf2a..26668c4062981 100644 --- a/x-pack/plugins/fleet/public/custom_logs_assets_extension.tsx +++ b/x-pack/plugins/fleet/public/custom_logs_assets_extension.tsx @@ -14,8 +14,12 @@ import { useStartServices } from './hooks'; import type { PackageAssetsComponent } from './types'; export const CustomLogsAssetsExtension: PackageAssetsComponent = () => { - const { http } = useStartServices(); - const logStreamUrl = http.basePath.prepend('/app/logs/stream'); + const { http, cloud } = useStartServices(); + const isLogsUIAvailable = !cloud?.isServerlessEnabled; + // if logs ui is not available, link to discover + const logStreamUrl = isLogsUIAvailable + ? http.basePath.prepend('/app/logs/stream') + : http.basePath.prepend('/app/discover'); const views: CustomAssetsAccordionProps['views'] = [ { diff --git a/x-pack/plugins/fleet/public/hooks/use_request/agent_policy.ts b/x-pack/plugins/fleet/public/hooks/use_request/agent_policy.ts index ee0481bd373af..6ce49febdeca2 100644 --- a/x-pack/plugins/fleet/public/hooks/use_request/agent_policy.ts +++ b/x-pack/plugins/fleet/public/hooks/use_request/agent_policy.ts @@ -22,6 +22,7 @@ import type { CopyAgentPolicyResponse, DeleteAgentPolicyRequest, DeleteAgentPolicyResponse, + BulkGetAgentPoliciesResponse, } from '../../types'; import { useRequest, sendRequest, useConditionalRequest, sendRequestForRq } from './use_request'; @@ -47,6 +48,17 @@ export const useGetAgentPoliciesQuery = (query?: GetAgentPoliciesRequest['query' ); }; +export const useBulkGetAgentPoliciesQuery = (ids: string[], options?: { full?: boolean }) => { + return useQuery(['agentPolicies', ids], () => + sendRequestForRq({ + path: agentPolicyRouteService.getBulkGetPath(), + method: 'post', + body: JSON.stringify({ ids, full: options?.full }), + version: API_VERSIONS.public.v1, + }) + ); +}; + export const sendGetAgentPolicies = (query?: GetAgentPoliciesRequest['query']) => { return sendRequest({ path: agentPolicyRouteService.getListPath(), diff --git a/x-pack/plugins/fleet/public/types/index.ts b/x-pack/plugins/fleet/public/types/index.ts index 8c7d3ddcf5b45..63837dc809559 100644 --- a/x-pack/plugins/fleet/public/types/index.ts +++ b/x-pack/plugins/fleet/public/types/index.ts @@ -137,6 +137,7 @@ export type { KibanaSavedObjectType, GetInputsTemplatesRequest, GetInputsTemplatesResponse, + BulkGetAgentPoliciesResponse, } from '../../common/types'; export { entries, diff --git a/x-pack/plugins/fleet/server/plugin.ts b/x-pack/plugins/fleet/server/plugin.ts index 0373971c664e2..8333d0257a8f0 100644 --- a/x-pack/plugins/fleet/server/plugin.ts +++ b/x-pack/plugins/fleet/server/plugin.ts @@ -524,6 +524,9 @@ export class FleetPlugin this.policyWatcher.start(licenseService); + // We only retry when this feature flag is enabled (Serverless) + const setupAttempts = this.configInitialValue.internal?.retrySetupOnBoot ? 25 : 1; + const fleetSetupPromise = (async () => { try { // Fleet remains `available` during setup as to excessively delay Kibana's boot process. @@ -555,10 +558,9 @@ export class FleetPlugin ); }, { - // We only retry when this feature flag is enabled - numOfAttempts: this.configInitialValue.internal?.retrySetupOnBoot ? Infinity : 1, - // 250ms initial backoff - startingDelay: 250, + numOfAttempts: setupAttempts, + // 1s initial backoff + startingDelay: 1000, // 5m max backoff maxDelay: 60000 * 5, timeMultiple: 2, @@ -566,7 +568,7 @@ export class FleetPlugin jitter: 'full', retry: (error: any, attemptCount: number) => { const summary = `Fleet setup attempt ${attemptCount} failed, will retry after backoff`; - logger.debug(summary, { error: { message: error } }); + logger.warn(summary, { error: { message: error } }); this.fleetStatus$.next({ level: ServiceStatusLevels.available, @@ -586,7 +588,9 @@ export class FleetPlugin summary: 'Fleet is available', }); } catch (error) { - logger.warn('Fleet setup failed', { error: { message: error } }); + logger.warn(`Fleet setup failed after ${setupAttempts} attempts`, { + error: { message: error }, + }); this.fleetStatus$.next({ // As long as Fleet has a dependency on EPR, we can't reliably set Kibana status to `unavailable` here. diff --git a/x-pack/plugins/fleet/server/routes/output/handler.test.ts b/x-pack/plugins/fleet/server/routes/output/handler.test.ts new file mode 100644 index 0000000000000..84443b3ad7196 --- /dev/null +++ b/x-pack/plugins/fleet/server/routes/output/handler.test.ts @@ -0,0 +1,91 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { agentPolicyService, appContextService, outputService } from '../../services'; + +import { postOutputHandler, putOutputHandler } from './handler'; + +describe('output handler', () => { + const mockContext = { + core: Promise.resolve({ + savedObjects: {}, + elasticsearch: { + client: {}, + }, + }), + } as any; + const mockResponse = { + customError: jest.fn().mockImplementation((options) => options), + ok: jest.fn().mockImplementation((options) => options), + }; + + beforeEach(() => { + jest.spyOn(appContextService, 'getLogger').mockReturnValue({ error: jest.fn() } as any); + jest.spyOn(outputService, 'create').mockResolvedValue({ id: 'output1' } as any); + jest.spyOn(outputService, 'update').mockResolvedValue({ id: 'output1' } as any); + jest.spyOn(outputService, 'get').mockResolvedValue({ id: 'output1' } as any); + jest.spyOn(agentPolicyService, 'bumpAllAgentPoliciesForOutput').mockResolvedValue({} as any); + }); + + it('should return error on post output using remote_elasticsearch in serverless', async () => { + jest.spyOn(appContextService, 'getCloud').mockReturnValue({ isServerlessEnabled: true } as any); + + const res = await postOutputHandler( + mockContext, + { body: { id: 'output1', type: 'remote_elasticsearch' } } as any, + mockResponse as any + ); + + expect(res).toEqual({ + body: { message: 'Output type remote_elasticsearch not supported in serverless' }, + statusCode: 400, + }); + }); + + it('should return ok on post output using remote_elasticsearch in stateful', async () => { + jest + .spyOn(appContextService, 'getCloud') + .mockReturnValue({ isServerlessEnabled: false } as any); + + const res = await postOutputHandler( + mockContext, + { body: { type: 'remote_elasticsearch' } } as any, + mockResponse as any + ); + + expect(res).toEqual({ body: { item: { id: 'output1' } } }); + }); + + it('should return error on put output using remote_elasticsearch in serverless', async () => { + jest.spyOn(appContextService, 'getCloud').mockReturnValue({ isServerlessEnabled: true } as any); + + const res = await putOutputHandler( + mockContext, + { body: { id: 'output1', type: 'remote_elasticsearch' } } as any, + mockResponse as any + ); + + expect(res).toEqual({ + body: { message: 'Output type remote_elasticsearch not supported in serverless' }, + statusCode: 400, + }); + }); + + it('should return ok on put output using remote_elasticsearch in stateful', async () => { + jest + .spyOn(appContextService, 'getCloud') + .mockReturnValue({ isServerlessEnabled: false } as any); + + const res = await putOutputHandler( + mockContext, + { body: { type: 'remote_elasticsearch' }, params: { outputId: 'output1' } } as any, + mockResponse as any + ); + + expect(res).toEqual({ body: { item: { id: 'output1' } } }); + }); +}); diff --git a/x-pack/plugins/fleet/server/routes/output/handler.ts b/x-pack/plugins/fleet/server/routes/output/handler.ts index 475e7e9625504..e100d9fd67e47 100644 --- a/x-pack/plugins/fleet/server/routes/output/handler.ts +++ b/x-pack/plugins/fleet/server/routes/output/handler.ts @@ -10,6 +10,8 @@ import type { TypeOf } from '@kbn/config-schema'; import Boom from '@hapi/boom'; +import type { ValueOf } from '@elastic/eui'; + import { outputType } from '../../../common/constants'; import type { @@ -23,11 +25,12 @@ import type { GetOneOutputResponse, GetOutputsResponse, Output, + OutputType, PostLogstashApiKeyResponse, } from '../../../common/types'; import { outputService } from '../../services/output'; import { defaultFleetErrorHandler, FleetUnauthorizedError } from '../../errors'; -import { agentPolicyService } from '../../services'; +import { agentPolicyService, appContextService } from '../../services'; import { generateLogstashApiKey, canCreateLogstashApiKey } from '../../services/api_keys'; function ensureNoDuplicateSecrets(output: Partial) { @@ -89,8 +92,9 @@ export const putOutputHandler: RequestHandler< const soClient = coreContext.savedObjects.client; const esClient = coreContext.elasticsearch.client.asInternalUser; const outputUpdate = request.body; - ensureNoDuplicateSecrets(outputUpdate); try { + validateOutputServerless(outputUpdate.type); + ensureNoDuplicateSecrets(outputUpdate); await outputService.update(soClient, esClient, request.params.outputId, outputUpdate); const output = await outputService.get(soClient, request.params.outputId); if (output.is_default || output.is_default_monitoring) { @@ -125,6 +129,7 @@ export const postOutputHandler: RequestHandler< const esClient = coreContext.elasticsearch.client.asInternalUser; try { const { id, ...newOutput } = request.body; + validateOutputServerless(newOutput.type); ensureNoDuplicateSecrets(newOutput); const output = await outputService.create(soClient, esClient, newOutput, { id }); if (output.is_default || output.is_default_monitoring) { @@ -141,6 +146,13 @@ export const postOutputHandler: RequestHandler< } }; +function validateOutputServerless(type?: ValueOf): void { + const cloudSetup = appContextService.getCloud(); + if (cloudSetup?.isServerlessEnabled && type === outputType.RemoteElasticsearch) { + throw Boom.badRequest('Output type remote_elasticsearch not supported in serverless'); + } +} + export const deleteOutputHandler: RequestHandler< TypeOf > = async (context, request, response) => { diff --git a/x-pack/plugins/infra/common/http_api/log_analysis/id_formats/v1/id_formats.ts b/x-pack/plugins/infra/common/http_api/log_analysis/id_formats/v1/id_formats.ts new file mode 100644 index 0000000000000..c148df6c4c506 --- /dev/null +++ b/x-pack/plugins/infra/common/http_api/log_analysis/id_formats/v1/id_formats.ts @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import * as rt from 'io-ts'; +import { logEntryRateJobTypeRT, logEntryCategoriesJobTypeRT } from '../../../../log_analysis'; + +export const idFormatRT = rt.union([rt.literal('legacy'), rt.literal('hashed')]); +export type IdFormat = rt.TypeOf; + +const jobTypeRT = rt.union([logEntryRateJobTypeRT, logEntryCategoriesJobTypeRT]); +export type JobType = rt.TypeOf; + +export const idFormatByJobTypeRT = rt.record(jobTypeRT, idFormatRT); +export type IdFormatByJobType = rt.TypeOf; + +export const LOG_ANALYSIS_GET_ID_FORMATS = '/api/infra/log_analysis/id_formats'; + +export const getLogAnalysisIdFormatsRequestPayloadRT = rt.type({ + data: rt.type({ + logViewId: rt.string, + spaceId: rt.string, + }), +}); + +export type GetLogAnalysisIdFormatsRequestPayload = rt.TypeOf< + typeof getLogAnalysisIdFormatsRequestPayloadRT +>; + +export const getLogAnalysisIdFormatsSuccessResponsePayloadRT = rt.type({ + data: rt.record(rt.union([logEntryRateJobTypeRT, logEntryCategoriesJobTypeRT]), idFormatRT), +}); + +export type GetLogAnalysisIdFormatsSuccessResponsePayload = rt.TypeOf< + typeof getLogAnalysisIdFormatsSuccessResponsePayloadRT +>; diff --git a/x-pack/plugins/lens/public/embeddable/embeddable.tsx b/x-pack/plugins/lens/public/embeddable/embeddable.tsx index b9d0bae197909..bb99e061893f2 100644 --- a/x-pack/plugins/lens/public/embeddable/embeddable.tsx +++ b/x-pack/plugins/lens/public/embeddable/embeddable.tsx @@ -176,7 +176,6 @@ interface LensBaseEmbeddableInput extends EmbeddableInput { onTableRowClick?: ( data: Simplify ) => void; - shouldShowLegendAction?: (actionId: string) => boolean; } export type LensByValueInput = { @@ -1110,7 +1109,6 @@ export class Embeddable }} noPadding={this.visDisplayOptions.noPadding} docLinks={this.deps.coreStart.docLinks} - shouldShowLegendAction={input.shouldShowLegendAction} /> (a.order ?? Infinity) - (b.order ?? Infinity)) .map((action) => ({ id: action.id, + type: action.type, iconType: action.getIconType({ embeddable, data, trigger: cellValueTrigger })!, displayName: action.getDisplayName({ embeddable, data, trigger: cellValueTrigger }), execute: (cellData) => diff --git a/x-pack/plugins/lens/public/embeddable/expression_wrapper.tsx b/x-pack/plugins/lens/public/embeddable/expression_wrapper.tsx index 75b141514f20c..82205c5b5990e 100644 --- a/x-pack/plugins/lens/public/embeddable/expression_wrapper.tsx +++ b/x-pack/plugins/lens/public/embeddable/expression_wrapper.tsx @@ -47,7 +47,6 @@ export interface ExpressionWrapperProps { lensInspector: LensInspector; noPadding?: boolean; docLinks: CoreStart['docLinks']; - shouldShowLegendAction?: (actionId: string) => boolean; } export function ExpressionWrapper({ @@ -74,7 +73,6 @@ export function ExpressionWrapper({ lensInspector, noPadding, docLinks, - shouldShowLegendAction, }: ExpressionWrapperProps) { if (!expression) return null; return ( @@ -106,7 +104,6 @@ export function ExpressionWrapper({ onEvent={handleEvent} hasCompatibleActions={hasCompatibleActions} getCompatibleCellValueActions={getCompatibleCellValueActions} - shouldShowLegendAction={shouldShowLegendAction} />
diff --git a/x-pack/plugins/lens/public/types.ts b/x-pack/plugins/lens/public/types.ts index 6ac2b98569d7f..25b637aebf071 100644 --- a/x-pack/plugins/lens/public/types.ts +++ b/x-pack/plugins/lens/public/types.ts @@ -1416,6 +1416,7 @@ export type LensTopNavMenuEntryGenerator = (props: { export interface LensCellValueAction { id: string; iconType: string; + type?: string; displayName: string; execute: (data: CellValueContext['data']) => void; } diff --git a/x-pack/plugins/lens/public/visualizations/datatable/components/columns.tsx b/x-pack/plugins/lens/public/visualizations/datatable/components/columns.tsx index 51aa500bbfebf..c31486d0a0f05 100644 --- a/x-pack/plugins/lens/public/visualizations/datatable/components/columns.tsx +++ b/x-pack/plugins/lens/public/visualizations/datatable/components/columns.tsx @@ -19,10 +19,15 @@ import type { DatatableColumnMeta, } from '@kbn/expressions-plugin/common'; import { EuiDataGridColumnCellAction } from '@elastic/eui/src/components/datagrid/data_grid_types'; +import { FILTER_CELL_ACTION_TYPE } from '@kbn/cell-actions/constants'; import type { FormatFactory } from '../../../../common/types'; import type { ColumnConfig } from '../../../../common/expressions'; import { LensCellValueAction } from '../../../types'; +const hasFilterCellAction = (actions: LensCellValueAction[]) => { + return actions.some(({ type }) => type === FILTER_CELL_ACTION_TYPE); +}; + export const createGridColumns = ( bucketColumns: string[], table: Datatable, @@ -81,7 +86,16 @@ export const createGridColumns = ( const columnArgs = columnConfig.columns.find(({ columnId }) => columnId === field); const cellActions: EuiDataGridColumnCellAction[] = []; - if (filterable && handleFilterClick && !columnArgs?.oneClickFilter) { + + // compatible cell actions from actions registry + const compatibleCellActions = columnCellValueActions?.[colIndex] ?? []; + + if ( + !hasFilterCellAction(compatibleCellActions) && + filterable && + handleFilterClick && + !columnArgs?.oneClickFilter + ) { cellActions.push( ({ rowIndex, columnId, Component }: EuiDataGridColumnCellActionProps) => { const { rowValue, contentsIsDefined, cellContent } = getContentData({ @@ -166,8 +180,6 @@ export const createGridColumns = ( ); } - // Add all the column compatible cell actions - const compatibleCellActions = columnCellValueActions?.[colIndex] ?? []; compatibleCellActions.forEach((action) => { cellActions.push(({ rowIndex, columnId, Component }: EuiDataGridColumnCellActionProps) => { const rowValue = table.rows[rowIndex][columnId]; diff --git a/x-pack/plugins/lens/tsconfig.json b/x-pack/plugins/lens/tsconfig.json index 12f737244bcb0..6cb071d18352a 100644 --- a/x-pack/plugins/lens/tsconfig.json +++ b/x-pack/plugins/lens/tsconfig.json @@ -91,7 +91,8 @@ "@kbn/logging", "@kbn/core-plugins-server", "@kbn/field-utils", - "@kbn/shared-ux-button-toolbar" + "@kbn/shared-ux-button-toolbar", + "@kbn/cell-actions" ], "exclude": [ "target/**/*", diff --git a/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_chart_distribution.js b/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_chart_distribution.js index 51fbb39f9f733..169f739de41cd 100644 --- a/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_chart_distribution.js +++ b/x-pack/plugins/ml/public/application/explorer/explorer_charts/explorer_chart_distribution.js @@ -177,7 +177,7 @@ export class ExplorerChartDistribution extends React.Component { .rangePoints([rowMargin, chartHeight - rowMargin]) .domain(scaleCategories); } else { - throw `chartType '${chartType}' not supported`; + throw new Error(`chartType '${chartType}' not supported`); } const yAxis = d3.svg diff --git a/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/index.ts b/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/index.ts index d0ddc6b2f53cf..dbe1da9988851 100644 --- a/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/index.ts +++ b/x-pack/plugins/observability_solution/apm/common/agent_configuration/setting_definitions/index.ts @@ -12,7 +12,7 @@ import { PathReporter } from 'io-ts/lib/PathReporter'; import { AgentName } from '../../../typings/es_schemas/ui/fields/agent'; import { booleanRt } from '../runtime_types/boolean_rt'; import { getIntegerRt } from '../runtime_types/integer_rt'; -import { isRumOrMobileAgent } from '../../agent_name'; +import { isRumOrMobileAgentName } from '../../agent_name'; import { floatRt } from '../runtime_types/float_rt'; import { RawSettingDefinition, SettingDefinition } from './types'; import { generalSettings } from './general_settings'; @@ -106,7 +106,7 @@ export function filterByAgent(agentName?: AgentName) { // only options that apply to every agent (ignoring RUM) should be returned if (setting.excludeAgents) { - return setting.excludeAgents.every(isRumOrMobileAgent); + return setting.excludeAgents.every(isRumOrMobileAgentName); } return true; diff --git a/x-pack/plugins/observability_solution/apm/common/agent_name.test.ts b/x-pack/plugins/observability_solution/apm/common/agent_name.test.ts deleted file mode 100644 index 972ecb39fcecd..0000000000000 --- a/x-pack/plugins/observability_solution/apm/common/agent_name.test.ts +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - isJavaAgentName, - isRumAgentName, - isIosAgentName, - isAndroidAgentName, - isMobileAgentName, - isServerlessAgent, - isAWSLambdaAgent, - isAzureFunctionsAgent, -} from './agent_name'; - -import { ServerlessType } from './serverless'; - -describe('agent name helpers', () => { - describe('isJavaAgentName', () => { - describe('when the agent name is java', () => { - it('returns true', () => { - expect(isJavaAgentName('java')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/java', () => { - it('returns true', () => { - expect(isJavaAgentName('opentelemetry/java')).toEqual(true); - }); - }); - - describe('when the agent name is not java', () => { - it('returns false', () => { - expect(isJavaAgentName('not java')).toEqual(false); - }); - }); - }); - - describe('isRumAgentName', () => { - describe('when the agent name is js-base', () => { - it('returns true', () => { - expect(isRumAgentName('js-base')).toEqual(true); - }); - }); - - describe('when the agent name is rum-js', () => { - it('returns true', () => { - expect(isRumAgentName('rum-js')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/webjs', () => { - it('returns true', () => { - expect(isRumAgentName('opentelemetry/webjs')).toEqual(true); - }); - }); - - describe('when the agent name is something else', () => { - it('returns false', () => { - expect(isRumAgentName('not rum')).toEqual(false); - }); - }); - }); - - describe('isIosAgentName', () => { - describe('when the agent name is iOS/swift', () => { - it('returns true', () => { - expect(isIosAgentName('iOS/swift')).toEqual(true); - }); - }); - - describe('when the agent name is ios/swift', () => { - it('returns true', () => { - expect(isIosAgentName('ios/swift')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/swift', () => { - it('returns true', () => { - expect(isIosAgentName('opentelemetry/swift')).toEqual(false); - }); - }); - - describe('when the agent name is something else', () => { - it('returns false', () => { - expect(isIosAgentName('not ios')).toEqual(false); - }); - }); - }); - - describe('isAndroidAgentName', () => { - describe('when the agent name is android/java', () => { - it('returns true', () => { - expect(isAndroidAgentName('android/java')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/java', () => { - it('returns false', () => { - expect(isAndroidAgentName('opentelemetry/java')).toEqual(false); - }); - }); - - describe('when the agent name is something else', () => { - it('returns false', () => { - expect(isAndroidAgentName('not android')).toEqual(false); - }); - }); - }); - - describe('isMobileAgentName', () => { - describe('when the agent name is android/java', () => { - it('returns true', () => { - expect(isMobileAgentName('android/java')).toEqual(true); - }); - }); - - describe('when the agent name is iOS/swift', () => { - it('returns true', () => { - expect(isMobileAgentName('iOS/swift')).toEqual(true); - }); - }); - - describe('when the agent name is ios/swift', () => { - it('returns true', () => { - expect(isMobileAgentName('ios/swift')).toEqual(true); - }); - }); - - describe('when the agent name is opentelemetry/swift', () => { - it('returns true', () => { - expect(isMobileAgentName('opentelemetry/swift')).toEqual(false); - }); - }); - - describe('when the agent name is opentelemetry/java', () => { - it('returns false', () => { - expect(isMobileAgentName('opentelemetry/java')).toEqual(false); - }); - }); - - describe('when the agent name is something else', () => { - it('returns false', () => { - expect(isMobileAgentName('not mobile')).toEqual(false); - }); - }); - }); - - describe('isServerlessAgent', () => { - describe('when the serverlessType is AWS_LAMBDA', () => { - it('returns true', () => { - expect(isServerlessAgent(ServerlessType.AWS_LAMBDA)).toEqual(true); - }); - }); - - describe('when the serverlessType is AZURE_FUNCTIONS', () => { - it('returns true', () => { - expect(isServerlessAgent(ServerlessType.AZURE_FUNCTIONS)).toEqual(true); - }); - }); - - describe('when the serverlessType is undefined', () => { - it('returns false', () => { - expect(isServerlessAgent(undefined)).toEqual(false); - }); - }); - }); - - describe('isAWSLambdaAgent', () => { - describe('when the serverlessType is AWS_LAMBDA', () => { - it('returns true', () => { - expect(isAWSLambdaAgent(ServerlessType.AWS_LAMBDA)).toEqual(true); - }); - }); - - describe('when the serverlessType is AZURE_FUNCTIONS', () => { - it('returns true', () => { - expect(isAWSLambdaAgent(ServerlessType.AZURE_FUNCTIONS)).toEqual(false); - }); - }); - - describe('when the serverlessType is undefined', () => { - it('returns false', () => { - expect(isAWSLambdaAgent(undefined)).toEqual(false); - }); - }); - }); - - describe('isAzureFunctionsAgent', () => { - describe('when the serverlessType is AZURE_FUNCTIONS', () => { - it('returns true', () => { - expect(isAzureFunctionsAgent(ServerlessType.AZURE_FUNCTIONS)).toEqual( - true - ); - }); - }); - - describe('when the serverlessType is AWS_LAMBDA', () => { - it('returns true', () => { - expect(isAzureFunctionsAgent(ServerlessType.AWS_LAMBDA)).toEqual(false); - }); - }); - - describe('when the serverlessType is undefined', () => { - it('returns false', () => { - expect(isAzureFunctionsAgent(undefined)).toEqual(false); - }); - }); - }); -}); diff --git a/x-pack/plugins/observability_solution/apm/common/agent_name.ts b/x-pack/plugins/observability_solution/apm/common/agent_name.ts index 7782cc044e950..608fdf4975353 100644 --- a/x-pack/plugins/observability_solution/apm/common/agent_name.ts +++ b/x-pack/plugins/observability_solution/apm/common/agent_name.ts @@ -4,110 +4,20 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ - -import { - AgentName, - OpenTelemetryAgentName, -} from '../typings/es_schemas/ui/fields/agent'; -import { ServerlessType } from './serverless'; - -/* - * Agent names can be any string. This list only defines the official agents - * that we might want to target specifically eg. linking to their documentation - * & telemetry reporting. Support additional agent types by appending - * definitions in mappings.json (for telemetry), the AgentName type, and the - * AGENT_NAMES array. - */ - -export const OPEN_TELEMETRY_AGENT_NAMES: AgentName[] = [ - 'otlp', - 'opentelemetry/cpp', - 'opentelemetry/dotnet', - 'opentelemetry/erlang', - 'opentelemetry/go', - 'opentelemetry/java', - 'opentelemetry/nodejs', - 'opentelemetry/php', - 'opentelemetry/python', - 'opentelemetry/ruby', - 'opentelemetry/rust', - 'opentelemetry/swift', - 'opentelemetry/webjs', -]; - -export const AGENT_NAMES: AgentName[] = [ - 'dotnet', - 'go', - 'iOS/swift', - 'java', - 'js-base', - 'nodejs', - 'php', - 'python', - 'ruby', - 'rum-js', - 'android/java', - ...OPEN_TELEMETRY_AGENT_NAMES, -]; - -export function isOpenTelemetryAgentName( - agentName: string -): agentName is OpenTelemetryAgentName { - return OPEN_TELEMETRY_AGENT_NAMES.includes(agentName as AgentName); -} - -export const JAVA_AGENT_NAMES: AgentName[] = ['java', 'opentelemetry/java']; - -export function isJavaAgentName( - agentName?: string -): agentName is 'java' | 'opentelemetry/java' { - return JAVA_AGENT_NAMES.includes(agentName! as AgentName); -} - -export const RUM_AGENT_NAMES: AgentName[] = [ - 'js-base', - 'rum-js', - 'opentelemetry/webjs', -]; - -export function isRumAgentName( - agentName?: string -): agentName is 'js-base' | 'rum-js' | 'opentelemetry/webjs' { - return RUM_AGENT_NAMES.includes(agentName! as AgentName); -} - -export function isMobileAgentName(agentName?: string) { - return isIosAgentName(agentName) || isAndroidAgentName(agentName); -} - -export function isRumOrMobileAgent(agentName?: string) { - return isRumAgentName(agentName) || isMobileAgentName(agentName); -} - -export function isIosAgentName(agentName?: string) { - const lowercased = agentName && agentName.toLowerCase(); - return lowercased === 'ios/swift'; -} - -export function isJRubyAgent(agentName?: string, runtimeName?: string) { - return agentName === 'ruby' && runtimeName?.toLowerCase() === 'jruby'; -} - -export function isServerlessAgent(serverlessType?: ServerlessType) { - return ( - isAWSLambdaAgent(serverlessType) || isAzureFunctionsAgent(serverlessType) - ); -} - -export function isAWSLambdaAgent(serverlessType?: ServerlessType) { - return serverlessType === ServerlessType.AWS_LAMBDA; -} - -export function isAzureFunctionsAgent(serverlessType?: ServerlessType) { - return serverlessType === ServerlessType.AZURE_FUNCTIONS; -} - -export function isAndroidAgentName(agentName?: string) { - const lowercased = agentName && agentName.toLowerCase(); - return lowercased === 'android/java'; -} +export { + OPEN_TELEMETRY_AGENT_NAMES, + AGENT_NAMES, + isOpenTelemetryAgentName, + JAVA_AGENT_NAMES, + isJavaAgentName, + RUM_AGENT_NAMES, + isRumAgentName, + isRumOrMobileAgentName, + isMobileAgentName, + isIosAgentName, + isJRubyAgentName, + isServerlessAgentName, + isAWSLambdaAgentName, + isAzureFunctionsAgentName, + isAndroidAgentName, +} from '@kbn/elastic-agent-utils'; diff --git a/x-pack/plugins/observability_solution/apm/common/data_view_constants.ts b/x-pack/plugins/observability_solution/apm/common/data_view_constants.ts index b448918f8facf..c50966399ad22 100644 --- a/x-pack/plugins/observability_solution/apm/common/data_view_constants.ts +++ b/x-pack/plugins/observability_solution/apm/common/data_view_constants.ts @@ -5,5 +5,11 @@ * 2.0. */ -// value of const needs to be backwards compatible -export const APM_STATIC_DATA_VIEW_ID = 'apm_static_index_pattern_id'; +export const DO_NOT_USE_LEGACY_APM_STATIC_DATA_VIEW_ID = + 'apm_static_index_pattern_id'; + +const APM_STATIC_DATA_VIEW_ID_PREFIX = 'apm_static_data_view_id'; + +export function getDataViewId(spaceId: string) { + return `${APM_STATIC_DATA_VIEW_ID_PREFIX}_${spaceId}`; +} diff --git a/x-pack/plugins/observability_solution/apm/common/service_inventory.ts b/x-pack/plugins/observability_solution/apm/common/service_inventory.ts index b3eeb1cbf8faf..f758bc083cf78 100644 --- a/x-pack/plugins/observability_solution/apm/common/service_inventory.ts +++ b/x-pack/plugins/observability_solution/apm/common/service_inventory.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { AgentName } from '../typings/es_schemas/ui/fields/agent'; +import { AgentName } from '@kbn/elastic-agent-utils'; import { ServiceHealthStatus } from './service_health_status'; export interface ServiceListItem { diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/diagnostics/apm_documents_tab.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/diagnostics/apm_documents_tab.tsx index d4776c8995c43..03fcd2610f23b 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/diagnostics/apm_documents_tab.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/diagnostics/apm_documents_tab.tsx @@ -13,20 +13,23 @@ import { EuiText, EuiToolTip, } from '@elastic/eui'; -import React, { useState, useMemo } from 'react'; +import { i18n } from '@kbn/i18n'; import { useKibana } from '@kbn/kibana-react-plugin/public'; import { orderBy } from 'lodash'; -import { useApmParams } from '../../../hooks/use_apm_params'; +import React, { useMemo, useState } from 'react'; import { asBigNumber, asInteger } from '../../../../common/utils/formatters'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../common/data_view_constants'; import type { ApmEvent } from '../../../../server/routes/diagnostics/bundle/get_apm_events'; -import { useDiagnosticsContext } from './context/use_diagnostics'; +import { useApmParams } from '../../../hooks/use_apm_params'; +import { useDataViewId } from '../../../hooks/use_data_view_id'; import { ApmPluginStartDeps } from '../../../plugin'; import { SearchBar } from '../../shared/search_bar/search_bar'; +import { useDiagnosticsContext } from './context/use_diagnostics'; export function DiagnosticsApmDocuments() { const { diagnosticsBundle, isImported } = useDiagnosticsContext(); const { discover } = useKibana().services; + const dataViewId = useDataViewId(); + const [sortField, setSortField] = useState('name'); const [sortDirection, setSortDirection] = useState<'asc' | 'desc'>('asc'); const { @@ -103,7 +106,7 @@ export function DiagnosticsApmDocuments() { language: 'kuery', query: item.kuery, }, - dataViewId: APM_STATIC_DATA_VIEW_ID, + dataViewId, timeRange: rangeTo && rangeFrom ? { @@ -123,13 +126,37 @@ export function DiagnosticsApmDocuments() { {isImported && diagnosticsBundle ? ( <> - From: {new Date(diagnosticsBundle.params.start).toISOString()} + {i18n.translate( + 'xpack.apm.diagnosticsApmDocuments.from:BadgeLabel', + { + defaultMessage: 'From: {date}', + values: { + date: new Date(diagnosticsBundle.params.start).toISOString(), + }, + } + )} - To: {new Date(diagnosticsBundle.params.end).toISOString()} + {i18n.translate('xpack.apm.diagnosticsApmDocuments.to:BadgeLabel', { + defaultMessage: 'To: {date}', + values: { + date: new Date(diagnosticsBundle.params.end).toISOString(), + }, + })} - Filter: {diagnosticsBundle?.params.kuery ?? Empty} + {i18n.translate( + 'xpack.apm.diagnosticsApmDocuments.filter:BadgeLabel', + { defaultMessage: 'Filter:' } + )} + {diagnosticsBundle?.params.kuery ?? ( + + {i18n.translate( + 'xpack.apm.diagnosticsApmDocuments.em.emptyLabel', + { defaultMessage: 'Empty' } + )} + + )} @@ -183,7 +210,13 @@ function IntervalDocCount({ - ({asBigNumber(interval.eventDocCount)} events) + {i18n.translate('xpack.apm.intervalDocCount.TextLabel', { + defaultMessage: + '({docCount} {docCount, plural, one {event} other {events}})', + values: { + docCount: asBigNumber(interval.eventDocCount), + }, + })}
diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/index.tsx index 5f290b4d4af86..0c70b6fd48d7f 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/index.tsx @@ -8,8 +8,8 @@ import React from 'react'; import { isJavaAgentName, - isJRubyAgent, - isAWSLambdaAgent, + isJRubyAgentName, + isAWSLambdaAgentName, } from '../../../../common/agent_name'; import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; import { ServerlessMetrics } from './serverless_metrics'; @@ -20,7 +20,7 @@ import { hasDashboardFile } from './static_dashboard/helper'; export function Metrics() { const { agentName, runtimeName, serverlessType } = useApmServiceContext(); - const isAWSLambda = isAWSLambdaAgent(serverlessType); + const isAWSLambda = isAWSLambdaAgentName(serverlessType); if (isAWSLambda) { return ; @@ -44,7 +44,7 @@ export function Metrics() { if ( !isAWSLambda && - (isJavaAgentName(agentName) || isJRubyAgent(agentName, runtimeName)) + (isJavaAgentName(agentName) || isJRubyAgentName(agentName, runtimeName)) ) { return ; } diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/helper.ts b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/helper.ts index a6d22ea7b6a55..780e4387b0e10 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/helper.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/helper.ts @@ -6,7 +6,6 @@ */ import type { DashboardPanelMap } from '@kbn/dashboard-plugin/common'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../common/data_view_constants'; import { AGENT_NAME_DASHBOARD_FILE_MAPPING, loadDashboardFile, @@ -29,7 +28,8 @@ function getDashboardFile({ agentName }: MetricsDashboardProps) { } export async function getDashboardPanelMap( - props: MetricsDashboardProps + props: MetricsDashboardProps, + dataViewId: string ): Promise { const dashboardFile = getDashboardFile(props); const panelsRawObj = !!dashboardFile @@ -42,7 +42,7 @@ export async function getDashboardPanelMap( const panelsStr: string = ( panelsRawObj.attributes.panelsJSON as string - ).replaceAll('APM_STATIC_DATA_VIEW_ID', APM_STATIC_DATA_VIEW_ID); + ).replaceAll('APM_STATIC_DATA_VIEW_ID', dataViewId); const panelsRawObjects = JSON.parse(panelsStr) as any[]; diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/index.tsx index 50bda742eb377..29ebf34cca44f 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/metrics/static_dashboard/index.tsx @@ -19,7 +19,7 @@ import { i18n } from '@kbn/i18n'; import { controlGroupInputBuilder } from '@kbn/controls-plugin/public'; import { getDefaultControlGroupInput } from '@kbn/controls-plugin/common'; import { NotificationsStart } from '@kbn/core/public'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../common/data_view_constants'; +import { useDataViewId } from '../../../../hooks/use_data_view_id'; import { ENVIRONMENT_ALL, ENVIRONMENT_NOT_DEFINED, @@ -28,11 +28,11 @@ import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plug import { useApmDataView } from '../../../../hooks/use_apm_data_view'; import { useApmServiceContext } from '../../../../context/apm_service/use_apm_service_context'; import { useApmParams } from '../../../../hooks/use_apm_params'; - import { getDashboardPanelMap, MetricsDashboardProps } from './helper'; export function JsonMetricsDashboard(dashboardProps: MetricsDashboardProps) { const [dashboard, setDashboard] = useState(); + const dataViewId = useDataViewId(); const { query: { environment, kuery, rangeFrom, rangeTo }, @@ -65,7 +65,7 @@ export function JsonMetricsDashboard(dashboardProps: MetricsDashboardProps) { return ( - getCreationOptions(dashboardProps, notifications) + getCreationOptions(dashboardProps, notifications, dataViewId) } ref={setDashboard} /> @@ -74,20 +74,21 @@ export function JsonMetricsDashboard(dashboardProps: MetricsDashboardProps) { async function getCreationOptions( dashboardProps: MetricsDashboardProps, - notifications: NotificationsStart + notifications: NotificationsStart, + dataViewId: string ): Promise { try { const builder = controlGroupInputBuilder; const controlGroupInput = getDefaultControlGroupInput(); await builder.addDataControlFromField(controlGroupInput, { - dataViewId: APM_STATIC_DATA_VIEW_ID, + dataViewId, title: 'Node name', fieldName: 'service.node.name', width: 'medium', grow: true, }); - const panels = await getDashboardPanelMap(dashboardProps); + const panels = await getDashboardPanelMap(dashboardProps, dataViewId); if (!panels) { throw new Error('Failed parsing dashboard panels.'); diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/metrics_details/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/metrics_details/index.tsx index ffcba4d838971..99d3d8830ceb9 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/metrics_details/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/metrics_details/index.tsx @@ -5,7 +5,7 @@ * 2.0. */ import React from 'react'; -import { isAWSLambdaAgent } from '../../../../common/agent_name'; +import { isAWSLambdaAgentName } from '../../../../common/agent_name'; import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; import { useApmParams } from '../../../hooks/use_apm_params'; import { ServerlessMetricsDetails } from './serverless_metrics_details'; @@ -17,7 +17,7 @@ export function MetricsDetails() { } = useApmParams('/services/{serviceName}/metrics/{id}'); const { serverlessType } = useApmServiceContext(); - if (isAWSLambdaAgent(serverlessType)) { + if (isAWSLambdaAgentName(serverlessType)) { return ; } diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/embedded_map.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/embedded_map.tsx index b046511d6ce64..f4c530b47acc2 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/embedded_map.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/embedded_map.tsx @@ -23,6 +23,7 @@ import { css } from '@emotion/react'; import { i18n } from '@kbn/i18n'; import { EuiText } from '@elastic/eui'; import type { Filter } from '@kbn/es-query'; +import { useDataViewId } from '../../../../../hooks/use_data_view_id'; import { ApmPluginStartDeps } from '../../../../../plugin'; import { getLayerList } from './map_layers/get_layer_list'; import { MapTypes } from '../../../../../../common/mobile/constants'; @@ -40,6 +41,7 @@ function EmbeddedMapComponent({ filters: Filter[]; }) { const [error, setError] = useState(); + const dataViewId = useDataViewId(); const [embeddable, setEmbeddable] = useState< MapEmbeddable | ErrorEmbeddable | undefined @@ -128,7 +130,7 @@ function EmbeddedMapComponent({ useEffect(() => { const setLayerList = async () => { if (embeddable && !isErrorEmbeddable(embeddable)) { - const layerList = await getLayerList({ selectedMap, maps }); + const layerList = await getLayerList({ selectedMap, maps, dataViewId }); await Promise.all([ embeddable.setLayerList(layerList), embeddable.reload(), @@ -137,7 +139,7 @@ function EmbeddedMapComponent({ }; setLayerList(); - }, [embeddable, selectedMap, maps]); + }, [embeddable, selectedMap, maps, dataViewId]); useEffect(() => { if (embeddable) { diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_http_requests_map_layer_list.ts b/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_http_requests_map_layer_list.ts index 8954626546290..728658817b27a 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_http_requests_map_layer_list.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_http_requests_map_layer_list.ts @@ -24,7 +24,6 @@ import { SPAN_SUBTYPE, SPAN_TYPE, } from '../../../../../../../common/es_fields/apm'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../../../common/data_view_constants'; import { getLayerStyle, PalleteColors } from './get_map_layer_style'; import { MobileSpanSubtype, @@ -48,7 +47,10 @@ const label = i18n.translate( } ); -export async function getHttpRequestsLayerList(maps?: MapsStartApi) { +export async function getHttpRequestsLayerList( + maps: MapsStartApi | undefined, + dataViewId: string +) { const whereQuery = { language: 'kuery', query: `${PROCESSOR_EVENT}:${ProcessorEvent.span} and ${SPAN_SUBTYPE}:${MobileSpanSubtype.Http} and ${SPAN_TYPE}:${MobileSpanType.External}`, @@ -72,7 +74,7 @@ export async function getHttpRequestsLayerList(maps?: MapsStartApi) { }, ], whereQuery, - indexPatternId: APM_STATIC_DATA_VIEW_ID, + indexPatternId: dataViewId, applyGlobalQuery: true, applyGlobalTime: true, applyForceRefresh: true, @@ -114,7 +116,7 @@ export async function getHttpRequestsLayerList(maps?: MapsStartApi) { }, ], whereQuery, - indexPatternId: APM_STATIC_DATA_VIEW_ID, + indexPatternId: dataViewId, applyGlobalQuery: true, applyGlobalTime: true, applyForceRefresh: true, diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_layer_list.ts b/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_layer_list.ts index 152f1874b143b..d9f1d023fbf64 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_layer_list.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_layer_list.ts @@ -10,19 +10,21 @@ import { getHttpRequestsLayerList } from './get_http_requests_map_layer_list'; import { getSessionMapLayerList } from './get_session_map_layer_list'; import { MapTypes } from '../../../../../../../common/mobile/constants'; -export async function getLayerList({ +export function getLayerList({ selectedMap, maps, + dataViewId, }: { selectedMap: MapTypes; - maps?: MapsStartApi; + maps: MapsStartApi | undefined; + dataViewId: string; }): Promise { switch (selectedMap) { case MapTypes.Http: - return await getHttpRequestsLayerList(maps); + return getHttpRequestsLayerList(maps, dataViewId); case MapTypes.Session: - return await getSessionMapLayerList(maps); + return getSessionMapLayerList(maps, dataViewId); default: - return await getHttpRequestsLayerList(maps); + return getHttpRequestsLayerList(maps, dataViewId); } } diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_session_map_layer_list.ts b/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_session_map_layer_list.ts index a0d2b80b218fd..be86b5da710a8 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_session_map_layer_list.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/mobile/service_overview/geo_map/map_layers/get_session_map_layer_list.ts @@ -21,7 +21,6 @@ import { CLIENT_GEO_REGION_ISO_CODE, SESSION_ID, } from '../../../../../../../common/es_fields/apm'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../../../common/data_view_constants'; import { getLayerStyle, PalleteColors } from './get_map_layer_style'; interface VectorLayerDescriptor extends BaseVectorLayerDescriptor { @@ -40,7 +39,10 @@ const label = i18n.translate( defaultMessage: 'Sessions', } ); -export async function getSessionMapLayerList(maps?: MapsStartApi) { +export async function getSessionMapLayerList( + maps: MapsStartApi | undefined, + dataViewId: string +) { const basemapLayerDescriptor = await maps?.createLayerDescriptors?.createBasemapLayerDescriptor(); @@ -59,7 +61,7 @@ export async function getSessionMapLayerList(maps?: MapsStartApi) { label, }, ], - indexPatternId: APM_STATIC_DATA_VIEW_ID, + indexPatternId: dataViewId, applyGlobalQuery: true, applyGlobalTime: true, applyForceRefresh: true, @@ -101,7 +103,7 @@ export async function getSessionMapLayerList(maps?: MapsStartApi) { label, }, ], - indexPatternId: APM_STATIC_DATA_VIEW_ID, + indexPatternId: dataViewId, applyGlobalQuery: true, applyGlobalTime: true, applyForceRefresh: true, diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_groups/service_group_save/service_list_preview.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_groups/service_group_save/service_list_preview.tsx index 66105c106805a..39f8ba7068abc 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/service_groups/service_group_save/service_list_preview.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_groups/service_group_save/service_list_preview.tsx @@ -10,11 +10,11 @@ import { EuiFlexGroup, EuiFlexItem, } from '@elastic/eui'; +import { AgentIcon } from '@kbn/custom-icons'; import { i18n } from '@kbn/i18n'; import { orderBy } from 'lodash'; import React, { useCallback, useMemo, useState } from 'react'; import { ValuesType } from 'utility-types'; -import { AgentIcon } from '../../../shared/agent_icon'; import { APIReturnType } from '../../../../services/rest/create_call_apm_api'; import { unit } from '../../../../utils/style'; import { EnvironmentBadge } from '../../../shared/environment_badge'; @@ -93,7 +93,7 @@ export function ServiceListPreview({ items, isLoading }: Props) { content={ - + {serviceName} diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_map/icons.ts b/x-pack/plugins/observability_solution/apm/public/components/app/service_map/icons.ts index 187a84cb6cca6..f784a737f8d67 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/service_map/icons.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_map/icons.ts @@ -5,13 +5,13 @@ * 2.0. */ +import { getAgentIcon } from '@kbn/custom-icons'; import cytoscape from 'cytoscape'; import { AGENT_NAME, SPAN_SUBTYPE, SPAN_TYPE, } from '../../../../common/es_fields/apm'; -import { getAgentIcon } from '../../shared/agent_icon/get_agent_icon'; import { getSpanIcon } from '../../shared/span_icon/get_span_icon'; export function iconForNode(node: cytoscape.NodeSingular) { diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/index.tsx index 4a4e79b39c8e9..55972ede6e560 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/index.tsx @@ -20,7 +20,7 @@ import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; import { isOpenTelemetryAgentName, isRumAgentName, - isServerlessAgent, + isServerlessAgentName, } from '../../../../common/agent_name'; import { AnnotationsContextProvider } from '../../../context/annotations/annotations_context'; import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; @@ -60,7 +60,7 @@ export function ServiceOverview() { const { start, end } = useTimeRange({ rangeFrom, rangeTo }); const isRumAgent = isRumAgentName(agentName); const isOpenTelemetryAgent = isOpenTelemetryAgentName(agentName as AgentName); - const isServerless = isServerlessAgent(serverlessType); + const isServerless = isServerlessAgentName(serverlessType); const dependenciesLink = router.link('/services/{serviceName}/dependencies', { path: { diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/service_overview_instances_table/intance_details.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/service_overview_instances_table/intance_details.tsx index fac65a4485766..09b9e461ca1c0 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/service_overview_instances_table/intance_details.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/service_overview/service_overview_instances_table/intance_details.tsx @@ -6,6 +6,11 @@ */ import { EuiFlexGroup, EuiFlexItem, EuiSkeletonText } from '@elastic/eui'; +import { + CloudProvider, + getAgentIcon, + getCloudProviderIcon, +} from '@kbn/custom-icons'; import { i18n } from '@kbn/i18n'; import { get } from 'lodash'; import React from 'react'; @@ -36,10 +41,9 @@ import { import { isPending } from '../../../../hooks/use_fetcher'; import { useTheme } from '../../../../hooks/use_theme'; import { APIReturnType } from '../../../../services/rest/create_call_apm_api'; -import { getAgentIcon } from '../../../shared/agent_icon/get_agent_icon'; import { KeyValueFilterList } from '../../../shared/key_value_filter_list'; import { pushNewItemToKueryBar } from '../../../shared/kuery_bar/utils'; -import { getCloudIcon, getContainerIcon } from '../../../shared/service_icons'; +import { getContainerIcon } from '../../../shared/service_icons'; import { useInstanceDetailsFetcher } from './use_instance_details_fetcher'; type ServiceInstanceDetails = @@ -175,7 +179,7 @@ export function InstanceDetails({ 'xpack.apm.serviceOverview.instanceTable.details.cloudTitle', { defaultMessage: 'Cloud' } )} - icon={getCloudIcon(data.cloud?.provider)} + icon={getCloudProviderIcon(data.cloud?.provider as CloudProvider)} keyValueList={cloudDetailsKeyValuePairs} onClickFilter={addKueryBarFilter} /> diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_explorer/agent_list/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_explorer/agent_list/index.tsx index 665d454c440fb..10d2cec27ee16 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_explorer/agent_list/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/settings/agent_explorer/agent_list/index.tsx @@ -12,6 +12,7 @@ import { EuiIcon, EuiToolTip, } from '@elastic/eui'; +import { AgentIcon } from '@kbn/custom-icons'; import { i18n } from '@kbn/i18n'; import { isEmpty } from 'lodash'; import React, { useMemo, useState } from 'react'; @@ -20,7 +21,6 @@ import { AgentExplorerFieldName } from '../../../../../../common/agent_explorer' import { AgentName } from '../../../../../../typings/es_schemas/ui/fields/agent'; import { useApmPluginContext } from '../../../../../context/apm_plugin/use_apm_plugin_context'; import { APIReturnType } from '../../../../../services/rest/create_call_apm_api'; -import { AgentIcon } from '../../../../shared/agent_icon'; import { EnvironmentBadge } from '../../../../shared/environment_badge'; import { ItemsBadge } from '../../../../shared/item_badge'; import { ITableColumn, ManagedTable } from '../../../../shared/managed_table'; @@ -67,7 +67,10 @@ export function getAgentsColumns({ onAgentSelected(agent)} display={isSelected ? 'base' : 'empty'} @@ -96,7 +99,7 @@ export function getAgentsColumns({ content={ - + {serviceName} diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/index.tsx index 1c3ea3bf7e5f0..0b9a1190b1e15 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/index.tsx @@ -18,7 +18,7 @@ import { AggregatedTransactionsBadge } from '../../shared/aggregated_transaction import { TransactionCharts } from '../../shared/charts/transaction_charts'; import { replace } from '../../shared/links/url_helpers'; import { TransactionDetailsTabs } from './transaction_details_tabs'; -import { isServerlessAgent } from '../../../../common/agent_name'; +import { isServerlessAgentName } from '../../../../common/agent_name'; import { useLocalStorage } from '../../../hooks/use_local_storage'; import { SloCallout } from '../../shared/slo_callout'; @@ -63,7 +63,7 @@ export function TransactionDetails() { [apmRouter, path, query, transactionName] ); - const isServerless = isServerlessAgent(serverlessType); + const isServerless = isServerlessAgentName(serverlessType); const [sloCalloutDismissed, setSloCalloutDismissed] = useLocalStorage( 'apm.sloCalloutDismissed', false diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/index.tsx index 69ed7a63b0c5b..abd6aee61f407 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/index.tsx @@ -13,10 +13,11 @@ import { useCriticalPathFeatureEnabledSetting } from '../../../../../hooks/use_c import { TechnicalPreviewBadge } from '../../../../shared/technical_preview_badge'; import { Waterfall } from './waterfall'; import { - IWaterfall, + type IWaterfall, WaterfallLegendType, } from './waterfall/waterfall_helpers/waterfall_helpers'; import { WaterfallLegends } from './waterfall_legends'; +import { MissingTransactionWarning } from './waterfall/missing_transaction_warning'; interface Props { waterfallItemId?: string; @@ -38,7 +39,7 @@ export function WaterfallContainer({ if (!waterfall) { return null; } - const { legends, items } = waterfall; + const { legends, items, hasOrphanTraceItems } = waterfall; // Service colors are needed to color the dot in the error popover const serviceLegends = legends.filter( @@ -108,7 +109,19 @@ export function WaterfallContainer({ ) : null} - + + + + + {hasOrphanTraceItems ? ( + + + + ) : null} + + + {i18n.translate( + 'xpack.apm.transactionDetails.agentMissingTransactionLabel', + { + defaultMessage: 'Incomplete trace', + } + )} + + + ); +} diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.test.ts b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.test.ts index df028ee3c8f78..208102b415e57 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.test.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.test.ts @@ -16,6 +16,7 @@ import { IWaterfallTransaction, IWaterfallError, IWaterfallSpanOrTransaction, + getHasOrphanTraceItems, } from './waterfall_helpers'; import { APMError } from '../../../../../../../../typings/es_schemas/ui/apm_error'; import { @@ -717,4 +718,46 @@ describe('waterfall_helpers', () => { expect(getClockSkew(child, parent)).toBe(0); }); }); + + describe('getHasOrphanTraceItems', () => { + const myTransactionItem = { + processor: { event: 'transaction' }, + trace: { id: 'myTrace' }, + transaction: { + id: 'myTransactionId1', + }, + } as WaterfallTransaction; + + it('should return false if there are no orphan items', () => { + const traceItems: Array = [ + myTransactionItem, + { + processor: { event: 'span' }, + span: { + id: 'mySpanId', + }, + parent: { + id: 'myTransactionId1', + }, + } as WaterfallSpan, + ]; + expect(getHasOrphanTraceItems(traceItems)).toBe(false); + }); + + it('should return true if there are orphan items', () => { + const traceItems: Array = [ + myTransactionItem, + { + processor: { event: 'span' }, + span: { + id: 'myOrphanSpanId', + }, + parent: { + id: 'myNotExistingTransactionId1', + }, + } as WaterfallSpan, + ]; + expect(getHasOrphanTraceItems(traceItems)).toBe(true); + }); + }); }); diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.ts b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.ts index 62a3ddb434ee6..b197859ff1083 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_details/waterfall_with_summary/waterfall_container/waterfall/waterfall_helpers/waterfall_helpers.ts @@ -48,6 +48,7 @@ export interface IWaterfall { totalErrorsCount: number; traceDocsTotal: number; maxTraceItems: number; + hasOrphanTraceItems: boolean; } interface IWaterfallItemBase { @@ -191,7 +192,7 @@ export function getClockSkew( case 'error': case 'span': return parentItem.skew; - // transaction is the inital entry in a service. Calculate skew for this, and it will be propogated to all child spans + // transaction is the initial entry in a service. Calculate skew for this, and it will be propagated to all child spans case 'transaction': { const parentStart = parentItem.doc.timestamp.us + parentItem.skew; @@ -415,6 +416,22 @@ function getErrorCountByParentId( }, {}); } +export const getHasOrphanTraceItems = ( + traceDocs: Array +) => { + const waterfallItemsIds = new Set( + traceDocs.map((doc) => + doc.processor.event === 'span' + ? (doc?.span as WaterfallSpan['span']).id + : doc?.transaction?.id + ) + ); + + return traceDocs.some( + (item) => item.parent?.id && !waterfallItemsIds.has(item.parent.id) + ); +}; + export function getWaterfall(apiResponse: TraceAPIResponse): IWaterfall { const { traceItems, entryTransaction } = apiResponse; if (isEmpty(traceItems.traceDocs) || !entryTransaction) { @@ -429,6 +446,7 @@ export function getWaterfall(apiResponse: TraceAPIResponse): IWaterfall { totalErrorsCount: 0, traceDocsTotal: 0, maxTraceItems: 0, + hasOrphanTraceItems: false, }; } @@ -464,6 +482,8 @@ export function getWaterfall(apiResponse: TraceAPIResponse): IWaterfall { const duration = getWaterfallDuration(items); const legends = getLegends(items); + const hasOrphanTraceItems = getHasOrphanTraceItems(traceItems.traceDocs); + return { entryWaterfallTransaction, rootWaterfallTransaction, @@ -478,5 +498,6 @@ export function getWaterfall(apiResponse: TraceAPIResponse): IWaterfall { totalErrorsCount: traceItems.errorDocs.length, traceDocsTotal: traceItems.traceDocsTotal, maxTraceItems: traceItems.maxTraceItems, + hasOrphanTraceItems, }; } diff --git a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_overview/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_overview/index.tsx index 9981533eead4f..372138c1273a9 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/app/transaction_overview/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/app/transaction_overview/index.tsx @@ -8,7 +8,7 @@ import { EuiFlexGroup, EuiFlexItem, EuiPanel, EuiSpacer } from '@elastic/eui'; import React from 'react'; import { useHistory } from 'react-router-dom'; -import { isServerlessAgent } from '../../../../common/agent_name'; +import { isServerlessAgentName } from '../../../../common/agent_name'; import { useApmServiceContext } from '../../../context/apm_service/use_apm_service_context'; import { useApmParams } from '../../../hooks/use_apm_params'; import { useLocalStorage } from '../../../hooks/use_local_storage'; @@ -48,7 +48,7 @@ export function TransactionOverview() { replace(history, { query: { transactionType } }); } - const isServerless = isServerlessAgent(serverlessType); + const isServerless = isServerlessAgentName(serverlessType); const [sloCalloutDismissed, setSloCalloutDismissed] = useLocalStorage( 'apm.sloCalloutDismissed', diff --git a/x-pack/plugins/observability_solution/apm/public/components/fleet_integration/apm_agents/agent_instructions_accordion.tsx b/x-pack/plugins/observability_solution/apm/public/components/fleet_integration/apm_agents/agent_instructions_accordion.tsx index 3e4ddc36413c2..237b31219c820 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/fleet_integration/apm_agents/agent_instructions_accordion.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/fleet_integration/apm_agents/agent_instructions_accordion.tsx @@ -18,12 +18,12 @@ import { i18n } from '@kbn/i18n'; import React, { ComponentType } from 'react'; import styled from 'styled-components'; import { Markdown, useKibana } from '@kbn/kibana-react-plugin/public'; +import { AgentIcon } from '@kbn/custom-icons'; import { AgentRuntimeAttachmentProps, CreateAgentInstructions, } from './agent_instructions_mappings'; import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; -import { AgentIcon } from '../../shared/agent_icon'; import type { NewPackagePolicy, PackagePolicy, diff --git a/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_service_template/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_service_template/index.tsx index b5261eb55826f..fa5e43980ce14 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_service_template/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/routing/templates/apm_service_template/index.tsx @@ -24,10 +24,10 @@ import { useHistory } from 'react-router-dom'; import { isMobileAgentName, isRumAgentName, - isAWSLambdaAgent, - isAzureFunctionsAgent, - isServerlessAgent, - isRumOrMobileAgent, + isAWSLambdaAgentName, + isAzureFunctionsAgentName, + isServerlessAgentName, + isRumOrMobileAgentName, } from '../../../../../common/agent_name'; import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context'; import { ApmServiceContextProvider } from '../../../../context/apm_service/apm_service_context'; @@ -185,13 +185,13 @@ export function isMetricsTabHidden({ serverlessType?: ServerlessType; isAwsLambdaEnabled?: boolean; }) { - if (isAWSLambdaAgent(serverlessType)) { + if (isAWSLambdaAgentName(serverlessType)) { return !isAwsLambdaEnabled; } return ( !agentName || isRumAgentName(agentName) || - isAzureFunctionsAgent(serverlessType) + isAzureFunctionsAgentName(serverlessType) ); } @@ -207,7 +207,7 @@ export function isInfraTabHidden({ return ( !agentName || isRumAgentName(agentName) || - isServerlessAgent(serverlessType) || + isServerlessAgentName(serverlessType) || !isInfraTabAvailable ); } @@ -320,7 +320,7 @@ function useTabs({ selectedTab }: { selectedTab: Tab['key'] }) { label: i18n.translate('xpack.apm.serviceDetails.metricsTabLabel', { defaultMessage: 'Metrics', }), - append: isServerlessAgent(serverlessType) && ( + append: isServerlessAgentName(serverlessType) && ( ), hidden: isMetricsTabHidden({ @@ -364,13 +364,13 @@ function useTabs({ selectedTab }: { selectedTab: Tab['key'] }) { label: i18n.translate('xpack.apm.home.serviceLogsTabLabel', { defaultMessage: 'Logs', }), - append: isServerlessAgent(serverlessType) && ( + append: isServerlessAgentName(serverlessType) && ( ), hidden: !agentName || isRumAgentName(agentName) || - isAzureFunctionsAgent(serverlessType), + isAzureFunctionsAgentName(serverlessType), }, { key: 'alerts', @@ -408,8 +408,8 @@ function useTabs({ selectedTab }: { selectedTab: Tab['key'] }) { }), hidden: !isProfilingAvailable || - isRumOrMobileAgent(agentName) || - isAWSLambdaAgent(serverlessType), + isRumOrMobileAgentName(agentName) || + isAWSLambdaAgentName(serverlessType), append: ( {i18n.translate('xpack.apm.universalProfiling.newLabel', { diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/agent_icon.stories.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/agent_icon.stories.tsx deleted file mode 100644 index be4dad7f1642a..0000000000000 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/agent_icon.stories.tsx +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - EuiCard, - EuiFlexGroup, - EuiFlexItem, - EuiImage, - EuiToolTip, -} from '@elastic/eui'; -import type { Story } from '@storybook/react'; -import React from 'react'; -import { AGENT_NAMES } from '../../../../common/agent_name'; -import { getAgentIcon } from './get_agent_icon'; -import { AgentIcon } from '.'; -import { MockApmPluginStorybook } from '../../../context/apm_plugin/mock_apm_plugin_storybook'; - -export default { - title: 'shared/AgentIcon', - component: AgentIcon, -}; - -export const List: Story = () => { - return ( - - - {AGENT_NAMES.map((agentName) => { - return ( - - -

- - - -

- - } - title={agentName} - description={ -
- - - -
- } - /> - - ); - })} - - - ); -}; diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_serverless_icon.ts b/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_serverless_icon.ts deleted file mode 100644 index 70af655b9f34d..0000000000000 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/get_serverless_icon.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import defaultIcon from '../span_icon/icons/default.svg'; -import lambdaIcon from './icons/lambda.svg'; -import azureFunctionsIcon from './icons/functions.svg'; -import { ServerlessType } from '../../../../common/serverless'; - -type ServerlessIcons = Record; - -const serverlessIcons: ServerlessIcons = { - 'aws.lambda': lambdaIcon, - 'azure.functions': azureFunctionsIcon, -}; - -export function getServerlessIcon(serverlessType?: ServerlessType) { - if (!serverlessType) { - return defaultIcon; - } - return serverlessIcons[serverlessType] ?? defaultIcon; -} diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/index.tsx deleted file mode 100644 index b995e2bbe7cfa..0000000000000 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/agent_icon/index.tsx +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiIcon, EuiIconProps } from '@elastic/eui'; -import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; -import { getAgentIcon } from './get_agent_icon'; -import { useTheme } from '../../../hooks/use_theme'; - -interface Props { - agentName?: AgentName; - size?: EuiIconProps['size']; -} - -export function AgentIcon(props: Props) { - const { agentName, size = 'l' } = props; - const theme = useTheme(); - const icon = getAgentIcon(agentName, theme.darkMode); - - return ; -} diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/critical_path_flamegraph/critical_path_flamegraph_tooltip.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/critical_path_flamegraph/critical_path_flamegraph_tooltip.tsx index e4687719cdfc3..3551bffd07f04 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/critical_path_flamegraph/critical_path_flamegraph_tooltip.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/critical_path_flamegraph/critical_path_flamegraph_tooltip.tsx @@ -14,6 +14,7 @@ import { import React from 'react'; import { ProcessorEvent } from '@kbn/observability-plugin/common'; import { i18n } from '@kbn/i18n'; +import { AgentIcon } from '@kbn/custom-icons'; import type { CriticalPathResponse } from '../../../../server/routes/traces/get_aggregated_critical_path'; import { AGENT_NAME, @@ -25,7 +26,6 @@ import { TRANSACTION_TYPE, } from '../../../../common/es_fields/apm'; import { SpanIcon } from '../span_icon'; -import { AgentIcon } from '../agent_icon'; import { asPercent } from '../../../../common/utils/formatters'; export function CriticalPathFlamegraphTooltip({ @@ -86,7 +86,7 @@ export function CriticalPathFlamegraphTooltip({ - + {metadata[SERVICE_NAME]} diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/links/apm/service_link/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/links/apm/service_link/index.tsx index c3474f18d794c..4cf6363811f8f 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/links/apm/service_link/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/links/apm/service_link/index.tsx @@ -6,6 +6,7 @@ */ import { EuiFlexGroup, EuiFlexItem, EuiLink, EuiText } from '@elastic/eui'; +import { AgentIcon } from '@kbn/custom-icons'; import { i18n } from '@kbn/i18n'; import { euiStyled } from '@kbn/kibana-react-plugin/common'; import { TypeOf } from '@kbn/typed-react-router-config'; @@ -16,7 +17,6 @@ import { AgentName } from '../../../../../../typings/es_schemas/ui/fields/agent' import { useApmRouter } from '../../../../../hooks/use_apm_router'; import { truncate, unit } from '../../../../../utils/style'; import { ApmRoutes } from '../../../../routing/apm_route_config'; -import { AgentIcon } from '../../../agent_icon'; import { PopoverTooltip } from '../../../popover_tooltip'; import { TruncateWithTooltip } from '../../../truncate_with_tooltip'; import { OTHER_SERVICE_NAME, MaxGroupsMessage } from '../max_groups_message'; @@ -88,7 +88,7 @@ export function ServiceLink({ > - + {serviceName} diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/links/discover_links/discover_link.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/links/discover_links/discover_link.tsx index dccce740b62d3..1f066d1322eb6 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/links/discover_links/discover_link.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/links/discover_links/discover_link.tsx @@ -12,7 +12,7 @@ import React from 'react'; import { useLocation } from 'react-router-dom'; import rison from '@kbn/rison'; import url from 'url'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../../../common/data_view_constants'; +import { useDataViewId } from '../../../../hooks/use_data_view_id'; import { useApmPluginContext } from '../../../../context/apm_plugin/use_apm_plugin_context'; import { getTimepickerRisonData } from '../rison_helpers'; @@ -37,16 +37,18 @@ export const getDiscoverHref = ({ basePath, location, query, + dataViewId, }: { basePath: IBasePath; location: Location; query: Props['query']; + dataViewId: string; }) => { const risonQuery = { _g: getTimepickerRisonData(location.search), _a: { ...query._a, - index: APM_STATIC_DATA_VIEW_ID, + index: dataViewId, }, }; @@ -62,11 +64,13 @@ export const getDiscoverHref = ({ export function DiscoverLink({ query = {}, ...rest }: Props) { const { core } = useApmPluginContext(); const location = useLocation(); + const dataViewId = useDataViewId(); const href = getDiscoverHref({ basePath: core.http.basePath, query, location, + dataViewId, }); return ; diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/links/discover_links/discover_links.integration.test.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/links/discover_links/discover_links.integration.test.tsx index dfd14e3a172b9..f4d95a87df5dc 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/links/discover_links/discover_links.integration.test.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/links/discover_links/discover_links.integration.test.tsx @@ -35,7 +35,7 @@ describe('DiscoverLinks', () => { ); expect(href).toMatchInlineSnapshot( - `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:'processor.event:\\"transaction\\" AND transaction.id:\\"8b60bd32ecc6e150\\" AND trace.id:\\"8b60bd32ecc6e1506735a8b6cfcf175c\\"'))"` + `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:'processor.event:\\"transaction\\" AND transaction.id:\\"8b60bd32ecc6e150\\" AND trace.id:\\"8b60bd32ecc6e1506735a8b6cfcf175c\\"'))"` ); }); @@ -55,7 +55,7 @@ describe('DiscoverLinks', () => { ); expect(href).toMatchInlineSnapshot( - `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:'span.id:\\"test-span-id\\"'))"` + `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:'span.id:\\"test-span-id\\"'))"` ); }); @@ -77,7 +77,7 @@ describe('DiscoverLinks', () => { ); expect(href).toMatchInlineSnapshot( - `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:'service.name:\\"service-name\\" AND error.grouping_key:\\"grouping-key\\"'),sort:('@timestamp':desc))"` + `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:'service.name:\\"service-name\\" AND error.grouping_key:\\"grouping-key\\"'),sort:('@timestamp':desc))"` ); }); @@ -100,7 +100,7 @@ describe('DiscoverLinks', () => { ); expect(href).toMatchInlineSnapshot( - `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:'service.name:\\"service-name\\" AND error.grouping_key:\\"grouping-key\\" AND some:kuery-string'),sort:('@timestamp':desc))"` + `"/basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now/w,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:'service.name:\\"service-name\\" AND error.grouping_key:\\"grouping-key\\" AND some:kuery-string'),sort:('@timestamp':desc))"` ); }); }); diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/index.tsx index a77c6b9c7c604..3ce8e3032db69 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/index.tsx @@ -7,12 +7,16 @@ import { EuiFlexGroup, EuiFlexItem, EuiLoadingSpinner } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; +import { + CloudProvider, + getAgentIcon, + getCloudProviderIcon, + getServerlessIcon, +} from '@kbn/custom-icons'; import React, { ReactChild, useState } from 'react'; import { useTheme } from '../../../hooks/use_theme'; import { ContainerType } from '../../../../common/service_metadata'; import { FETCH_STATUS, useFetcher } from '../../../hooks/use_fetcher'; -import { getAgentIcon } from '../agent_icon/get_agent_icon'; -import { getServerlessIcon } from '../agent_icon/get_serverless_icon'; import { CloudDetails } from './cloud_details'; import { ServerlessDetails } from './serverless_details'; import { ContainerDetails } from './container_details'; @@ -21,7 +25,6 @@ import { IconPopover } from './icon_popover'; import { ServiceDetails } from './service_details'; import { ServerlessType } from '../../../../common/serverless'; import { isOpenTelemetryAgentName } from '../../../../common/agent_name'; -import openTelemetryIcon from '../agent_icon/icons/opentelemetry.svg'; interface Props { serviceName: string; @@ -30,12 +33,6 @@ interface Props { end: string; } -const cloudIcons: Record = { - gcp: 'logoGCP', - aws: 'logoAWS', - azure: 'logoAzure', -}; - function getServerlessTitle(serverlessType?: ServerlessType): string { switch (serverlessType) { case ServerlessType.AWS_LAMBDA: { @@ -56,12 +53,6 @@ function getServerlessTitle(serverlessType?: ServerlessType): string { } } -export function getCloudIcon(provider?: string) { - if (provider) { - return cloudIcons[provider]; - } -} - export function getContainerIcon(container?: ContainerType) { if (!container) { return; @@ -155,7 +146,7 @@ export function ServiceIcons({ start, end, serviceName, environment }: Props) { { key: 'opentelemetry', icon: { - type: openTelemetryIcon, + type: getAgentIcon('opentelemetry', theme.darkMode), }, isVisible: !!icons?.agentName && isOpenTelemetryAgentName(icons.agentName), @@ -197,7 +188,7 @@ export function ServiceIcons({ start, end, serviceName, environment }: Props) { { key: 'cloud', icon: { - type: getCloudIcon(icons?.cloudProvider), + type: getCloudProviderIcon(icons?.cloudProvider as CloudProvider), }, isVisible: !!icons?.cloudProvider, title: i18n.translate('xpack.apm.serviceIcons.cloud', { diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/span_icon/get_span_icon.ts b/x-pack/plugins/observability_solution/apm/public/components/shared/span_icon/get_span_icon.ts index 5c719d51d457e..8952c7b789777 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/span_icon/get_span_icon.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/span_icon/get_span_icon.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { getAgentIcon } from '@kbn/custom-icons'; import { maybe } from '../../../../common/utils/maybe'; import awsIcon from './icons/aws.svg'; import cassandraIcon from './icons/cassandra.svg'; @@ -22,7 +23,6 @@ import mysqlIcon from './icons/mysql.svg'; import postgresqlIcon from './icons/postgresql.svg'; import redisIcon from './icons/redis.svg'; import websocketIcon from './icons/websocket.svg'; -import javaIcon from '../agent_icon/icons/java.svg'; import dynamodbIcon from './icons/dynamo_db.svg'; import sThreeIcon from './icons/s3.svg'; import snsIcon from './icons/sns.svg'; @@ -70,7 +70,7 @@ export const spanTypeIcons: { messaging: { azurequeue: storageQueueIcon, azureservicebus: serviceBusIcon, - jms: javaIcon, + jms: getAgentIcon('java'), kafka: kafkaIcon, sns: snsIcon, sqs: sqsIcon, diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/sections.test.ts b/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/sections.test.ts index fe8cb9d68fdfb..7d7a720f27cfc 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/sections.test.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/sections.test.ts @@ -77,6 +77,7 @@ describe('Transaction action menu', () => { rangeFrom: 'now-24h', rangeTo: 'now', environment: 'ENVIRONMENT_ALL', + dataViewId: 'apm_static_data_view_id_default', }) ).toEqual([ [ @@ -113,7 +114,7 @@ describe('Transaction action menu', () => { { key: 'sampleDocument', label: 'View transaction in Discover', - href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', + href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', condition: true, }, ], @@ -145,6 +146,7 @@ describe('Transaction action menu', () => { rangeFrom: 'now-24h', rangeTo: 'now', environment: 'ENVIRONMENT_ALL', + dataViewId: 'apm_static_data_view_id_default', }) ).toEqual([ [ @@ -200,7 +202,7 @@ describe('Transaction action menu', () => { { key: 'sampleDocument', label: 'View transaction in Discover', - href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', + href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', condition: true, }, ], @@ -232,6 +234,7 @@ describe('Transaction action menu', () => { rangeFrom: 'now-24h', rangeTo: 'now', environment: 'ENVIRONMENT_ALL', + dataViewId: 'apm_static_data_view_id_default', }) ).toEqual([ [ @@ -286,7 +289,7 @@ describe('Transaction action menu', () => { { key: 'sampleDocument', label: 'View transaction in Discover', - href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_index_pattern_id,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', + href: 'some-basepath/app/discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(index:apm_static_data_view_id_default,interval:auto,query:(language:kuery,query:\'processor.event:"transaction" AND transaction.id:"123" AND trace.id:"123"\'))', condition: true, }, ], diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/sections.ts b/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/sections.ts index a944a80a458f7..b50bbd5239ccb 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/sections.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/sections.ts @@ -55,6 +55,7 @@ export const getSections = ({ allDatasetsLocator, logsLocator, nodeLogsLocator, + dataViewId, }: { transaction?: Transaction; basePath: IBasePath; @@ -68,6 +69,7 @@ export const getSections = ({ allDatasetsLocator: LocatorPublic; logsLocator: LocatorPublic; nodeLogsLocator: LocatorPublic; + dataViewId: string; }) => { if (!transaction) return []; @@ -271,6 +273,7 @@ export const getSections = ({ basePath, query: getDiscoverQuery(transaction), location, + dataViewId, }), condition: true, }, diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/transaction_action_menu.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/transaction_action_menu.tsx index 02664e370b9c3..7895fdf7d059d 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/transaction_action_menu.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/transaction_action_menu/transaction_action_menu.tsx @@ -32,6 +32,7 @@ import { NodeLogsLocatorParams, } from '@kbn/logs-shared-plugin/common'; import type { ProfilingLocators } from '@kbn/observability-shared-plugin/public'; +import { useDataViewId } from '../../../hooks/use_data_view_id'; import { useAnyOfApmParams } from '../../../hooks/use_apm_params'; import { ApmFeatureFlagName } from '../../../../common/apm_feature_flags'; import { Transaction } from '../../../../typings/es_schemas/ui/transaction'; @@ -138,6 +139,7 @@ function ActionMenuSections({ const { core, uiActions, share } = useApmPluginContext(); const location = useLocation(); const apmRouter = useApmRouter(); + const dataViewId = useDataViewId(); const allDatasetsLocator = share.url.locators.get( ALL_DATASETS_LOCATOR_ID @@ -173,6 +175,7 @@ function ActionMenuSections({ allDatasetsLocator, logsLocator, nodeLogsLocator, + dataViewId, }); const externalMenuItems = useAsync(() => { diff --git a/x-pack/plugins/observability_solution/apm/public/hooks/use_apm_data_view.ts b/x-pack/plugins/observability_solution/apm/public/hooks/use_apm_data_view.ts index 2f2d14714e513..57ad95dce2a5a 100644 --- a/x-pack/plugins/observability_solution/apm/public/hooks/use_apm_data_view.ts +++ b/x-pack/plugins/observability_solution/apm/public/hooks/use_apm_data_view.ts @@ -12,11 +12,11 @@ import { useEffect, useState } from 'react'; import { ApmPluginStartDeps } from '../plugin'; import { callApmApi } from '../services/rest/create_call_apm_api'; -async function getApmDataViewTitle() { - const res = await callApmApi('GET /internal/apm/data_view/title', { +async function getApmDataViewIndexPattern() { + const res = await callApmApi('GET /internal/apm/data_view/index_pattern', { signal: null, }); - return res.apmDataViewTitle; + return res.apmDataViewIndexPattern; } export function useApmDataView() { @@ -25,11 +25,11 @@ export function useApmDataView() { useEffect(() => { async function fetchDataView() { - const title = await getApmDataViewTitle(); + const indexPattern = await getApmDataViewIndexPattern(); try { const displayError = false; return await services.dataViews.create( - { title }, + { title: indexPattern }, undefined, displayError ); diff --git a/x-pack/plugins/observability_solution/apm/public/hooks/use_data_view_id.tsx b/x-pack/plugins/observability_solution/apm/public/hooks/use_data_view_id.tsx new file mode 100644 index 0000000000000..3390471ff60e7 --- /dev/null +++ b/x-pack/plugins/observability_solution/apm/public/hooks/use_data_view_id.tsx @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { useEffect, useState } from 'react'; +import { getDataViewId } from '../../common/data_view_constants'; +import { ApmPluginStartDeps } from '../plugin'; + +export function useDataViewId() { + const [dataViewId, setDataViewId] = useState( + getDataViewId('default') + ); + const { spaces } = useKibana().services; + + useEffect(() => { + const fetchSpaceId = async () => { + const space = await spaces?.getActiveSpace(); + setDataViewId(getDataViewId(space?.id ?? 'default')); + }; + + fetchSpaceId(); + }, [spaces]); + + return dataViewId; +} diff --git a/x-pack/plugins/observability_solution/apm/server/lib/apm_telemetry/types.ts b/x-pack/plugins/observability_solution/apm/server/lib/apm_telemetry/types.ts index fc6cfe8d3ee47..e27486c1e6454 100644 --- a/x-pack/plugins/observability_solution/apm/server/lib/apm_telemetry/types.ts +++ b/x-pack/plugins/observability_solution/apm/server/lib/apm_telemetry/types.ts @@ -6,10 +6,7 @@ */ import { DeepPartial } from 'utility-types'; -import { - AgentName, - ElasticAgentName, -} from '../../../typings/es_schemas/ui/fields/agent'; +import { AgentName, ElasticAgentName } from '@kbn/elastic-agent-utils'; import { RollupInterval } from '../../../common/rollup'; export interface TimeframeMap { diff --git a/x-pack/plugins/observability_solution/apm/server/plugin.ts b/x-pack/plugins/observability_solution/apm/server/plugin.ts index 525b2c5e2cbc5..07010d5f8dc5b 100644 --- a/x-pack/plugins/observability_solution/apm/server/plugin.ts +++ b/x-pack/plugins/observability_solution/apm/server/plugin.ts @@ -11,7 +11,6 @@ import { Logger, Plugin, PluginInitializerContext, - SavedObjectsClient, } from '@kbn/core/server'; import { isEmpty, mapValues } from 'lodash'; import { Dataset } from '@kbn/rule-registry-plugin/server'; @@ -50,7 +49,6 @@ import { scheduleSourceMapMigration } from './routes/source_maps/schedule_source import { createApmSourceMapIndexTemplate } from './routes/source_maps/create_apm_source_map_index_template'; import { addApiKeysToEveryPackagePolicyIfMissing } from './routes/fleet/api_keys/add_api_keys_to_policies_if_missing'; import { apmTutorialCustomIntegration } from '../common/tutorial/tutorials'; -import { APM_STATIC_DATA_VIEW_ID } from '../common/data_view_constants'; export class APMPlugin implements @@ -123,26 +121,6 @@ export class APMPlugin ], }); - // ensure that the APM data view is globally available - getCoreStart() - .then(async (coreStart) => { - const soClient = new SavedObjectsClient( - coreStart.savedObjects.createInternalRepository() - ); - - await soClient.updateObjectsSpaces( - [{ id: APM_STATIC_DATA_VIEW_ID, type: 'index-pattern' }], - ['*'], - [] - ); - }) - .catch((e) => { - this.logger?.error( - 'Failed to make APM data view available globally', - e - ); - }); - const resourcePlugins = mapValues(plugins, (value, key) => { return { setup: value, diff --git a/x-pack/plugins/observability_solution/apm/server/routes/data_view/create_static_data_view.test.ts b/x-pack/plugins/observability_solution/apm/server/routes/data_view/create_static_data_view.test.ts index 714f97b1a4801..c3c1d7f124a54 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/data_view/create_static_data_view.test.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/data_view/create_static_data_view.test.ts @@ -5,20 +5,22 @@ * 2.0. */ -import { createStaticDataView } from './create_static_data_view'; -import * as HistoricalAgentData from '../historical_data/has_historical_agent_data'; +import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; +import { Logger } from '@kbn/core/server'; import { DataViewsService } from '@kbn/data-views-plugin/common'; -import { APMCore } from '../typings'; import { APMEventClient } from '../../lib/helpers/create_es_client/create_apm_event_client'; -import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; import { APMRouteHandlerResources } from '../apm_routes/register_apm_server_routes'; +import * as HistoricalAgentData from '../historical_data/has_historical_agent_data'; +import { APMCore } from '../typings'; +import { createStaticDataView } from './create_static_data_view'; function getMockedDataViewService(existingDataViewTitle: string) { return { get: jest.fn(() => ({ - title: existingDataViewTitle, + getIndexPattern: () => existingDataViewTitle, })), createAndSave: jest.fn(), + delete: () => {}, } as unknown as DataViewsService; } @@ -36,6 +38,10 @@ const coreMock = { }, } as unknown as APMCore; +const logger = { + info: jest.fn, +} as unknown as Logger; + const apmEventClientMock = { search: jest.fn(), indices: { @@ -55,6 +61,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: false }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.createAndSave).not.toHaveBeenCalled(); }); @@ -73,6 +81,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: false }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.createAndSave).not.toHaveBeenCalled(); }); @@ -92,6 +102,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: true }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.createAndSave).toHaveBeenCalled(); @@ -114,6 +126,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: true }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.get).toHaveBeenCalled(); @@ -143,6 +157,8 @@ describe('createStaticDataView', () => { config: { autoCreateApmDataView: true }, } as APMRouteHandlerResources, dataViewService, + spaceId: 'default', + logger, }); expect(dataViewService.get).toHaveBeenCalled(); diff --git a/x-pack/plugins/observability_solution/apm/server/routes/data_view/create_static_data_view.ts b/x-pack/plugins/observability_solution/apm/server/routes/data_view/create_static_data_view.ts index 715a568eaf6bd..5f2cf097f3e2e 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/data_view/create_static_data_view.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/data_view/create_static_data_view.ts @@ -5,18 +5,21 @@ * 2.0. */ -import { SavedObjectsErrorHelpers } from '@kbn/core/server'; +import { Logger, SavedObjectsErrorHelpers } from '@kbn/core/server'; import { DataView, DataViewsService } from '@kbn/data-views-plugin/common'; import { i18n } from '@kbn/i18n'; +import { + DO_NOT_USE_LEGACY_APM_STATIC_DATA_VIEW_ID, + getDataViewId, +} from '../../../common/data_view_constants'; import { TRACE_ID, TRANSACTION_ID, TRANSACTION_DURATION, } from '../../../common/es_fields/apm'; -import { APM_STATIC_DATA_VIEW_ID } from '../../../common/data_view_constants'; import { hasHistoricalAgentData } from '../historical_data/has_historical_agent_data'; import { withApmSpan } from '../../utils/with_apm_span'; -import { getApmDataViewTitle } from './get_apm_data_view_title'; +import { getApmDataViewIndexPattern } from './get_apm_data_view_index_pattern'; import { APMEventClient } from '../../lib/helpers/create_es_client/create_apm_event_client'; import { APMRouteHandlerResources } from '../apm_routes/register_apm_server_routes'; @@ -29,12 +32,18 @@ export async function createStaticDataView({ dataViewService, resources, apmEventClient, + spaceId, + logger, }: { dataViewService: DataViewsService; resources: APMRouteHandlerResources; apmEventClient: APMEventClient; + spaceId: string; + logger: Logger; }): CreateDataViewResponse { const { config } = resources; + const dataViewId = getDataViewId(spaceId); + logger.info(`create static data view ${dataViewId}`); return withApmSpan('create_static_data_view', async () => { // don't auto-create APM data view if it's been disabled via the config @@ -61,10 +70,13 @@ export async function createStaticDataView({ }; } - const apmDataViewTitle = getApmDataViewTitle(apmEventClient.indices); + const apmDataViewIndexPattern = getApmDataViewIndexPattern( + apmEventClient.indices + ); const shouldCreateOrUpdate = await getShouldCreateOrUpdate({ - apmDataViewTitle, + apmDataViewIndexPattern, dataViewService, + dataViewId, }); if (!shouldCreateOrUpdate) { @@ -72,52 +84,48 @@ export async function createStaticDataView({ created: false, reason: i18n.translate( 'xpack.apm.dataView.alreadyExistsInActiveSpace', - { defaultMessage: 'Dataview already exists in the active space' } + { + defaultMessage: + 'Dataview already exists in the active space and does not need to be updated', + } ), }; } - return await withApmSpan('create_data_view', async () => { - try { - const dataView = await createAndSaveStaticDataView({ - dataViewService, - apmDataViewTitle, - }); - - await addDataViewToAllSpaces(resources); - - return { created: true, dataView }; - } catch (e) { - // if the data view (saved object) already exists a conflict error (code: 409) will be thrown - if (SavedObjectsErrorHelpers.isConflictError(e)) { - return { - created: false, - reason: i18n.translate( - 'xpack.apm.dataView.alreadyExistsInAnotherSpace', - { - defaultMessage: - 'Dataview already exists in another space but is not made available in this space', - } - ), - }; - } + // delete legacy global data view + + const dataView = await createAndSaveStaticDataView({ + dataViewService, + apmDataViewIndexPattern, + dataViewId, + }); + + try { + await dataViewService.delete(DO_NOT_USE_LEGACY_APM_STATIC_DATA_VIEW_ID); + } catch (e) { + // swallow error if caused by the data view (saved object) not existing + if (!SavedObjectsErrorHelpers.isNotFoundError(e)) { throw e; } - }); + } + + return { created: true, dataView }; }); } // only create data view if it doesn't exist or was changed async function getShouldCreateOrUpdate({ dataViewService, - apmDataViewTitle, + apmDataViewIndexPattern, + dataViewId, }: { dataViewService: DataViewsService; - apmDataViewTitle: string; + apmDataViewIndexPattern: string; + dataViewId: string; }) { try { - const existingDataView = await dataViewService.get(APM_STATIC_DATA_VIEW_ID); - return existingDataView.title !== apmDataViewTitle; + const existingDataView = await dataViewService.get(dataViewId); + return existingDataView.getIndexPattern() !== apmDataViewIndexPattern; } catch (e) { // ignore exception if the data view (saved object) is not found if (SavedObjectsErrorHelpers.isNotFoundError(e)) { @@ -128,32 +136,21 @@ async function getShouldCreateOrUpdate({ } } -async function addDataViewToAllSpaces(resources: APMRouteHandlerResources) { - const { request, core } = resources; - const startServices = await core.start(); - const scopedClient = startServices.savedObjects.getScopedClient(request); - - // make data view available across all spaces - return scopedClient.updateObjectsSpaces( - [{ id: APM_STATIC_DATA_VIEW_ID, type: 'index-pattern' }], - ['*'], - [] - ); -} - function createAndSaveStaticDataView({ dataViewService, - apmDataViewTitle, + apmDataViewIndexPattern, + dataViewId, }: { dataViewService: DataViewsService; - apmDataViewTitle: string; + apmDataViewIndexPattern: string; + dataViewId: string; }) { return dataViewService.createAndSave( { allowNoIndex: true, - id: APM_STATIC_DATA_VIEW_ID, + id: dataViewId, name: 'APM', - title: apmDataViewTitle, + title: apmDataViewIndexPattern, timeFieldName: '@timestamp', // link to APM from Discover diff --git a/x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_title.test.ts b/x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_index_pattern.test.ts similarity index 69% rename from x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_title.test.ts rename to x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_index_pattern.test.ts index a8dc25e493006..e7a0ee915c8cc 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_title.test.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_index_pattern.test.ts @@ -6,23 +6,23 @@ */ import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; -import { getApmDataViewTitle } from './get_apm_data_view_title'; +import { getApmDataViewIndexPattern } from './get_apm_data_view_index_pattern'; -describe('getApmDataViewTitle', () => { - it('returns a data view title by combining existing indicies', () => { - const title = getApmDataViewTitle({ +describe('getApmDataViewIndexPattern', () => { + it('returns a data view index pattern by combining existing indices', () => { + const indexPattern = getApmDataViewIndexPattern({ transaction: 'apm-*-transaction-*', span: 'apm-*-span-*', error: 'apm-*-error-*', metric: 'apm-*-metrics-*', } as APMIndices); - expect(title).toBe( + expect(indexPattern).toBe( 'apm-*-transaction-*,apm-*-span-*,apm-*-error-*,apm-*-metrics-*' ); }); it('removes duplicates', () => { - const title = getApmDataViewTitle({ + const title = getApmDataViewIndexPattern({ transaction: 'apm-*', span: 'apm-*', error: 'apm-*', diff --git a/x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_title.ts b/x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_index_pattern.ts similarity index 87% rename from x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_title.ts rename to x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_index_pattern.ts index 3061a1ac15714..b5c3fa0f73d28 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_title.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/data_view/get_apm_data_view_index_pattern.ts @@ -8,7 +8,7 @@ import { uniq } from 'lodash'; import type { APMIndices } from '@kbn/apm-data-access-plugin/server'; -export function getApmDataViewTitle(apmIndices: APMIndices) { +export function getApmDataViewIndexPattern(apmIndices: APMIndices) { return uniq([ apmIndices.transaction, apmIndices.span, diff --git a/x-pack/plugins/observability_solution/apm/server/routes/data_view/route.ts b/x-pack/plugins/observability_solution/apm/server/routes/data_view/route.ts index 388884c4f5761..429b74c99e63a 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/data_view/route.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/data_view/route.ts @@ -5,22 +5,32 @@ * 2.0. */ +import { DEFAULT_SPACE_ID } from '@kbn/spaces-plugin/common'; import { CreateDataViewResponse, createStaticDataView, } from './create_static_data_view'; import { createApmServerRoute } from '../apm_routes/create_apm_server_route'; -import { getApmDataViewTitle } from './get_apm_data_view_title'; +import { getApmDataViewIndexPattern } from './get_apm_data_view_index_pattern'; import { getApmEventClient } from '../../lib/helpers/get_apm_event_client'; const staticDataViewRoute = createApmServerRoute({ endpoint: 'POST /internal/apm/data_view/static', options: { tags: ['access:apm'] }, handler: async (resources): CreateDataViewResponse => { - const { context, plugins, request } = resources; + const { context, plugins, request, logger } = resources; const apmEventClient = await getApmEventClient(resources); const coreContext = await context.core; + // get name of selected (name)space + const spacesStart = await plugins.spaces?.start(); + const spaceId = + spacesStart?.spacesService.getSpaceId(request) ?? DEFAULT_SPACE_ID; + + if (!spaceId) { + throw new Error('No spaceId found'); + } + const dataViewStart = await plugins.dataViews.start(); const dataViewService = await dataViewStart.dataViewsServiceFactory( coreContext.savedObjects.client, @@ -33,6 +43,8 @@ const staticDataViewRoute = createApmServerRoute({ dataViewService, resources, apmEventClient, + spaceId, + logger, }); return res; @@ -40,13 +52,15 @@ const staticDataViewRoute = createApmServerRoute({ }); const dataViewTitleRoute = createApmServerRoute({ - endpoint: 'GET /internal/apm/data_view/title', + endpoint: 'GET /internal/apm/data_view/index_pattern', options: { tags: ['access:apm'] }, - handler: async ({ getApmIndices }): Promise<{ apmDataViewTitle: string }> => { + handler: async ({ + getApmIndices, + }): Promise<{ apmDataViewIndexPattern: string }> => { const apmIndicies = await getApmIndices(); - const apmDataViewTitle = getApmDataViewTitle(apmIndicies); + const apmDataViewIndexPattern = getApmDataViewIndexPattern(apmIndicies); - return { apmDataViewTitle }; + return { apmDataViewIndexPattern }; }, }); diff --git a/x-pack/plugins/observability_solution/apm/tsconfig.json b/x-pack/plugins/observability_solution/apm/tsconfig.json index 983ae736e8c5b..dff88a3543576 100644 --- a/x-pack/plugins/observability_solution/apm/tsconfig.json +++ b/x-pack/plugins/observability_solution/apm/tsconfig.json @@ -103,6 +103,8 @@ "@kbn/monaco", "@kbn/shared-svg", "@kbn/deeplinks-observability", + "@kbn/custom-icons", + "@kbn/elastic-agent-utils", "@kbn/shared-ux-link-redirect-app" ], "exclude": ["target/**/*"] diff --git a/x-pack/plugins/observability_solution/apm/typings/es_schemas/ui/fields/agent.ts b/x-pack/plugins/observability_solution/apm/typings/es_schemas/ui/fields/agent.ts index 4f19793004815..5aaba852055bc 100644 --- a/x-pack/plugins/observability_solution/apm/typings/es_schemas/ui/fields/agent.ts +++ b/x-pack/plugins/observability_solution/apm/typings/es_schemas/ui/fields/agent.ts @@ -5,39 +5,13 @@ * 2.0. */ -export type ElasticAgentName = - | 'go' - | 'java' - | 'js-base' - | 'iOS/swift' - | 'rum-js' - | 'nodejs' - | 'python' - | 'dotnet' - | 'ruby' - | 'php' - | 'android/java'; +import type { AgentName } from '@kbn/elastic-agent-utils'; -export type OpenTelemetryAgentName = - | 'otlp' - | 'opentelemetry/cpp' - | 'opentelemetry/dotnet' - | 'opentelemetry/erlang' - | 'opentelemetry/go' - | 'opentelemetry/java' - | 'opentelemetry/nodejs' - | 'opentelemetry/php' - | 'opentelemetry/python' - | 'opentelemetry/ruby' - | 'opentelemetry/rust' - | 'opentelemetry/swift' - | 'opentelemetry/webjs'; - -/* - * Support additional agent types by appending definitions in mappings.json - * (for telemetry) and the AgentName type. - */ -export type AgentName = ElasticAgentName | OpenTelemetryAgentName; +export type { + ElasticAgentName, + OpenTelemetryAgentName, + AgentName, +} from '@kbn/elastic-agent-utils'; export interface Agent { ephemeral_id?: string; diff --git a/x-pack/plugins/observability_solution/infra/common/http_api/latest.ts b/x-pack/plugins/observability_solution/infra/common/http_api/latest.ts index 98787a2c581a2..9b9ba2a0c54f4 100644 --- a/x-pack/plugins/observability_solution/infra/common/http_api/latest.ts +++ b/x-pack/plugins/observability_solution/infra/common/http_api/latest.ts @@ -10,3 +10,4 @@ export * from './log_alerts/v1'; export * from './log_analysis/results/v1'; export * from './log_analysis/validation/v1'; export * from './metrics_explorer_views/v1'; +export * from './log_analysis/id_formats/v1/id_formats'; diff --git a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_anomalies.ts b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_anomalies.ts index 3553962063990..38244c6a869b7 100644 --- a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_anomalies.ts +++ b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_anomalies.ts @@ -8,6 +8,7 @@ import * as rt from 'io-ts'; import { persistedLogViewReferenceRT } from '@kbn/logs-shared-plugin/common'; +import { idFormatByJobTypeRT } from '../../id_formats/v1/id_formats'; import { timeRangeRT, routeTimingMetadataRT } from '../../../shared'; import { logEntryAnomalyRT, @@ -54,6 +55,7 @@ export const getLogEntryAnomaliesRequestPayloadRT = rt.type({ rt.type({ // log view logView: persistedLogViewReferenceRT, + idFormats: idFormatByJobTypeRT, // the time range to fetch the log entry anomalies from timeRange: timeRangeRT, }), diff --git a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_anomalies_datasets.ts b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_anomalies_datasets.ts index c07007be05115..5b6031ce27587 100644 --- a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_anomalies_datasets.ts +++ b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_anomalies_datasets.ts @@ -14,6 +14,7 @@ import { timeRangeRT, routeTimingMetadataRT, } from '../../../shared'; +import { idFormatByJobTypeRT } from '../../id_formats/v1/id_formats'; export const LOG_ANALYSIS_GET_LOG_ENTRY_ANOMALIES_DATASETS_PATH = '/api/infra/log_analysis/results/log_entry_anomalies_datasets'; @@ -26,6 +27,7 @@ export const getLogEntryAnomaliesDatasetsRequestPayloadRT = rt.type({ data: rt.type({ // log view logView: persistedLogViewReferenceRT, + idFormats: idFormatByJobTypeRT, // the time range to fetch the anomalies datasets from timeRange: timeRangeRT, }), diff --git a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_categories.ts b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_categories.ts index e84825b8c6835..525292fb46ee3 100644 --- a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_categories.ts +++ b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_categories.ts @@ -8,6 +8,7 @@ import * as rt from 'io-ts'; import { persistedLogViewReferenceRT } from '@kbn/logs-shared-plugin/common'; +import { idFormatRT } from '../../id_formats/v1/id_formats'; import { badRequestErrorRT, forbiddenErrorRT, @@ -41,6 +42,7 @@ export const getLogEntryCategoriesRequestPayloadRT = rt.type({ categoryCount: rt.number, // log view logView: persistedLogViewReferenceRT, + idFormat: idFormatRT, // the time range to fetch the categories from timeRange: timeRangeRT, // a list of histograms to create diff --git a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_category_datasets.ts b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_category_datasets.ts index e051e313d9b8e..5b258d05e6cc9 100644 --- a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_category_datasets.ts +++ b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_category_datasets.ts @@ -8,6 +8,7 @@ import * as rt from 'io-ts'; import { persistedLogViewReferenceRT } from '@kbn/logs-shared-plugin/common'; +import { idFormatRT } from '../../id_formats/v1/id_formats'; import { badRequestErrorRT, forbiddenErrorRT, @@ -25,6 +26,7 @@ export const getLogEntryCategoryDatasetsRequestPayloadRT = rt.type({ data: rt.type({ // log view logView: persistedLogViewReferenceRT, + idFormat: idFormatRT, // the time range to fetch the category datasets from timeRange: timeRangeRT, }), diff --git a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_category_examples.ts b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_category_examples.ts index fc6ece5d7b7f7..c0b7b3c00b551 100644 --- a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_category_examples.ts +++ b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_category_examples.ts @@ -7,6 +7,7 @@ import { logEntryContextRT, persistedLogViewReferenceRT } from '@kbn/logs-shared-plugin/common'; import * as rt from 'io-ts'; +import { idFormatRT } from '../../id_formats/v1/id_formats'; import { badRequestErrorRT, forbiddenErrorRT, @@ -29,6 +30,7 @@ export const getLogEntryCategoryExamplesRequestPayloadRT = rt.type({ exampleCount: rt.number, // log view logView: persistedLogViewReferenceRT, + idFormat: idFormatRT, // the time range to fetch the category examples from timeRange: timeRangeRT, }), diff --git a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_examples.ts b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_examples.ts index ebc78693f4983..4a0779a9128f8 100644 --- a/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_examples.ts +++ b/x-pack/plugins/observability_solution/infra/common/http_api/log_analysis/results/v1/log_entry_examples.ts @@ -7,6 +7,7 @@ import * as rt from 'io-ts'; import { persistedLogViewReferenceRT } from '@kbn/logs-shared-plugin/common'; +import { idFormatRT } from '../../id_formats/v1/id_formats'; import { logEntryExampleRT } from '../../../../log_analysis'; import { badRequestErrorRT, @@ -31,6 +32,7 @@ export const getLogEntryExamplesRequestPayloadRT = rt.type({ exampleCount: rt.number, // logView logView: persistedLogViewReferenceRT, + idFormat: idFormatRT, // the time range to fetch the log rate examples from timeRange: timeRangeRT, }), diff --git a/x-pack/plugins/observability_solution/infra/common/log_analysis/job_parameters.ts b/x-pack/plugins/observability_solution/infra/common/log_analysis/job_parameters.ts index 1a695af80a4d5..22fcdea971e23 100644 --- a/x-pack/plugins/observability_solution/infra/common/log_analysis/job_parameters.ts +++ b/x-pack/plugins/observability_solution/infra/common/log_analysis/job_parameters.ts @@ -6,6 +6,8 @@ */ import * as rt from 'io-ts'; +import { v5 } from 'uuid'; +import { IdFormat, JobType } from '../http_api/latest'; export const bucketSpan = 900000; @@ -13,14 +15,32 @@ export const categoriesMessageField = 'message'; export const partitionField = 'event.dataset'; -export const getJobIdPrefix = (spaceId: string, sourceId: string) => - `kibana-logs-ui-${spaceId}-${sourceId}-`; +const ID_NAMESPACE = 'f91b78c0-fdd3-425d-a4ba-4c028fe57e0f'; -export const getJobId = (spaceId: string, logViewId: string, jobType: string) => - `${getJobIdPrefix(spaceId, logViewId)}${jobType}`; +export const getJobIdPrefix = (spaceId: string, sourceId: string, idFormat: IdFormat) => { + if (idFormat === 'legacy') { + return `kibana-logs-ui-${spaceId}-${sourceId}-`; + } else { + // A UUID is 36 characters but based on the ML job names for logs, our limit is 32 characters + // Thus we remove the 4 dashes + const uuid = v5(`${spaceId}-${sourceId}`, ID_NAMESPACE).replaceAll('-', ''); + return `logs-${uuid}-`; + } +}; -export const getDatafeedId = (spaceId: string, logViewId: string, jobType: string) => - `datafeed-${getJobId(spaceId, logViewId, jobType)}`; +export const getJobId = ( + spaceId: string, + logViewId: string, + idFormat: IdFormat, + jobType: JobType +) => `${getJobIdPrefix(spaceId, logViewId, idFormat)}${jobType}`; + +export const getDatafeedId = ( + spaceId: string, + logViewId: string, + idFormat: IdFormat, + jobType: JobType +) => `datafeed-${getJobId(spaceId, logViewId, idFormat, jobType)}`; export const datasetFilterRT = rt.union([ rt.strict({ diff --git a/x-pack/plugins/observability_solution/infra/common/log_analysis/log_entry_categories_analysis.ts b/x-pack/plugins/observability_solution/infra/common/log_analysis/log_entry_categories_analysis.ts index 1ea952d7a8a15..d22c75dc3cf56 100644 --- a/x-pack/plugins/observability_solution/infra/common/log_analysis/log_entry_categories_analysis.ts +++ b/x-pack/plugins/observability_solution/infra/common/log_analysis/log_entry_categories_analysis.ts @@ -8,9 +8,7 @@ import * as rt from 'io-ts'; import { sortRT } from './log_analysis_results'; -export const logEntryCategoriesJobTypeRT = rt.keyof({ - 'log-entry-categories-count': null, -}); +export const logEntryCategoriesJobTypeRT = rt.literal('log-entry-categories-count'); export type LogEntryCategoriesJobType = rt.TypeOf; @@ -18,6 +16,8 @@ export const logEntryCategoriesJobTypes: LogEntryCategoriesJobType[] = [ 'log-entry-categories-count', ]; +export const logEntryCategoriesJobType: LogEntryCategoriesJobType = 'log-entry-categories-count'; + export const logEntryCategoryDatasetRT = rt.type({ name: rt.string, maximumAnomalyScore: rt.number, diff --git a/x-pack/plugins/observability_solution/infra/common/log_analysis/log_entry_rate_analysis.ts b/x-pack/plugins/observability_solution/infra/common/log_analysis/log_entry_rate_analysis.ts index b13cf58764e3b..e634f5fc4ce86 100644 --- a/x-pack/plugins/observability_solution/infra/common/log_analysis/log_entry_rate_analysis.ts +++ b/x-pack/plugins/observability_solution/infra/common/log_analysis/log_entry_rate_analysis.ts @@ -7,10 +7,9 @@ import * as rt from 'io-ts'; -export const logEntryRateJobTypeRT = rt.keyof({ - 'log-entry-rate': null, -}); +export const logEntryRateJobTypeRT = rt.literal('log-entry-rate'); export type LogEntryRateJobType = rt.TypeOf; -export const logEntryRateJobTypes: LogEntryRateJobType[] = ['log-entry-rate']; +export const logEntryRateJobType: LogEntryRateJobType = 'log-entry-rate'; +export const logEntryRateJobTypes: LogEntryRateJobType[] = [logEntryRateJobType]; diff --git a/x-pack/plugins/observability_solution/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list.tsx b/x-pack/plugins/observability_solution/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list.tsx index 0ccd208cf24bd..0eec13f778e46 100644 --- a/x-pack/plugins/observability_solution/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list.tsx +++ b/x-pack/plugins/observability_solution/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list.tsx @@ -7,6 +7,7 @@ import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import React, { useCallback } from 'react'; +import { logEntryCategoriesJobType, logEntryRateJobType } from '../../../../../common/log_analysis'; import { useLogAnalysisCapabilitiesContext } from '../../../../containers/logs/log_analysis'; import { logEntryCategoriesModule, @@ -40,7 +41,7 @@ export const LogAnalysisModuleList: React.FC<{ +

diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_cleanup.ts b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_cleanup.ts index dd4fc9144976e..b27938f795eea 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_cleanup.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_cleanup.ts @@ -8,20 +8,22 @@ import * as rt from 'io-ts'; import type { HttpHandler } from '@kbn/core/public'; +import { IdFormat, JobType } from '../../../../../common/http_api/latest'; import { getDatafeedId, getJobId } from '../../../../../common/log_analysis'; import { decodeOrThrow } from '../../../../../common/runtime_types'; -interface DeleteJobsRequestArgs { +interface DeleteJobsRequestArgs { spaceId: string; logViewId: string; - jobTypes: JobType[]; + idFormat: IdFormat; + jobTypes: T[]; } -export const callDeleteJobs = async ( - requestArgs: DeleteJobsRequestArgs, +export const callDeleteJobs = async ( + requestArgs: DeleteJobsRequestArgs, fetch: HttpHandler ) => { - const { spaceId, logViewId, jobTypes } = requestArgs; + const { spaceId, logViewId, idFormat, jobTypes } = requestArgs; // NOTE: Deleting the jobs via this API will delete the datafeeds at the same time const deleteJobsResponse = await fetch('/internal/ml/jobs/delete_jobs', { @@ -29,7 +31,7 @@ export const callDeleteJobs = async ( version: '1', body: JSON.stringify( deleteJobsRequestPayloadRT.encode({ - jobIds: jobTypes.map((jobType) => getJobId(spaceId, logViewId, jobType)), + jobIds: jobTypes.map((jobType) => getJobId(spaceId, logViewId, idFormat, jobType)), }) ), }); @@ -45,17 +47,18 @@ export const callGetJobDeletionTasks = async (fetch: HttpHandler) => { return decodeOrThrow(getJobDeletionTasksResponsePayloadRT)(jobDeletionTasksResponse); }; -interface StopDatafeedsRequestArgs { +interface StopDatafeedsRequestArgs { spaceId: string; logViewId: string; - jobTypes: JobType[]; + idFormat: IdFormat; + jobTypes: T[]; } -export const callStopDatafeeds = async ( - requestArgs: StopDatafeedsRequestArgs, +export const callStopDatafeeds = async ( + requestArgs: StopDatafeedsRequestArgs, fetch: HttpHandler ) => { - const { spaceId, logViewId, jobTypes } = requestArgs; + const { spaceId, logViewId, idFormat, jobTypes } = requestArgs; // Stop datafeed due to https://github.com/elastic/kibana/issues/44652 const stopDatafeedResponse = await fetch('/internal/ml/jobs/stop_datafeeds', { @@ -63,7 +66,9 @@ export const callStopDatafeeds = async ( version: '1', body: JSON.stringify( stopDatafeedsRequestPayloadRT.encode({ - datafeedIds: jobTypes.map((jobType) => getDatafeedId(spaceId, logViewId, jobType)), + datafeedIds: jobTypes.map((jobType) => + getDatafeedId(spaceId, logViewId, idFormat, jobType) + ), }) ), }); diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts index 35c678f7b20c0..9e2996215df8d 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_get_jobs_summary_api.ts @@ -8,26 +8,28 @@ import * as rt from 'io-ts'; import type { HttpHandler } from '@kbn/core/public'; +import { IdFormat, JobType } from '../../../../../common/http_api/latest'; import { getJobId, jobCustomSettingsRT } from '../../../../../common/log_analysis'; import { decodeOrThrow } from '../../../../../common/runtime_types'; -interface RequestArgs { +interface RequestArgs { spaceId: string; logViewId: string; - jobTypes: JobType[]; + idFormat: IdFormat; + jobTypes: T[]; } -export const callJobsSummaryAPI = async ( - requestArgs: RequestArgs, +export const callJobsSummaryAPI = async ( + requestArgs: RequestArgs, fetch: HttpHandler ) => { - const { spaceId, logViewId, jobTypes } = requestArgs; + const { spaceId, logViewId, idFormat, jobTypes } = requestArgs; const response = await fetch('/internal/ml/jobs/jobs_summary', { method: 'POST', version: '1', body: JSON.stringify( fetchJobStatusRequestPayloadRT.encode({ - jobIds: jobTypes.map((jobType) => getJobId(spaceId, logViewId, jobType)), + jobIds: jobTypes.map((jobType) => getJobId(spaceId, logViewId, idFormat, jobType)), }) ), }); diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_setup_module_api.ts b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_setup_module_api.ts index f19c754ada380..f1e34cdd40518 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_setup_module_api.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/api/ml_setup_module_api.ts @@ -46,7 +46,7 @@ export const callSetupMlModuleAPI = async (requestArgs: RequestArgs, fetch: Http start, end, indexPatternName: indexPattern, - prefix: getJobIdPrefix(spaceId, sourceId), + prefix: getJobIdPrefix(spaceId, sourceId, 'hashed'), startDatafeed: true, jobOverrides, datafeedOverrides, diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_cleanup.tsx b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_cleanup.tsx index b9668311df062..b70ca688f53d6 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_cleanup.tsx +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_cleanup.tsx @@ -6,17 +6,19 @@ */ import type { HttpHandler } from '@kbn/core/public'; +import { IdFormat, JobType } from '../../../../common/http_api/latest'; import { getJobId } from '../../../../common/log_analysis'; import { callDeleteJobs, callGetJobDeletionTasks, callStopDatafeeds } from './api/ml_cleanup'; -export const cleanUpJobsAndDatafeeds = async ( +export const cleanUpJobsAndDatafeeds = async ( spaceId: string, logViewId: string, - jobTypes: JobType[], + idFormat: IdFormat, + jobTypes: T[], fetch: HttpHandler ) => { try { - await callStopDatafeeds({ spaceId, logViewId, jobTypes }, fetch); + await callStopDatafeeds({ spaceId, logViewId, idFormat, jobTypes }, fetch); } catch (err) { // Proceed only if datafeed has been deleted or didn't exist in the first place if (err?.response?.status !== 404) { @@ -24,27 +26,32 @@ export const cleanUpJobsAndDatafeeds = async ( } } - return await deleteJobs(spaceId, logViewId, jobTypes, fetch); + return await deleteJobs(spaceId, logViewId, idFormat, jobTypes, fetch); }; -const deleteJobs = async ( +const deleteJobs = async ( spaceId: string, logViewId: string, - jobTypes: JobType[], + idFormat: IdFormat, + jobTypes: T[], fetch: HttpHandler ) => { - const deleteJobsResponse = await callDeleteJobs({ spaceId, logViewId, jobTypes }, fetch); - await waitUntilJobsAreDeleted(spaceId, logViewId, jobTypes, fetch); + const deleteJobsResponse = await callDeleteJobs( + { spaceId, logViewId, idFormat, jobTypes }, + fetch + ); + await waitUntilJobsAreDeleted(spaceId, logViewId, idFormat, jobTypes, fetch); return deleteJobsResponse; }; -const waitUntilJobsAreDeleted = async ( +const waitUntilJobsAreDeleted = async ( spaceId: string, logViewId: string, - jobTypes: JobType[], + idFormat: IdFormat, + jobTypes: T[], fetch: HttpHandler ) => { - const moduleJobIds = jobTypes.map((jobType) => getJobId(spaceId, logViewId, jobType)); + const moduleJobIds = jobTypes.map((jobType) => getJobId(spaceId, logViewId, idFormat, jobType)); while (true) { const { jobs } = await callGetJobDeletionTasks(fetch); const needToWait = jobs diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module.tsx b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module.tsx index 58bade0a81d06..25ddd466e6e8f 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module.tsx +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module.tsx @@ -7,22 +7,27 @@ import { useCallback, useMemo } from 'react'; import { useUiTracker } from '@kbn/observability-shared-plugin/public'; +import { useLogMlJobIdFormatsShimContext } from '../../../pages/logs/shared/use_log_ml_job_id_formats_shim'; +import { IdFormat, JobType } from '../../../../common/http_api/latest'; import { DatasetFilter } from '../../../../common/log_analysis'; import { useKibanaContextForPlugin } from '../../../hooks/use_kibana'; import { useTrackedPromise } from '../../../utils/use_tracked_promise'; import { useModuleStatus } from './log_analysis_module_status'; import { ModuleDescriptor, ModuleSourceConfiguration } from './log_analysis_module_types'; -export const useLogAnalysisModule = ({ +export const useLogAnalysisModule = ({ sourceConfiguration, + idFormat, moduleDescriptor, }: { sourceConfiguration: ModuleSourceConfiguration; - moduleDescriptor: ModuleDescriptor; + idFormat: IdFormat; + moduleDescriptor: ModuleDescriptor; }) => { const { services } = useKibanaContextForPlugin(); const { spaceId, sourceId: logViewId, timestampField, runtimeMappings } = sourceConfiguration; const [moduleStatus, dispatchModuleStatus] = useModuleStatus(moduleDescriptor.jobTypes); + const { migrateIdFormat } = useLogMlJobIdFormatsShimContext(); const trackMetric = useUiTracker({ app: 'infra_logs' }); @@ -31,7 +36,12 @@ export const useLogAnalysisModule = ({ cancelPreviousOn: 'resolution', createPromise: async () => { dispatchModuleStatus({ type: 'fetchingJobStatuses' }); - return await moduleDescriptor.getJobSummary(spaceId, logViewId, services.http.fetch); + return await moduleDescriptor.getJobSummary( + spaceId, + logViewId, + idFormat, + services.http.fetch + ); }, onResolve: (jobResponse) => { dispatchModuleStatus({ @@ -39,13 +49,14 @@ export const useLogAnalysisModule = ({ payload: jobResponse, spaceId, logViewId, + idFormat, }); }, onReject: () => { dispatchModuleStatus({ type: 'failedFetchingJobStatuses' }); }, }, - [spaceId, logViewId] + [spaceId, logViewId, idFormat] ); const [, setUpModule] = useTrackedPromise( @@ -74,6 +85,7 @@ export const useLogAnalysisModule = ({ const jobSummaries = await moduleDescriptor.getJobSummary( spaceId, logViewId, + 'hashed', services.http.fetch ); return { setupResult, jobSummaries }; @@ -105,7 +117,9 @@ export const useLogAnalysisModule = ({ jobSummaries, spaceId, logViewId, + idFormat: 'hashed', }); + migrateIdFormat(moduleDescriptor.jobTypes[0]); }, onReject: (e: any) => { dispatchModuleStatus({ type: 'failedSetup' }); @@ -121,13 +135,18 @@ export const useLogAnalysisModule = ({ { cancelPreviousOn: 'resolution', createPromise: async () => { - return await moduleDescriptor.cleanUpModule(spaceId, logViewId, services.http.fetch); + return await moduleDescriptor.cleanUpModule( + spaceId, + logViewId, + idFormat, + services.http.fetch + ); }, onReject: (e) => { throw new Error(`Failed to clean up previous ML job: ${e}`); }, }, - [spaceId, logViewId] + [spaceId, logViewId, idFormat] ); const isCleaningUp = useMemo( @@ -159,8 +178,8 @@ export const useLogAnalysisModule = ({ }, [dispatchModuleStatus]); const jobIds = useMemo( - () => moduleDescriptor.getJobIds(spaceId, logViewId), - [moduleDescriptor, spaceId, logViewId] + () => moduleDescriptor.getJobIds(spaceId, logViewId, idFormat), + [moduleDescriptor, spaceId, logViewId, idFormat] ); return { diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_configuration.ts b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_configuration.ts index 057580679210a..5cf26d75e9f00 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_configuration.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_configuration.ts @@ -7,14 +7,15 @@ import { useMemo } from 'react'; import equal from 'fast-deep-equal'; +import { JobType } from '../../../../common/http_api/latest'; import { JobSummary } from './api/ml_get_jobs_summary_api'; import { ModuleDescriptor, ModuleSourceConfiguration } from './log_analysis_module_types'; -export const useLogAnalysisModuleConfiguration = ({ +export const useLogAnalysisModuleConfiguration = ({ moduleDescriptor, sourceConfiguration, }: { - moduleDescriptor: ModuleDescriptor; + moduleDescriptor: ModuleDescriptor; sourceConfiguration: ModuleSourceConfiguration; }) => { const getIsJobConfigurationOutdated = useMemo( @@ -28,8 +29,8 @@ export const useLogAnalysisModuleConfiguration = ({ }; export const isJobConfigurationOutdated = - ( - { bucketSpan }: ModuleDescriptor, + ( + { bucketSpan }: ModuleDescriptor, currentSourceConfiguration: ModuleSourceConfiguration ) => (jobSummary: JobSummary): boolean => { diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_definition.tsx b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_definition.tsx index 61de3681b574d..b75f913170326 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_definition.tsx +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_definition.tsx @@ -6,6 +6,7 @@ */ import { useCallback, useMemo, useState } from 'react'; +import { IdFormat, JobType } from '../../../../common/http_api/latest'; import { getJobId } from '../../../../common/log_analysis'; import { useKibanaContextForPlugin } from '../../../hooks/use_kibana'; import { useTrackedPromise } from '../../../utils/use_tracked_promise'; @@ -13,12 +14,14 @@ import { JobSummary } from './api/ml_get_jobs_summary_api'; import { GetMlModuleResponsePayload, JobDefinition } from './api/ml_get_module'; import { ModuleDescriptor, ModuleSourceConfiguration } from './log_analysis_module_types'; -export const useLogAnalysisModuleDefinition = ({ +export const useLogAnalysisModuleDefinition = ({ sourceConfiguration: { spaceId, sourceId }, + idFormat, moduleDescriptor, }: { sourceConfiguration: ModuleSourceConfiguration; - moduleDescriptor: ModuleDescriptor; + idFormat: IdFormat; + moduleDescriptor: ModuleDescriptor; }) => { const { services } = useKibanaContextForPlugin(); const [moduleDefinition, setModuleDefinition] = useState< @@ -31,12 +34,12 @@ export const useLogAnalysisModuleDefinition = ({ ? moduleDefinition.jobs.reduce>( (accumulatedJobDefinitions, jobDefinition) => ({ ...accumulatedJobDefinitions, - [getJobId(spaceId, sourceId, jobDefinition.id)]: jobDefinition, + [getJobId(spaceId, sourceId, idFormat, jobDefinition.id as T)]: jobDefinition, }), {} ) : {}, - [moduleDefinition, sourceId, spaceId] + [moduleDefinition, sourceId, spaceId, idFormat] ); const [fetchModuleDefinitionRequest, fetchModuleDefinition] = useTrackedPromise( diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_status.tsx b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_status.tsx index 6fcfea1038a04..b6ce4085286e6 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_status.tsx +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_status.tsx @@ -7,6 +7,7 @@ import { useReducer } from 'react'; +import { IdFormat, JobType } from '../../../../common/http_api/latest'; import { JobStatus, getDatafeedId, @@ -18,8 +19,8 @@ import { FetchJobStatusResponsePayload, JobSummary } from './api/ml_get_jobs_sum import { SetupMlModuleResponsePayload } from './api/ml_setup_module_api'; import { MandatoryProperty } from '../../../../common/utility_types'; -interface StatusReducerState { - jobStatus: Record; +interface StatusReducerState { + jobStatus: Record; jobSummaries: JobSummary[]; lastSetupErrorMessages: string[]; setupStatus: SetupStatus; @@ -31,6 +32,7 @@ type StatusReducerAction = type: 'finishedSetup'; logViewId: string; spaceId: string; + idFormat: IdFormat; jobSetupResults: SetupMlModuleResponsePayload['jobs']; jobSummaries: FetchJobStatusResponsePayload; datafeedSetupResults: SetupMlModuleResponsePayload['datafeeds']; @@ -41,22 +43,23 @@ type StatusReducerAction = type: 'fetchedJobStatuses'; spaceId: string; logViewId: string; + idFormat: IdFormat; payload: FetchJobStatusResponsePayload; } | { type: 'failedFetchingJobStatuses' } | { type: 'viewedResults' }; -const createInitialState = ({ +const createInitialState = ({ jobTypes, }: { - jobTypes: JobType[]; -}): StatusReducerState => ({ + jobTypes: T[]; +}): StatusReducerState => ({ jobStatus: jobTypes.reduce( (accumulatedJobStatus, jobType) => ({ ...accumulatedJobStatus, [jobType]: 'unknown', }), - {} as Record + {} as Record ), jobSummaries: [], lastSetupErrorMessages: [], @@ -64,11 +67,8 @@ const createInitialState = ({ }); const createStatusReducer = - (jobTypes: JobType[]) => - ( - state: StatusReducerState, - action: StatusReducerAction - ): StatusReducerState => { + (jobTypes: T[]) => + (state: StatusReducerState, action: StatusReducerAction): StatusReducerState => { switch (action.type) { case 'startedSetup': { return { @@ -78,25 +78,34 @@ const createStatusReducer = ...accumulatedJobStatus, [jobType]: 'initializing', }), - {} as Record + {} as Record ), setupStatus: { type: 'pending' }, }; } case 'finishedSetup': { - const { datafeedSetupResults, jobSetupResults, jobSummaries, spaceId, logViewId } = action; + const { + datafeedSetupResults, + jobSetupResults, + jobSummaries, + spaceId, + logViewId, + idFormat, + } = action; const nextJobStatus = jobTypes.reduce( (accumulatedJobStatus, jobType) => ({ ...accumulatedJobStatus, [jobType]: - hasSuccessfullyCreatedJob(getJobId(spaceId, logViewId, jobType))(jobSetupResults) && - hasSuccessfullyStartedDatafeed(getDatafeedId(spaceId, logViewId, jobType))( + hasSuccessfullyCreatedJob(getJobId(spaceId, logViewId, idFormat, jobType))( + jobSetupResults + ) && + hasSuccessfullyStartedDatafeed(getDatafeedId(spaceId, logViewId, idFormat, jobType))( datafeedSetupResults ) ? 'started' : 'failed', }), - {} as Record + {} as Record ); const nextSetupStatus: SetupStatus = Object.values(nextJobStatus).every( (jobState) => jobState === 'started' || jobState === 'starting' @@ -129,7 +138,7 @@ const createStatusReducer = ...accumulatedJobStatus, [jobType]: 'failed', }), - {} as Record + {} as Record ), setupStatus: { type: 'failed', reasons: action.reason ? [action.reason] : ['unknown'] }, }; @@ -142,15 +151,15 @@ const createStatusReducer = }; } case 'fetchedJobStatuses': { - const { payload: jobSummaries, spaceId, logViewId } = action; + const { payload: jobSummaries, spaceId, logViewId, idFormat } = action; const { setupStatus } = state; const nextJobStatus = jobTypes.reduce( (accumulatedJobStatus, jobType) => ({ ...accumulatedJobStatus, - [jobType]: getJobStatus(getJobId(spaceId, logViewId, jobType))(jobSummaries), + [jobType]: getJobStatus(getJobId(spaceId, logViewId, idFormat, jobType))(jobSummaries), }), - {} as Record + {} as Record ); const nextSetupStatus = getSetupStatus(nextJobStatus)(setupStatus); @@ -170,7 +179,7 @@ const createStatusReducer = ...accumulatedJobStatus, [jobType]: 'unknown', }), - {} as Record + {} as Record ), }; } @@ -243,7 +252,7 @@ const getJobStatus = })[0] || 'missing'; const getSetupStatus = - (everyJobStatus: Record) => + (everyJobStatus: Record) => (previousSetupStatus: SetupStatus): SetupStatus => Object.entries(everyJobStatus).reduce((setupStatus, [, jobStatus]) => { if (jobStatus === 'missing') { @@ -265,6 +274,6 @@ const hasError = ( value: Value ): value is MandatoryProperty => value.error != null; -export const useModuleStatus = (jobTypes: JobType[]) => { +export const useModuleStatus = (jobTypes: T[]) => { return useReducer(createStatusReducer(jobTypes), { jobTypes }, createInitialState); }; diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts index d6e95b7feebe5..2e0a6b742ce11 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts @@ -7,6 +7,7 @@ import type { HttpHandler } from '@kbn/core/public'; import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { IdFormat, JobType } from '../../../../common/http_api/latest'; import { ValidateLogEntryDatasetsResponsePayload, ValidationIndicesResponsePayload, @@ -19,16 +20,17 @@ import { SetupMlModuleResponsePayload } from './api/ml_setup_module_api'; export type { JobModelSizeStats, JobSummary } from './api/ml_get_jobs_summary_api'; -export interface ModuleDescriptor { +export interface ModuleDescriptor { moduleId: string; moduleName: string; moduleDescription: string; - jobTypes: JobType[]; + jobTypes: T[]; bucketSpan: number; - getJobIds: (spaceId: string, logViewId: string) => Record; + getJobIds: (spaceId: string, logViewId: string, idFormat: IdFormat) => Record; getJobSummary: ( spaceId: string, logViewId: string, + idFormat: IdFormat, fetch: HttpHandler ) => Promise; getModuleDefinition: (fetch: HttpHandler) => Promise; @@ -42,6 +44,7 @@ export interface ModuleDescriptor { cleanUpModule: ( spaceId: string, logViewId: string, + idFormat: IdFormat, fetch: HttpHandler ) => Promise; validateSetupIndices: ( diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_setup_state.ts b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_setup_state.ts index fad6fd56f6251..14251d5f4dbf9 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_setup_state.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/log_analysis_setup_state.ts @@ -8,6 +8,7 @@ import { isEqual } from 'lodash'; import { useCallback, useEffect, useMemo, useState } from 'react'; import usePrevious from 'react-use/lib/usePrevious'; +import { JobType } from '../../../../common/http_api/latest'; import { combineDatasetFilters, DatasetFilter, @@ -30,21 +31,21 @@ type SetupHandler = ( datasetFilter: DatasetFilter ) => void; -interface AnalysisSetupStateArguments { +interface AnalysisSetupStateArguments { cleanUpAndSetUpModule: SetupHandler; - moduleDescriptor: ModuleDescriptor; + moduleDescriptor: ModuleDescriptor; setUpModule: SetupHandler; sourceConfiguration: ModuleSourceConfiguration; } const fourWeeksInMs = 86400000 * 7 * 4; -export const useAnalysisSetupState = ({ +export const useAnalysisSetupState = ({ cleanUpAndSetUpModule, moduleDescriptor: { validateSetupDatasets, validateSetupIndices }, setUpModule, sourceConfiguration, -}: AnalysisSetupStateArguments) => { +}: AnalysisSetupStateArguments) => { const { services } = useKibanaContextForPlugin(); const [startTime, setStartTime] = useState(Date.now() - fourWeeksInMs); const [endTime, setEndTime] = useState(undefined); diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts index 07a183973178d..fbcc4d166d4b4 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts @@ -8,11 +8,13 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { i18n } from '@kbn/i18n'; import type { HttpHandler } from '@kbn/core/public'; +import { IdFormat } from '../../../../../../common/http_api/latest'; import { bucketSpan, categoriesMessageField, DatasetFilter, getJobId, + logEntryCategoriesJobType, LogEntryCategoriesJobType, logEntryCategoriesJobTypes, partitionField, @@ -36,21 +38,26 @@ const moduleDescription = i18n.translate( } ); -const getJobIds = (spaceId: string, logViewId: string) => +const getJobIds = (spaceId: string, logViewId: string, idFormat: IdFormat) => logEntryCategoriesJobTypes.reduce( (accumulatedJobIds, jobType) => ({ ...accumulatedJobIds, - [jobType]: getJobId(spaceId, logViewId, jobType), + [jobType]: getJobId(spaceId, logViewId, idFormat, jobType), }), {} as Record ); -const getJobSummary = async (spaceId: string, logViewId: string, fetch: HttpHandler) => { +const getJobSummary = async ( + spaceId: string, + logViewId: string, + idFormat: IdFormat, + fetch: HttpHandler +) => { const response = await callJobsSummaryAPI( - { spaceId, logViewId, jobTypes: logEntryCategoriesJobTypes }, + { spaceId, logViewId, idFormat, jobTypes: logEntryCategoriesJobTypes }, fetch ); - const jobIds = Object.values(getJobIds(spaceId, logViewId)); + const jobIds = Object.values(getJobIds(spaceId, logViewId, idFormat)); return response.filter((jobSummary) => jobIds.includes(jobSummary.id)); }; @@ -69,7 +76,7 @@ const setUpModule = async ( const indexNamePattern = indices.join(','); const jobOverrides = [ { - job_id: 'log-entry-categories-count' as const, + job_id: logEntryCategoriesJobType, analysis_config: { bucket_span: `${bucketSpan}ms`, }, @@ -88,7 +95,7 @@ const setUpModule = async ( ]; const datafeedOverrides = [ { - job_id: 'log-entry-categories-count' as const, + job_id: logEntryCategoriesJobType, runtime_mappings: runtimeMappings, }, ]; @@ -130,8 +137,19 @@ const setUpModule = async ( ); }; -const cleanUpModule = async (spaceId: string, logViewId: string, fetch: HttpHandler) => { - return await cleanUpJobsAndDatafeeds(spaceId, logViewId, logEntryCategoriesJobTypes, fetch); +const cleanUpModule = async ( + spaceId: string, + logViewId: string, + idFormat: IdFormat, + fetch: HttpHandler +) => { + return await cleanUpJobsAndDatafeeds( + spaceId, + logViewId, + idFormat, + logEntryCategoriesJobTypes, + fetch + ); }; const validateSetupIndices = async ( diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_module.tsx b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_module.tsx index 3f4d802940974..a8c371fa9439e 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_module.tsx +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_module.tsx @@ -8,6 +8,7 @@ import createContainer from 'constate'; import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { useMemo } from 'react'; +import { IdFormat } from '../../../../../../common/http_api/latest'; import { useLogAnalysisModule } from '../../log_analysis_module'; import { useLogAnalysisModuleConfiguration } from '../../log_analysis_module_configuration'; import { useLogAnalysisModuleDefinition } from '../../log_analysis_module_definition'; @@ -19,12 +20,14 @@ export const useLogEntryCategoriesModule = ({ indexPattern, logViewId, spaceId, + idFormat, timestampField, runtimeMappings, }: { indexPattern: string; logViewId: string; spaceId: string; + idFormat: IdFormat; timestampField: string; runtimeMappings: estypes.MappingRuntimeFields; }) => { @@ -41,6 +44,7 @@ export const useLogEntryCategoriesModule = ({ const logAnalysisModule = useLogAnalysisModule({ moduleDescriptor: logEntryCategoriesModule, + idFormat, sourceConfiguration, }); @@ -51,6 +55,7 @@ export const useLogEntryCategoriesModule = ({ const { fetchModuleDefinition, getIsJobDefinitionOutdated } = useLogAnalysisModuleDefinition({ sourceConfiguration, + idFormat, moduleDescriptor: logEntryCategoriesModule, }); diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts index a2e0219da9915..a0dc8e68bf9a7 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts @@ -8,10 +8,12 @@ import { i18n } from '@kbn/i18n'; import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { HttpHandler } from '@kbn/core/public'; +import { IdFormat } from '../../../../../../common/http_api/latest'; import { bucketSpan, DatasetFilter, getJobId, + logEntryRateJobType, LogEntryRateJobType, logEntryRateJobTypes, partitionField, @@ -35,21 +37,26 @@ const moduleDescription = i18n.translate( } ); -const getJobIds = (spaceId: string, logViewId: string) => +const getJobIds = (spaceId: string, logViewId: string, idFormat: IdFormat) => logEntryRateJobTypes.reduce( (accumulatedJobIds, jobType) => ({ ...accumulatedJobIds, - [jobType]: getJobId(spaceId, logViewId, jobType), + [jobType]: getJobId(spaceId, logViewId, idFormat, jobType), }), {} as Record ); -const getJobSummary = async (spaceId: string, logViewId: string, fetch: HttpHandler) => { +const getJobSummary = async ( + spaceId: string, + logViewId: string, + idFormat: IdFormat, + fetch: HttpHandler +) => { const response = await callJobsSummaryAPI( - { spaceId, logViewId, jobTypes: logEntryRateJobTypes }, + { spaceId, logViewId, idFormat, jobTypes: logEntryRateJobTypes }, fetch ); - const jobIds = Object.values(getJobIds(spaceId, logViewId)); + const jobIds = Object.values(getJobIds(spaceId, logViewId, idFormat)); return response.filter((jobSummary) => jobIds.includes(jobSummary.id)); }; @@ -68,7 +75,8 @@ const setUpModule = async ( const indexNamePattern = indices.join(','); const jobOverrides = [ { - job_id: 'log-entry-rate' as const, + description: `Logs UI (${spaceId}/${sourceId}): Detects anomalies in the log entry ingestion rate`, + job_id: logEntryRateJobType, analysis_config: { bucket_span: `${bucketSpan}ms`, }, @@ -86,7 +94,7 @@ const setUpModule = async ( ]; const datafeedOverrides = [ { - job_id: 'log-entry-rate' as const, + job_id: logEntryRateJobType, runtime_mappings: runtimeMappings, }, ]; @@ -122,8 +130,13 @@ const setUpModule = async ( ); }; -const cleanUpModule = async (spaceId: string, logViewId: string, fetch: HttpHandler) => { - return await cleanUpJobsAndDatafeeds(spaceId, logViewId, logEntryRateJobTypes, fetch); +const cleanUpModule = async ( + spaceId: string, + logViewId: string, + idFormat: IdFormat, + fetch: HttpHandler +) => { + return await cleanUpJobsAndDatafeeds(spaceId, logViewId, idFormat, logEntryRateJobTypes, fetch); }; const validateSetupIndices = async ( diff --git a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_module.tsx b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_module.tsx index 65bddee00ce30..a00d9f0017c31 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_module.tsx +++ b/x-pack/plugins/observability_solution/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_module.tsx @@ -8,6 +8,7 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import createContainer from 'constate'; import { useMemo } from 'react'; +import { IdFormat } from '../../../../../../common/http_api/latest'; import { ModuleSourceConfiguration } from '../../log_analysis_module_types'; import { useLogAnalysisModule } from '../../log_analysis_module'; import { useLogAnalysisModuleConfiguration } from '../../log_analysis_module_configuration'; @@ -18,12 +19,14 @@ export const useLogEntryRateModule = ({ indexPattern, logViewId, spaceId, + idFormat, timestampField, runtimeMappings, }: { indexPattern: string; logViewId: string; spaceId: string; + idFormat: IdFormat; timestampField: string; runtimeMappings: estypes.MappingRuntimeFields; }) => { @@ -40,6 +43,7 @@ export const useLogEntryRateModule = ({ const logAnalysisModule = useLogAnalysisModule({ moduleDescriptor: logEntryRateModule, + idFormat, sourceConfiguration, }); @@ -50,6 +54,7 @@ export const useLogEntryRateModule = ({ const { fetchModuleDefinition, getIsJobDefinitionOutdated } = useLogAnalysisModuleDefinition({ sourceConfiguration, + idFormat, moduleDescriptor: logEntryRateModule, }); diff --git a/x-pack/plugins/observability_solution/infra/public/containers/ml/api/ml_get_module.ts b/x-pack/plugins/observability_solution/infra/public/containers/ml/api/ml_get_module.ts index afb1ee211a75a..1cd85d448e7be 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/ml/api/ml_get_module.ts +++ b/x-pack/plugins/observability_solution/infra/public/containers/ml/api/ml_get_module.ts @@ -8,7 +8,7 @@ import * as rt from 'io-ts'; import type { HttpHandler } from '@kbn/core/public'; -import { jobCustomSettingsRT } from '../../../../common/log_analysis'; +import { jobCustomSettingsRT } from '../../../../common/infra_ml'; import { decodeOrThrow } from '../../../../common/runtime_types'; export const callGetMlModuleAPI = async (moduleId: string, fetch: HttpHandler) => { diff --git a/x-pack/plugins/observability_solution/infra/public/containers/ml/infra_ml_module_definition.tsx b/x-pack/plugins/observability_solution/infra/public/containers/ml/infra_ml_module_definition.tsx index 88b7cfd941092..1dca20d586a50 100644 --- a/x-pack/plugins/observability_solution/infra/public/containers/ml/infra_ml_module_definition.tsx +++ b/x-pack/plugins/observability_solution/infra/public/containers/ml/infra_ml_module_definition.tsx @@ -6,7 +6,7 @@ */ import { useCallback, useMemo, useState } from 'react'; -import { getJobId } from '../../../common/log_analysis'; +import { getJobId } from '../../../common/infra_ml'; import { useKibanaContextForPlugin } from '../../hooks/use_kibana'; import { useTrackedPromise } from '../../utils/use_tracked_promise'; import { JobSummary } from './api/ml_get_jobs_summary_api'; diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page.tsx index 34634b194cb85..f5b1e89c69e0b 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page.tsx @@ -11,6 +11,7 @@ import { useLogsBreadcrumbs } from '../../../hooks/use_logs_breadcrumbs'; import { LogEntryCategoriesPageContent } from './page_content'; import { LogEntryCategoriesPageProviders } from './page_providers'; import { logCategoriesTitle } from '../../../translations'; +import { LogMlJobIdFormatsShimProvider } from '../shared/use_log_ml_job_id_formats_shim'; export const LogEntryCategoriesPage = () => { useLogsBreadcrumbs([ @@ -21,9 +22,11 @@ export const LogEntryCategoriesPage = () => { return ( - - - + + + + + ); }; diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_content.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_content.tsx index d6a1e9f2ddc5e..c58ffc5f36e84 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_content.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_content.tsx @@ -9,7 +9,7 @@ import { i18n } from '@kbn/i18n'; import React, { useCallback, useEffect } from 'react'; import type { LazyObservabilityPageTemplateProps } from '@kbn/observability-shared-plugin/public'; import { useLogViewContext } from '@kbn/logs-shared-plugin/public'; -import { isJobStatusWithResults } from '../../../../common/log_analysis'; +import { isJobStatusWithResults, logEntryCategoriesJobType } from '../../../../common/log_analysis'; import { LoadingPage } from '../../../components/loading_page'; import { LogAnalysisSetupStatusUnknownPrompt, @@ -26,6 +26,7 @@ import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log import { LogsPageTemplate } from '../shared/page_template'; import { LogEntryCategoriesResultsContent } from './page_results_content'; import { LogEntryCategoriesSetupContent } from './page_setup_content'; +import { useLogMlJobIdFormatsShimContext } from '../shared/use_log_ml_job_id_formats_shim'; const logCategoriesTitle = i18n.translate('xpack.infra.logs.logCategoriesTitle', { defaultMessage: 'Categories', @@ -52,6 +53,8 @@ export const LogEntryCategoriesPageContent = () => { } }, [fetchJobStatus, hasLogAnalysisReadCapabilities]); + const { idFormats } = useLogMlJobIdFormatsShimContext(); + if (!hasLogAnalysisCapabilites) { return ( { ); - } else if (isJobStatusWithResults(jobStatus['log-entry-categories-count'])) { + } else if (isJobStatusWithResults(jobStatus[logEntryCategoriesJobType])) { return ( <> diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_providers.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_providers.tsx index 5cb6a12166c53..89bcd98d0958f 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_providers.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_providers.tsx @@ -7,12 +7,14 @@ import React from 'react'; import { useLogViewContext } from '@kbn/logs-shared-plugin/public'; +import { logEntryCategoriesJobType } from '../../../../common/log_analysis'; import { InlineLogViewSplashPage } from '../../../components/logging/inline_log_view_splash_page'; import { LogAnalysisSetupFlyoutStateProvider } from '../../../components/logging/log_analysis_setup/setup_flyout'; import { SourceLoadingPage } from '../../../components/source_loading_page'; import { LogEntryCategoriesModuleProvider } from '../../../containers/logs/log_analysis/modules/log_entry_categories'; import { useActiveKibanaSpace } from '../../../hooks/use_kibana_space'; import { ConnectedLogViewErrorPage } from '../shared/page_log_view_error'; +import { useLogMlJobIdFormatsShimContext } from '../shared/use_log_ml_job_id_formats_shim'; export const LogEntryCategoriesPageProviders: React.FunctionComponent = ({ children }) => { const { @@ -25,6 +27,8 @@ export const LogEntryCategoriesPageProviders: React.FunctionComponent = ({ child revertToDefaultLogView, } = useLogViewContext(); const { space } = useActiveKibanaSpace(); + const { idFormats, isLoadingLogAnalysisIdFormats, hasFailedLoadingLogAnalysisIdFormats } = + useLogMlJobIdFormatsShimContext(); // This is a rather crude way of guarding the dependent providers against // arguments that are only made available asynchronously. Ideally, we'd use @@ -33,9 +37,9 @@ export const LogEntryCategoriesPageProviders: React.FunctionComponent = ({ child return null; } else if (!isPersistedLogView) { return ; - } else if (hasFailedLoading) { + } else if (hasFailedLoading || hasFailedLoadingLogAnalysisIdFormats) { return ; - } else if (isLoading || isUninitialized) { + } else if (isLoading || isUninitialized || isLoadingLogAnalysisIdFormats || !idFormats) { return ; } else if (resolvedLogView != null) { if (logViewReference.type === 'log-view-inline') { @@ -46,6 +50,7 @@ export const LogEntryCategoriesPageProviders: React.FunctionComponent = ({ child indexPattern={resolvedLogView.indices} logViewId={logViewReference.logViewId} spaceId={space.id} + idFormat={idFormats[logEntryCategoriesJobType]} timestampField={resolvedLogView.timestampField} runtimeMappings={resolvedLogView.runtimeMappings} > diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_results_content.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_results_content.tsx index e1e317136deed..e1db34f31a5e0 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_results_content.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/page_results_content.tsx @@ -16,6 +16,7 @@ import { useKibana } from '@kbn/kibana-react-plugin/public'; import { MLJobsAwaitingNodeWarning, ML_PAGES, useMlHref } from '@kbn/ml-plugin/public'; import { useTrackPageview } from '@kbn/observability-shared-plugin/public'; import { useLogViewContext } from '@kbn/logs-shared-plugin/public'; +import { logEntryCategoriesJobType } from '../../../../common/log_analysis'; import { TimeRange } from '../../../../common/time/time_range'; import { CategoryJobNoticesSection } from '../../../components/logging/log_analysis_job_status'; import { AnalyzeInMlButton } from '../../../components/logging/log_analysis_results'; @@ -33,17 +34,19 @@ import { StringTimeRange, useLogEntryCategoriesResultsUrlState, } from './use_log_entry_categories_results_url_state'; +import { IdFormat } from '../../../../common/http_api/latest'; const JOB_STATUS_POLLING_INTERVAL = 30000; interface LogEntryCategoriesResultsContentProps { onOpenSetup: () => void; pageTitle: string; + idFormat: IdFormat; } export const LogEntryCategoriesResultsContent: React.FunctionComponent< LogEntryCategoriesResultsContentProps -> = ({ onOpenSetup, pageTitle }) => { +> = ({ onOpenSetup, pageTitle, idFormat }) => { useTrackPageview({ app: 'infra_logs', path: 'log_entry_categories_results' }); useTrackPageview({ app: 'infra_logs', path: 'log_entry_categories_results', delay: 15000 }); @@ -110,6 +113,7 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent< filteredDatasets: categoryQueryDatasets, onGetTopLogEntryCategoriesError: showLoadDataErrorNotification, logViewReference: { type: 'log-view-reference', logViewId }, + idFormat, startTime: categoryQueryTimeRange.timeRange.startTime, }); @@ -195,7 +199,7 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent< const analyzeInMlLink = useMlHref(ml, http.basePath.get(), { page: ML_PAGES.ANOMALY_EXPLORER, pageState: { - jobIds: [jobIds['log-entry-categories-count']], + jobIds: [jobIds[logEntryCategoriesJobType]], timeRange: { from: moment(categoryQueryTimeRange.timeRange.startTime).format('YYYY-MM-DDTHH:mm:ss.SSSZ'), to: moment(categoryQueryTimeRange.timeRange.endTime).format('YYYY-MM-DDTHH:mm:ss.SSSZ'), @@ -264,7 +268,7 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent< = ({ categoryId, timeRange, logViewReference }) => { + const { idFormats } = useLogMlJobIdFormatsShimContext(); + const { getLogEntryCategoryExamples, hasFailedLoadingLogEntryCategoryExamples, @@ -29,6 +33,7 @@ export const CategoryDetailsRow: React.FunctionComponent<{ endTime: timeRange.endTime, exampleCount, logViewReference, + idFormat: idFormats?.[logEntryCategoriesJobType], startTime: timeRange.startTime, }); diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_log_entry_category_datasets.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_log_entry_category_datasets.ts index 14e7ebfbebd35..4a194eb1fb076 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_log_entry_category_datasets.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_log_entry_category_datasets.ts @@ -7,6 +7,7 @@ import type { HttpHandler } from '@kbn/core/public'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormat } from '../../../../../common/http_api/latest'; import { getLogEntryCategoryDatasetsRequestPayloadRT, @@ -17,6 +18,7 @@ import { decodeOrThrow } from '../../../../../common/runtime_types'; interface RequestArgs { logViewReference: PersistedLogViewReference; + idFormat: IdFormat; startTime: number; endTime: number; } @@ -25,7 +27,7 @@ export const callGetLogEntryCategoryDatasetsAPI = async ( requestArgs: RequestArgs, fetch: HttpHandler ) => { - const { logViewReference, startTime, endTime } = requestArgs; + const { logViewReference, idFormat, startTime, endTime } = requestArgs; const response = await fetch(LOG_ANALYSIS_GET_LOG_ENTRY_CATEGORY_DATASETS_PATH, { method: 'POST', @@ -33,6 +35,7 @@ export const callGetLogEntryCategoryDatasetsAPI = async ( getLogEntryCategoryDatasetsRequestPayloadRT.encode({ data: { logView: logViewReference, + idFormat, timeRange: { startTime, endTime, diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_log_entry_category_examples.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_log_entry_category_examples.ts index 3e4947ca1e84f..dece712414ce6 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_log_entry_category_examples.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_log_entry_category_examples.ts @@ -7,6 +7,7 @@ import type { HttpHandler } from '@kbn/core/public'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormat } from '../../../../../common/http_api/latest'; import { getLogEntryCategoryExamplesRequestPayloadRT, @@ -17,6 +18,7 @@ import { decodeOrThrow } from '../../../../../common/runtime_types'; interface RequestArgs { logViewReference: PersistedLogViewReference; + idFormat: IdFormat; startTime: number; endTime: number; categoryId: number; @@ -27,7 +29,7 @@ export const callGetLogEntryCategoryExamplesAPI = async ( requestArgs: RequestArgs, fetch: HttpHandler ) => { - const { logViewReference, startTime, endTime, categoryId, exampleCount } = requestArgs; + const { logViewReference, idFormat, startTime, endTime, categoryId, exampleCount } = requestArgs; const response = await fetch(LOG_ANALYSIS_GET_LOG_ENTRY_CATEGORY_EXAMPLES_PATH, { method: 'POST', @@ -37,6 +39,7 @@ export const callGetLogEntryCategoryExamplesAPI = async ( categoryId, exampleCount, logView: logViewReference, + idFormat, timeRange: { startTime, endTime, diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_top_log_entry_categories.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_top_log_entry_categories.ts index c4a1b6d095a29..2b2808bf46464 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_top_log_entry_categories.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/service_calls/get_top_log_entry_categories.ts @@ -7,6 +7,7 @@ import type { HttpHandler } from '@kbn/core/public'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormat } from '../../../../../common/http_api/latest'; import { getLogEntryCategoriesRequestPayloadRT, @@ -18,6 +19,7 @@ import { decodeOrThrow } from '../../../../../common/runtime_types'; interface RequestArgs { logViewReference: PersistedLogViewReference; + idFormat: IdFormat; startTime: number; endTime: number; categoryCount: number; @@ -29,7 +31,8 @@ export const callGetTopLogEntryCategoriesAPI = async ( requestArgs: RequestArgs, fetch: HttpHandler ) => { - const { logViewReference, startTime, endTime, categoryCount, datasets, sort } = requestArgs; + const { logViewReference, idFormat, startTime, endTime, categoryCount, datasets, sort } = + requestArgs; const intervalDuration = endTime - startTime; const response = await fetch(LOG_ANALYSIS_GET_LOG_ENTRY_CATEGORIES_PATH, { @@ -38,6 +41,7 @@ export const callGetTopLogEntryCategoriesAPI = async ( getLogEntryCategoriesRequestPayloadRT.encode({ data: { logView: logViewReference, + idFormat, timeRange: { startTime, endTime, diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_results.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_results.ts index 20f7adb106857..030c0298d011e 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_results.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_results.ts @@ -8,6 +8,7 @@ import { useMemo, useState } from 'react'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormat } from '../../../../common/http_api/latest'; import { GetLogEntryCategoriesSuccessResponsePayload, GetLogEntryCategoryDatasetsSuccessResponsePayload, @@ -32,6 +33,7 @@ export const useLogEntryCategoriesResults = ({ onGetLogEntryCategoryDatasetsError, onGetTopLogEntryCategoriesError, logViewReference, + idFormat, startTime, }: { categoriesCount: number; @@ -40,6 +42,7 @@ export const useLogEntryCategoriesResults = ({ onGetLogEntryCategoryDatasetsError?: (error: Error) => void; onGetTopLogEntryCategoriesError?: (error: Error) => void; logViewReference: PersistedLogViewReference; + idFormat: IdFormat; startTime: number; }) => { const [sortOptions, setSortOptions] = useState({ @@ -58,6 +61,7 @@ export const useLogEntryCategoriesResults = ({ return await callGetTopLogEntryCategoriesAPI( { logViewReference, + idFormat, startTime, endTime, categoryCount: categoriesCount, @@ -80,7 +84,15 @@ export const useLogEntryCategoriesResults = ({ } }, }, - [categoriesCount, endTime, filteredDatasets, logViewReference.logViewId, startTime, sortOptions] + [ + categoriesCount, + endTime, + filteredDatasets, + logViewReference.logViewId, + startTime, + sortOptions, + idFormat, + ] ); const [getLogEntryCategoryDatasetsRequest, getLogEntryCategoryDatasets] = useTrackedPromise( @@ -88,7 +100,7 @@ export const useLogEntryCategoriesResults = ({ cancelPreviousOn: 'creation', createPromise: async () => { return await callGetLogEntryCategoryDatasetsAPI( - { logViewReference, startTime, endTime }, + { logViewReference, idFormat, startTime, endTime }, services.http.fetch ); }, @@ -105,7 +117,7 @@ export const useLogEntryCategoriesResults = ({ } }, }, - [categoriesCount, endTime, logViewReference.logViewId, startTime] + [categoriesCount, endTime, logViewReference.logViewId, idFormat, startTime] ); const isLoadingTopLogEntryCategories = useMemo( diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/use_log_entry_category_examples.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/use_log_entry_category_examples.tsx index c5516fdbc02f9..e50664b957d74 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/use_log_entry_category_examples.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_categories/use_log_entry_category_examples.tsx @@ -8,6 +8,7 @@ import { useMemo, useState } from 'react'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormat } from '../../../../common/http_api/latest'; import { LogEntryCategoryExample } from '../../../../common/http_api'; import { useKibanaContextForPlugin } from '../../../hooks/use_kibana'; import { useTrackedPromise } from '../../../utils/use_tracked_promise'; @@ -18,12 +19,14 @@ export const useLogEntryCategoryExamples = ({ endTime, exampleCount, logViewReference, + idFormat, startTime, }: { categoryId: number; endTime: number; exampleCount: number; logViewReference: PersistedLogViewReference; + idFormat?: IdFormat; startTime: number; }) => { const { services } = useKibanaContextForPlugin(); @@ -36,9 +39,14 @@ export const useLogEntryCategoryExamples = ({ { cancelPreviousOn: 'creation', createPromise: async () => { + if (!idFormat) { + throw new Error('idFormat is undefined'); + } + return await callGetLogEntryCategoryExamplesAPI( { logViewReference, + idFormat, startTime, endTime, categoryId, @@ -51,7 +59,7 @@ export const useLogEntryCategoryExamples = ({ setLogEntryCategoryExamples(examples); }, }, - [categoryId, endTime, exampleCount, logViewReference, startTime] + [categoryId, endTime, exampleCount, logViewReference, startTime, idFormat] ); const isLoadingLogEntryCategoryExamples = useMemo( diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page.tsx index 94950b24b1a94..50a4852c458c4 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page.tsx @@ -11,6 +11,7 @@ import { LogEntryRatePageContent } from './page_content'; import { LogEntryRatePageProviders } from './page_providers'; import { useLogsBreadcrumbs } from '../../../hooks/use_logs_breadcrumbs'; import { anomaliesTitle } from '../../../translations'; +import { LogMlJobIdFormatsShimProvider } from '../shared/use_log_ml_job_id_formats_shim'; export const LogEntryRatePage = () => { useLogsBreadcrumbs([ @@ -20,9 +21,11 @@ export const LogEntryRatePage = () => { ]); return ( - - - + + + + + ); }; diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_content.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_content.tsx index 533381dcbf7c3..e4dc0694c3f75 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_content.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_content.tsx @@ -10,7 +10,11 @@ import React, { memo, useCallback, useEffect } from 'react'; import useInterval from 'react-use/lib/useInterval'; import type { LazyObservabilityPageTemplateProps } from '@kbn/observability-shared-plugin/public'; import { useLogViewContext } from '@kbn/logs-shared-plugin/public'; -import { isJobStatusWithResults } from '../../../../common/log_analysis'; +import { + isJobStatusWithResults, + logEntryCategoriesJobType, + logEntryRateJobType, +} from '../../../../common/log_analysis'; import { LoadingPage } from '../../../components/loading_page'; import { LogAnalysisSetupStatusUnknownPrompt, @@ -28,6 +32,7 @@ import { useLogEntryRateModuleContext } from '../../../containers/logs/log_analy import { LogsPageTemplate } from '../shared/page_template'; import { LogEntryRateResultsContent } from './page_results_content'; import { LogEntryRateSetupContent } from './page_setup_content'; +import { useLogMlJobIdFormatsShimContext } from '../shared/use_log_ml_job_id_formats_shim'; const JOB_STATUS_POLLING_INTERVAL = 30000; @@ -89,6 +94,8 @@ export const LogEntryRatePageContent = memo(() => { } }, JOB_STATUS_POLLING_INTERVAL); + const { idFormats } = useLogMlJobIdFormatsShimContext(); + if (!hasLogAnalysisCapabilites) { return ( { ); } else if ( - isJobStatusWithResults(logEntryCategoriesJobStatus['log-entry-categories-count']) || - isJobStatusWithResults(logEntryRateJobStatus['log-entry-rate']) + isJobStatusWithResults(logEntryCategoriesJobStatus[logEntryCategoriesJobType]) || + isJobStatusWithResults(logEntryRateJobStatus[logEntryRateJobType]) ) { return ( <> - + ); diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_providers.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_providers.tsx index 46ce90cff63cc..273874f83ae3e 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_providers.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_providers.tsx @@ -7,6 +7,7 @@ import React from 'react'; import { useLogViewContext } from '@kbn/logs-shared-plugin/public'; +import { logEntryCategoriesJobType, logEntryRateJobType } from '../../../../common/log_analysis'; import { InlineLogViewSplashPage } from '../../../components/logging/inline_log_view_splash_page'; import { LogAnalysisSetupFlyoutStateProvider } from '../../../components/logging/log_analysis_setup/setup_flyout'; import { SourceLoadingPage } from '../../../components/source_loading_page'; @@ -15,6 +16,7 @@ import { LogEntryRateModuleProvider } from '../../../containers/logs/log_analysi import { LogEntryFlyoutProvider } from '../../../containers/logs/log_flyout'; import { useActiveKibanaSpace } from '../../../hooks/use_kibana_space'; import { ConnectedLogViewErrorPage } from '../shared/page_log_view_error'; +import { useLogMlJobIdFormatsShimContext } from '../shared/use_log_ml_job_id_formats_shim'; export const LogEntryRatePageProviders: React.FunctionComponent = ({ children }) => { const { @@ -29,6 +31,9 @@ export const LogEntryRatePageProviders: React.FunctionComponent = ({ children }) const { space } = useActiveKibanaSpace(); + const { idFormats, isLoadingLogAnalysisIdFormats, hasFailedLoadingLogAnalysisIdFormats } = + useLogMlJobIdFormatsShimContext(); + // This is a rather crude way of guarding the dependent providers against // arguments that are only made available asynchronously. Ideally, we'd use // React concurrent mode and Suspense in order to handle that more gracefully. @@ -36,9 +41,9 @@ export const LogEntryRatePageProviders: React.FunctionComponent = ({ children }) return null; } else if (!isPersistedLogView) { return ; - } else if (isLoading || isUninitialized) { + } else if (isLoading || isUninitialized || isLoadingLogAnalysisIdFormats || !idFormats) { return ; - } else if (hasFailedLoading) { + } else if (hasFailedLoading || hasFailedLoadingLogAnalysisIdFormats) { return ; } else if (resolvedLogView != null) { if (logViewReference.type === 'log-view-inline') { @@ -50,6 +55,7 @@ export const LogEntryRatePageProviders: React.FunctionComponent = ({ children }) indexPattern={resolvedLogView.indices} logViewId={logViewReference.logViewId} spaceId={space.id} + idFormat={idFormats[logEntryRateJobType]} timestampField={resolvedLogView.timestampField} runtimeMappings={resolvedLogView.runtimeMappings} > @@ -57,6 +63,7 @@ export const LogEntryRatePageProviders: React.FunctionComponent = ({ children }) indexPattern={resolvedLogView.indices} logViewId={logViewReference.logViewId} spaceId={space.id} + idFormat={idFormats[logEntryCategoriesJobType]} timestampField={resolvedLogView.timestampField} runtimeMappings={resolvedLogView.runtimeMappings} > diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_results_content.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_results_content.tsx index a4d861e38ade1..21eb5aacb2cec 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_results_content.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/page_results_content.tsx @@ -15,7 +15,12 @@ import { useKibana } from '@kbn/kibana-react-plugin/public'; import { MLJobsAwaitingNodeWarning } from '@kbn/ml-plugin/public'; import { useTrackPageview } from '@kbn/observability-shared-plugin/public'; import { useLogViewContext, LogEntryFlyout } from '@kbn/logs-shared-plugin/public'; -import { isJobStatusWithResults } from '../../../../common/log_analysis'; +import { IdFormatByJobType } from '../../../../common/http_api/latest'; +import { + isJobStatusWithResults, + logEntryCategoriesJobType, + logEntryRateJobType, +} from '../../../../common/log_analysis'; import { TimeKey } from '../../../../common/time'; import { CategoryJobNoticesSection, @@ -45,7 +50,8 @@ export const PAGINATION_DEFAULTS = { export const LogEntryRateResultsContent: React.FunctionComponent<{ pageTitle: string; -}> = ({ pageTitle }) => { + idFormats: IdFormatByJobType | null; +}> = ({ pageTitle, idFormats }) => { useTrackPageview({ app: 'infra_logs', path: 'log_entry_rate_results' }); useTrackPageview({ app: 'infra_logs', path: 'log_entry_rate_results', delay: 15000 }); @@ -82,11 +88,11 @@ export const LogEntryRateResultsContent: React.FunctionComponent<{ const jobIds = useMemo(() => { return [ - ...(isJobStatusWithResults(logEntryRateJobStatus['log-entry-rate']) - ? [logEntryRateJobIds['log-entry-rate']] + ...(isJobStatusWithResults(logEntryRateJobStatus[logEntryRateJobType]) + ? [logEntryRateJobIds[logEntryRateJobType]] : []), - ...(isJobStatusWithResults(logEntryCategoriesJobStatus['log-entry-categories-count']) - ? [logEntryCategoriesJobIds['log-entry-categories-count']] + ...(isJobStatusWithResults(logEntryCategoriesJobStatus[logEntryCategoriesJobType]) + ? [logEntryCategoriesJobIds[logEntryCategoriesJobType]] : []), ]; }, [ @@ -146,6 +152,7 @@ export const LogEntryRateResultsContent: React.FunctionComponent<{ isLoadingDatasets, } = useLogEntryAnomaliesResults({ logViewReference, + idFormats, startTime: timeRange.value.startTime, endTime: timeRange.value.endTime, defaultSortOptions: SORT_DEFAULTS, @@ -199,6 +206,7 @@ export const LogEntryRateResultsContent: React.FunctionComponent<{ return ( = ({ anomaly, timeRange }) => { const { logViewReference } = useLogViewContext(); + const { idFormats } = useLogMlJobIdFormatsShimContext(); if (logViewReference.type === 'log-view-inline') { throw new Error('Logs ML features only support persisted Log Views'); @@ -44,6 +50,7 @@ export const AnomaliesTableExpandedRow: React.FunctionComponent<{ endTime: anomaly.startTime + anomaly.duration, exampleCount: EXAMPLE_COUNT, logViewReference, + idFormat: idFormats?.[logEntryRateJobType], startTime: anomaly.startTime, categoryId: isCategoryAnomaly(anomaly) ? anomaly.categoryId : undefined, }); diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_anomalies.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_anomalies.ts index b6a515ae6f134..5f6ad4deda08a 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_anomalies.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_anomalies.ts @@ -7,6 +7,7 @@ import type { HttpHandler } from '@kbn/core/public'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormatByJobType } from '../../../../../common/http_api/latest'; import { getLogEntryAnomaliesRequestPayloadRT, getLogEntryAnomaliesSuccessReponsePayloadRT, @@ -17,6 +18,7 @@ import { AnomaliesSort, Pagination } from '../../../../../common/log_analysis'; interface RequestArgs { logViewReference: PersistedLogViewReference; + idFormats: IdFormatByJobType; startTime: number; endTime: number; sort: AnomaliesSort; @@ -25,13 +27,15 @@ interface RequestArgs { } export const callGetLogEntryAnomaliesAPI = async (requestArgs: RequestArgs, fetch: HttpHandler) => { - const { logViewReference, startTime, endTime, sort, pagination, datasets } = requestArgs; + const { logViewReference, idFormats, startTime, endTime, sort, pagination, datasets } = + requestArgs; const response = await fetch(LOG_ANALYSIS_GET_LOG_ENTRY_ANOMALIES_PATH, { method: 'POST', body: JSON.stringify( getLogEntryAnomaliesRequestPayloadRT.encode({ data: { logView: logViewReference, + idFormats, timeRange: { startTime, endTime, diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_anomalies_datasets.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_anomalies_datasets.ts index a93712c5d5a86..38ed7144140a6 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_anomalies_datasets.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_anomalies_datasets.ts @@ -7,6 +7,7 @@ import type { HttpHandler } from '@kbn/core/public'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormatByJobType } from '../../../../../common/http_api/latest'; import { decodeOrThrow } from '../../../../../common/runtime_types'; import { getLogEntryAnomaliesDatasetsRequestPayloadRT, @@ -16,6 +17,7 @@ import { interface RequestArgs { logViewReference: PersistedLogViewReference; + idFormats: IdFormatByJobType; startTime: number; endTime: number; } @@ -24,13 +26,14 @@ export const callGetLogEntryAnomaliesDatasetsAPI = async ( requestArgs: RequestArgs, fetch: HttpHandler ) => { - const { logViewReference, startTime, endTime } = requestArgs; + const { logViewReference, idFormats, startTime, endTime } = requestArgs; const response = await fetch(LOG_ANALYSIS_GET_LOG_ENTRY_ANOMALIES_DATASETS_PATH, { method: 'POST', body: JSON.stringify( getLogEntryAnomaliesDatasetsRequestPayloadRT.encode({ data: { logView: logViewReference, + idFormats, timeRange: { startTime, endTime, diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_examples.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_examples.ts index 6cf35b95868e1..a4abfbd15ba5c 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_examples.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/service_calls/get_log_entry_examples.ts @@ -7,6 +7,7 @@ import type { HttpHandler } from '@kbn/core/public'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormat } from '../../../../../common/http_api/latest'; import { getLogEntryExamplesRequestPayloadRT, @@ -17,6 +18,7 @@ import { decodeOrThrow } from '../../../../../common/runtime_types'; interface RequestArgs { logViewReference: PersistedLogViewReference; + idFormat: IdFormat; startTime: number; endTime: number; dataset: string; @@ -25,7 +27,8 @@ interface RequestArgs { } export const callGetLogEntryExamplesAPI = async (requestArgs: RequestArgs, fetch: HttpHandler) => { - const { logViewReference, startTime, endTime, dataset, exampleCount, categoryId } = requestArgs; + const { logViewReference, idFormat, startTime, endTime, dataset, exampleCount, categoryId } = + requestArgs; const response = await fetch(LOG_ANALYSIS_GET_LOG_ENTRY_RATE_EXAMPLES_PATH, { method: 'POST', body: JSON.stringify( @@ -34,6 +37,7 @@ export const callGetLogEntryExamplesAPI = async (requestArgs: RequestArgs, fetch dataset, exampleCount, logView: logViewReference, + idFormat, timeRange: { startTime, endTime, diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/use_log_entry_anomalies_results.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/use_log_entry_anomalies_results.ts index 745b5a7cd5aec..598f57751dae6 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/use_log_entry_anomalies_results.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/use_log_entry_anomalies_results.ts @@ -8,6 +8,7 @@ import { useMemo, useState, useCallback, useEffect, useReducer } from 'react'; import useMount from 'react-use/lib/useMount'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormatByJobType } from '../../../../common/http_api/latest'; import { useTrackedPromise, CanceledPromiseError } from '../../../utils/use_tracked_promise'; import { callGetLogEntryAnomaliesAPI } from './service_calls/get_log_entry_anomalies'; import { callGetLogEntryAnomaliesDatasetsAPI } from './service_calls/get_log_entry_anomalies_datasets'; @@ -139,6 +140,7 @@ export const useLogEntryAnomaliesResults = ({ endTime, startTime, logViewReference, + idFormats, defaultSortOptions, defaultPaginationOptions, onGetLogEntryAnomaliesDatasetsError, @@ -147,6 +149,7 @@ export const useLogEntryAnomaliesResults = ({ endTime: number; startTime: number; logViewReference: PersistedLogViewReference; + idFormats: IdFormatByJobType | null; defaultSortOptions: AnomaliesSort; defaultPaginationOptions: Pick; onGetLogEntryAnomaliesDatasetsError?: (error: Error) => void; @@ -175,6 +178,10 @@ export const useLogEntryAnomaliesResults = ({ { cancelPreviousOn: 'creation', createPromise: async () => { + if (!idFormats) { + throw new Error('idFormats is undefined'); + } + const { timeRange: { start: queryStartTime, end: queryEndTime }, sortOptions, @@ -185,6 +192,7 @@ export const useLogEntryAnomaliesResults = ({ return await callGetLogEntryAnomaliesAPI( { logViewReference, + idFormats, startTime: queryStartTime, endTime: queryEndTime, sort: sortOptions, @@ -218,6 +226,7 @@ export const useLogEntryAnomaliesResults = ({ }, [ logViewReference, + idFormats, dispatch, reducerState.timeRange, reducerState.sortOptions, @@ -294,8 +303,12 @@ export const useLogEntryAnomaliesResults = ({ { cancelPreviousOn: 'creation', createPromise: async () => { + if (!idFormats) { + throw new Error('idFormats is undefined'); + } + return await callGetLogEntryAnomaliesDatasetsAPI( - { logViewReference, startTime, endTime }, + { logViewReference, idFormats, startTime, endTime }, services.http.fetch ); }, @@ -312,7 +325,7 @@ export const useLogEntryAnomaliesResults = ({ } }, }, - [endTime, logViewReference, startTime] + [endTime, logViewReference, idFormats, startTime] ); const isLoadingDatasets = useMemo( diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/use_log_entry_examples.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/use_log_entry_examples.ts index 4301f08ab41da..58e7b15842a17 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/use_log_entry_examples.ts +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/log_entry_rate/use_log_entry_examples.ts @@ -8,6 +8,7 @@ import { useMemo, useState } from 'react'; import { PersistedLogViewReference } from '@kbn/logs-shared-plugin/common'; +import { IdFormat } from '../../../../common/http_api/latest'; import { LogEntryExample } from '../../../../common/log_analysis'; import { useKibanaContextForPlugin } from '../../../hooks/use_kibana'; import { useTrackedPromise } from '../../../utils/use_tracked_promise'; @@ -18,6 +19,7 @@ export const useLogEntryExamples = ({ endTime, exampleCount, logViewReference, + idFormat, startTime, categoryId, }: { @@ -25,6 +27,7 @@ export const useLogEntryExamples = ({ endTime: number; exampleCount: number; logViewReference: PersistedLogViewReference; + idFormat?: IdFormat; startTime: number; categoryId?: string; }) => { @@ -35,9 +38,14 @@ export const useLogEntryExamples = ({ { cancelPreviousOn: 'creation', createPromise: async () => { + if (!idFormat) { + throw new Error('idFormat is undefined'); + } + return await callGetLogEntryExamplesAPI( { logViewReference, + idFormat, startTime, endTime, dataset, @@ -51,7 +59,7 @@ export const useLogEntryExamples = ({ setLogEntryExamples(examples); }, }, - [dataset, endTime, exampleCount, logViewReference, startTime] + [dataset, endTime, exampleCount, logViewReference, startTime, idFormat] ); const isLoadingLogEntryExamples = useMemo( diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/shared/call_get_log_analysis_id_formats.ts b/x-pack/plugins/observability_solution/infra/public/pages/logs/shared/call_get_log_analysis_id_formats.ts new file mode 100644 index 0000000000000..7099e9fe9a762 --- /dev/null +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/shared/call_get_log_analysis_id_formats.ts @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { HttpHandler } from '@kbn/core/public'; +import { decodeOrThrow } from '../../../../common/runtime_types'; +import { + getLogAnalysisIdFormatsRequestPayloadRT, + getLogAnalysisIdFormatsSuccessResponsePayloadRT, + LOG_ANALYSIS_GET_ID_FORMATS, +} from '../../../../common/http_api/latest'; + +interface RequestArgs { + spaceId: string; + logViewId: string; +} + +export const callGetLogAnalysisIdFormats = async (requestArgs: RequestArgs, fetch: HttpHandler) => { + const { logViewId, spaceId } = requestArgs; + const response = await fetch(LOG_ANALYSIS_GET_ID_FORMATS, { + method: 'POST', + body: JSON.stringify( + getLogAnalysisIdFormatsRequestPayloadRT.encode({ + data: { + logViewId, + spaceId, + }, + }) + ), + version: '1', + }); + + return decodeOrThrow(getLogAnalysisIdFormatsSuccessResponsePayloadRT)(response); +}; diff --git a/x-pack/plugins/observability_solution/infra/public/pages/logs/shared/use_log_ml_job_id_formats_shim.tsx b/x-pack/plugins/observability_solution/infra/public/pages/logs/shared/use_log_ml_job_id_formats_shim.tsx new file mode 100644 index 0000000000000..ffa63908b8b57 --- /dev/null +++ b/x-pack/plugins/observability_solution/infra/public/pages/logs/shared/use_log_ml_job_id_formats_shim.tsx @@ -0,0 +1,81 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import createContainer from 'constate'; +import { useState, useEffect, useCallback } from 'react'; +import { useLogViewContext } from '@kbn/logs-shared-plugin/public'; +import { IdFormatByJobType, JobType } from '../../../../common/http_api/latest'; +import { useActiveKibanaSpace } from '../../../hooks/use_kibana_space'; +import { useTrackedPromise } from '../../../utils/use_tracked_promise'; + +import { useKibanaContextForPlugin } from '../../../hooks/use_kibana'; +import { callGetLogAnalysisIdFormats } from './call_get_log_analysis_id_formats'; + +const useLogMlJobIdFormatsShim = () => { + const [idFormats, setIdFormats] = useState(null); + + const { logViewReference } = useLogViewContext(); + const { space } = useActiveKibanaSpace(); + const { services } = useKibanaContextForPlugin(); + + const [getLogAnalysisIdFormatsRequest, getLogAnalysisIdFormats] = useTrackedPromise( + { + cancelPreviousOn: 'creation', + createPromise: async () => { + if (!space) { + return { data: null }; + } + + if (logViewReference.type === 'log-view-inline') { + throw new Error('Logs ML features only support persisted Log Views'); + } + + return await callGetLogAnalysisIdFormats( + { + logViewId: logViewReference.logViewId, + spaceId: space.id, + }, + services.http.fetch + ); + }, + onResolve: ({ data }) => { + setIdFormats(data); + }, + }, + [logViewReference, space] + ); + + useEffect(() => { + getLogAnalysisIdFormats(); + }, [getLogAnalysisIdFormats]); + + const isLoadingLogAnalysisIdFormats = getLogAnalysisIdFormatsRequest.state === 'pending'; + const hasFailedLoadingLogAnalysisIdFormats = getLogAnalysisIdFormatsRequest.state === 'rejected'; + + const migrateIdFormat = useCallback((jobType: JobType) => { + setIdFormats((previousValue) => { + if (!previousValue) { + return null; + } + + return { + ...previousValue, + [jobType]: 'hashed', + }; + }); + }, []); + + return { + idFormats, + migrateIdFormat, + isLoadingLogAnalysisIdFormats, + hasFailedLoadingLogAnalysisIdFormats, + }; +}; + +export const [LogMlJobIdFormatsShimProvider, useLogMlJobIdFormatsShimContext] = + createContainer(useLogMlJobIdFormatsShim); diff --git a/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/components/table/entry_title.tsx b/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/components/table/entry_title.tsx index b2fdcc1a1a734..0f6e65ef4c1d2 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/components/table/entry_title.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/components/table/entry_title.tsx @@ -5,19 +5,13 @@ * 2.0. */ import React from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiLink, EuiToolTip, IconType } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiLink, EuiToolTip } from '@elastic/eui'; import { useLinkProps } from '@kbn/observability-shared-plugin/public'; +import { CloudProviderIcon } from '@kbn/custom-icons'; import { useNodeDetailsRedirect } from '../../../../link_to'; -import type { CloudProvider, HostNodeRow } from '../../hooks/use_hosts_table'; +import type { HostNodeRow } from '../../hooks/use_hosts_table'; import { useUnifiedSearchContext } from '../../hooks/use_unified_search'; -const cloudIcons: Record = { - gcp: 'logoGCP', - aws: 'logoAWS', - azure: 'logoAzure', - unknownProvider: 'cloudSunny', -}; - interface EntryTitleProps { onClick: () => void; title: HostNodeRow['title']; @@ -40,7 +34,6 @@ export const EntryTitle = ({ onClick, title }: EntryTitleProps) => { }), }); - const iconType = (cloudProvider && cloudIcons[cloudProvider]) || cloudIcons.unknownProvider; const providerName = cloudProvider ?? 'Unknown'; return ( @@ -52,7 +45,7 @@ export const EntryTitle = ({ onClick, title }: EntryTitleProps) => { > - + diff --git a/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/hooks/use_hosts_table.tsx b/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/hooks/use_hosts_table.tsx index 290062a2f1d48..c1c4093d96e46 100644 --- a/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/hooks/use_hosts_table.tsx +++ b/x-pack/plugins/observability_solution/infra/public/pages/metrics/hosts/hooks/use_hosts_table.tsx @@ -15,6 +15,7 @@ import { import createContainer from 'constate'; import { isEqual } from 'lodash'; import { isNumber } from 'lodash/fp'; +import { CloudProvider } from '@kbn/custom-icons'; import { hostLensFormulas } from '../../../../common/visualizations'; import { useKibanaContextForPlugin } from '../../../../hooks/use_kibana'; import { createInventoryMetricFormatter } from '../../inventory_view/lib/create_inventory_metric_formatter'; @@ -35,7 +36,6 @@ import { buildCombinedHostsFilter } from '../../../../utils/filters/build'; /** * Columns and items types */ -export type CloudProvider = 'gcp' | 'aws' | 'azure' | 'unknownProvider'; type HostMetrics = Record; interface HostMetadata { diff --git a/x-pack/plugins/observability_solution/infra/server/infra_server.ts b/x-pack/plugins/observability_solution/infra/server/infra_server.ts index 6ab8781bdfc4e..66c65428833ac 100644 --- a/x-pack/plugins/observability_solution/infra/server/infra_server.ts +++ b/x-pack/plugins/observability_solution/infra/server/infra_server.ts @@ -21,6 +21,7 @@ import { initGetLogEntryExamplesRoute, initValidateLogAnalysisDatasetsRoute, initValidateLogAnalysisIndicesRoute, + initGetLogAnalysisIdFormatsRoute, } from './routes/log_analysis'; import { initMetadataRoute } from './routes/metadata'; import { initMetricsAPIRoute } from './routes/metrics_api'; @@ -45,6 +46,7 @@ export const initInfraServer = (libs: InfraBackendLibs) => { initSnapshotRoute(libs); initNodeDetailsRoute(libs); initMetricsSourceConfigurationRoutes(libs); + initGetLogAnalysisIdFormatsRoute(libs); initValidateLogAnalysisDatasetsRoute(libs); initValidateLogAnalysisIndicesRoute(libs); initGetLogEntryExamplesRoute(libs); diff --git a/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_anomalies.ts b/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_anomalies.ts index 591376450be38..41152d17572a8 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_anomalies.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_anomalies.ts @@ -7,13 +7,16 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { PersistedLogViewReference, ResolvedLogView } from '@kbn/logs-shared-plugin/common'; +import { IdFormat, IdFormatByJobType } from '../../../common/http_api/latest'; import { AnomaliesSort, getJobId, isCategoryAnomaly, jobCustomSettingsRT, LogEntryAnomalyDatasets, + logEntryCategoriesJobType, logEntryCategoriesJobTypes, + logEntryRateJobType, logEntryRateJobTypes, Pagination, } from '../../../common/log_analysis'; @@ -55,10 +58,21 @@ interface MappedAnomalyHit { async function getCompatibleAnomaliesJobIds( spaceId: string, logViewId: string, + idFormats: IdFormatByJobType, mlAnomalyDetectors: MlAnomalyDetectors ) { - const logRateJobId = getJobId(spaceId, logViewId, logEntryRateJobTypes[0]); - const logCategoriesJobId = getJobId(spaceId, logViewId, logEntryCategoriesJobTypes[0]); + const logRateJobId = getJobId( + spaceId, + logViewId, + idFormats[logEntryRateJobType], + logEntryRateJobType + ); + const logCategoriesJobId = getJobId( + spaceId, + logViewId, + idFormats[logEntryCategoriesJobType], + logEntryCategoriesJobType + ); const jobIds: string[] = []; let jobSpans: TracingSpan[] = []; @@ -100,6 +114,7 @@ export async function getLogEntryAnomalies( infra: Promise>; }, logView: PersistedLogViewReference, + idFormats: IdFormatByJobType, startTime: number, endTime: number, sort: AnomaliesSort, @@ -115,6 +130,7 @@ export async function getLogEntryAnomalies( } = await getCompatibleAnomaliesJobIds( infraContext.spaceId, logView.logViewId, + idFormats, infraContext.mlAnomalyDetectors ); @@ -156,7 +172,8 @@ export async function getLogEntryAnomalies( const logEntryCategoriesCountJobId = getJobId( infraContext.spaceId, logView.logViewId, - logEntryCategoriesJobTypes[0] + idFormats[logEntryCategoriesJobType], + logEntryCategoriesJobType ); const { logEntryCategoriesById } = await fetchLogEntryCategories( @@ -332,6 +349,7 @@ export async function getLogEntryExamples( infra: Promise>; }, logView: PersistedLogViewReference, + idFormat: IdFormat, startTime: number, endTime: number, dataset: string, @@ -346,6 +364,7 @@ export async function getLogEntryExamples( const jobId = getJobId( infraContext.spaceId, logView.logViewId, + idFormat, categoryId != null ? logEntryCategoriesJobTypes[0] : logEntryRateJobTypes[0] ); @@ -371,6 +390,7 @@ export async function getLogEntryExamples( } = await fetchLogEntryExamples( context, logView, + idFormat, indices, runtimeMappings, timestampField, @@ -398,6 +418,7 @@ export async function fetchLogEntryExamples( infra: Promise>; }, logView: PersistedLogViewReference, + idFormat: IdFormat, indices: string, runtimeMappings: estypes.MappingRuntimeFields, timestampField: string, @@ -421,6 +442,7 @@ export async function fetchLogEntryExamples( const logEntryCategoriesCountJobId = getJobId( infraContext.spaceId, logView.logViewId, + idFormat, logEntryCategoriesJobTypes[0] ); @@ -484,6 +506,7 @@ export async function getLogEntryAnomaliesDatasets( }; }, logView: PersistedLogViewReference, + idFormats: IdFormatByJobType, startTime: number, endTime: number ) { @@ -493,6 +516,7 @@ export async function getLogEntryAnomaliesDatasets( } = await getCompatibleAnomaliesJobIds( context.infra.spaceId, logView.logViewId, + idFormats, context.infra.mlAnomalyDetectors ); diff --git a/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_categories_analysis.ts b/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_categories_analysis.ts index 88678f4c79c53..b9e908bf49eee 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_categories_analysis.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_categories_analysis.ts @@ -12,6 +12,7 @@ import { PersistedLogViewReference, ResolvedLogView, } from '@kbn/logs-shared-plugin/common'; +import { IdFormat } from '../../../common/http_api/latest'; import { CategoriesSort, compareDatasetsByMaximumAnomalyScore, @@ -51,6 +52,7 @@ export async function getTopLogEntryCategories( }; }, logView: PersistedLogViewReference, + idFormat: IdFormat, startTime: number, endTime: number, categoryCount: number, @@ -63,6 +65,7 @@ export async function getTopLogEntryCategories( const logEntryCategoriesCountJobId = getJobId( context.infra.spaceId, logView.logViewId, + idFormat, logEntryCategoriesJobTypes[0] ); @@ -123,12 +126,14 @@ export async function getLogEntryCategoryDatasets( }; }, logView: PersistedLogViewReference, + idFormat: IdFormat, startTime: number, endTime: number ) { const logEntryCategoriesCountJobId = getJobId( context.infra.spaceId, logView.logViewId, + idFormat, logEntryCategoriesJobTypes[0] ); @@ -147,6 +152,7 @@ export async function getLogEntryCategoryExamples( }; }, logView: PersistedLogViewReference, + idFormat: IdFormat, startTime: number, endTime: number, categoryId: number, @@ -158,6 +164,7 @@ export async function getLogEntryCategoryExamples( const logEntryCategoriesCountJobId = getJobId( context.infra.spaceId, logView.logViewId, + idFormat, logEntryCategoriesJobTypes[0] ); diff --git a/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_rate_analysis.ts b/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_rate_analysis.ts index 1e043fed0986a..5231fb5dc14ec 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_rate_analysis.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/log_entry_rate_analysis.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { IdFormat } from '../../../common/http_api/latest'; import { decodeOrThrow } from '../../../common/runtime_types'; import { logRateModelPlotResponseRT, @@ -12,7 +13,7 @@ import { LogRateModelPlotBucket, CompositeTimestampPartitionKey, } from './queries'; -import { getJobId } from '../../../common/log_analysis'; +import { getJobId, logEntryRateJobType } from '../../../common/log_analysis'; import type { MlSystem } from '../../types'; const COMPOSITE_AGGREGATION_BATCH_SIZE = 1000; @@ -25,12 +26,13 @@ export async function getLogEntryRateBuckets( }; }, logViewId: string, + idFormat: IdFormat, startTime: number, endTime: number, bucketDuration: number, datasets?: string[] ) { - const logRateJobId = getJobId(context.infra.spaceId, logViewId, 'log-entry-rate'); + const logRateJobId = getJobId(context.infra.spaceId, logViewId, idFormat, logEntryRateJobType); let mlModelPlotBuckets: LogRateModelPlotBucket[] = []; let afterLatestBatchKey: CompositeTimestampPartitionKey | undefined; diff --git a/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/resolve_id_formats.ts b/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/resolve_id_formats.ts new file mode 100644 index 0000000000000..48f3b3e2fdc55 --- /dev/null +++ b/x-pack/plugins/observability_solution/infra/server/lib/log_analysis/resolve_id_formats.ts @@ -0,0 +1,73 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { MlAnomalyDetectors } from '@kbn/ml-plugin/server'; +import { IdFormat, IdFormatByJobType, JobType } from '../../../common/http_api/latest'; +import { + getJobId, + logEntryCategoriesJobType, + logEntryRateJobType, +} from '../../../common/log_analysis'; + +export async function resolveIdFormats( + spaceId: string, + logViewId: string, + mlAnomalyDetectors: MlAnomalyDetectors +): Promise { + const entryRateFormat = await resolveIdFormat( + spaceId, + logViewId, + logEntryRateJobType, + mlAnomalyDetectors + ); + const entryCategoriesCountFormat = await resolveIdFormat( + spaceId, + logViewId, + logEntryCategoriesJobType, + mlAnomalyDetectors + ); + + return { + [logEntryRateJobType]: entryRateFormat, + [logEntryCategoriesJobType]: entryCategoriesCountFormat, + }; +} + +async function resolveIdFormat( + spaceId: string, + logViewId: string, + jobType: JobType, + mlAnomalyDetectors: MlAnomalyDetectors +): Promise { + try { + const hashedJobId = getJobId(spaceId, logViewId, 'hashed', jobType); + const hashedJobs = await mlAnomalyDetectors.jobs(hashedJobId); + if (hashedJobs.count > 0) { + return 'hashed'; + } + } catch (e) { + // Ignore 404 in case the job isn't found + if (e.statusCode !== 404) { + throw e; + } + } + + try { + const legacyJobId = getJobId(spaceId, logViewId, 'legacy', jobType); + const legacyJobs = await mlAnomalyDetectors.jobs(legacyJobId); + if (legacyJobs.count > 0) { + return 'legacy'; + } + } catch (e) { + // Ignore 404 in case the job isn't found + if (e.statusCode !== 404) { + throw e; + } + } + + return 'hashed'; +} diff --git a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/id_formats.ts b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/id_formats.ts new file mode 100644 index 0000000000000..800d43df448d5 --- /dev/null +++ b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/id_formats.ts @@ -0,0 +1,75 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import Boom from '@hapi/boom'; +import { createValidationFunction } from '@kbn/logs-shared-plugin/common/runtime_types'; +import { + LOG_ANALYSIS_GET_ID_FORMATS, + getLogAnalysisIdFormatsRequestPayloadRT, + getLogAnalysisIdFormatsSuccessResponsePayloadRT, +} from '../../../common/http_api/latest'; +import { InfraBackendLibs } from '../../lib/infra_types'; +import { isMlPrivilegesError } from '../../lib/log_analysis'; +import { resolveIdFormats } from '../../lib/log_analysis/resolve_id_formats'; +import { assertHasInfraMlPlugins } from '../../utils/request_context'; + +export const initGetLogAnalysisIdFormatsRoute = ({ framework }: InfraBackendLibs) => { + framework + .registerVersionedRoute({ + access: 'internal', + method: 'post', + path: LOG_ANALYSIS_GET_ID_FORMATS, + }) + .addVersion( + { + version: '1', + validate: { + request: { + body: createValidationFunction(getLogAnalysisIdFormatsRequestPayloadRT), + }, + }, + }, + framework.router.handleLegacyErrors(async (requestContext, request, response) => { + const { + data: { logViewId, spaceId }, + } = request.body; + + try { + const infraMlContext = await assertHasInfraMlPlugins(requestContext); + const mlAnomalyDetectors = (await infraMlContext.infra).mlAnomalyDetectors; + + const idFormatByJobType = await resolveIdFormats(logViewId, spaceId, mlAnomalyDetectors); + + return response.ok({ + body: getLogAnalysisIdFormatsSuccessResponsePayloadRT.encode({ + data: idFormatByJobType, + }), + }); + } catch (error) { + if (Boom.isBoom(error)) { + throw error; + } + + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + + return response.customError({ + statusCode: error.statusCode ?? 500, + body: { + message: error.message ?? 'An unexpected error occurred', + }, + }); + } + }) + ); +}; diff --git a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/index.ts b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/index.ts index a642cd830b6fb..a3266adfd6ddd 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/index.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/index.ts @@ -7,3 +7,4 @@ export * from './results'; export * from './validation'; +export { initGetLogAnalysisIdFormatsRoute } from './id_formats'; diff --git a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_anomalies.ts b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_anomalies.ts index 30a9aadda432a..1af2b1e7f9806 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_anomalies.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_anomalies.ts @@ -40,6 +40,7 @@ export const initGetLogEntryAnomaliesRoute = ({ framework }: InfraBackendLibs) = const { data: { logView, + idFormats, timeRange: { startTime, endTime }, sort: sortParam, pagination: paginationParam, @@ -60,6 +61,7 @@ export const initGetLogEntryAnomaliesRoute = ({ framework }: InfraBackendLibs) = } = await getLogEntryAnomalies( infraMlContext, logView, + idFormats, startTime, endTime, sort, diff --git a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts index ce10ba09a059f..0b6444c1a9d7b 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts @@ -39,6 +39,7 @@ export const initGetLogEntryAnomaliesDatasetsRoute = ({ framework }: InfraBacken const { data: { logView, + idFormats, timeRange: { startTime, endTime }, }, } = request.body; @@ -49,6 +50,7 @@ export const initGetLogEntryAnomaliesDatasetsRoute = ({ framework }: InfraBacken const { datasets, timing } = await getLogEntryAnomaliesDatasets( { infra: await infraMlContext.infra }, logView, + idFormats, startTime, endTime ); diff --git a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_categories.ts b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_categories.ts index f51f81a846bbb..92221d5ce359d 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_categories.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_categories.ts @@ -41,6 +41,7 @@ export const initGetLogEntryCategoriesRoute = ({ framework }: InfraBackendLibs) categoryCount, histograms, logView, + idFormat, timeRange: { startTime, endTime }, datasets, sort, @@ -53,6 +54,7 @@ export const initGetLogEntryCategoriesRoute = ({ framework }: InfraBackendLibs) const { data: topLogEntryCategories, timing } = await getTopLogEntryCategories( { infra: await infraMlContext.infra }, logView, + idFormat, startTime, endTime, categoryCount, diff --git a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts index 9ed89f1adb05b..1c62b67091a56 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts @@ -39,6 +39,7 @@ export const initGetLogEntryCategoryDatasetsRoute = ({ framework }: InfraBackend const { data: { logView, + idFormat, timeRange: { startTime, endTime }, }, } = request.body; @@ -49,6 +50,7 @@ export const initGetLogEntryCategoryDatasetsRoute = ({ framework }: InfraBackend const { data: logEntryCategoryDatasets, timing } = await getLogEntryCategoryDatasets( { infra: await infraMlContext.infra }, logView, + idFormat, startTime, endTime ); diff --git a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_category_examples.ts b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_category_examples.ts index 828912143d412..c80aed6eab0fb 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_category_examples.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_category_examples.ts @@ -44,6 +44,7 @@ export const initGetLogEntryCategoryExamplesRoute = ({ categoryId, exampleCount, logView, + idFormat, timeRange: { startTime, endTime }, }, } = request.body; @@ -59,6 +60,7 @@ export const initGetLogEntryCategoryExamplesRoute = ({ const { data: logEntryCategoryExamples, timing } = await getLogEntryCategoryExamples( { infra: await infraMlContext.infra, core: await infraMlContext.core }, logView, + idFormat, startTime, endTime, categoryId, diff --git a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_examples.ts b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_examples.ts index df79783a56edc..8be303ca01f8d 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_examples.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/log_analysis/results/log_entry_examples.ts @@ -44,6 +44,7 @@ export const initGetLogEntryExamplesRoute = ({ dataset, exampleCount, logView, + idFormat, timeRange: { startTime, endTime }, categoryId, }, @@ -60,6 +61,7 @@ export const initGetLogEntryExamplesRoute = ({ const { data: logEntryExamples, timing } = await getLogEntryExamples( infraMlContext, logView, + idFormat, startTime, endTime, dataset, diff --git a/x-pack/plugins/observability_solution/infra/tsconfig.json b/x-pack/plugins/observability_solution/infra/tsconfig.json index a710b1e63d7fd..800554f8bfde5 100644 --- a/x-pack/plugins/observability_solution/infra/tsconfig.json +++ b/x-pack/plugins/observability_solution/infra/tsconfig.json @@ -80,7 +80,8 @@ "@kbn/expressions-plugin", "@kbn/chart-icons", "@kbn/advanced-settings-plugin", - "@kbn/cloud-plugin" + "@kbn/cloud-plugin", + "@kbn/custom-icons" ], "exclude": ["target/**/*"] } diff --git a/x-pack/plugins/observability_solution/ux/public/components/app/rum_dashboard/ux_overview_fetchers.ts b/x-pack/plugins/observability_solution/ux/public/components/app/rum_dashboard/ux_overview_fetchers.ts index 4df3c8c1e8470..46ab3ddff2529 100644 --- a/x-pack/plugins/observability_solution/ux/public/components/app/rum_dashboard/ux_overview_fetchers.ts +++ b/x-pack/plugins/observability_solution/ux/public/components/app/rum_dashboard/ux_overview_fetchers.ts @@ -39,7 +39,7 @@ async function getCoreWebVitalsResponse({ dataStartPlugin, }: WithDataPlugin) { const dataViewResponse = await callApmApi( - 'GET /internal/apm/data_view/title', + 'GET /internal/apm/data_view/index_pattern', { signal: null, } @@ -47,7 +47,7 @@ async function getCoreWebVitalsResponse({ return await esQuery>(dataStartPlugin, { params: { - index: dataViewResponse.apmDataViewTitle, + index: dataViewResponse.apmDataViewIndexPattern, ...coreWebVitalsQuery(absoluteTime.start, absoluteTime.end, undefined, { serviceName: serviceName ? [serviceName] : undefined, }), @@ -83,7 +83,7 @@ export async function hasRumData( params: WithDataPlugin ): Promise { const dataViewResponse = await callApmApi( - 'GET /internal/apm/data_view/title', + 'GET /internal/apm/data_view/index_pattern', { signal: null, } @@ -93,7 +93,7 @@ export async function hasRumData( params.dataStartPlugin, { params: { - index: dataViewResponse.apmDataViewTitle, + index: dataViewResponse.apmDataViewIndexPattern, ...hasRumDataQuery({ start: params?.absoluteTime?.start, end: params?.absoluteTime?.end, @@ -102,7 +102,10 @@ export async function hasRumData( } ); - return formatHasRumResult(esQueryResponse, dataViewResponse.apmDataViewTitle); + return formatHasRumResult( + esQueryResponse, + dataViewResponse.apmDataViewIndexPattern + ); } async function esQuery( diff --git a/x-pack/plugins/observability_solution/ux/public/hooks/use_dynamic_data_view.ts b/x-pack/plugins/observability_solution/ux/public/hooks/use_dynamic_data_view.ts index 81fb2f966966b..d051e07d0057d 100644 --- a/x-pack/plugins/observability_solution/ux/public/hooks/use_dynamic_data_view.ts +++ b/x-pack/plugins/observability_solution/ux/public/hooks/use_dynamic_data_view.ts @@ -9,13 +9,13 @@ import { useFetcher } from './use_fetcher'; export function useDynamicDataViewTitle() { const { data, status } = useFetcher((callApmApi) => { - return callApmApi('GET /internal/apm/data_view/title', { + return callApmApi('GET /internal/apm/data_view/index_pattern', { isCachable: true, }); }, []); return { - dataViewTitle: data?.apmDataViewTitle, + dataViewTitle: data?.apmDataViewIndexPattern, status, }; } diff --git a/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts index e43dbf4b5d487..fc79d1b9a69bb 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/live_query.cy.ts @@ -58,7 +58,10 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => { expect(interception.response?.body.data.queries[0]).to.have.property('timeout', 890); }); checkResults(); - cy.get('[data-gridcell-column-index="0"][data-gridcell-row-index="0"]').should('exist').click(); + cy.get('[data-gridcell-column-index="0"][data-gridcell-row-index="0"]').should('exist'); + cy.get( + '[data-gridcell-column-index="0"][data-gridcell-row-index="0"] [data-datagrid-interactable="true"]' + ).click(); cy.url().should('include', 'app/fleet/agents/'); }); diff --git a/x-pack/plugins/osquery/package.json b/x-pack/plugins/osquery/package.json index a708e9a383031..4e9070d780d28 100644 --- a/x-pack/plugins/osquery/package.json +++ b/x-pack/plugins/osquery/package.json @@ -12,7 +12,7 @@ "cypress:run": "yarn cypress run", "cypress:serverless": "NODE_OPTIONS=--openssl-legacy-provider node ../security_solution/scripts/start_cypress_parallel --config-file ../osquery/cypress/serverless_cypress.config.ts --ftr-config-file ../../../x-pack/test/osquery_cypress/serverless_cli_config", "cypress:serverless:open": "yarn cypress:serverless open", - "cypress:serverless:run": "yarn cypress:serverless run --spec ./cypress/e2e/all/packs_integration.cy.ts", + "cypress:serverless:run": "yarn cypress:serverless run", "nyc": "../../../node_modules/.bin/nyc report --reporter=text-summary", "junit:merge": "../../../node_modules/.bin/mochawesome-merge ../../../target/kibana-osquery/cypress/results/mochawesome*.json > ../../../target/kibana-osquery/cypress/results/output.json && ../../../node_modules/.bin/marge ../../../target/kibana-osquery/cypress/results/output.json --reportDir ../../../target/kibana-osquery/cypress/results && yarn junit:transform && mkdir -p ../../../target/junit && cp ../../../target/kibana-osquery/cypress/results/*.xml ../../../target/junit/", "junit:transform": "node ../security_solution/scripts/junit_transformer --pathPattern '../../../target/kibana-osquery/cypress/results/*.xml' --rootDirectory ../../../ --reportName 'Osquery Cypress' --writeInPlace", diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json new file mode 100644 index 0000000000000..dc58c07386899 --- /dev/null +++ b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json @@ -0,0 +1 @@ +[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the client."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.origin.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.origin.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.origin.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.origin.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.origin.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.origin.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.origin.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.origin.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.origin.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.target.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.target.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.target.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.target.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.target.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.target.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.target.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.target.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.target.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.target.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.target.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"container.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"container.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.hash.all","type":"keyword","normalization":"array","example":"[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]","description":"An array of digests of the image the container was built on."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.memory.usage","type":"scaled_float","normalization":"","example":"","description":"Percent memory used, between 0 and 1."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"container.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"container.security_context.privileged","type":"boolean","normalization":"","example":"","description":"Indicates whether the container is running in privileged mode."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the destination."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"device.id","type":"keyword","normalization":"","example":"00000000-54b3-e7c7-0000-000046bffd97","description":"The unique identifier of a device."},{"field":"device.manufacturer","type":"keyword","normalization":"","example":"Samsung","description":"The vendor name of the device manufacturer."},{"field":"device.model.identifier","type":"keyword","normalization":"","example":"SM-G920F","description":"The machine readable identifier of the device model."},{"field":"device.model.name","type":"keyword","normalization":"","example":"Samsung Galaxy S6","description":"The human readable marketing name of the device model."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"dll.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"dll.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"dll.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"dll.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dll.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"dll.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"dll.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"dll.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"dll.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"dll.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"email.attachments","type":"nested","normalization":"array","example":"","description":"List of objects describing the attachments."},{"field":"email.attachments.file.extension","type":"keyword","normalization":"","example":"txt","description":"Attachment file extension."},{"field":"email.attachments.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"email.attachments.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"email.attachments.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"email.attachments.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"email.attachments.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"email.attachments.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"email.attachments.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"email.attachments.file.mime_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the attachment file."},{"field":"email.attachments.file.name","type":"keyword","normalization":"","example":"attachment.txt","description":"Name of the attachment file."},{"field":"email.attachments.file.size","type":"long","normalization":"","example":64329,"description":"Attachment file size."},{"field":"email.bcc.address","type":"keyword","normalization":"array","example":"bcc.user1@example.com","description":"Email address of BCC recipient"},{"field":"email.cc.address","type":"keyword","normalization":"array","example":"cc.user1@example.com","description":"Email address of CC recipient"},{"field":"email.content_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the email message."},{"field":"email.delivery_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time when message was delivered."},{"field":"email.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the message."},{"field":"email.from.address","type":"keyword","normalization":"array","example":"sender@example.com","description":"The sender's email address."},{"field":"email.local_id","type":"keyword","normalization":"","example":"c26dbea0-80d5-463b-b93c-4e8b708219ce","description":"Unique identifier given by the source."},{"field":"email.message_id","type":"wildcard","normalization":"","example":"81ce15$8r2j59@mail01.example.com","description":"Value from the Message-ID header."},{"field":"email.origination_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time the email was composed."},{"field":"email.reply_to.address","type":"keyword","normalization":"array","example":"reply.here@example.com","description":"Address replies should be delivered to."},{"field":"email.sender.address","type":"keyword","normalization":"","example":"","description":"Address of the message sender."},{"field":"email.subject","type":"keyword","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.subject.text","type":"match_only_text","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.to.address","type":"keyword","normalization":"array","example":"user1@example.com","description":"Email address of recipient"},{"field":"email.x_mailer","type":"keyword","normalization":"","example":"Spambot v2.5","description":"Application that drafted email."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"`event.end` contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"`event.start` contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"faas.coldstart","type":"boolean","normalization":"","example":"","description":"Boolean value indicating a cold start of a function."},{"field":"faas.execution","type":"keyword","normalization":"","example":"af9d5aa4-a685-4c5f-a22b-444f80b3cc28","description":"The execution ID of the current function execution."},{"field":"faas.id","type":"keyword","normalization":"","example":"arn:aws:lambda:us-west-2:123456789012:function:my-function","description":"The unique identifier of a serverless function."},{"field":"faas.name","type":"keyword","normalization":"","example":"my-function","description":"The name of a serverless function."},{"field":"faas.trigger.request_id","type":"keyword","normalization":"","example":123456789,"description":"The ID of the trigger request , message, event, etc."},{"field":"faas.trigger.type","type":"keyword","normalization":"","example":"http","description":"The trigger for the function execution."},{"field":"faas.version","type":"keyword","normalization":"","example":123,"description":"The version of a serverless function."},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"file.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"file.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"file.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"file.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"file.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"file.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.boot.id","type":"keyword","normalization":"","example":"88a1f0ed-5ae5-41ee-af6b-41921c311872","description":"Linux boot uuid taken from /proc/sys/kernel/random/boot_id"},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.pid_ns_ino","type":"keyword","normalization":"","example":256383,"description":"Pid namespace inode"},{"field":"host.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"host.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"POST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"long","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.appname","type":"keyword","normalization":"","example":"sshd","description":"The device or application that originated the Syslog message."},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.hostname","type":"keyword","normalization":"","example":"example-host","description":"The host that originated the Syslog message."},{"field":"log.syslog.msgid","type":"keyword","normalization":"","example":"ID47","description":"An identifier for the type of Syslog message."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.procid","type":"keyword","normalization":"","example":12345,"description":"The process name or ID that originated the Syslog message."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"log.syslog.structured_data","type":"flattened","normalization":"","example":"","description":"Structured data expressed in RFC 5424 messages."},{"field":"log.syslog.version","type":"keyword","normalization":"","example":1,"description":"Syslog protocol version."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"Application protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the cluster."},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.annotation","type":"keyword","normalization":"array","example":"['key1:value1', 'key2:value2', 'key3:value3']","description":"The list of annotations added to the resource."},{"field":"orchestrator.resource.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the resource being acted upon."},{"field":"orchestrator.resource.ip","type":"ip","normalization":"array","example":"","description":"IP address assigned to the resource associated with the event being observed."},{"field":"orchestrator.resource.label","type":"keyword","normalization":"array","example":"['key1:value1', 'key2:value2', 'key3:value3']","description":"The list of labels added to the resource."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.parent.type","type":"keyword","normalization":"","example":"DaemonSet","description":"Type or kind of the parent resource associated with the event being observed."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.entry_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.entry_leader.attested_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.attested_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.attested_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.attested_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.entry_meta.source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"process.entry_leader.entry_meta.type","type":"keyword","normalization":"","example":"","description":"The entry type for the entry session leader."},{"field":"process.entry_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.entry_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.entry_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.entry_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.entry_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.entry_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.entry_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.env_vars","type":"keyword","normalization":"array","example":["PATH=/usr/local/bin:/usr/bin","USER=ubuntu"],"description":"Array of environment variable bindings."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.group_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.group_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.group_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.group_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.group_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.group_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.group_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.group_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.group_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.group_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.group_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.group_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.group_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.io","type":"object","normalization":"","example":"","description":"A chunk of input or output (IO) from a single process."},{"field":"process.io.bytes_skipped","type":"object","normalization":"array","example":"","description":"An array of byte offsets and lengths denoting where IO data has been skipped."},{"field":"process.io.bytes_skipped.length","type":"long","normalization":"","example":"","description":"The length of bytes skipped."},{"field":"process.io.bytes_skipped.offset","type":"long","normalization":"","example":"","description":"The byte offset into this event's io.text (or io.bytes in the future) where length bytes were skipped."},{"field":"process.io.max_bytes_per_process_exceeded","type":"boolean","normalization":"","example":"","description":"If true, the process producing the output has exceeded the max_kilobytes_per_process configuration setting."},{"field":"process.io.text","type":"wildcard","normalization":"","example":"","description":"A chunk of output or input sanitized to UTF-8."},{"field":"process.io.total_bytes_captured","type":"long","normalization":"","example":"","description":"The total number of bytes captured in this event."},{"field":"process.io.total_bytes_skipped","type":"long","normalization":"","example":"","description":"The total number of bytes that were not captured due to implementation restrictions such as buffer size limits."},{"field":"process.io.type","type":"keyword","normalization":"","example":"","description":"The type of object on which the IO action (read or write) was taken."},{"field":"process.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.parent.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.group_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.parent.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.parent.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.parent.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.parent.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.parent.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.parent.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.parent.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.parent.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.parent.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.parent.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.thread.capabilities.effective","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities used for permission checks."},{"field":"process.parent.thread.capabilities.permitted","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities a thread could assume."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.parent.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.parent.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.previous.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.previous.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.previous.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.previous.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.session_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.session_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.session_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.session_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.session_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.session_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.session_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.session_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.thread.capabilities.effective","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities used for permission checks."},{"field":"process.thread.capabilities.permitted","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities a thread could assume."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.tty.columns","type":"long","normalization":"","example":80,"description":"The number of character columns per line. e.g terminal width"},{"field":"process.tty.rows","type":"long","normalization":"","example":24,"description":"The number of character rows in the terminal. e.g terminal height"},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the server."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.origin.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.origin.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.origin.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.origin.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.origin.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.origin.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.origin.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.origin.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.origin.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.target.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.target.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.target.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.target.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.target.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.target.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.target.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.target.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.target.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the source."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.enrichments.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.enrichments.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.enrichments.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.occurred","type":"date","normalization":"","example":"2021-10-05T17:00:58.326Z","description":"Date of match"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.feed.dashboard_id","type":"keyword","normalization":"","example":"5ba16340-72e6-11eb-a3e3-b3cc7c78a70f","description":"Feed dashboard ID."},{"field":"threat.feed.description","type":"keyword","normalization":"","example":"Threat feed from the AlienVault Open Threat eXchange network.","description":"Description of the threat feed."},{"field":"threat.feed.name","type":"keyword","normalization":"","example":"AlienVault OTX","description":"Name of the threat feed."},{"field":"threat.feed.reference","type":"keyword","normalization":"","example":"https://otx.alienvault.com","description":"Reference for the threat feed."},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"user.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.7.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.7.0.json deleted file mode 100644 index 0961ad25572a4..0000000000000 --- a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.7.0.json +++ /dev/null @@ -1 +0,0 @@ -[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the client."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.origin.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.origin.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.origin.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.origin.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.origin.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.origin.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.origin.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.origin.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.origin.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.target.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.target.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.target.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.target.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.target.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.target.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.target.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.target.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.target.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.target.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.target.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"container.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"container.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.hash.all","type":"keyword","normalization":"array","example":"[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]","description":"An array of digests of the image the container was built on."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.memory.usage","type":"scaled_float","normalization":"","example":"","description":"Percent memory used, between 0 and 1."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"container.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the destination."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"device.id","type":"keyword","normalization":"","example":"00000000-54b3-e7c7-0000-000046bffd97","description":"The unique identifier of a device."},{"field":"device.manufacturer","type":"keyword","normalization":"","example":"Samsung","description":"The vendor name of the device manufacturer."},{"field":"device.model.identifier","type":"keyword","normalization":"","example":"SM-G920F","description":"The machine readable identifier of the device model."},{"field":"device.model.name","type":"keyword","normalization":"","example":"Samsung Galaxy S6","description":"The human readable marketing name of the device model."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"dll.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"dll.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"dll.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"dll.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dll.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"dll.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"dll.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"dll.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"dll.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"dll.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"email.attachments","type":"nested","normalization":"array","example":"","description":"List of objects describing the attachments."},{"field":"email.attachments.file.extension","type":"keyword","normalization":"","example":"txt","description":"Attachment file extension."},{"field":"email.attachments.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"email.attachments.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"email.attachments.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"email.attachments.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"email.attachments.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"email.attachments.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"email.attachments.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"email.attachments.file.mime_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the attachment file."},{"field":"email.attachments.file.name","type":"keyword","normalization":"","example":"attachment.txt","description":"Name of the attachment file."},{"field":"email.attachments.file.size","type":"long","normalization":"","example":64329,"description":"Attachment file size."},{"field":"email.bcc.address","type":"keyword","normalization":"array","example":"bcc.user1@example.com","description":"Email address of BCC recipient"},{"field":"email.cc.address","type":"keyword","normalization":"array","example":"cc.user1@example.com","description":"Email address of CC recipient"},{"field":"email.content_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the email message."},{"field":"email.delivery_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time when message was delivered."},{"field":"email.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the message."},{"field":"email.from.address","type":"keyword","normalization":"array","example":"sender@example.com","description":"The sender's email address."},{"field":"email.local_id","type":"keyword","normalization":"","example":"c26dbea0-80d5-463b-b93c-4e8b708219ce","description":"Unique identifier given by the source."},{"field":"email.message_id","type":"wildcard","normalization":"","example":"81ce15$8r2j59@mail01.example.com","description":"Value from the Message-ID header."},{"field":"email.origination_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time the email was composed."},{"field":"email.reply_to.address","type":"keyword","normalization":"array","example":"reply.here@example.com","description":"Address replies should be delivered to."},{"field":"email.sender.address","type":"keyword","normalization":"","example":"","description":"Address of the message sender."},{"field":"email.subject","type":"keyword","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.subject.text","type":"match_only_text","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.to.address","type":"keyword","normalization":"array","example":"user1@example.com","description":"Email address of recipient"},{"field":"email.x_mailer","type":"keyword","normalization":"","example":"Spambot v2.5","description":"Application that drafted email."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"event.end contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"event.start contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"faas.coldstart","type":"boolean","normalization":"","example":"","description":"Boolean value indicating a cold start of a function."},{"field":"faas.execution","type":"keyword","normalization":"","example":"af9d5aa4-a685-4c5f-a22b-444f80b3cc28","description":"The execution ID of the current function execution."},{"field":"faas.id","type":"keyword","normalization":"","example":"arn:aws:lambda:us-west-2:123456789012:function:my-function","description":"The unique identifier of a serverless function."},{"field":"faas.name","type":"keyword","normalization":"","example":"my-function","description":"The name of a serverless function."},{"field":"faas.trigger","type":"nested","normalization":"","example":"","description":"Details about the function trigger."},{"field":"faas.trigger.request_id","type":"keyword","normalization":"","example":123456789,"description":"The ID of the trigger request , message, event, etc."},{"field":"faas.trigger.type","type":"keyword","normalization":"","example":"http","description":"The trigger for the function execution."},{"field":"faas.version","type":"keyword","normalization":"","example":123,"description":"The version of a serverless function."},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"file.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"file.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"file.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"file.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"file.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"file.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.boot.id","type":"keyword","normalization":"","example":"88a1f0ed-5ae5-41ee-af6b-41921c311872","description":"Linux boot uuid taken from /proc/sys/kernel/random/boot_id"},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.pid_ns_ino","type":"keyword","normalization":"","example":256383,"description":"Pid namespace inode"},{"field":"host.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"host.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"POST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"long","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.appname","type":"keyword","normalization":"","example":"sshd","description":"The device or application that originated the Syslog message."},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.hostname","type":"keyword","normalization":"","example":"example-host","description":"The host that originated the Syslog message."},{"field":"log.syslog.msgid","type":"keyword","normalization":"","example":"ID47","description":"An identifier for the type of Syslog message."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.procid","type":"keyword","normalization":"","example":12345,"description":"The process name or ID that originated the Syslog message."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"log.syslog.structured_data","type":"flattened","normalization":"","example":"","description":"Structured data expressed in RFC 5424 messages."},{"field":"log.syslog.version","type":"keyword","normalization":"","example":1,"description":"Syslog protocol version."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"Application protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the cluster."},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the resource being acted upon."},{"field":"orchestrator.resource.ip","type":"ip","normalization":"array","example":"","description":"IP address assigned to the resource associated with the event being observed."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.parent.type","type":"keyword","normalization":"","example":"DaemonSet","description":"Type or kind of the parent resource associated with the event being observed."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.entry_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.entry_leader.attested_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.attested_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.attested_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.attested_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.entry_meta.source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"process.entry_leader.entry_meta.type","type":"keyword","normalization":"","example":"","description":"The entry type for the entry session leader."},{"field":"process.entry_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.entry_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.entry_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.entry_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.entry_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.entry_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.entry_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.env_vars","type":"keyword","normalization":"array","example":["PATH=/usr/local/bin:/usr/bin","USER=ubuntu"],"description":"Array of environment variable bindings."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.group_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.group_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.group_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.group_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.group_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.group_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.group_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.group_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.group_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.group_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.group_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.group_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.io","type":"object","normalization":"","example":"","description":"A chunk of input or output (IO) from a single process."},{"field":"process.io.bytes_skipped","type":"object","normalization":"array","example":"","description":"An array of byte offsets and lengths denoting where IO data has been skipped."},{"field":"process.io.bytes_skipped.length","type":"long","normalization":"","example":"","description":"The length of bytes skipped."},{"field":"process.io.bytes_skipped.offset","type":"long","normalization":"","example":"","description":"The byte offset into this event's io.text (or io.bytes in the future) where length bytes were skipped."},{"field":"process.io.max_bytes_per_process_exceeded","type":"boolean","normalization":"","example":"","description":"If true, the process producing the output has exceeded the max_kilobytes_per_process configuration setting."},{"field":"process.io.text","type":"wildcard","normalization":"","example":"","description":"A chunk of output or input sanitized to UTF-8."},{"field":"process.io.total_bytes_captured","type":"long","normalization":"","example":"","description":"The total number of bytes captured in this event."},{"field":"process.io.total_bytes_skipped","type":"long","normalization":"","example":"","description":"The total number of bytes that were not captured due to implementation restrictions such as buffer size limits."},{"field":"process.io.type","type":"keyword","normalization":"","example":"","description":"The type of object on which the IO action (read or write) was taken."},{"field":"process.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.parent.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.parent.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.parent.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.parent.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.parent.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.parent.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.parent.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.parent.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.parent.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.parent.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.parent.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.parent.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.parent.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.previous.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.previous.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.previous.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.previous.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.session_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.session_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.session_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.session_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.session_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.session_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.session_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.session_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.tty.columns","type":"long","normalization":"","example":80,"description":"The number of character columns per line. e.g terminal width"},{"field":"process.tty.rows","type":"long","normalization":"","example":24,"description":"The number of character rows in the terminal. e.g terminal height"},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the server."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.origin.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.origin.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.origin.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.origin.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.origin.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.origin.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.origin.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.origin.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.origin.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.target.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.target.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.target.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.target.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.target.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.target.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.target.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.target.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.target.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the source."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.enrichments.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.enrichments.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.enrichments.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.occurred","type":"date","normalization":"","example":"2021-10-05T17:00:58.326Z","description":"Date of match"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.feed.dashboard_id","type":"keyword","normalization":"","example":"5ba16340-72e6-11eb-a3e3-b3cc7c78a70f","description":"Feed dashboard ID."},{"field":"threat.feed.description","type":"keyword","normalization":"","example":"Threat feed from the AlienVault Open Threat eXchange network.","description":"Description of the threat feed."},{"field":"threat.feed.name","type":"keyword","normalization":"","example":"AlienVault OTX","description":"Name of the threat feed."},{"field":"threat.feed.reference","type":"keyword","normalization":"","example":"https://otx.alienvault.com","description":"Reference for the threat feed."},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"user.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json new file mode 100644 index 0000000000000..41b1607e995ce --- /dev/null +++ b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json @@ -0,0 +1 @@ +[{"name":"account_policy_data","description":"Additional macOS user account data from the AccountPolicy section of OpenDirectory.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the account was first created","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_count","description":"The number of failed login attempts using an incorrect password. Count resets after a correct password is entered.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_timestamp","description":"The time of the last failed login attempt. Resets after a correct password is entered","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"password_last_set_time","description":"The time the password was last changed","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"acpi_tables","description":"Firmware ACPI functional table common metadata and content.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"ACPI table name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of compiled table data","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ad_config","description":"macOS Active Directory configuration.","platforms":["darwin"],"columns":[{"name":"name","description":"The macOS-specific configuration name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain","description":"Active Directory trust domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"Canonical name of option","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Variable typed option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf","description":"macOS application layer firewall (ALF) service details.","platforms":["darwin"],"columns":[{"name":"allow_signed_enabled","description":"1 If allow signed mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"firewall_unload","description":"1 If firewall unloading enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"global_state","description":"1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_enabled","description":"1 If logging mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_option","description":"Firewall logging option","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stealth_enabled","description":"1 If stealth mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Application Layer Firewall version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_exceptions","description":"macOS application layer firewall (ALF) service exceptions.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to the executable that is excepted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Firewall exception state","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_explicit_auths","description":"ALF services explicitly allowed to perform networking.","platforms":["darwin"],"columns":[{"name":"process","description":"Process name explicitly allowed","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"app_schemes","description":"macOS application schemes and handlers (e.g., http, file, mailto).","platforms":["darwin"],"columns":[{"name":"scheme","description":"Name of the scheme/protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handler","description":"Application label for the handler","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this handler is the OS default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"external","description":"1 if this handler does NOT exist on macOS by default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protected","description":"1 if this handler is protected (reserved) by macOS, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_events","description":"Track AppArmor events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Raw audit message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"apparmor","description":"Apparmor Status like ALLOWED, DENIED etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Permission requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process PID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"Apparmor profile name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"denied_mask","description":"Denied permissions for the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"capname","description":"Capability requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ouid","description":"Object owner's user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"capability","description":"Capability number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"requested_mask","description":"Requested access mask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info","description":"Additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error","description":"Error information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"namespace","description":"AppArmor namespace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"AppArmor label","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_profiles","description":"Track active AppArmor profiles.","platforms":["linux"],"columns":[{"name":"path","description":"Unique, aa-status compatible, policy identifier.","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Policy name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attach","description":"Which executable(s) a profile will attach to.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"How the policy is applied.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"A unique hash that identifies this policy.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"appcompat_shims","description":"Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.","platforms":["windows"],"columns":[{"name":"executable","description":"Name of the executable that is being shimmed. This is pulled from the registry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Install time of the SDB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdb_id","description":"Unique GUID of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apps","description":"macOS applications installed in known search paths (e.g., /Applications).","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the Name.app folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute and full Name.app path","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_executable","description":"Info properties CFBundleExecutable label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"Info properties CFBundleIdentifier label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_name","description":"Info properties CFBundleName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_short_version","description":"Info properties CFBundleShortVersionString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"Info properties CFBundleVersion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_package_type","description":"Info properties CFBundlePackageType label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"environment","description":"Application-set environment variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"element","description":"Does the app identify as a background agent","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compiler","description":"Info properties DTCompiler label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Info properties CFBundleDevelopmentRegion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Info properties CFBundleDisplayName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_string","description":"Info properties CFBundleGetInfoString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_system_version","description":"Minimum version of macOS required for the app to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The UTI that categorizes the app for the App Store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"applescript_enabled","description":"Info properties NSAppleScriptEnabled label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"Info properties NSHumanReadableCopyright label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"The time that the app was last used","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apt_sources","description":"Current list of APT repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_uri","description":"Repository base URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"Release name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Repository source version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Repository maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"components","description":"Repository components","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architectures","description":"Repository architectures","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"arp_cache","description":"Address resolution cache, both static and dynamic (from ARP, NDP).","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IPv4 address target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address of broadcasted address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Interface of the network for the MAC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permanent","description":"1 for true, 0 for false","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"asl","description":"Queries the Apple System Log data structure for system events.","platforms":["darwin"],"columns":[{"name":"time","description":"Unix timestamp. Set automatically","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_nano_sec","description":"Nanosecond time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Sender's address (set by the server).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"Sender's identification string. Default is process name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Sender's facility. Default is 'user'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Sending process ID encoded as a string. Set automatically.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"GID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"UID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Log level number. See levels in asl.h.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message text.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_pid","description":"Reference PID for messages proxied by launchd","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_proc","description":"Reference process for messages proxied by launchd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"atom_packages","description":"Lists all atom packages in a directory or globally installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package's package.json path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"augeas","description":"Configuration files parsed by augeas.","platforms":["darwin","linux"],"columns":[{"name":"node","description":"The node path of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"The value of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"The label of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path to the configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authenticode","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"original_program_name","description":"The original program name that the publisher has signed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_name","description":"The certificate issuer name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_name","description":"The certificate subject name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The signature check result","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorization_mechanisms","description":"macOS Authorization mechanisms database.","platforms":["darwin"],"columns":[{"name":"label","description":"Label of the authorization right","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"plugin","description":"Authorization plugin name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mechanism","description":"Name of the mechanism that will be called","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"If privileged it will run as root, else as an anonymous user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"entry","description":"The whole string entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorizations","description":"macOS Authorization rights database.","platforms":["darwin"],"columns":[{"name":"label","description":"Item name, usually in reverse domain format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"modified","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_root","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tries","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authenticate_user","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shared","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_owner","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorized_keys","description":"A line-delimited authorized_keys table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local owner of authorized_keys file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"algorithm","description":"Key type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key encoded as base64","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Optional list of login options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to the authorized_keys file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"autoexec","description":"Aggregate of executables that will automatically execute on the target machine. This is an amalgamation of other tables like services, scheduled_tasks, startup_items and more.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the executable","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source table of the autoexec item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_metadata","description":"Azure instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"location","description":"Azure Region the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offer","description":"Offer information for the VM image (Azure image gallery VMs only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"SKU for the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Linux or Windows","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_update_domain","description":"Update domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_fault_domain","description":"Fault domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"vm_size","description":"VM size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscription_id","description":"Azure subscription for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resource_group_name","description":"Resource group for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"placement_group_id","description":"Placement group for the VM scale set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_scale_set_name","description":"VM scale set name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_tags","description":"Azure instance tags.","platforms":["darwin","linux","windows"],"columns":[{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"The tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"background_activities_moderator","description":"Background Activities Moderator (BAM) tracks application execution.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"battery","description":"Provides information about the internal battery of a Macbook.","platforms":["darwin"],"columns":[{"name":"manufacturer","description":"The battery manufacturer's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacture_date","description":"The date the battery was manufactured UNIX Epoch","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The battery's model number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The battery's unique serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cycle_count","description":"The number of charge/discharge cycles","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"health","description":"One of the following: \"Good\" describes a well-performing battery, \"Fair\" describes a functional battery with limited capacity, or \"Poor\" describes a battery that's not capable of providing power","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"condition","description":"One of the following: \"Normal\" indicates the condition of the battery is within normal tolerances, \"Service Needed\" indicates that the battery should be checked out by a licensed Mac repair service, \"Permanent Failure\" indicates the battery needs replacement","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"One of the following: \"AC Power\" indicates the battery is connected to an external power source, \"Battery Power\" indicates that the battery is drawing internal power, \"Off Line\" indicates the battery is off-line or no longer connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"charging","description":"1 if the battery is currently being charged by a power source. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"charged","description":"1 if the battery is currently completely charged. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"designed_capacity","description":"The battery's designed capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"The battery's actual capacity when it is fully charged in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_capacity","description":"The battery's current charged capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_remaining","description":"The percentage of battery remaining before it is drained","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"amperage","description":"The battery's current amperage in mA","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"voltage","description":"The battery's current voltage in mV","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_until_empty","description":"The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_to_full_charge","description":"The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bitlocker_info","description":"Retrieve bitlocker status of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"ID of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"Drive letter of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent_volume_id","description":"Persistent ID of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"conversion_status","description":"The bitlocker conversion status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_status","description":"The bitlocker protection status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_method","description":"The encryption type of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The FVE metadata version of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percentage_encrypted","description":"The percentage of the drive that is encrypted.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lock_status","description":"The accessibility status of the drive from Windows.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"block_devices","description":"Block (buffered access) device file nodes: disks, ramdisks, and DMG containers.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Block device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Block device parent name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Block device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Block device model string identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Block device size in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Block device Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Block device type string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Block device label string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bpf_process_events","description":"Track time/action process executions.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"json_cmdline","description":"Command line arguments, in JSON format","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"bpf_socket_events","description":"Track network socket opens and closes.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The socket type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"browser_plugins","description":"All C/NPAPI browser plugin details for all users. C/NPAPI has been deprecated on all major browsers. To query for plugins on modern browsers, try: `chrome_extensions` `firefox_addons` `safari_extensions`.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Plugin display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Plugin identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Plugin short version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Build SDK used to compile plugin","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Plugin description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Plugin language-localization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"native","description":"Plugin requires native execution","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"disabled","description":"Is the plugin disabled. 1 = Disabled","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carbon_black_info","description":"Returns info about a Carbon Black sensor install.","platforms":["darwin","linux","windows"],"columns":[{"name":"sensor_id","description":"Sensor ID of the Carbon Black sensor","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"config_name","description":"Sensor group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_store_files","description":"If the sensor is configured to send back binaries to the Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_loads","description":"If the sensor is configured to capture module loads","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_info","description":"If the sensor is configured to collect metadata of binaries","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_file_mods","description":"If the sensor is configured to collect file modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_reg_mods","description":"If the sensor is configured to collect registry modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_net_conns","description":"If the sensor is configured to collect network connections","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_processes","description":"If the sensor is configured to process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_cross_processes","description":"If the sensor is configured to cross process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_emet_events","description":"If the sensor is configured to EMET events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_data_file_writes","description":"If the sensor is configured to collect non binary file writes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_process_user_context","description":"If the sensor is configured to collect the user running a process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_sensor_operations","description":"Unknown","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_mb","description":"Event file disk quota in MB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_percentage","description":"Event file disk quota in a percentage","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_disabled","description":"If the sensor is configured to report tamper events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_ip_addr","description":"IP address of the sensor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_backend_server","description":"Carbon Black server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_queue","description":"Size in bytes of Carbon Black event files on disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"binary_queue","description":"Size in bytes of binaries waiting to be sent to Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carves","description":"List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.","platforms":["darwin","linux","windows"],"columns":[{"name":"time","description":"Time at which the carve was kicked off","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A SHA256 sum of the carved archive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the carved archive","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the requested carve","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve_guid","description":"Identifying value of the carve session","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"request_id","description":"Identifying value of the carve request (e.g., scheduled query name, distributed request, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve","description":"Set this value to '1' to start a file carve","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"certificates","description":"Certificate Authorities installed in Keychains/ca-bundles.","platforms":["darwin","linux","windows"],"columns":[{"name":"common_name","description":"Certificate CommonName","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject","description":"Certificate distinguished name (deprecated, use subject2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer","description":"Certificate issuer distinguished name (deprecated, use issuer2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ca","description":"1 if CA: true (certificate is an authority) else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"self_signed","description":"1 if self-signed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_before","description":"Lower bound of valid date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_after","description":"Certificate expiration data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_algorithm","description":"Signing algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_algorithm","description":"Key algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_strength","description":"Key size used for RSA/DSA, or curve name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Certificate key usage and extended key usage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_id","description":"SKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_id","description":"AKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the raw certificate contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Keychain or PEM bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"SID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_location","description":"Certificate system store location","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store","description":"Certificate system store","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"username","description":"Username","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_id","description":"Exists for service/user stores. Contains raw store id provided by WinAPI.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"issuer2","description":"Certificate issuer distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"subject2","description":"Certificate distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"chassis_info","description":"Display information pertaining to the chassis and its security status.","platforms":["windows"],"columns":[{"name":"audible_alarm","description":"If TRUE, the frame is equipped with an audible alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"breach_description","description":"If provided, gives a more detailed description of a detected security breach.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chassis_types","description":"A comma-separated list of chassis types, such as Desktop or Laptop.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"An extended description of the chassis if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"lock","description":"If TRUE, the frame is equipped with a lock.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_breach","description":"The physical status of the chassis such as Breach Successful, Breach Attempted, etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"smbios_tag","description":"The assigned asset tag number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"The Stock Keeping Unit number if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible_alarm","description":"If TRUE, the frame is equipped with a visual alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chocolatey_packages","description":"Chocolatey packages installed in a system.","platforms":["windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this package resides","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extension_content_scripts","description":"Chrome browser extension content scripts.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script","description":"The content script used by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"The pattern that the script is matched against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extensions","description":"Chrome-based browser extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"The name of the Chrome profile that contains this extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced_identifier","description":"Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier, computed from its manifest. Empty in case of error.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Extension-optional description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_locale","description":"Default locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_locale","description":"Current locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent","description":"1 If extension is persistent across all tabs else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The permissions required by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions_json","description":"The JSON-encoded permissions required by the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"optional_permissions","description":"The permissions optionally required by the extensions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional_permissions_json","description":"The JSON-encoded permissions optionally required by the extensions","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"manifest_hash","description":"The SHA256 hash of the manifest.json file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"from_webstore","description":"True if this extension was installed from the web store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"1 if this extension is enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Extension install time, in its original Webkit format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_timestamp","description":"Extension install time, converted to unix time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manifest_json","description":"The manifest file of the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"key","description":"The extension key, from the manifest file","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"connected_displays","description":"Provides information about the connected displays of the machine.","platforms":["darwin"],"columns":[{"name":"name","description":"The name of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_id","description":"The product ID of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The serial number of the display. (may not be unique)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"The vendor ID of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufactured_week","description":"The manufacture week of the display. This field is 0 if not supported","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufactured_year","description":"The manufacture year of the display. This field is 0 if not supported","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"display_id","description":"The display ID.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pixels","description":"The number of pixels of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resolution","description":"The resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ambient_brightness_enabled","description":"The ambient brightness setting associated with the display. This will be 1 if enabled and is 0 if disabled or not supported.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"connection_type","description":"The connection type associated with the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_type","description":"The type of display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"main","description":"If the display is the main display.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mirror","description":"If the display is mirrored or not. This field is 1 if mirrored and 0 if not mirrored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"online","description":"The online status of the display. This field is 1 if the display is online and 0 if it is offline.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rotation","description":"The orientation of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"connectivity","description":"Provides the overall system's network state.","platforms":["windows"],"columns":[{"name":"disconnected","description":"True if the all interfaces are not connected to any network","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_no_traffic","description":"True if any interface is connected via IPv4, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_no_traffic","description":"True if any interface is connected via IPv6, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_subnet","description":"True if any interface is connected to the local subnet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_local_network","description":"True if any interface is connected to a routed network via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_internet","description":"True if any interface is connected to the Internet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_subnet","description":"True if any interface is connected to the local subnet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_local_network","description":"True if any interface is connected to a routed network via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_internet","description":"True if any interface is connected to the Internet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpu_info","description":"Retrieve cpu hardware info of the machine.","platforms":["darwin","linux","windows"],"columns":[{"name":"device_id","description":"The DeviceID of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"processor_type","description":"The processor type, such as Central, Math, or Video.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_status","description":"The current operating status of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"number_of_cores","description":"The number of cores of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logical_processors","description":"The number of logical processors of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address_width","description":"The width of the CPU address bus.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_clock_speed","description":"The current frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_clock_speed","description":"The maximum possible frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket_designation","description":"The assigned socket on the board for the given CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability","description":"The availability and status of the CPU.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"number_of_efficiency_cores","description":"The number of efficiency cores of the CPU. Only available on Apple Silicon","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"number_of_performance_cores","description":"The number of performance cores of the CPU. Only available on Apple Silicon","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"cpu_time","description":"Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system.","platforms":["darwin","linux"],"columns":[{"name":"core","description":"Name of the cpu (core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Time spent in user mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Time spent in user mode with low priority (nice)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system","description":"Time spent in system mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idle","description":"Time spent in the idle task","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"iowait","description":"Time spent waiting for I/O to complete","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"irq","description":"Time spent servicing interrupts","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"softirq","description":"Time spent servicing softirqs","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"steal","description":"Time spent in other operating systems when running in a virtualized environment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest","description":"Time spent running a virtual CPU for a guest OS under the control of the Linux kernel","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest_nice","description":"Time spent running a niced guest ","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpuid","description":"Useful CPU features from the cpuid ASM call.","platforms":["darwin","linux","windows"],"columns":[{"name":"feature","description":"Present feature flags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Bit value or string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_register","description":"Register used to for feature value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_bit","description":"Bit in register value for feature value","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"input_eax","description":"Value of EAX used","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crashes","description":"Application, System, and Mobile App crash logs.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Identifier of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent PID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"responsible","description":"Process responsible for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the crashed process","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"datetime","description":"Date/Time at which the crash occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crashed_thread","description":"Thread ID which crashed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Most recent frame from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_type","description":"Exception type of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_codes","description":"Exception codes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_notes","description":"Exception notes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The value of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crontab","description":"Line parsed values from system and user cron/tab.","platforms":["darwin","linux"],"columns":[{"name":"event","description":"The job @event name (rare)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minute","description":"The exact minute for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"The hour of the day for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_month","description":"The day of the month for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"The month of the year for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_week","description":"The day of the week for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Raw command string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File parsed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"cups_destinations","description":"Returns all configured printers.","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the printer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_name","description":"Option name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_value","description":"Option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cups_jobs","description":"Returns all completed print jobs from cups.","platforms":["darwin"],"columns":[{"name":"title","description":"Title of the printed job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"The printer the job was sent to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The user who printed the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"format","description":"The format of the print job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the print job","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"completed_time","description":"When the job completed printing","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processing_time","description":"How long the job took to process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the print request was initiated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl","description":"Perform an http request and return stats about it.","platforms":["darwin","linux","windows"],"columns":[{"name":"url","description":"The url for the request","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"method","description":"The HTTP method for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_agent","description":"The user-agent string to use for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"response_code","description":"The HTTP status code for the response","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"round_trip_time","description":"Time taken to complete the request","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of bytes in the response","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The HTTP response body","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl_certificate","description":"Inspect TLS certificates by connecting to input hostnames.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Hostname to CURL (domain[:port], e.g. osquery.io)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"common_name","description":"Common name of company issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization","description":"Organization issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization_unit","description":"Organization unit issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_common_name","description":"Issuer common name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization","description":"Issuer organization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization_unit","description":"Issuer organization unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_from","description":"Period of validity start date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_to","description":"Period of validity end date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256_fingerprint","description":"SHA-256 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1_fingerprint","description":"SHA1 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version Number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"signature_algorithm","description":"Signature Algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signature","description":"Signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_identifier","description":"Subject Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_identifier","description":"Authority Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extended_key_usage","description":"Extended usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policies","description":"Certificate Policies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_alternative_names","description":"Subject Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_alternative_names","description":"Issuer Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_access","description":"Authority Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_info_access","description":"Subject Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_mappings","description":"Policy Mappings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"has_expired","description":"1 if the certificate has expired, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"basic_constraint","description":"Basic Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name_constraints","description":"Name Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_constraints","description":"Policy Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dump_certificate","description":"Set this value to '1' to dump certificate","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"timeout","description":"Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"pem","description":"Certificate PEM format","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"deb_packages","description":"The installed DEB package database.","platforms":["linux"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Package source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Package architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Package revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Package status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Package maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"section","description":"Package section","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"priority","description":"Package priority","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"admindir","description":"libdpkg admindir. Defaults to /var/lib/dpkg","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"default_environment","description":"Default environment variables and values.","platforms":["windows"],"columns":[{"name":"variable","description":"Name of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expand","description":"1 if the variable needs expanding, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_file","description":"Similar to the file table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"A logical path within the device node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Creation time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_firmware","description":"A best-effort list of discovered firmware versions.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"The device name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Firmware version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_hash","description":"Similar to the hash table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_partitions","description":"Use TSK to enumerate details about partitions on a disk device.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number or description","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Byte size of each block","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Number of blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Number of meta nodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"disk_encryption","description":"Disk encryption status and information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Disk name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Disk Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 If encrypted: true (disk is encrypted), else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Description of cipher type and mode if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_status","description":"Disk encryption status with one of following values: encrypted | not encrypted | undefined","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Currently authenticated user if available","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"user_uuid","description":"UUID of authenticated user if available","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"filevault_status","description":"FileVault status with one of following values: on | off | unknown","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"disk_events","description":"Track DMG disk image events (appearance/disappearance) when opened.","platforms":["darwin"],"columns":[{"name":"action","description":"Appear or disappear","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the DMG file accessed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Disk event name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Disk event BSD name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"UUID of the volume inside DMG if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of partition in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ejectable","description":"1 if ejectable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mountable","description":"1 if mountable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"writable","description":"1 if writable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content","description":"Disk event content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"media_name","description":"Disk event media name string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Disk event vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filesystem","description":"Filesystem if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"checksum","description":"UDIF Master checksum if available (CRC32)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of appearance/disappearance in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"disk_info","description":"Retrieve basic information about the physical disks of a system.","platforms":["windows"],"columns":[{"name":"partitions","description":"Number of detected partitions on disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_index","description":"Physical drive number of the disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The interface type of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pnp_device_id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_size","description":"Size of the disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hard drive model.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"The label of the disk object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The OS's description of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_cache","description":"Enumerate the DNS cache using the undocumented DnsGetCacheDataTable function in dnsapi.dll.","platforms":["windows"],"columns":[{"name":"name","description":"DNS record name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"DNS record type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"DNS record flags","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_resolvers","description":"Resolvers used by this host.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Address type index or order","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Address type: sortlist, nameserver, search","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Resolver IP/IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Address (sortlist) netmask length","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Resolver options","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_container_envs","description":"Docker container environment variables.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_fs_changes","description":"Changes to files or directories on container's filesystem.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"FIle or directory path relative to rootfs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"change_type","description":"Type of change: C:Modified, A:Added, D:Deleted","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_labels","description":"Docker container labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_mounts","description":"Docker container mounts.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Type of mount (bind, volume)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Optional mount name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source path on host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"Destination path inside container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver providing the mount","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Mount options (rw, ro)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rw","description":"1 if read/write. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"propagation","description":"Mount propagation","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_networks","description":"Docker container networks.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"network_id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"endpoint_id","description":"Endpoint ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_address","description":"IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_prefix_len","description":"IP subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_gateway","description":"IPv6 gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_prefix_len","description":"IPv6 subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mac_address","description":"MAC address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_ports","description":"Docker container ports.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Protocol (tcp, udp)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Port inside the container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host_ip","description":"Host IP address on which public port is listening","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host_port","description":"Host port","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_processes","description":"Docker container processes.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start in seconds since boot (non-sleeping)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Cumulative CPU time. [DD-]HH:MM:SS format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu","description":"CPU utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mem","description":"Memory utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_stats","description":"Docker container statistics. Queries on this table take at least one second.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pids","description":"Number of processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"read","description":"UNIX time when stats were read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"preread","description":"UNIX time when stats were last read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"Difference between read and preread in nano-seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_read","description":"Total disk read bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_write","description":"Total disk write bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"num_procs","description":"Number of processors","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_total_usage","description":"Total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_kernelmode_usage","description":"CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_usermode_usage","description":"CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_cpu_usage","description":"CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"online_cpus","description":"Online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_total_usage","description":"Last read total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_kernelmode_usage","description":"Last read CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_usermode_usage","description":"Last read CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_system_cpu_usage","description":"Last read CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_online_cpus","description":"Last read online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_usage","description":"Memory usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_cached","description":"Memory cached","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_max_usage","description":"Memory maximum usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"Memory limit","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_rx_bytes","description":"Total network bytes read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_tx_bytes","description":"Total network bytes transmitted","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_containers","description":"Docker containers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"image","description":"Docker image (name) used to launch this container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image_id","description":"Docker image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Command with arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Container state (created, restarting, running, removing, paused, exited, dead)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Container status information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Identifier of the initial process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Container path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_entrypoint","description":"Container entrypoint(s)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"started_at","description":"Container start time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"finished_at","description":"Container finish time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"Is the container privileged","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"security_options","description":"List of container security options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_variables","description":"Container environmental variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly_rootfs","description":"Is the root filesystem mounted as read only","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"ipc_namespace","description":"IPC namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"mnt_namespace","description":"Mount namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"net_namespace","description":"Network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pid_namespace","description":"PID namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"user_namespace","description":"User namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"uts_namespace","description":"UTS namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_image_history","description":"Docker image history information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of instruction in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_by","description":"Created by instruction","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Instruction comment","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_labels","description":"Docker image labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_layers","description":"Docker image layers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"layer_id","description":"Layer ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"layer_order","description":"Layer Order (1 = base layer)","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_images","description":"Docker images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size_bytes","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of repository tags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_info","description":"Docker system information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Docker system ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"containers","description":"Total number of containers","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_running","description":"Number of containers currently running","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_paused","description":"Number of containers in paused state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_stopped","description":"Number of containers in stopped state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"images","description":"Number of images","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"storage_driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"1 if memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_limit","description":"1 if swap limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_memory","description":"1 if kernel memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_period","description":"1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_quota","description":"1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_shares","description":"1 if CPU share weighting support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_set","description":"1 if CPU set selection support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_forwarding","description":"1 if IPv4 forwarding is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_iptables","description":"1 if bridge netfilter iptables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_ip6tables","description":"1 if bridge netfilter ip6tables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"oom_kill_disable","description":"1 if Out-of-memory kill is disabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_driver","description":"Logging driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_driver","description":"Control groups driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Operating system type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpus","description":"Number of CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory","description":"Total memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"http_proxy","description":"HTTP proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"https_proxy","description":"HTTPS proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"no_proxy","description":"Comma-separated list of domain extensions proxy should not be used for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the docker host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_version","description":"Server version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_dir","description":"Docker root directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_network_labels","description":"Docker network labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_networks","description":"Docker networks information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Network driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_ipv6","description":"1 if IPv6 is enabled on this network. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"subnet","description":"Network subnet","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Network gateway","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_version","description":"Docker version information.","platforms":["darwin","linux"],"columns":[{"name":"version","description":"Docker version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"api_version","description":"API version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_api_version","description":"Minimum API version supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"git_commit","description":"Docker build git commit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"go_version","description":"Go version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Build time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volume_labels","description":"Docker volume labels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volumes","description":"Docker volumes information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"driver","description":"Volume driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mount_point","description":"Mount point","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Volume type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"drivers","description":"Details for in-use Windows device drivers. This does not display installed but unused drivers.","platforms":["windows"],"columns":[{"name":"device_id","description":"Device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_name","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image","description":"Path to driver image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Driver description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"Driver service name, if one exists","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_key","description":"Driver service registry key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Driver version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inf","description":"Associated inf file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Device/driver class name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider","description":"Driver provider","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Device manufacturer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_key","description":"Driver key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Driver date","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"Whether the driver is signed or not","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_metadata","description":"EC2 instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_type","description":"EC2 instance type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"region","description":"AWS region in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability_zone","description":"Availability zone in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Private IPv4 DNS hostname of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ipv4","description":"Private IPv4 address of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address for the first network interface of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_groups","description":"Comma separated list of security group names","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iam_arn","description":"If there is an IAM role associated with the instance, contains instance profile ARN","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ami_id","description":"AMI ID used to launch this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reservation_id","description":"ID of the reservation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account_id","description":"AWS account ID which owns this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_tags","description":"EC2 instance tag key value pairs.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"original_parent","description":"Original parent process ID in case of reparenting","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_count","description":"Number of command line arguments","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_id","description":"Signature identifier of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_id","description":"Team identifier of thd process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Codesigning hash of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_binary","description":"Indicates if the binary is Apple signed binary (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of a process in case of an exit event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"child_pid","description":"Process ID of a child process in case of a fork event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"codesigning_flags","description":"Codesigning flags matching one of these options, in a comma separated list: NOT_VALID, ADHOC, NOT_RUNTIME, INSTALLER. See kern/cs_blobs.h in XNU for descriptions.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_file_events","description":"File integrity monitoring events from EndpointSecurity including process context.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"The source or target filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_filename","description":"Destination filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"etc_hosts","description":"Line-parsed /etc/hosts.","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IP address mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostnames","description":"Raw hosts mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"etc_protocols","description":"Line-parsed /etc/protocols.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Protocol name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"Protocol number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"alias","description":"Protocol alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Comment with protocol description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"etc_services","description":"Line-parsed /etc/services.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Service port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Optional space separated list of other names for a service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment for a service.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"event_taps","description":"Returns information about installed event taps.","platforms":["darwin"],"columns":[{"name":"enabled","description":"Is the Event Tap enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tap_id","description":"Unique ID for the Tap","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tapped","description":"The mask that identifies the set of events to be observed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_being_tapped","description":"The process ID of the target application","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tapping_process","description":"The process ID of the application that created the event tap.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"extended_attributes","description":"Returns the extended attributes for files (similar to Windows ADS).","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the value generated from the extended attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The parsed information from the attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base64","description":"1 if the value is base64 encoded else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"fan_speed_sensors","description":"Fan speeds.","platforms":["darwin"],"columns":[{"name":"fan","description":"Fan number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Fan name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"actual","description":"Actual speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target speed","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"file","description":"Interactive filesystem attributes and metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Device ID (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"(B)irth or (cr)eate time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"symlink","description":"1 if the path is a symlink, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attributes","description":"File attrib string. See: https://ss64.com/nt/attrib.html","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"volume_serial","description":"Volume serial number","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_id","description":"file ID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_version","description":"File version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"product_version","description":"File product version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"original_filename","description":"(Executable files only) Original filename","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"bsd_flags","description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"file_events","description":"Track time/action changes to files specified in configuration data.","platforms":["darwin","linux"],"columns":[{"name":"target_path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file defined in the config","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"The MD5 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"The SHA1 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"The SHA256 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hashed","description":"1 if the file was hashed, 0 if not, -1 if hashing failed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"firefox_addons","description":"Firefox browser extensions, webapps, and addons.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the addon","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Addon display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Addon identifier","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"creator","description":"Addon-supported creator string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Extension, addon, webapp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Addon-supplied version string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Addon-supplied description string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_url","description":"URL that installed the addon","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible","description":"1 If the addon is shown in browser else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If the addon is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 If the addon is application-disabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"1 If the addon applies background updates else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Global, profile location","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper","description":"macOS Gatekeeper Details.","platforms":["darwin"],"columns":[{"name":"assessments_enabled","description":"1 If a Gatekeeper is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"dev_id_enabled","description":"1 If a Gatekeeper allows execution from identified developers else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of Gatekeeper's gke.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"opaque_version","description":"Version of Gatekeeper's gkopaque.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper_approved_apps","description":"Gatekeeper apps a user has allowed to run.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of executable allowed to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"requirement","description":"Code signing requirement language","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last change time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"hardware_events","description":"Hardware (PCI/USB/HID) events from UDEV or IOKit.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"Remove, insert, change properties, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local device path assigned (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of hardware and hardware event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver claiming the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Hardware device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded Hardware vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Hardware device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded Hardware model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Device serial (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Device revision (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of hardware event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hash","description":"Filesystem hash data.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"homebrew_packages","description":"The installed homebrew package database.","platforms":["darwin"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package install path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Current 'linked' version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"prefix","description":"Homebrew install prefix","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hvci_status","description":"Retrieve HVCI info of the machine.","platforms":["windows"],"columns":[{"name":"version","description":"The version number of the Device Guard build.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_identifier","description":"The instance ID of Device Guard.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vbs_status","description":"The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code_integrity_policy_enforcement_status","description":"The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"umci_policy_status","description":"The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ibridge_info","description":"Information about the Apple iBridge hardware controller.","platforms":["darwin"],"columns":[{"name":"boot_uuid","description":"Boot UUID of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"coprocessor_version","description":"The manufacturer and chip version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"The build version of the firmware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unique_chip_id","description":"Unique id of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ie_extensions","description":"Internet Explorer browser extensions.","platforms":["windows"],"columns":[{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registry_path","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executable","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"intel_me_info","description":"Intel ME/CSE Info.","platforms":["linux","windows"],"columns":[{"name":"version","description":"Intel ME version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"interface_addresses","description":"Network interfaces and relevant metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"Interface netmask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"broadcast","description":"Broadcast address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"point_to_point","description":"PtP address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of address. One of dhcp, manual, auto, other, unknown","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_details","description":"Detailed information and stats of network interfaces.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC of interface (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Interface type (includes virtual)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Network MTU","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Metric based on the speed of the interface","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags (netdevice) for the device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipackets","description":"Input packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"opackets","description":"Output packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ibytes","description":"Input bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"obytes","description":"Output bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ierrors","description":"Input errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"oerrors","description":"Output errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idrops","description":"Input drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"odrops","description":"Output drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"collisions","description":"Packet Collisions detected","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Time of last device modification (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"link_speed","description":"Interface speed in Mb/s","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"pci_slot","description":"PCI slot number","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"description","description":"Short description of the object a one-line string.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"manufacturer","description":"Name of the network adapter's manufacturer.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_id","description":"Name of the network connection as it appears in the Network Connections Control Panel program.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_status","description":"State of the network adapter connection to the network.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"enabled","description":"Indicates whether the adapter is enabled or not.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"physical_adapter","description":"Indicates whether the adapter is a physical or a logical adapter.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"speed","description":"Estimate of the current bandwidth in bits per second.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"service","description":"The name of the service the network adapter uses.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_enabled","description":"If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_expires","description":"Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_obtained","description":"Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_server","description":"IP address of the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain","description":"Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain_suffix_search_order","description":"Array of DNS domain suffixes to be appended to the end of host names during name resolution.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_host_name","description":"Host name used to identify the local computer for authentication by some utilities.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_server_search_order","description":"Array of server IP addresses to be used in querying for DNS servers.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_ipv6","description":"IPv6 configuration and stats of network interfaces.","platforms":["darwin","linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hop_limit","description":"Current Hop Limit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"forwarding_enabled","description":"Enable IP forwarding","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"redirect_accept","description":"Accept ICMP redirect messages","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rtadv_accept","description":"Accept ICMP Router Advertisement","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_devicetree","description":"The IOKit registry matching the DeviceTree plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Device node name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent device registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device_path","description":"Device tree path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"1 if the device conforms to IOService else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the device is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The device reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Device nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_registry","description":"The full IOKit registry without selecting a plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Default name of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the node is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The node reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Node nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iptables","description":"Linux IP packet filtering and NAT tool.","platforms":["linux"],"columns":[{"name":"filter_name","description":"Packet matching filter table name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chain","description":"Size of module content.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy","description":"Policy that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Protocol number identification.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"src_port","description":"Protocol source port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_port","description":"Protocol destination port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_ip","description":"Source IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_mask","description":"Source IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface","description":"Input interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface_mask","description":"Input interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_ip","description":"Destination IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_mask","description":"Destination IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface","description":"Output interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface_mask","description":"Output interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"Matching rule that applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"packets","description":"Number of matching packets for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of matching bytes for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_extensions","description":"macOS's kernel extensions, both loaded and within the load search path.","platforms":["darwin"],"columns":[{"name":"idx","description":"Extension load tag or index","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refs","description":"Reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Bytes of wired memory used by extension","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"linked_against","description":"Indexes of extensions this extension is linked against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Optional path to extension bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_info","description":"Basic active kernel information.","platforms":["darwin","linux","windows"],"columns":[{"name":"version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arguments","description":"Kernel arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Kernel path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Kernel device identifier","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_keys","description":"List of security data, authentication keys and encryption keys.","platforms":["linux"],"columns":[{"name":"serial_number","description":"The serial key of the key.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"A set of flags describing the state of the key.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"usage","description":"the number of threads and open file references thatrefer to this key.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"The amount of time until the key will expire,expressed in human-readable form. The string perm heremeans that the key is permanent (no timeout). Thestring expd means that the key has already expired.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The key permissions, expressed as four hexadecimalbytes containing, from left to right, thepossessor, user, group, and other permissions.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The user ID of the key owner.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The group ID of the key.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The key type.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The key description.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_modules","description":"Linux kernel modules both loaded and within the load search path.","platforms":["linux"],"columns":[{"name":"name","description":"Module name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"Module reverse dependencies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Kernel module status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_panics","description":"System kernel panic logs.","platforms":["darwin"],"columns":[{"name":"path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Formatted time of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"A space delimited line of register:value pairs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"frame_backtrace","description":"Backtrace of the crashed module","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_backtrace","description":"Modules appearing in the crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dependencies","description":"Module dependencies existing in crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name corresponding to crashed thread","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_version","description":"Version of the operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Version of the system kernel","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"system_model","description":"Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)'","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"System uptime at kernel panic in nanoseconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_loaded","description":"Last loaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_unloaded","description":"Last unloaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_acls","description":"Applications that have ACL entries in the keychain.","platforms":["darwin"],"columns":[{"name":"keychain_path","description":"The path of the keychain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authorizations","description":"A space delimited set of authorization attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the authorized application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The description included with the ACL entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"An optional label tag that may be included with the keychain entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_items","description":"Generic details about keychain items.","platforms":["darwin"],"columns":[{"name":"label","description":"Generic item name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional item description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional keychain comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account","description":"Optional item account","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Date item was created","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified","description":"Date of last modification","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Keychain item type (class)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pk_hash","description":"Hash of associated public key (SHA1 of subjectPublicKey, see RFC 8520 4.2.1.2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to keychain containing item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"known_hosts","description":"A line-delimited known_hosts table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local user that owns the known_hosts file","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"parsed authorized keys line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to known_hosts file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kva_speculative_info","description":"Display kernel virtual address and speculative execution information for the system.","platforms":["windows"],"columns":[{"name":"kva_shadow_enabled","description":"Kernel Virtual Address shadowing is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_user_global","description":"User pages are marked as global.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_pcid","description":"Kernel VA PCID flushing optimization is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_inv_pcid","description":"Kernel VA INVPCID is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_mitigations","description":"Branch Prediction mitigations are enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_system_pol_disabled","description":"Branch Predictions are disabled via system policy.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_microcode_disabled","description":"Branch Predictions are disabled due to lack of microcode update.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_spec_ctrl_supported","description":"SPEC_CTRL MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ibrs_support_enabled","description":"Windows uses IBRS.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stibp_support_enabled","description":"Windows uses STIBP.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_pred_cmd_supported","description":"PRED_CMD MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"last","description":"System logins and logouts.","platforms":["darwin","linux"],"columns":[{"name":"username","description":"Entry username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Entry terminal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Entry type, according to ut_type types (utmp.h)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Entry type name, according to ut_type types (utmp.h)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Entry hostname","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd","description":"LaunchAgents and LaunchDaemons from default search paths.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"File name of plist (used by launchd)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program","description":"Path to target program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_at_load","description":"Should the program run on launch load","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keep_alive","description":"Should the process be restarted if killed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"on_demand","description":"Deprecated key, replaced by keep_alive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Skip loading this daemon or agent on boot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Run this daemon or agent as this username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Run this daemon or agent as this group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stdout_path","description":"Pipe stdout to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stderr_path","description":"Pipe stderr to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_interval","description":"Frequency to run in seconds","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program_arguments","description":"Command line arguments passed to program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"watch_paths","description":"Key that launches daemon or agent if path is modified","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"queue_directories","description":"Similar to watch_paths but only with non-empty directories","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inetd_compatibility","description":"Run this daemon or agent as it was launched from inetd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_on_mount","description":"Run daemon or agent every time a filesystem is mounted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_directory","description":"Key used to specify a directory to chroot to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"working_directory","description":"Key used to specify a directory to chdir to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_type","description":"Key describes the intended purpose of the job","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd_overrides","description":"Override keys, per user, for LaunchDaemons and Agents.","platforms":["darwin"],"columns":[{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Name of the override key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Overridden value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID applied to the override, 0 applies to all","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"listening_ports","description":"Processes with listening (bound) network sockets/ports.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Transport layer port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for bind","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path for UNIX domain sockets","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"load_average","description":"Displays information about the system wide load averages.","platforms":["darwin","linux"],"columns":[{"name":"period","description":"Period over which the average is calculated.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"average","description":"Load average over the specified period.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"location_services","description":"Reports the status of the Location Services feature of the OS.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 if Location Services are enabled, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logged_in_users","description":"Users with an active shell on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"type","description":"Login type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User login name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Remote hostname","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time entry was made","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"The user's unique security identifier","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"registry_hive","description":"HKEY_USERS registry hive","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"logical_drives","description":"Details for logical drives on the system. A logical drive generally represents a single partition.","platforms":["windows"],"columns":[{"name":"device_id","description":"The drive id, usually the drive name, e.g., 'C:'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Deprecated (always 'Unknown').","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"free_space","description":"The amount of free space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The total amount of space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_system","description":"The file system of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"boot_partition","description":"True if Windows booted from this drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logon_sessions","description":"Windows Logon Session.","platforms":["windows"],"columns":[{"name":"logon_id","description":"A locally unique identifier (LUID) that identifies a logon session.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The account name of the security principal that owns the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_domain","description":"The name of the domain used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authentication_package","description":"The authentication package used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_type","description":"The logon method.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"The Terminal Services session identifier.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_sid","description":"The user's security identifier (SID).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_time","description":"The time the session owner logged on.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_server","description":"The name of the server used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_domain_name","description":"The DNS name for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"upn","description":"The user principal name (UPN) for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_script","description":"The script used for logging on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory_drive","description":"The drive location of the home directory of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_certificates","description":"LXD certificates information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fingerprint","description":"SHA256 hash of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"certificate","description":"Certificate content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster","description":"LXD cluster information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether clustering enabled (1) or not (0) on this node","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_entity","description":"Type of configuration parameter for this node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_name","description":"Name of configuration parameter","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_key","description":"Config key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_value","description":"Config value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_description","description":"Config description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster_members","description":"LXD cluster members information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"url","description":"URL of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"database","description":"Whether the server is a database node (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_images","description":"LXD images information.","platforms":["linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"architecture","description":"Target architecture for the image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"OS on which image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"OS release version on which the image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Image description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Comma-separated list of image aliases","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Filename of the image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_update","description":"Whether the image auto-updates (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"Whether image is cached (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"public","description":"Whether image is public (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of image creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expires_at","description":"ISO time of image expiration","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uploaded_at","description":"ISO time of image upload","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_used_at","description":"ISO time for the most recent use of this image in terms of container spawn","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_server","description":"Server for image update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_protocol","description":"Protocol used for image information update and image import from source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_certificate","description":"Certificate for update source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_alias","description":"Alias of image at update source server","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_config","description":"LXD instance configuration information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"key","description":"Configuration parameter name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Configuration parameter value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_devices","description":"LXD instance devices information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"device","description":"Name of the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Device info param name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Device info param value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instances","description":"LXD instances information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"status","description":"Instance state (running, stopped, etc.)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stateful","description":"Whether the instance is stateful(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ephemeral","description":"Whether the instance is ephemeral(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_image","description":"ID of image used to launch this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Instance architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"The OS of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Instance description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Instance's process ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processes","description":"Number of processes running inside this instance","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_networks","description":"LXD network information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"managed","description":"1 if network created by LXD, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_address","description":"IPv4 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"URLs for containers using this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_received","description":"Number of bytes received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_sent","description":"Number of bytes sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_received","description":"Number of packets received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_sent","description":"Number of packets sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hwaddr","description":"Hardware address for this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Network status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"MTU size","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_storage_pools","description":"LXD storage pool information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Storage pool source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"space_used","description":"Storage space used in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"space_total","description":"Total available storage space in bytes for this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_used","description":"Number of inodes used","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_total","description":"Total number of inodes available in this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"magic","description":"Magic number recognition library table.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute path to target file","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"magic_db_files","description":"Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Magic number data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_type","description":"MIME type data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_encoding","description":"MIME encoding data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"managed_policies","description":"The managed configuration policies from AD, MDM, MCX, etc.","platforms":["darwin"],"columns":[{"name":"domain","description":"System or manager-chosen domain key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Optional UUID assigned to policy set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy key name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Policy value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Policy applies only this user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manual","description":"1 if policy was loaded manually, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_devices","description":"Software RAID array settings.","platforms":["linux"],"columns":[{"name":"device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Current state of the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_level","description":"Current raid level of the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"size of the array in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"chunk_size","description":"chunk size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_disks","description":"Number of configured RAID disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nr_raid_disks","description":"Number of partitions or disk devices to comprise the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"working_disks","description":"Number of working disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active_disks","description":"Number of active disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_disks","description":"Number of failed disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"spare_disks","description":"Number of idle disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_state","description":"State of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_version","description":"Version of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_update_time","description":"Unix timestamp of last update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_on_mem","description":"Pages allocated in in-memory bitmap, if enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_chunk_size","description":"Bitmap chunk size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_external_file","description":"External referenced bitmap file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_progress","description":"Progress of the recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_finish","description":"Estimated duration of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_speed","description":"Speed of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_progress","description":"Progress of the resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_finish","description":"Estimated duration of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_speed","description":"Speed of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_progress","description":"Progress of the reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_finish","description":"Estimated duration of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_speed","description":"Speed of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_progress","description":"Progress of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_finish","description":"Estimated duration of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_speed","description":"Speed of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unused_devices","description":"Unused devices","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"other","description":"Other information associated with array from /proc/mdstat","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_drives","description":"Drive devices used for Software RAID.","platforms":["linux"],"columns":[{"name":"md_device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_name","description":"Drive device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"Slot position of disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the drive","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_personalities","description":"Software RAID setting supported by the kernel.","platforms":["linux"],"columns":[{"name":"name","description":"Name of personality supported by kernel","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mdfind","description":"Run searches against the spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file returned from spotlight","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The query that was run to find the file","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"mdls","description":"Query file metadata in the Spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value stored in the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valuetype","description":"CoreFoundation type of data stored in value","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"memory_array_mapped_addresses","description":"Data associated for address mapping of physical memory arrays.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_handle","description":"Handle of the memory array associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_width","description":"Number of memory devices that form a single row of memory for the address partition of this structure","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_arrays","description":"Data associated with collection of memory devices that operate to form a memory address.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Physical location of the memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"Function for which the array is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_correction","description":"Primary hardware error correction or detection method supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"Maximum capacity of array in gigabytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_info_handle","description":"Handle, or instance number, associated with any error that was detected for the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number_memory_devices","description":"Number of memory devices on array","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_device_mapped_addresses","description":"Data associated for address mapping of physical memory devices.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_device_handle","description":"Handle of the memory device structure associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_mapped_address_handle","description":"Handle of the memory array mapped address to which this device range is mapped to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_row_position","description":"Identifies the position of the referenced memory device in a row of the address partition","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_position","description":"The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_data_depth","description":"The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_devices","description":"Physical memory device (type 17) information retrieved from SMBIOS.","platforms":["darwin","linux","windows"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure in SMBIOS","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"array_handle","description":"The memory array that the device is attached to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Implementation form factor for this memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"total_width","description":"Total width, in bits, of this memory device, including any check or error-correction bits","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"data_width","description":"Data width, in bits, of this memory device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of memory device in Megabyte","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"set","description":"Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"device_locator","description":"String number of the string that identifies the physically-labeled socket or board position where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bank_locator","description":"String number of the string that identifies the physically-labeled bank where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type","description":"Type of memory used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type_details","description":"Additional details for memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_speed","description":"Max speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_clock_speed","description":"Configured speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Manufacturer ID string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"asset_tag","description":"Manufacturer specific asset tag of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"part_number","description":"Manufacturer specific serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_voltage","description":"Minimum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_voltage","description":"Maximum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_voltage","description":"Configured operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_error_info","description":"Data associated with errors of a physical memory array.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_type","description":"type of error associated with current error status for array or device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_granularity","description":"Granularity to which the error can be resolved","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_operation","description":"Memory access operation that caused the error","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_syndrome","description":"Vendor specific ECC syndrome or CRC data associated with the erroneous access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_error_address","description":"32 bit physical address of the error based on the addressing of the bus to which the memory array is connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_error_address","description":"32 bit physical address of the error relative to the start of the failing memory address, in bytes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_resolution","description":"Range, in bytes, within which this error can be determined, when an error address is given","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_info","description":"Main memory information in bytes.","platforms":["linux"],"columns":[{"name":"memory_total","description":"Total amount of physical RAM, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_free","description":"The amount of physical RAM, in bytes, left unused by the system","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_available","description":"The amount of physical RAM, in bytes, available for starting new applications, without swapping","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"buffers","description":"The amount of physical RAM, in bytes, used for file buffers","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"The amount of physical RAM, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_cached","description":"The amount of swap, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"The total amount of buffer or page cache memory, in bytes, that is in active use","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"The total amount of buffer or page cache memory, in bytes, that are free and available","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_total","description":"The total amount of swap available, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_free","description":"The total amount of swap free, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_map","description":"OS memory region map.","platforms":["linux"],"columns":[{"name":"name","description":"Region name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start","description":"Start address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"End address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mounts","description":"System mounted devices and filesystems (not process specific).","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Mounted device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_alias","description":"Mounted device alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Mounted device path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Mounted device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Block size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Mounted device used blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_free","description":"Mounted device free blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_available","description":"Mounted device available blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Mounted device used inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_free","description":"Mounted device free inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Mounted device flags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"msr","description":"Various pieces of data stored in the model specific register per processor. NOTE: the msr kernel module must be enabled, and osquery must be run as root.","platforms":["linux"],"columns":[{"name":"processor_number","description":"The processor number as reported in /proc/cpuinfo","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_disabled","description":"Whether the turbo feature is disabled.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_ratio_limit","description":"The turbo feature ratio limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_info","description":"Platform information.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_ctl","description":"Performance setting for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_status","description":"Performance status for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"feature_control","description":"Bitfield controlling enabled features.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_limit","description":"Run Time Average Power Limiting power limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_energy_status","description":"Run Time Average Power Limiting energy status.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_units","description":"Run Time Average Power Limiting power units.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"nfs_shares","description":"NFS shares exported by the host.","platforms":["darwin"],"columns":[{"name":"share","description":"Filesystem path to the share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Options string set on the export share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly","description":"1 if the share is exported readonly else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"npm_packages","description":"Node packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package-supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Package-supplied author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where node_modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"ntdomains","description":"Display basic NT domain information of a Windows machine.","platforms":["windows"],"columns":[{"name":"name","description":"The label by which the object is known.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"client_site_name","description":"The name of the site where the domain controller is configured.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dc_site_name","description":"The name of the site where the domain controller is located.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_forest_name","description":"The name of the root of the DNS tree.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_address","description":"The IP Address of the discovered domain controller..","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_name","description":"The name of the discovered domain controller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_name","description":"The name of the domain.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"The current status of the domain object.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_acl_permissions","description":"Retrieve NTFS ACL permission information for files and directories.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the file or directory.","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"type","description":"Type of access mode for the access control entry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"principal","description":"User or group to which the ACE applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"access","description":"Specific permissions that indicate the rights described by the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inherited_from","description":"The inheritance policy of the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_journal_events","description":"Track time/action changes to files specified in configuration data.","platforms":["windows"],"columns":[{"name":"action","description":"Change action (Write, Delete, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category that the event originated from","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"old_path","description":"Old path (renames only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_timestamp","description":"Journal record timestamp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_usn","description":"The update sequence number that identifies the journal record","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"node_ref_number","description":"The ordinal that associates a journal record with a filename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent_ref_number","description":"The ordinal that associates a journal record with a filename's parent directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"The drive letter identifying the source journal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"file_attributes","description":"File attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"Set to 1 if either path or old_path only contains the file or folder name","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"nvram","description":"Apple NVRAM variable listing.","platforms":["darwin"],"columns":[{"name":"name","description":"Variable name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Data type (CFData, CFString, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Raw variable data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"oem_strings","description":"OEM defined strings retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the Type 11 structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"The string index of the structure","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the OEM string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"office_mru","description":"View recently opened Office documents.","platforms":["windows"],"columns":[{"name":"application","description":"Associated Office application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Office application version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"Most recent opened time file was opened","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"os_version","description":"A single row containing the operating system name and version.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Distribution or product name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Pretty, suitable for presentation, OS version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major","description":"Major release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor","description":"Minor release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"patch","description":"Optional patch release","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build","description":"Optional build-specific or variant string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"OS Platform or ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_like","description":"Closely related platforms","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"codename","description":"OS version codename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"OS Architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Optional extra release specification","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"install_date","description":"The install date of the OS.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"osquery_events","description":"Information about the event publishers and subscribers.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Event publisher or subscriber name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the associated publisher","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either publisher or subscriber","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscriptions","description":"Number of subscriptions the publisher received or subscriber used","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"events","description":"Number of events emitted or received since osquery started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refreshes","description":"Publisher only: number of runloop restarts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 if the publisher or subscriber is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_extensions","description":"List of active osquery extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"uuid","description":"The transient ID assigned for communication","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension's version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk_version","description":"osquery SDK version used to build the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the extension's Thrift connection or library path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"SDK extension type: core, extension, or module","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_flags","description":"Configurable flags that modify osquery's behavior.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Flag name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Flag type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Flag description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_value","description":"Flag default value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Flag value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell_only","description":"Is the flag shell only?","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_info","description":"Top level information about the running version of osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread/handle) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_id","description":"Unique, long-lived ID per instance of osquery","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"osquery toolkit version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_hash","description":"Hash of the working configuration state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_valid","description":"1 if the config was loaded and considered valid, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"extensions","description":"osquery extensions status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_platform","description":"osquery toolkit build platform","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_distro","description":"osquery toolkit platform distribution name (os version)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"UNIX time in seconds when the process started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"watcher","description":"Process (or thread/handle) ID of optional watcher process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_mask","description":"The osquery platform bitmask","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_packs","description":"Information about the current query packs that are loaded in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query pack","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"Platforms this query is supported on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Minimum osquery version that this query will run on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shard","description":"Shard restriction limit, 1-100, 0 meaning no restriction","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_cache_hits","description":"The number of times that the discovery query used cached values since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_executions","description":"The number of times that the discovery queries have been executed since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_registry","description":"List the osquery registry plugins.","platforms":["darwin","linux","windows"],"columns":[{"name":"registry","description":"Name of the osquery registry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the plugin item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uuid","description":"Extension route UUID (0 for core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internal","description":"1 If the plugin is internal else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If this plugin is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_schedule","description":"Information about the current queries that are scheduled in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The exact query to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"The interval in seconds to run this query, not an exact interval","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"executions","description":"Number of times the query was executed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_executed","description":"UNIX time stamp in seconds of the last completed execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"denylisted","description":"1 if the query is denylisted else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"output_size","description":"Cumulative total number of bytes generated by the resultant rows of the query","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time","description":"Total wall time in seconds spent executing (deprecated), hidden=True","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time_ms","description":"Total wall time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_wall_time_ms","description":"Wall time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"Total user time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_user_time","description":"User time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"Total system time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_system_time","description":"System time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"average_memory","description":"Average of the bytes of resident memory left allocated after collecting results","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_memory","description":"Resident memory in bytes left allocated after collecting results of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_bom","description":"macOS package bill of materials (BOM) file list.","platforms":["darwin"],"columns":[{"name":"filepath","description":"Package file or directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Expected user of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Expected group of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Expected permissions","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Timestamp the file was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of package bom","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"package_install_history","description":"macOS package install history.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Label packageIdentifiers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Label date as UNIX timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package display version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Install source: usually the installer process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"content_type","description":"Package content_type (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_receipts","description":"macOS package receipt details.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Package domain identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_filename","description":"Filename of original .pkg file","type":"text","notes":"","hidden":true,"required":false,"index":true},{"name":"version","description":"Installed package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Optional relative install path on volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Timestamp of install time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"installer_name","description":"Name of installer process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of receipt plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"password_policy","description":"Password Policies for macOS.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID for the policy, -1 for policies that are global","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"policy_identifier","description":"Policy Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_content","description":"Policy content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_description","description":"Policy description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"patches","description":"Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).","platforms":["windows"],"columns":[{"name":"csname","description":"The name of the host the patch is installed on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hotfix_id","description":"The KB ID of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Short description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Fuller description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fix_comments","description":"Additional comments about the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_by","description":"The system context in which the patch as installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_on","description":"The date when the patch was installed.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pci_devices","description":"PCI devices active on the host system.","platforms":["darwin","linux"],"columns":[{"name":"pci_slot","description":"PCI Device used slot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class","description":"PCI Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"PCI Device used driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"PCI Device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded PCI Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"PCI Device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded PCI Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class_id","description":"PCI Device class ID in hex format","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass_id","description":"PCI Device subclass in hex format","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass","description":"PCI Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor_id","description":"Vendor ID of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor","description":"Vendor of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model_id","description":"Model ID of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model","description":"Device description of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"physical_disk_performance","description":"Provides provides raw data from performance counters that monitor hard or fixed disk drives on the system.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the physical disk","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_read","description":"Average number of bytes transferred from the disk during read operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_write","description":"Average number of bytes transferred to the disk during write operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_read_queue_length","description":"Average number of read requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_write_queue_length","description":"Average number of write requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_read","description":"Average time, in seconds, of a read operation of data from the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_write","description":"Average time, in seconds, of a write operation of data to the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_disk_queue_length","description":"Number of requests outstanding on the disk at the time the performance data is collected","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_read_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_write_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read or write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_idle_time","description":"Percentage of time during the sample interval that the disk was idle","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pipes","description":"Named and Anonymous pipes.","platforms":["windows"],"columns":[{"name":"pid","description":"Process ID of the process to which the pipe belongs","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the pipe","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instances","description":"Number of instances of the named pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_instances","description":"The maximum number of instances creatable for this pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"platform_info","description":"Information about EFI/UEFI/ROM and platform/boot.","platforms":["darwin","linux","windows"],"columns":[{"name":"vendor","description":"Platform code vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Platform code version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Self-reported platform code update date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"BIOS major and minor revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Platform-specific additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_type","description":"The type of firmware (uefi, bios, iboot, openfirmware, unknown).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Relative address of firmware mapping","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"size","description":"Size in bytes of firmware","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"volume_size","description":"(Optional) size of firmware volume","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"plist","description":"Read and parse a plist file.","platforms":["darwin"],"columns":[{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intermediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"(required) read preferences from a plist","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"portage_keywords","description":"A summary about portage configurations like keywords, mask and unmask.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keyword","description":"The keyword applied to the package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"If the package is masked","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"unmask","description":"If the package is unmasked","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_packages","description":"List of currently installed packages.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"The slot used by package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Unix time when package was built","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"repository","description":"From which repository the ebuild was used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eapi","description":"The eapi for the ebuild","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the package","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"world","description":"If package is in the world file","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_use","description":"List of enabled portage USE values for specific package.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version of the installed package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"USE flag which has been enabled for package","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"power_sensors","description":"Machine power (currents, voltages, wattages, etc) sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"category","description":"The sensor category: currents, voltage, wattage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of power source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Power in Watts","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"powershell_events","description":"Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received by the osquery event publisher","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the Powershell script event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_id","description":"The unique GUID of the powershell script to which this block belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_count","description":"The total number of script blocks for this script","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"The text content of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_name","description":"The name of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_path","description":"The path for the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cosine_similarity","description":"How similar the Powershell script is to a provided 'normal' character frequency","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"preferences","description":"macOS defaults and managed preferences.","platforms":["darwin"],"columns":[{"name":"domain","description":"Application ID usually in com.name.product format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"subkey","description":"Intemediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"forced","description":"1 if the value is forced/managed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"(optional) read preferences for a specific user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"'current' or 'any' host, where 'current' takes precedence","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prefetch","description":"Prefetch files show metadata related to file execution.","platforms":["windows"],"columns":[{"name":"path","description":"Prefetch file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Executable filename.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash","description":"Prefetch CRC hash.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Most recent time application was run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"other_run_times","description":"Other execution times in prefetch file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_count","description":"Number of times the application has been run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Application file size.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_creation","description":"Volume creation time.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files_count","description":"Number of files accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories_count","description":"Number of directories accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files","description":"Files accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories","description":"Directories accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_envs","description":"A key/value table of environment variables for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_etw_events","description":"Windows process execution events.","platforms":["windows"],"columns":[{"name":"type","description":"Event Type (ProcessStart, ProcessStop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"Session ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Process Flags","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit Code - Present only on ProcessStop events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command Line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"User rights - primary token username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"token_elevation_type","description":"Primary token elevation type - Present only on ProcessStart events","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"token_elevation_status","description":"Primary token elevation status - Present only on ProcessStart events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mandatory_label","description":"Primary token mandatory label sid - Present only on ProcessStart events","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Event timestamp in DATETIME format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time_windows","description":"Event timestamp in Windows format","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Event timestamp in Unix format","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"header_pid","description":"Process ID of the process reporting the event","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"process_sequence_number","description":"Process Sequence Number - Present only on ProcessStart events","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"parent_process_sequence_number","description":"Parent Process Sequence Number - Present only on ProcessStart events","type":"bigint","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_events","description":"Track time/action process executions.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File mode permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_size","description":"Actual size (bytes) of command line arguments","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env_size","description":"Actual size (bytes) of environment list","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"File owner user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_gid","description":"File owner group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"File last access in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"File modification in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"File last metadata change in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"File creation in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"overflows","description":"List of structures that overflowed","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"parent","description":"Process parent's PID, or -1 if cannot be determined.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"status","description":"OpenBSM Attribute: Status of the process","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"fsuid","description":"Filesystem user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"suid","description":"Saved user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"fsgid","description":"Filesystem group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"sgid","description":"Saved group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"syscall","description":"Syscall name: fork, vfork, clone, execve, execveat","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"process_file_events","description":"A File Integrity Monitor implementation using the audit service.","platforms":["linux"],"columns":[{"name":"operation","description":"Operation type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"executable","description":"The executable path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"True if this is a partial event (i.e.: this process existed before we started osquery)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The current working directory of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_path","description":"The canonical path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The uid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The gid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_memory_map","description":"Process memory mapped files and pseudo device/regions.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"start","description":"Virtual start address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"Virtual end address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"r=read, w=write, x=execute, p=private (cow)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset into mapped path","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"MA:MI Major/minor device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Mapped path inode, 0 means uninitialized (BSS)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to mapped file or mapped type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pseudo","description":"1 If path is a pseudo path, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_namespaces","description":"Linux namespaces for processes running on the host system.","platforms":["linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"cgroup_namespace","description":"cgroup namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipc_namespace","description":"ipc namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mnt_namespace","description":"mnt namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"net namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_namespace","description":"pid namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_namespace","description":"user namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uts_namespace","description":"uts namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_files","description":"File descriptors for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Process-specific file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Filesystem path of descriptor","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_pipes","description":"Pipes and partner processes for each process.","platforms":["linux"],"columns":[{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"File descriptor","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Pipe open mode (r/w)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Pipe inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Pipe Type: named vs unnamed/anonymous","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_pid","description":"Process ID of partner process sharing a particular pipe","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_fd","description":"File descriptor of shared pipe at partner's end","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_mode","description":"Mode of shared pipe at partner's end","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_sockets","description":"Processes which have open network sockets on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Socket local address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Socket remote address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Socket local port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Socket remote port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"For UNIX sockets (family=AF_UNIX), the domain path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"TCP socket state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"programs","description":"Represents products as they are installed by Windows Installer. A product generally correlates to one installation package on Windows. Some fields may be blank as Windows installation details are left to the discretion of the product author.","platforms":["windows"],"columns":[{"name":"name","description":"Commonly used product name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Product version information.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_location","description":"The installation location directory of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_source","description":"The installation source of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"language","description":"The language of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the product supplier.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uninstall_string","description":"Path and filename of the uninstaller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Date that this product was installed on the system. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifying_number","description":"Product identification such as a serial number on software, or a die number on a hardware chip.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prometheus_metrics","description":"Retrieve metrics from a Prometheus server.","platforms":["darwin","linux"],"columns":[{"name":"target_name","description":"Address of prometheus target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_name","description":"Name of collected Prometheus metric","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_value","description":"Value of collected Prometheus metric","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp_ms","description":"Unix timestamp of collected data in MS","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"python_packages","description":"Python packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where Python modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"quicklook_cache","description":"Files and thumbnails within macOS's Quicklook Cache.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rowid","description":"Quicklook file rowid key","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"fs_id","description":"Quicklook file fs_id key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_id","description":"Parsed volume ID from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Parsed file ID (inode) from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Parsed version date field","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Parsed version size field","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Parsed version 'gen' field","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_hit_date","description":"Apple date format for last thumbnail cache hit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hit_count","description":"Number of cache hits on thumbnail","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icon_mode","description":"Thumbnail icon mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cache_path","description":"Path to cache data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"registry","description":"All of the Windows registry hives.","platforms":["windows"],"columns":[{"name":"key","description":"Name of the key to search for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Full path to the value","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the registry value entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the registry value, or 'subkey' if item is a subkey","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data content of registry value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"timestamp of the most recent registry write","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"routes","description":"The active route table for the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"destination","description":"Destination IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Netmask length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Route gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Route source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags to describe route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Route local interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Maximum Transmission Unit for the route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Cost of route. Lowest is preferred","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of route","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hopcount","description":"Max hops expected","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"rpm_package_files","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"package","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"path","description":"File path within the package","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"username","description":"File default username from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"File default groupname from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File permissions mode from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size in bytes from RPM info DB","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 file digest from RPM info DB","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"rpm_packages","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"name","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"release","description":"Package release","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source RPM package name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the package contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"epoch","description":"Package epoch value","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"install_time","description":"When the package was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Package vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_group","description":"Package group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"running_apps","description":"macOS applications currently running on the host system.","platforms":["darwin"],"columns":[{"name":"pid","description":"The pid of the application","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_identifier","description":"The bundle identifier of the application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"is_active","description":"(DEPRECATED)","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"safari_extensions","description":"Safari browser extension details for all users. This table requires Full Disk Access (FDA) permission.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension long version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Bundle SDK used to compile extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Optional developer identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional extension description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension XAR bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"The version of the build that identifies an iteration of the bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"A human-readable copyright notice for the bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extension_type","description":"Extension Type: WebOrAppExtension or LegacyExtension","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sandboxes","description":"macOS application sandboxes container details.","platforms":["darwin"],"columns":[{"name":"label","description":"UTI-format bundle or label ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Sandbox owner","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Application sandboxings enabled on container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_id","description":"Sandbox-specific identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"Application bundle used by the sandbox","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to sandbox container directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"scheduled_tasks","description":"Lists all of the tasks in the Windows task scheduler.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Actions executed by the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the executable to be run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether or not the scheduled task is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"Whether or not the task is visible in the UI","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Timestamp the task last ran","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"next_run_time","description":"Timestamp the task is scheduled to run next","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_message","description":"Exit status message of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_code","description":"Exit status code of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"screenlock","description":"macOS screenlock status. Note: only fetches results for osquery's current logged-in user context. The user must also have recently logged in.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 If a password is required after sleep or the screensaver begins; else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grace_period","description":"The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"seccomp_events","description":"A virtual table that tracks seccomp events.","platforms":["linux"],"columns":[{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID (loginuid) of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ses","description":"Session ID of the session from which the analyzed process was invoked","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exe","description":"The path to the executable that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sig","description":"Signal value sent to process by seccomp","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Information about the CPU architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"Type of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compat","description":"Is system call in compatibility mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ip","description":"Instruction pointer value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code","description":"The seccomp action","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"secureboot","description":"Secure Boot UEFI Settings.","platforms":["darwin","linux","windows"],"columns":[{"name":"secure_boot","description":"Whether secure boot is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"secure_mode","description":"Secure mode for Intel-based macOS: 0 disabled, 1 full security, 2 medium security","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"setup_mode","description":"Whether setup mode is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","windows","win32","cygwin"]}]},{"name":"security_profile_info","description":"Information on the security profile of a given system by listing the system Account and Audit Policies. This table mimics the exported securitypolicy output from the secedit tool.","platforms":["windows"],"columns":[{"name":"minimum_password_age","description":"Determines the minimum number of days that a password must be used before the user can change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_password_age","description":"Determines the maximum number of days that a password can be used before the client requires the user to change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_password_length","description":"Determines the least number of characters that can make up a password for a user account","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_complexity","description":"Determines whether passwords must meet a series of strong-password guidelines","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_history_size","description":"Number of unique new passwords that must be associated with a user account before an old password can be reused","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lockout_bad_count","description":"Number of failed logon attempts after which a user account MUST be locked out","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_to_change_password","description":"Determines if logon session is required to change the password","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"force_logoff_when_expire","description":"Determines whether SMB client sessions with the SMB server will be forcibly disconnected when the client's logon hours expire","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"new_administrator_name","description":"Determines the name of the Administrator account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"new_guest_name","description":"Determines the name of the Guest account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"clear_text_password","description":"Determines whether passwords MUST be stored by using reversible encryption","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lsa_anonymous_name_lookup","description":"Determines if an anonymous user is allowed to query the local LSA policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_admin_account","description":"Determines whether the Administrator account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_guest_account","description":"Determines whether the Guest account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_system_events","description":"Determines whether the operating system MUST audit System Change, System Startup, System Shutdown, Authentication Component Load, and Loss or Excess of Security events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_logon_events","description":"Determines whether the operating system MUST audit each instance of a user attempt to log on or log off this computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_object_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access a non-Active Directory object that has its own SACL specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_privilege_use","description":"Determines whether the operating system MUST audit each instance of user attempts to exercise a user right","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_policy_change","description":"Determines whether the operating system MUST audit each instance of user attempts to change user rights assignment policy, audit policy, account policy, or trust policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_manage","description":"Determines whether the operating system MUST audit each event of account management on a computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_process_tracking","description":"Determines whether the operating system MUST audit process-related events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_ds_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access an Active Directory object that has its own system access control list (SACL) specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_logon","description":"Determines whether the operating system MUST audit each time this computer validates the credentials of an account","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"selinux_events","description":"Track SELinux events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"selinux_settings","description":"Track active SELinux settings.","platforms":["linux"],"columns":[{"name":"scope","description":"Where the key is located inside the SELinuxFS mount point.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key or class name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Active value.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"services","description":"Lists all installed Windows services and their relevant data.","platforms":["windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_type","description":"Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Service Display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the Process ID of the service","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"start_type","description":"Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win32_exit_code","description":"The error code that the service uses to report an error that occurs when it is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_exit_code","description":"The service-specific error code that the service returns when an error occurs while the service is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Service Executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_path","description":"Path to ServiceDll","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Service Description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account","description":"The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shadow","description":"Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access `/etc/shadow`.","platforms":["linux"],"columns":[{"name":"password_status","description":"Password status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash_alg","description":"Password hashing algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Date of last password change (starting from UNIX epoch date)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimal number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"warning","description":"Number of days before password expires to warn user about it","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Number of days after password expires until account is blocked","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"expire","description":"Number of days since UNIX epoch date until account is disabled","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flag","description":"Reserved","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"shared_folders","description":"Folders available to others via SMB or AFP.","platforms":["darwin"],"columns":[{"name":"name","description":"The shared name of the folder as it appears to other users","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute path of shared folder on the local system","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_memory","description":"OS shared memory regions.","platforms":["linux"],"columns":[{"name":"shmid","description":"Shared memory segment ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"User ID of owning process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_uid","description":"User ID of creator process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID to last use the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_pid","description":"Process ID that created the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Attached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"dtime","description":"Detached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Changed time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Memory segment permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"attached","description":"Number of attached processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Destination/attach status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"locked","description":"1 if segment is locked else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_resources","description":"Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.","platforms":["windows"],"columns":[{"name":"description","description":"A textual description of the object","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the object was installed. Lack of a value does not indicate that the object is not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"String that indicates the current status of the object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_maximum","description":"Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_allowed","description":"Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Alias given to a path set up as a share on a computer system running Windows.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local path of the Windows share.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Human readable value for the 'type' column","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sharing_preferences","description":"macOS Sharing preferences.","platforms":["darwin"],"columns":[{"name":"screen_sharing","description":"1 If screen sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"file_sharing","description":"1 If file sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"printer_sharing","description":"1 If printer sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_login","description":"1 If remote login is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_management","description":"1 If remote management is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_apple_events","description":"1 If remote apple events are enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internet_sharing","description":"1 If internet sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bluetooth_sharing","description":"1 If bluetooth sharing is enabled for any user else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disc_sharing","description":"1 If CD or DVD sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content_caching","description":"1 If content caching is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shell_history","description":"A line-delimited (command) table of per-user .*_history data.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"Shell history owner","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp. It could be absent, default value is 0.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Unparsed date/line/command history line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"history_file","description":"Path to the .*_history for this user","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shellbags","description":"Shows directories accessed via Windows Explorer.","platforms":["windows"],"columns":[{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Shellbags source Registry file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Directory name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Directory Modified time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_time","description":"Directory Created time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_time","description":"Directory Accessed time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Directory master file table entry.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Directory master file table sequence.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shimcache","description":"Application Compatibility Cache, contains artifacts of execution.","platforms":["windows"],"columns":[{"name":"entry","description":"Execution order.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the executed file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"File Modified time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"execution_flag","description":"Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher).","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"signature","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["darwin"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"hash_resources","description":"Set to 1 to also hash resources, or 0 otherwise. Default is 1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"If applicable, the arch of the signed code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"1 If the file is signed else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"The signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Hash of the application Code Directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_identifier","description":"The team signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority","description":"Certificate Common Name","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sip_config","description":"Apple's System Integrity Protection (rootless) status.","platforms":["darwin"],"columns":[{"name":"config_flag","description":"The System Integrity Protection config flag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled_nvram","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smbios_tables","description":"BIOS (DMI) structure common details and content.","platforms":["darwin","linux"],"columns":[{"name":"number","description":"Table entry number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Table entry type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Table entry description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handle","description":"Table entry handle","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"header_size","description":"Header size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Table entry size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smc_keys","description":"Apple's system management controller keys.","platforms":["darwin"],"columns":[{"name":"key","description":"4-character key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"SMC-reported type literal type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Reported size of data in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"A type-encoded representation of the key value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"1 if this key is normally hidden, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"socket_events","description":"Track network socket opens and closes.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"The socket action (bind, listen, close)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"The local path (UNIX domain socket only)","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"success","description":"Deprecated. Use the 'status' column instead","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ssh_configs","description":"A table of parsed ssh_configs.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local owner of the ssh_config file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block","description":"The host or match block","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"The option and value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_config_file","description":"Path to the ssh_config file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"startup_items","description":"Applications and binaries set as user/login startup items.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Name of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"args","description":"Arguments provided to startup executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Startup Item or Login Item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Directory or plist containing startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Startup status; either enabled or disabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"The user associated with the startup item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sudoers","description":"Rules for running commands as other users via sudo.","platforms":["darwin","linux"],"columns":[{"name":"source","description":"Source file containing the given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"header","description":"Symbol for given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rule_details","description":"Rule definition","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"suid_bin","description":"suid binaries in common locations.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Binary owner username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Binary owner group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Binary permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"syslog_events","description":"","platforms":["linux"],"columns":[{"name":"time","description":"Current unix epoch time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Time known to syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Hostname configured for syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"severity","description":"Syslog severity","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Syslog facility","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tag","description":"The syslog tag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"The syslog message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"system_controls","description":"sysctl names, values, and settings information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Full sysctl MIB name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"oid","description":"Control MIB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"Subsystem ID, control type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_value","description":"Value of setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_value","description":"The MIB value set in /etc/sysctl.conf","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"field_name","description":"Specific attribute of opaque type","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"system_extensions","description":"macOS (>= 10.15) system extension table.","platforms":["darwin"],"columns":[{"name":"path","description":"Original path of system extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"UUID","description":"Extension unique id","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"System extension state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"System extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"System extension category","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"System extension bundle path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team","description":"Signing team ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mdm_managed","description":"1 if managed by MDM system extension payload configuration, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"system_info","description":"System information for identification.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Network hostname including domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"CPU type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"CPU subtype","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_brand","description":"CPU brand string, contains vendor and model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_physical_cores","description":"Number of physical CPU cores in to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_logical_cores","description":"Number of logical CPU cores available to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_sockets","description":"Number of processor sockets in the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_microcode","description":"Microcode version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_memory","description":"Total physical memory in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_vendor","description":"Hardware vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hardware model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_version","description":"Hardware version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_serial","description":"Device serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_vendor","description":"Board vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_model","description":"Board model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_version","description":"Board version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_serial","description":"Board serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Friendly computer name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Local hostname (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"systemd_units","description":"Track systemd units.","platforms":["linux"],"columns":[{"name":"id","description":"Unique unit identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Unit description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"load_state","description":"Reflects whether the unit definition was properly loaded","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"active_state","description":"The high-level unit activation state, i.e. generalization of SUB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sub_state","description":"The low-level unit activation state, values depend on unit type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unit_file_state","description":"Whether the unit file is enabled, e.g. `enabled`, `masked`, `disabled`, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"following","description":"The name of another unit that this unit follows in state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_path","description":"The object path for this unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_id","description":"Next queued job id","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"job_type","description":"Job type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_path","description":"The object path for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fragment_path","description":"The unit file path this unit was read from, if there is any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The configured user, if any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_path","description":"Path to the (possibly generated) unit configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"temperature_sensors","description":"Machine's temperature sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of temperature source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"celsius","description":"Temperature in Celsius","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"fahrenheit","description":"Temperature in Fahrenheit","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time","description":"Track current date and time in UTC.","platforms":["darwin","linux","windows"],"columns":[{"name":"weekday","description":"Current weekday in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"year","description":"Current year in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"Current month in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"day","description":"Current day in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"Current hour in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Current minutes in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Current seconds in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timezone","description":"Timezone for reported time (hardcoded to UTC)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_timezone","description":"Current local timezone in of the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unix_time","description":"Current UNIX time in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp","description":"Current timestamp (log format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Current date and time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iso_8601","description":"Current time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win_timestamp","description":"Timestamp value in 100 nanosecond units","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"time_machine_backups","description":"Backups to drives using TimeMachine.","platforms":["darwin"],"columns":[{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"backup_date","description":"Backup Date","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time_machine_destinations","description":"Locations backed up to using Time Machine.","platforms":["darwin"],"columns":[{"name":"alias","description":"Human readable name of drive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"consistency_scan_date","description":"Consistency scan date","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"root_volume_uuid","description":"Root UUID of backup volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_available","description":"Bytes available on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_used","description":"Bytes used on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption","description":"Last known encrypted state","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"tpm_info","description":"A table that lists the TPM related information.","platforms":["windows"],"columns":[{"name":"activated","description":"TPM is activated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"TPM is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owned","description":"TPM is owned","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_version","description":"TPM version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_id","description":"TPM manufacturers ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_name","description":"TPM manufacturers name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_name","description":"Product name of the TPM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_presence_version","description":"Version of the Physical Presence Interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"spec_version","description":"Trusted Computing Group specification that the TPM supports","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ulimit_info","description":"System resource usage limits.","platforms":["darwin","linux"],"columns":[{"name":"type","description":"System resource to be limited","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"soft_limit","description":"Current limit value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_limit","description":"Maximum limit value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"unified_log","description":"Queries the OSLog framework for entries in the system log. The maximum number of rows returned is limited for performance issues. Use timestamp > or >= constraints to optimize query performance. This table introduces a new idiom for extracting sequential data in batches using multiple queries, ordered by timestamp. To trigger it, the user should include the condition \"timestamp > -1\", and the table will handle pagination. Note that the saved pagination counter is incremented globally across all queries and table invocations within a query. To avoid multiple table invocations within a query, use only AND and = constraints in WHERE clause.","platforms":["darwin"],"columns":[{"name":"timestamp","description":"unix timestamp associated with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"storage","description":"the storage category for the entry","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"composed message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"activity","description":"the activity ID associate with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"process","description":"the name of the process that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the pid of the process that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"the name of the binary image that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"the tid of the thread that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"the category of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"the subsystem of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"the severity level of the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_rows","description":"the max number of rows returned (defaults to 100)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"predicate","description":"predicate to search (see `log help predicates`), note that this is merged into the predicate created from the column constraints","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"uptime","description":"Track time passed since last boot. Some systems track this as calendar time, some as runtime.","platforms":["darwin","linux","windows"],"columns":[{"name":"days","description":"Days of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hours","description":"Hours of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Minutes of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Seconds of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"total_seconds","description":"Total uptime seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"usb_devices","description":"USB devices that are actively plugged into the host system.","platforms":["darwin","linux"],"columns":[{"name":"usb_address","description":"USB Device used address","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"usb_port","description":"USB Device used port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"USB Device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded USB Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"USB Device version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"USB Device model string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded USB Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"USB Device serial connection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"USB Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subclass","description":"USB Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"USB Device protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"removable","description":"1 If USB device is removable else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_events","description":"Track user events from the audit framework.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The file description for the process socket","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Supplied path from event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"The Internet protocol address or family ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"terminal","description":"The network protocol ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"user_groups","description":"Local system user group relationships.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"user_interaction_events","description":"Track user interaction events from macOS' event tapping framework.","platforms":["darwin"],"columns":[{"name":"time","description":"Time","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_ssh_keys","description":"Returns the private keys in the users ~/.ssh directory and whether or not they are encrypted.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the key file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to key file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"encrypted","description":"1 if key is encrypted, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"key_type","description":"The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"userassist","description":"UserAssist Registry Key tracks when a user executes an application from Windows Explorer.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of times the application has been executed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"video_info","description":"Retrieve video card information of the machine.","platforms":["windows"],"columns":[{"name":"color_depth","description":"The amount of bits per pixel to represent color.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"The driver of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_date","description":"The date listed on the installed driver.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_version","description":"The version of the installed driver.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"series","description":"The series of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"video_mode","description":"The current resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"virtual_memory_info","description":"Darwin Virtual Memory statistics.","platforms":["darwin"],"columns":[{"name":"free","description":"Total number of free pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Total number of active pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Total number of inactive pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"speculative","description":"Total number of speculative pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"throttled","description":"Total number of throttled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired","description":"Total number of wired down pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purgeable","description":"Total number of purgeable pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"faults","description":"Total number of calls to vm_faults.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"copy","description":"Total number of copy-on-write pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"zero_fill","description":"Total number of zero filled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"reactivated","description":"Total number of reactivated pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purged","description":"Total number of purged pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_backed","description":"Total number of file backed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"anonymous","description":"Total number of anonymous pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uncompressed","description":"Total number of uncompressed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressor","description":"The number of pages used to store compressed VM pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"decompressed","description":"The total number of pages that have been decompressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressed","description":"The total number of pages that have been compressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_ins","description":"The total number of requests for pages from a pager.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_outs","description":"Total number of pages paged out.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_ins","description":"The total number of compressed pages that have been swapped out to disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_outs","description":"The total number of compressed pages that have been swapped back in from disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_networks","description":"macOS known/remembered Wi-Fi networks list.","platforms":["darwin"],"columns":[{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_connected","description":"Last time this network was connected to as a unix_time","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"passpoint","description":"1 if Passpoint is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"possibly_hidden","description":"1 if network is possibly a hidden network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"roaming","description":"1 if roaming is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"roaming_profile","description":"Describe the roaming profile, usually one of Single, Dual or Multi","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_login","description":"1 if auto login is enabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"temporarily_disabled","description":"1 if this network is temporarily disabled, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 if this network is disabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"add_reason","description":"Shows why this network was added, via menubar or command line or something else ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"added_at","description":"Time this network was added as a unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_portal","description":"1 if this network has a captive portal, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_login_date","description":"Time this network logged in to a captive portal as unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"was_captive_network","description":"1 if this network was previously a captive network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_join","description":"1 if this network set to join automatically, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"personal_hotspot","description":"1 if this network is a personal hotspot, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_status","description":"macOS current WiFi status.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"transmit_rate","description":"The current transmit rate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"The current operating mode for the Wi-Fi interface","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_survey","description":"Scan for nearby WiFi networks.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"winbaseobj","description":"Lists named Windows objects in the default object directories, across all terminal services sessions. Example Windows ojbect types include Mutexes, Events, Jobs and Semaphors.","platforms":["windows"],"columns":[{"name":"session_id","description":"Terminal Services Session Id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"object_name","description":"Object Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_type","description":"Object Type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_crashes","description":"Extracted information from Windows crash logs (Minidumps).","platforms":["windows"],"columns":[{"name":"datetime","description":"Timestamp (log format) of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module","description":"Path of the crashed module within the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the executable file for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID of the crashed thread","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"File version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_uptime","description":"Uptime of the process in seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Multiple stack frames from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_code","description":"The Windows exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_message","description":"The NTSTATUS error message associated with the exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_address","description":"Address (in hex) where the exception occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The values of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line","description":"Command-line string passed to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_directory","description":"Current working directory of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username of the user who ran the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"machine_name","description":"Name of the machine where the crash happened","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major_version","description":"Windows major version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor_version","description":"Windows minor version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_number","description":"Windows build number of the crashing machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Path of the log file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_eventlog","description":"Table for querying all recorded Windows event logs.","platforms":["windows"],"columns":[{"name":"channel","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_range","description":"System time to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"timestamp","description":"Timestamp to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"xpath","description":"The custom query to filter events","type":"text","notes":"","hidden":true,"required":true,"index":false}]},{"name":"windows_events","description":"Windows Event logs.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"The severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_firewall_rules","description":"Provides the list of Windows firewall rules.","platforms":["windows"],"columns":[{"name":"name","description":"Friendly name of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"app_name","description":"Friendly name of the application to which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Action for the rule or default setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if the rule is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grouping","description":"Group to which an individual rule belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"direction","description":"Direction of traffic for which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"IP protocol of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_addresses","description":"Local addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_addresses","description":"Remote addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ports","description":"Local ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_ports","description":"Remote ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icmp_types_codes","description":"ICMP types and codes for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_domain","description":"1 if the rule profile type is domain","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_private","description":"1 if the rule profile type is private","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_public","description":"1 if the rule profile type is public","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_name","description":"Service name property of the application","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_optional_features","description":"Lists names and installation states of windows features. Maps to Win32_OptionalFeature WMI class.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Caption of feature in settings UI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"statename","description":"Installation state name. 'Enabled','Disabled','Absent'","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_search","description":"Run searches against the Windows system index database using Advanced Query Syntax. See https://learn.microsoft.com/en-us/windows/win32/search/-search-3x-advancedquerysyntax for details.","platforms":["windows"],"columns":[{"name":"name","description":"The name of the item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The full path of the item.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The item size in bytes.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"date_created","description":"The unix timestamp of when the item was created.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"date_modified","description":"The unix timestamp of when the item was last modified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner","description":"The owner of the item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The item type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"properties","description":"Additional property values JSON","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows search query","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"sort","description":"Sort for windows api","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"max_results","description":"Maximum number of results returned by windows api, set to -1 for unlimited","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"additional_properties","description":"Comma separated list of columns to include in properties JSON","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_security_center","description":"The health status of Window Security features. Health values can be \"Good\", \"Poor\". \"Snoozed\", \"Not Monitored\", and \"Error\".","platforms":["windows"],"columns":[{"name":"firewall","description":"The health of the monitored Firewall (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"The health of the Windows Autoupdate feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antivirus","description":"The health of the monitored Antivirus solution (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antispyware","description":"Deprecated (always 'Good').","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"internet_settings","description":"The health of the Internet Settings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"windows_security_center_service","description":"The health of the Windows Security Center Service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account_control","description":"The health of the User Account Control (UAC) capability in Windows","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_security_products","description":"Enumeration of registered Windows security products. Note: Not compatible with Windows Server.","platforms":["windows"],"columns":[{"name":"type","description":"Type of security product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of protection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state_timestamp","description":"Timestamp for the product state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remediation_path","description":"Remediation path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signatures_up_to_date","description":"1 if product signatures are up to date, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_update_history","description":"Provides the history of the windows update events.","platforms":["windows"],"columns":[{"name":"client_app_id","description":"Identifier of the client application that processed an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Date and the time an update was applied","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hresult","description":"HRESULT value that is returned from the operation on an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result_code","description":"Result of an operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_selection","description":"Value that indicates which server provided an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_id","description":"Service identifier of an update service that is not a Windows update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"support_url","description":"Hyperlink to the language-specific support information for an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"title","description":"Title of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_id","description":"Revision-independent identifier of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_revision","description":"Revision number of an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_bios_info","description":"Lists important information from the system bios.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_cli_event_consumers","description":"WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique name of a consumer.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line_template","description":"Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"executable_path","description":"Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_event_filters","description":"Lists WMI event filters.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier of an event filter.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query_language","description":"Query language that the query is written in.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_filter_consumer_binding","description":"Lists the relationship between event consumers and filters.","platforms":["windows"],"columns":[{"name":"consumer","description":"Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filter","description":"Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_script_event_consumers","description":"WMI ActiveScriptEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier for the event consumer. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"scripting_engine","description":"Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_file_name","description":"Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_entries","description":"Database of the machine's XProtect signatures.","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"launch_type","description":"Launch services content type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identity","description":"XProtect identity (SHA1) of content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Use this file name to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filetype","description":"Use this file type to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional","description":"Match any of the identities/patterns for this XProtect name","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uses_pattern","description":"Uses a match pattern instead of identity","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_meta","description":"Database of the machine's XProtect browser-related signatures.","platforms":["darwin"],"columns":[{"name":"identifier","description":"Browser plugin or extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either plugin or extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Developer identity (SHA1) of extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_version","description":"The minimum allowed plugin version.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_reports","description":"Database of XProtect matches (if user generated/sent an XProtect report).","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_action","description":"Action taken by user after prompted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Quarantine alert time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"yara","description":"Triggers one-off YARA query for files at the specified path. Requires one of `sig_group`, `sigfile`, or `sigrule`.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sig_group","description":"Signature group used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigfile","description":"Signature file used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigrule","description":"Signature strings used","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigurl","description":"Signature url","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"yara_events","description":"Track YARA matches for files specified in configuration data.","platforms":["darwin","linux","windows"],"columns":[{"name":"target_path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of the scan","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ycloud_instance_metadata","description":"Yandex.Cloud instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"folder_id","description":"Folder identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cloud_id","description":"Cloud identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Hostname of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_port_enabled","description":"Indicates if serial port is enabled for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metadata_endpoint","description":"Endpoint used to fetch VM metadata","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"yum_sources","description":"Current list of Yum repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"baseurl","description":"Repository base URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mirrorlist","description":"Mirrorlist URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether the repository is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgcheck","description":"Whether packages are GPG checked","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgkey","description":"URL to GPG key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.7.0.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.7.0.json deleted file mode 100644 index 8649b18090b76..0000000000000 --- a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.7.0.json +++ /dev/null @@ -1 +0,0 @@ -[{"name":"account_policy_data","description":"Additional macOS user account data from the AccountPolicy section of OpenDirectory.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the account was first created","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_count","description":"The number of failed login attempts using an incorrect password. Count resets after a correct password is entered.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_timestamp","description":"The time of the last failed login attempt. Resets after a correct password is entered","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"password_last_set_time","description":"The time the password was last changed","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"acpi_tables","description":"Firmware ACPI functional table common metadata and content.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"ACPI table name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of compiled table data","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ad_config","description":"macOS Active Directory configuration.","platforms":["darwin"],"columns":[{"name":"name","description":"The macOS-specific configuration name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain","description":"Active Directory trust domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"Canonical name of option","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Variable typed option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf","description":"macOS application layer firewall (ALF) service details.","platforms":["darwin"],"columns":[{"name":"allow_signed_enabled","description":"1 If allow signed mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"firewall_unload","description":"1 If firewall unloading enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"global_state","description":"1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_enabled","description":"1 If logging mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_option","description":"Firewall logging option","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stealth_enabled","description":"1 If stealth mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Application Layer Firewall version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_exceptions","description":"macOS application layer firewall (ALF) service exceptions.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to the executable that is excepted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Firewall exception state","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_explicit_auths","description":"ALF services explicitly allowed to perform networking.","platforms":["darwin"],"columns":[{"name":"process","description":"Process name explicitly allowed","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"app_schemes","description":"macOS application schemes and handlers (e.g., http, file, mailto).","platforms":["darwin"],"columns":[{"name":"scheme","description":"Name of the scheme/protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handler","description":"Application label for the handler","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this handler is the OS default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"external","description":"1 if this handler does NOT exist on macOS by default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protected","description":"1 if this handler is protected (reserved) by macOS, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_events","description":"Track AppArmor events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Raw audit message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"apparmor","description":"Apparmor Status like ALLOWED, DENIED etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Permission requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process PID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"Apparmor profile name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"denied_mask","description":"Denied permissions for the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"capname","description":"Capability requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ouid","description":"Object owner's user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"capability","description":"Capability number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"requested_mask","description":"Requested access mask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info","description":"Additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error","description":"Error information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"namespace","description":"AppArmor namespace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"AppArmor label","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_profiles","description":"Track active AppArmor profiles.","platforms":["linux"],"columns":[{"name":"path","description":"Unique, aa-status compatible, policy identifier.","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Policy name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attach","description":"Which executable(s) a profile will attach to.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"How the policy is applied.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"A unique hash that identifies this policy.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"appcompat_shims","description":"Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.","platforms":["windows"],"columns":[{"name":"executable","description":"Name of the executable that is being shimmed. This is pulled from the registry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Install time of the SDB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdb_id","description":"Unique GUID of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apps","description":"macOS applications installed in known search paths (e.g., /Applications).","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the Name.app folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute and full Name.app path","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_executable","description":"Info properties CFBundleExecutable label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"Info properties CFBundleIdentifier label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_name","description":"Info properties CFBundleName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_short_version","description":"Info properties CFBundleShortVersionString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"Info properties CFBundleVersion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_package_type","description":"Info properties CFBundlePackageType label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"environment","description":"Application-set environment variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"element","description":"Does the app identify as a background agent","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compiler","description":"Info properties DTCompiler label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Info properties CFBundleDevelopmentRegion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Info properties CFBundleDisplayName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_string","description":"Info properties CFBundleGetInfoString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_system_version","description":"Minimum version of macOS required for the app to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The UTI that categorizes the app for the App Store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"applescript_enabled","description":"Info properties NSAppleScriptEnabled label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"Info properties NSHumanReadableCopyright label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"The time that the app was last used","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apt_sources","description":"Current list of APT repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_uri","description":"Repository base URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"Release name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Repository source version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Repository maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"components","description":"Repository components","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architectures","description":"Repository architectures","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"arp_cache","description":"Address resolution cache, both static and dynamic (from ARP, NDP).","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IPv4 address target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address of broadcasted address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Interface of the network for the MAC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permanent","description":"1 for true, 0 for false","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"asl","description":"Queries the Apple System Log data structure for system events.","platforms":["darwin"],"columns":[{"name":"time","description":"Unix timestamp. Set automatically","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_nano_sec","description":"Nanosecond time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Sender's address (set by the server).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"Sender's identification string. Default is process name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Sender's facility. Default is 'user'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Sending process ID encoded as a string. Set automatically.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"GID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"UID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Log level number. See levels in asl.h.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message text.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_pid","description":"Reference PID for messages proxied by launchd","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_proc","description":"Reference process for messages proxied by launchd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"atom_packages","description":"Lists all atom packages in a directory or globally installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package's package.json path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"augeas","description":"Configuration files parsed by augeas.","platforms":["darwin","linux"],"columns":[{"name":"node","description":"The node path of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"The value of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"The label of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path to the configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authenticode","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"original_program_name","description":"The original program name that the publisher has signed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_name","description":"The certificate issuer name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_name","description":"The certificate subject name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The signature check result","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorization_mechanisms","description":"macOS Authorization mechanisms database.","platforms":["darwin"],"columns":[{"name":"label","description":"Label of the authorization right","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"plugin","description":"Authorization plugin name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mechanism","description":"Name of the mechanism that will be called","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"If privileged it will run as root, else as an anonymous user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"entry","description":"The whole string entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorizations","description":"macOS Authorization rights database.","platforms":["darwin"],"columns":[{"name":"label","description":"Item name, usually in reverse domain format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"modified","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_root","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tries","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authenticate_user","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shared","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_owner","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorized_keys","description":"A line-delimited authorized_keys table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local owner of authorized_keys file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"algorithm","description":"Key type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key encoded as base64","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Optional list of login options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to the authorized_keys file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"autoexec","description":"Aggregate of executables that will automatically execute on the target machine. This is an amalgamation of other tables like services, scheduled_tasks, startup_items and more.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the executable","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source table of the autoexec item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_metadata","description":"Azure instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"location","description":"Azure Region the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offer","description":"Offer information for the VM image (Azure image gallery VMs only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"SKU for the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Linux or Windows","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_update_domain","description":"Update domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_fault_domain","description":"Fault domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"vm_size","description":"VM size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscription_id","description":"Azure subscription for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resource_group_name","description":"Resource group for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"placement_group_id","description":"Placement group for the VM scale set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_scale_set_name","description":"VM scale set name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_tags","description":"Azure instance tags.","platforms":["darwin","linux","windows"],"columns":[{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"The tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"background_activities_moderator","description":"Background Activities Moderator (BAM) tracks application execution.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"battery","description":"Provides information about the internal battery of a Macbook.","platforms":["darwin"],"columns":[{"name":"manufacturer","description":"The battery manufacturer's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacture_date","description":"The date the battery was manufactured UNIX Epoch","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The battery's model number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The battery's unique serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cycle_count","description":"The number of charge/discharge cycles","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"health","description":"One of the following: \"Good\" describes a well-performing battery, \"Fair\" describes a functional battery with limited capacity, or \"Poor\" describes a battery that's not capable of providing power","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"condition","description":"One of the following: \"Normal\" indicates the condition of the battery is within normal tolerances, \"Service Needed\" indicates that the battery should be checked out by a licensed Mac repair service, \"Permanent Failure\" indicates the battery needs replacement","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"One of the following: \"AC Power\" indicates the battery is connected to an external power source, \"Battery Power\" indicates that the battery is drawing internal power, \"Off Line\" indicates the battery is off-line or no longer connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"charging","description":"1 if the battery is currently being charged by a power source. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"charged","description":"1 if the battery is currently completely charged. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"designed_capacity","description":"The battery's designed capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"The battery's actual capacity when it is fully charged in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_capacity","description":"The battery's current charged capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_remaining","description":"The percentage of battery remaining before it is drained","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"amperage","description":"The battery's current amperage in mA","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"voltage","description":"The battery's current voltage in mV","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_until_empty","description":"The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_to_full_charge","description":"The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bitlocker_info","description":"Retrieve bitlocker status of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"ID of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"Drive letter of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent_volume_id","description":"Persistent ID of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"conversion_status","description":"The bitlocker conversion status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_status","description":"The bitlocker protection status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_method","description":"The encryption type of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The FVE metadata version of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percentage_encrypted","description":"The percentage of the drive that is encrypted.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lock_status","description":"The accessibility status of the drive from Windows.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"block_devices","description":"Block (buffered access) device file nodes: disks, ramdisks, and DMG containers.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Block device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Block device parent name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Block device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Block device model string identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Block device size in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Block device Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Block device type string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Block device label string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bpf_process_events","description":"Track time/action process executions.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"json_cmdline","description":"Command line arguments, in JSON format","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"bpf_socket_events","description":"Track network socket opens and closes.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The socket type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"browser_plugins","description":"All C/NPAPI browser plugin details for all users. C/NPAPI has been deprecated on all major browsers. To query for plugins on modern browsers, try: `chrome_extensions` `firefox_addons` `safari_extensions`.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Plugin display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Plugin identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Plugin short version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Build SDK used to compile plugin","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Plugin description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Plugin language-localization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"native","description":"Plugin requires native execution","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"disabled","description":"Is the plugin disabled. 1 = Disabled","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carbon_black_info","description":"Returns info about a Carbon Black sensor install.","platforms":["darwin","linux","windows"],"columns":[{"name":"sensor_id","description":"Sensor ID of the Carbon Black sensor","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"config_name","description":"Sensor group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_store_files","description":"If the sensor is configured to send back binaries to the Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_loads","description":"If the sensor is configured to capture module loads","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_info","description":"If the sensor is configured to collect metadata of binaries","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_file_mods","description":"If the sensor is configured to collect file modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_reg_mods","description":"If the sensor is configured to collect registry modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_net_conns","description":"If the sensor is configured to collect network connections","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_processes","description":"If the sensor is configured to process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_cross_processes","description":"If the sensor is configured to cross process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_emet_events","description":"If the sensor is configured to EMET events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_data_file_writes","description":"If the sensor is configured to collect non binary file writes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_process_user_context","description":"If the sensor is configured to collect the user running a process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_sensor_operations","description":"Unknown","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_mb","description":"Event file disk quota in MB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_percentage","description":"Event file disk quota in a percentage","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_disabled","description":"If the sensor is configured to report tamper events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_ip_addr","description":"IP address of the sensor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_backend_server","description":"Carbon Black server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_queue","description":"Size in bytes of Carbon Black event files on disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"binary_queue","description":"Size in bytes of binaries waiting to be sent to Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carves","description":"List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.","platforms":["darwin","linux","windows"],"columns":[{"name":"time","description":"Time at which the carve was kicked off","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A SHA256 sum of the carved archive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the carved archive","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the requested carve","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve_guid","description":"Identifying value of the carve session","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"request_id","description":"Identifying value of the carve request (e.g., scheduled query name, distributed request, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve","description":"Set this value to '1' to start a file carve","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"certificates","description":"Certificate Authorities installed in Keychains/ca-bundles.","platforms":["darwin","linux","windows"],"columns":[{"name":"common_name","description":"Certificate CommonName","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject","description":"Certificate distinguished name (deprecated, use subject2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer","description":"Certificate issuer distinguished name (deprecated, use issuer2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ca","description":"1 if CA: true (certificate is an authority) else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"self_signed","description":"1 if self-signed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_before","description":"Lower bound of valid date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_after","description":"Certificate expiration data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_algorithm","description":"Signing algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_algorithm","description":"Key algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_strength","description":"Key size used for RSA/DSA, or curve name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Certificate key usage and extended key usage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_id","description":"SKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_id","description":"AKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the raw certificate contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Keychain or PEM bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"SID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_location","description":"Certificate system store location","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store","description":"Certificate system store","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"username","description":"Username","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_id","description":"Exists for service/user stores. Contains raw store id provided by WinAPI.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"issuer2","description":"Certificate issuer distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"subject2","description":"Certificate distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"chassis_info","description":"Display information pertaining to the chassis and its security status.","platforms":["windows"],"columns":[{"name":"audible_alarm","description":"If TRUE, the frame is equipped with an audible alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"breach_description","description":"If provided, gives a more detailed description of a detected security breach.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chassis_types","description":"A comma-separated list of chassis types, such as Desktop or Laptop.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"An extended description of the chassis if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"lock","description":"If TRUE, the frame is equipped with a lock.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_breach","description":"The physical status of the chassis such as Breach Successful, Breach Attempted, etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"smbios_tag","description":"The assigned asset tag number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"The Stock Keeping Unit number if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible_alarm","description":"If TRUE, the frame is equipped with a visual alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chocolatey_packages","description":"Chocolatey packages installed in a system.","platforms":["windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this package resides","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extension_content_scripts","description":"Chrome browser extension content scripts.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script","description":"The content script used by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"The pattern that the script is matched against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extensions","description":"Chrome-based browser extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"The name of the Chrome profile that contains this extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced_identifier","description":"Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier, computed from its manifest. Empty in case of error.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Extension-optional description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_locale","description":"Default locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_locale","description":"Current locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent","description":"1 If extension is persistent across all tabs else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The permissions required by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions_json","description":"The JSON-encoded permissions required by the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"optional_permissions","description":"The permissions optionally required by the extensions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional_permissions_json","description":"The JSON-encoded permissions optionally required by the extensions","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"manifest_hash","description":"The SHA256 hash of the manifest.json file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"from_webstore","description":"True if this extension was installed from the web store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"1 if this extension is enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Extension install time, in its original Webkit format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_timestamp","description":"Extension install time, converted to unix time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manifest_json","description":"The manifest file of the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"key","description":"The extension key, from the manifest file","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"connectivity","description":"Provides the overall system's network state.","platforms":["windows"],"columns":[{"name":"disconnected","description":"True if the all interfaces are not connected to any network","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_no_traffic","description":"True if any interface is connected via IPv4, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_no_traffic","description":"True if any interface is connected via IPv6, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_subnet","description":"True if any interface is connected to the local subnet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_local_network","description":"True if any interface is connected to a routed network via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_internet","description":"True if any interface is connected to the Internet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_subnet","description":"True if any interface is connected to the local subnet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_local_network","description":"True if any interface is connected to a routed network via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_internet","description":"True if any interface is connected to the Internet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpu_info","description":"Retrieve cpu hardware info of the machine.","platforms":["linux","windows"],"columns":[{"name":"device_id","description":"The DeviceID of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"processor_type","description":"The processor type, such as Central, Math, or Video.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_status","description":"The current operating status of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"number_of_cores","description":"The number of cores of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logical_processors","description":"The number of logical processors of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address_width","description":"The width of the CPU address bus.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_clock_speed","description":"The current frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_clock_speed","description":"The maximum possible frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket_designation","description":"The assigned socket on the board for the given CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability","description":"The availability and status of the CPU.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"cpu_time","description":"Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system.","platforms":["darwin","linux"],"columns":[{"name":"core","description":"Name of the cpu (core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Time spent in user mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Time spent in user mode with low priority (nice)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system","description":"Time spent in system mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idle","description":"Time spent in the idle task","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"iowait","description":"Time spent waiting for I/O to complete","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"irq","description":"Time spent servicing interrupts","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"softirq","description":"Time spent servicing softirqs","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"steal","description":"Time spent in other operating systems when running in a virtualized environment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest","description":"Time spent running a virtual CPU for a guest OS under the control of the Linux kernel","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest_nice","description":"Time spent running a niced guest ","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpuid","description":"Useful CPU features from the cpuid ASM call.","platforms":["darwin","linux","windows"],"columns":[{"name":"feature","description":"Present feature flags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Bit value or string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_register","description":"Register used to for feature value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_bit","description":"Bit in register value for feature value","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"input_eax","description":"Value of EAX used","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crashes","description":"Application, System, and Mobile App crash logs.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Identifier of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent PID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"responsible","description":"Process responsible for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the crashed process","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"datetime","description":"Date/Time at which the crash occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crashed_thread","description":"Thread ID which crashed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Most recent frame from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_type","description":"Exception type of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_codes","description":"Exception codes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_notes","description":"Exception notes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The value of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crontab","description":"Line parsed values from system and user cron/tab.","platforms":["darwin","linux"],"columns":[{"name":"event","description":"The job @event name (rare)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minute","description":"The exact minute for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"The hour of the day for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_month","description":"The day of the month for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"The month of the year for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_week","description":"The day of the week for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Raw command string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File parsed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"cups_destinations","description":"Returns all configured printers.","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the printer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_name","description":"Option name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_value","description":"Option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cups_jobs","description":"Returns all completed print jobs from cups.","platforms":["darwin"],"columns":[{"name":"title","description":"Title of the printed job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"The printer the job was sent to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The user who printed the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"format","description":"The format of the print job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the print job","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"completed_time","description":"When the job completed printing","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processing_time","description":"How long the job took to process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the print request was initiated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl","description":"Perform an http request and return stats about it.","platforms":["darwin","linux","windows"],"columns":[{"name":"url","description":"The url for the request","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"method","description":"The HTTP method for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_agent","description":"The user-agent string to use for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"response_code","description":"The HTTP status code for the response","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"round_trip_time","description":"Time taken to complete the request","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of bytes in the response","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The HTTP response body","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl_certificate","description":"Inspect TLS certificates by connecting to input hostnames.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Hostname to CURL (domain[:port], e.g. osquery.io)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"common_name","description":"Common name of company issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization","description":"Organization issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization_unit","description":"Organization unit issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_common_name","description":"Issuer common name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization","description":"Issuer organization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization_unit","description":"Issuer organization unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_from","description":"Period of validity start date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_to","description":"Period of validity end date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256_fingerprint","description":"SHA-256 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1_fingerprint","description":"SHA1 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version Number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"signature_algorithm","description":"Signature Algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signature","description":"Signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_identifier","description":"Subject Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_identifier","description":"Authority Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extended_key_usage","description":"Extended usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policies","description":"Certificate Policies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_alternative_names","description":"Subject Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_alternative_names","description":"Issuer Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_access","description":"Authority Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_info_access","description":"Subject Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_mappings","description":"Policy Mappings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"has_expired","description":"1 if the certificate has expired, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"basic_constraint","description":"Basic Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name_constraints","description":"Name Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_constraints","description":"Policy Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dump_certificate","description":"Set this value to '1' to dump certificate","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"timeout","description":"Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"pem","description":"Certificate PEM format","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"deb_packages","description":"The installed DEB package database.","platforms":["linux"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Package source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Package architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Package revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Package status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Package maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"section","description":"Package section","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"priority","description":"Package priority","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"admindir","description":"libdpkg admindir. Defaults to /var/lib/dpkg","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"default_environment","description":"Default environment variables and values.","platforms":["windows"],"columns":[{"name":"variable","description":"Name of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expand","description":"1 if the variable needs expanding, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_file","description":"Similar to the file table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"A logical path within the device node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Creation time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_firmware","description":"A best-effort list of discovered firmware versions.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"The device name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Firmware version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_hash","description":"Similar to the hash table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_partitions","description":"Use TSK to enumerate details about partitions on a disk device.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number or description","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Byte size of each block","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Number of blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Number of meta nodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"disk_encryption","description":"Disk encryption status and information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Disk name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"uuid","description":"Disk Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 If encrypted: true (disk is encrypted), else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Description of cipher type and mode if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_status","description":"Disk encryption status with one of following values: encrypted | not encrypted | undefined","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Currently authenticated user if available","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"user_uuid","description":"UUID of authenticated user if available","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"filevault_status","description":"FileVault status with one of following values: on | off | unknown","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"disk_events","description":"Track DMG disk image events (appearance/disappearance) when opened.","platforms":["darwin"],"columns":[{"name":"action","description":"Appear or disappear","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the DMG file accessed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Disk event name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Disk event BSD name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"UUID of the volume inside DMG if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of partition in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ejectable","description":"1 if ejectable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mountable","description":"1 if mountable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"writable","description":"1 if writable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content","description":"Disk event content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"media_name","description":"Disk event media name string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Disk event vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filesystem","description":"Filesystem if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"checksum","description":"UDIF Master checksum if available (CRC32)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of appearance/disappearance in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"disk_info","description":"Retrieve basic information about the physical disks of a system.","platforms":["windows"],"columns":[{"name":"partitions","description":"Number of detected partitions on disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_index","description":"Physical drive number of the disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The interface type of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pnp_device_id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_size","description":"Size of the disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hard drive model.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"The label of the disk object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The OS's description of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_cache","description":"Enumerate the DNS cache using the undocumented DnsGetCacheDataTable function in dnsapi.dll.","platforms":["windows"],"columns":[{"name":"name","description":"DNS record name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"DNS record type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"DNS record flags","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_resolvers","description":"Resolvers used by this host.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Address type index or order","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Address type: sortlist, nameserver, search","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Resolver IP/IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Address (sortlist) netmask length","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Resolver options","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_container_envs","description":"Docker container environment variables.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_fs_changes","description":"Changes to files or directories on container's filesystem.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"FIle or directory path relative to rootfs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"change_type","description":"Type of change: C:Modified, A:Added, D:Deleted","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_labels","description":"Docker container labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_mounts","description":"Docker container mounts.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Type of mount (bind, volume)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Optional mount name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source path on host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"Destination path inside container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver providing the mount","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Mount options (rw, ro)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rw","description":"1 if read/write. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"propagation","description":"Mount propagation","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_networks","description":"Docker container networks.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"network_id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"endpoint_id","description":"Endpoint ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_address","description":"IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_prefix_len","description":"IP subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_gateway","description":"IPv6 gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_prefix_len","description":"IPv6 subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mac_address","description":"MAC address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_ports","description":"Docker container ports.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Protocol (tcp, udp)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Port inside the container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host_ip","description":"Host IP address on which public port is listening","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host_port","description":"Host port","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_processes","description":"Docker container processes.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start in seconds since boot (non-sleeping)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Cumulative CPU time. [DD-]HH:MM:SS format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu","description":"CPU utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mem","description":"Memory utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_stats","description":"Docker container statistics. Queries on this table take at least one second.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pids","description":"Number of processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"read","description":"UNIX time when stats were read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"preread","description":"UNIX time when stats were last read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"Difference between read and preread in nano-seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_read","description":"Total disk read bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_write","description":"Total disk write bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"num_procs","description":"Number of processors","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_total_usage","description":"Total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_kernelmode_usage","description":"CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_usermode_usage","description":"CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_cpu_usage","description":"CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"online_cpus","description":"Online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_total_usage","description":"Last read total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_kernelmode_usage","description":"Last read CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_usermode_usage","description":"Last read CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_system_cpu_usage","description":"Last read CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_online_cpus","description":"Last read online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_usage","description":"Memory usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_max_usage","description":"Memory maximum usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"Memory limit","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_rx_bytes","description":"Total network bytes read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_tx_bytes","description":"Total network bytes transmitted","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_containers","description":"Docker containers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"image","description":"Docker image (name) used to launch this container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image_id","description":"Docker image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Command with arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Container state (created, restarting, running, removing, paused, exited, dead)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Container status information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Identifier of the initial process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Container path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_entrypoint","description":"Container entrypoint(s)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"started_at","description":"Container start time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"finished_at","description":"Container finish time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"Is the container privileged","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"security_options","description":"List of container security options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_variables","description":"Container environmental variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly_rootfs","description":"Is the root filesystem mounted as read only","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"ipc_namespace","description":"IPC namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mnt_namespace","description":"Mount namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"net_namespace","description":"Network namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"pid_namespace","description":"PID namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"user_namespace","description":"User namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"uts_namespace","description":"UTS namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_image_history","description":"Docker image history information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of instruction in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_by","description":"Created by instruction","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Instruction comment","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_labels","description":"Docker image labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_layers","description":"Docker image layers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"layer_id","description":"Layer ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"layer_order","description":"Layer Order (1 = base layer)","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_images","description":"Docker images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size_bytes","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of repository tags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_info","description":"Docker system information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Docker system ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"containers","description":"Total number of containers","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_running","description":"Number of containers currently running","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_paused","description":"Number of containers in paused state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_stopped","description":"Number of containers in stopped state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"images","description":"Number of images","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"storage_driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"1 if memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_limit","description":"1 if swap limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_memory","description":"1 if kernel memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_period","description":"1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_quota","description":"1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_shares","description":"1 if CPU share weighting support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_set","description":"1 if CPU set selection support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_forwarding","description":"1 if IPv4 forwarding is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_iptables","description":"1 if bridge netfilter iptables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_ip6tables","description":"1 if bridge netfilter ip6tables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"oom_kill_disable","description":"1 if Out-of-memory kill is disabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_driver","description":"Logging driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_driver","description":"Control groups driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Operating system type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpus","description":"Number of CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory","description":"Total memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"http_proxy","description":"HTTP proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"https_proxy","description":"HTTPS proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"no_proxy","description":"Comma-separated list of domain extensions proxy should not be used for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the docker host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_version","description":"Server version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_dir","description":"Docker root directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_network_labels","description":"Docker network labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_networks","description":"Docker networks information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Network driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_ipv6","description":"1 if IPv6 is enabled on this network. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"subnet","description":"Network subnet","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Network gateway","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_version","description":"Docker version information.","platforms":["darwin","linux"],"columns":[{"name":"version","description":"Docker version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"api_version","description":"API version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_api_version","description":"Minimum API version supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"git_commit","description":"Docker build git commit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"go_version","description":"Go version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Build time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volume_labels","description":"Docker volume labels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volumes","description":"Docker volumes information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"driver","description":"Volume driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mount_point","description":"Mount point","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Volume type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"drivers","description":"Details for in-use Windows device drivers. This does not display installed but unused drivers.","platforms":["windows"],"columns":[{"name":"device_id","description":"Device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_name","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image","description":"Path to driver image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Driver description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"Driver service name, if one exists","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_key","description":"Driver service registry key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Driver version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inf","description":"Associated inf file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Device/driver class name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider","description":"Driver provider","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Device manufacturer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_key","description":"Driver key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Driver date","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"Whether the driver is signed or not","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_metadata","description":"EC2 instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_type","description":"EC2 instance type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"region","description":"AWS region in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability_zone","description":"Availability zone in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Private IPv4 DNS hostname of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ipv4","description":"Private IPv4 address of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address for the first network interface of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_groups","description":"Comma separated list of security group names","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iam_arn","description":"If there is an IAM role associated with the instance, contains instance profile ARN","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ami_id","description":"AMI ID used to launch this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reservation_id","description":"ID of the reservation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account_id","description":"AWS account ID which owns this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_tags","description":"EC2 instance tag key value pairs.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"original_parent","description":"Original parent process ID in case of reparenting","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_count","description":"Number of command line arguments","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_id","description":"Signature identifier of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_id","description":"Team identifier of thd process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Codesigning hash of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_binary","description":"Indicates if the binary is Apple signed binary (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of a process in case of an exit event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"child_pid","description":"Process ID of a child process in case of a fork event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"codesigning_flags","description":"Codesigning flags matching one of these options, in a comma separated list: NOT_VALID, ADHOC, NOT_RUNTIME, INSTALLER. See kern/cs_blobs.h in XNU for descriptions.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_file_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"The source or target filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_filename","description":"Destination filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"etc_hosts","description":"Line-parsed /etc/hosts.","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IP address mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostnames","description":"Raw hosts mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"etc_protocols","description":"Line-parsed /etc/protocols.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Protocol name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"Protocol number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"alias","description":"Protocol alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Comment with protocol description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"etc_services","description":"Line-parsed /etc/services.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Service port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Optional space separated list of other names for a service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment for a service.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"event_taps","description":"Returns information about installed event taps.","platforms":["darwin"],"columns":[{"name":"enabled","description":"Is the Event Tap enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tap_id","description":"Unique ID for the Tap","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tapped","description":"The mask that identifies the set of events to be observed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_being_tapped","description":"The process ID of the target application","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tapping_process","description":"The process ID of the application that created the event tap.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"extended_attributes","description":"Returns the extended attributes for files (similar to Windows ADS).","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the value generated from the extended attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The parsed information from the attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base64","description":"1 if the value is base64 encoded else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"fan_speed_sensors","description":"Fan speeds.","platforms":["darwin"],"columns":[{"name":"fan","description":"Fan number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Fan name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"actual","description":"Actual speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target speed","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"file","description":"Interactive filesystem attributes and metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Device ID (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"(B)irth or (cr)eate time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"symlink","description":"1 if the path is a symlink, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attributes","description":"File attrib string. See: https://ss64.com/nt/attrib.html","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"volume_serial","description":"Volume serial number","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_id","description":"file ID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_version","description":"File version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"product_version","description":"File product version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"original_filename","description":"(Executable files only) Original filename","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"bsd_flags","description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"file_events","description":"Track time/action changes to files specified in configuration data.","platforms":["darwin","linux"],"columns":[{"name":"target_path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file defined in the config","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"The MD5 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"The SHA1 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"The SHA256 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hashed","description":"1 if the file was hashed, 0 if not, -1 if hashing failed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"firefox_addons","description":"Firefox browser extensions, webapps, and addons.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the addon","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Addon display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Addon identifier","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"creator","description":"Addon-supported creator string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Extension, addon, webapp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Addon-supplied version string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Addon-supplied description string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_url","description":"URL that installed the addon","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible","description":"1 If the addon is shown in browser else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If the addon is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 If the addon is application-disabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"1 If the addon applies background updates else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Global, profile location","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper","description":"macOS Gatekeeper Details.","platforms":["darwin"],"columns":[{"name":"assessments_enabled","description":"1 If a Gatekeeper is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"dev_id_enabled","description":"1 If a Gatekeeper allows execution from identified developers else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of Gatekeeper's gke.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"opaque_version","description":"Version of Gatekeeper's gkopaque.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper_approved_apps","description":"Gatekeeper apps a user has allowed to run.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of executable allowed to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"requirement","description":"Code signing requirement language","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last change time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"hardware_events","description":"Hardware (PCI/USB/HID) events from UDEV or IOKit.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"Remove, insert, change properties, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local device path assigned (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of hardware and hardware event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver claiming the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Hardware device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded Hardware vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Hardware device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded Hardware model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Device serial (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Device revision (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of hardware event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hash","description":"Filesystem hash data.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"homebrew_packages","description":"The installed homebrew package database.","platforms":["darwin"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package install path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Current 'linked' version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"prefix","description":"Homebrew install prefix","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hvci_status","description":"Retrieve HVCI info of the machine.","platforms":["windows"],"columns":[{"name":"version","description":"The version number of the Device Guard build.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_identifier","description":"The instance ID of Device Guard.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vbs_status","description":"The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code_integrity_policy_enforcement_status","description":"The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"umci_policy_status","description":"The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ibridge_info","description":"Information about the Apple iBridge hardware controller.","platforms":["darwin"],"columns":[{"name":"boot_uuid","description":"Boot UUID of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"coprocessor_version","description":"The manufacturer and chip version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"The build version of the firmware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unique_chip_id","description":"Unique id of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ie_extensions","description":"Internet Explorer browser extensions.","platforms":["windows"],"columns":[{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registry_path","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executable","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"intel_me_info","description":"Intel ME/CSE Info.","platforms":["linux","windows"],"columns":[{"name":"version","description":"Intel ME version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"interface_addresses","description":"Network interfaces and relevant metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"Interface netmask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"broadcast","description":"Broadcast address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"point_to_point","description":"PtP address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of address. One of dhcp, manual, auto, other, unknown","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_details","description":"Detailed information and stats of network interfaces.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC of interface (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Interface type (includes virtual)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Network MTU","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Metric based on the speed of the interface","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags (netdevice) for the device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipackets","description":"Input packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"opackets","description":"Output packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ibytes","description":"Input bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"obytes","description":"Output bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ierrors","description":"Input errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"oerrors","description":"Output errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idrops","description":"Input drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"odrops","description":"Output drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"collisions","description":"Packet Collisions detected","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Time of last device modification (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"link_speed","description":"Interface speed in Mb/s","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"pci_slot","description":"PCI slot number","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"description","description":"Short description of the object a one-line string.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"manufacturer","description":"Name of the network adapter's manufacturer.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_id","description":"Name of the network connection as it appears in the Network Connections Control Panel program.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_status","description":"State of the network adapter connection to the network.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"enabled","description":"Indicates whether the adapter is enabled or not.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"physical_adapter","description":"Indicates whether the adapter is a physical or a logical adapter.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"speed","description":"Estimate of the current bandwidth in bits per second.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"service","description":"The name of the service the network adapter uses.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_enabled","description":"If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_expires","description":"Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_obtained","description":"Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_server","description":"IP address of the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain","description":"Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain_suffix_search_order","description":"Array of DNS domain suffixes to be appended to the end of host names during name resolution.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_host_name","description":"Host name used to identify the local computer for authentication by some utilities.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_server_search_order","description":"Array of server IP addresses to be used in querying for DNS servers.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_ipv6","description":"IPv6 configuration and stats of network interfaces.","platforms":["darwin","linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hop_limit","description":"Current Hop Limit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"forwarding_enabled","description":"Enable IP forwarding","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"redirect_accept","description":"Accept ICMP redirect messages","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rtadv_accept","description":"Accept ICMP Router Advertisement","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_devicetree","description":"The IOKit registry matching the DeviceTree plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Device node name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent device registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device_path","description":"Device tree path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"1 if the device conforms to IOService else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the device is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The device reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Device nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_registry","description":"The full IOKit registry without selecting a plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Default name of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the node is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The node reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Node nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iptables","description":"Linux IP packet filtering and NAT tool.","platforms":["linux"],"columns":[{"name":"filter_name","description":"Packet matching filter table name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chain","description":"Size of module content.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy","description":"Policy that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Protocol number identification.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"src_port","description":"Protocol source port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_port","description":"Protocol destination port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_ip","description":"Source IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_mask","description":"Source IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface","description":"Input interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface_mask","description":"Input interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_ip","description":"Destination IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_mask","description":"Destination IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface","description":"Output interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface_mask","description":"Output interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"Matching rule that applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"packets","description":"Number of matching packets for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of matching bytes for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_extensions","description":"macOS's kernel extensions, both loaded and within the load search path.","platforms":["darwin"],"columns":[{"name":"idx","description":"Extension load tag or index","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refs","description":"Reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Bytes of wired memory used by extension","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"linked_against","description":"Indexes of extensions this extension is linked against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Optional path to extension bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_info","description":"Basic active kernel information.","platforms":["darwin","linux","windows"],"columns":[{"name":"version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arguments","description":"Kernel arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Kernel path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Kernel device identifier","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_modules","description":"Linux kernel modules both loaded and within the load search path.","platforms":["linux"],"columns":[{"name":"name","description":"Module name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"Module reverse dependencies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Kernel module status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_panics","description":"System kernel panic logs.","platforms":["darwin"],"columns":[{"name":"path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Formatted time of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"A space delimited line of register:value pairs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"frame_backtrace","description":"Backtrace of the crashed module","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_backtrace","description":"Modules appearing in the crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dependencies","description":"Module dependencies existing in crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name corresponding to crashed thread","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_version","description":"Version of the operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Version of the system kernel","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"system_model","description":"Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)'","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"System uptime at kernel panic in nanoseconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_loaded","description":"Last loaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_unloaded","description":"Last unloaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_acls","description":"Applications that have ACL entries in the keychain.","platforms":["darwin"],"columns":[{"name":"keychain_path","description":"The path of the keychain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authorizations","description":"A space delimited set of authorization attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the authorized application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The description included with the ACL entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"An optional label tag that may be included with the keychain entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_items","description":"Generic details about keychain items.","platforms":["darwin"],"columns":[{"name":"label","description":"Generic item name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional item description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional keychain comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account","description":"Optional item account","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Date item was created","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified","description":"Date of last modification","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Keychain item type (class)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to keychain containing item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"known_hosts","description":"A line-delimited known_hosts table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local user that owns the known_hosts file","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"parsed authorized keys line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to known_hosts file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kva_speculative_info","description":"Display kernel virtual address and speculative execution information for the system.","platforms":["windows"],"columns":[{"name":"kva_shadow_enabled","description":"Kernel Virtual Address shadowing is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_user_global","description":"User pages are marked as global.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_pcid","description":"Kernel VA PCID flushing optimization is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_inv_pcid","description":"Kernel VA INVPCID is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_mitigations","description":"Branch Prediction mitigations are enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_system_pol_disabled","description":"Branch Predictions are disabled via system policy.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_microcode_disabled","description":"Branch Predictions are disabled due to lack of microcode update.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_spec_ctrl_supported","description":"SPEC_CTRL MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ibrs_support_enabled","description":"Windows uses IBRS.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stibp_support_enabled","description":"Windows uses STIBP.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_pred_cmd_supported","description":"PRED_CMD MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"last","description":"System logins and logouts.","platforms":["darwin","linux"],"columns":[{"name":"username","description":"Entry username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Entry terminal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Entry type, according to ut_type types (utmp.h)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Entry type name, according to ut_type types (utmp.h)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Entry hostname","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd","description":"LaunchAgents and LaunchDaemons from default search paths.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"File name of plist (used by launchd)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program","description":"Path to target program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_at_load","description":"Should the program run on launch load","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keep_alive","description":"Should the process be restarted if killed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"on_demand","description":"Deprecated key, replaced by keep_alive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Skip loading this daemon or agent on boot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Run this daemon or agent as this username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Run this daemon or agent as this group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stdout_path","description":"Pipe stdout to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stderr_path","description":"Pipe stderr to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_interval","description":"Frequency to run in seconds","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program_arguments","description":"Command line arguments passed to program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"watch_paths","description":"Key that launches daemon or agent if path is modified","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"queue_directories","description":"Similar to watch_paths but only with non-empty directories","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inetd_compatibility","description":"Run this daemon or agent as it was launched from inetd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_on_mount","description":"Run daemon or agent every time a filesystem is mounted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_directory","description":"Key used to specify a directory to chroot to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"working_directory","description":"Key used to specify a directory to chdir to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_type","description":"Key describes the intended purpose of the job","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd_overrides","description":"Override keys, per user, for LaunchDaemons and Agents.","platforms":["darwin"],"columns":[{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Name of the override key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Overridden value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID applied to the override, 0 applies to all","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"listening_ports","description":"Processes with listening (bound) network sockets/ports.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Transport layer port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for bind","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path for UNIX domain sockets","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"load_average","description":"Displays information about the system wide load averages.","platforms":["darwin","linux"],"columns":[{"name":"period","description":"Period over which the average is calculated.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"average","description":"Load average over the specified period.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"location_services","description":"Reports the status of the Location Services feature of the OS.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 if Location Services are enabled, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logged_in_users","description":"Users with an active shell on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"type","description":"Login type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User login name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Remote hostname","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time entry was made","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"The user's unique security identifier","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"registry_hive","description":"HKEY_USERS registry hive","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"logical_drives","description":"Details for logical drives on the system. A logical drive generally represents a single partition.","platforms":["windows"],"columns":[{"name":"device_id","description":"The drive id, usually the drive name, e.g., 'C:'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Deprecated (always 'Unknown').","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"free_space","description":"The amount of free space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The total amount of space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_system","description":"The file system of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"boot_partition","description":"True if Windows booted from this drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logon_sessions","description":"Windows Logon Session.","platforms":["windows"],"columns":[{"name":"logon_id","description":"A locally unique identifier (LUID) that identifies a logon session.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The account name of the security principal that owns the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_domain","description":"The name of the domain used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authentication_package","description":"The authentication package used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_type","description":"The logon method.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"The Terminal Services session identifier.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_sid","description":"The user's security identifier (SID).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_time","description":"The time the session owner logged on.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_server","description":"The name of the server used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_domain_name","description":"The DNS name for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"upn","description":"The user principal name (UPN) for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_script","description":"The script used for logging on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory_drive","description":"The drive location of the home directory of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_certificates","description":"LXD certificates information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fingerprint","description":"SHA256 hash of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"certificate","description":"Certificate content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster","description":"LXD cluster information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether clustering enabled (1) or not (0) on this node","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_entity","description":"Type of configuration parameter for this node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_name","description":"Name of configuration parameter","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_key","description":"Config key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_value","description":"Config value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_description","description":"Config description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster_members","description":"LXD cluster members information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"url","description":"URL of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"database","description":"Whether the server is a database node (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_images","description":"LXD images information.","platforms":["linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"architecture","description":"Target architecture for the image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"OS on which image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"OS release version on which the image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Image description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Comma-separated list of image aliases","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Filename of the image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_update","description":"Whether the image auto-updates (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"Whether image is cached (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"public","description":"Whether image is public (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of image creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expires_at","description":"ISO time of image expiration","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uploaded_at","description":"ISO time of image upload","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_used_at","description":"ISO time for the most recent use of this image in terms of container spawn","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_server","description":"Server for image update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_protocol","description":"Protocol used for image information update and image import from source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_certificate","description":"Certificate for update source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_alias","description":"Alias of image at update source server","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_config","description":"LXD instance configuration information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"key","description":"Configuration parameter name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Configuration parameter value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_devices","description":"LXD instance devices information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"device","description":"Name of the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Device info param name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Device info param value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instances","description":"LXD instances information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"status","description":"Instance state (running, stopped, etc.)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stateful","description":"Whether the instance is stateful(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ephemeral","description":"Whether the instance is ephemeral(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_image","description":"ID of image used to launch this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Instance architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"The OS of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Instance description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Instance's process ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processes","description":"Number of processes running inside this instance","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_networks","description":"LXD network information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"managed","description":"1 if network created by LXD, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_address","description":"IPv4 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"URLs for containers using this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_received","description":"Number of bytes received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_sent","description":"Number of bytes sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_received","description":"Number of packets received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_sent","description":"Number of packets sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hwaddr","description":"Hardware address for this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Network status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"MTU size","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_storage_pools","description":"LXD storage pool information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Storage pool source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"space_used","description":"Storage space used in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"space_total","description":"Total available storage space in bytes for this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_used","description":"Number of inodes used","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_total","description":"Total number of inodes available in this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"magic","description":"Magic number recognition library table.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute path to target file","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"magic_db_files","description":"Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Magic number data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_type","description":"MIME type data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_encoding","description":"MIME encoding data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"managed_policies","description":"The managed configuration policies from AD, MDM, MCX, etc.","platforms":["darwin"],"columns":[{"name":"domain","description":"System or manager-chosen domain key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Optional UUID assigned to policy set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy key name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Policy value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Policy applies only this user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manual","description":"1 if policy was loaded manually, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_devices","description":"Software RAID array settings.","platforms":["linux"],"columns":[{"name":"device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Current state of the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_level","description":"Current raid level of the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"size of the array in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"chunk_size","description":"chunk size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_disks","description":"Number of configured RAID disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nr_raid_disks","description":"Number of partitions or disk devices to comprise the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"working_disks","description":"Number of working disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active_disks","description":"Number of active disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_disks","description":"Number of failed disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"spare_disks","description":"Number of idle disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_state","description":"State of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_version","description":"Version of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_update_time","description":"Unix timestamp of last update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_on_mem","description":"Pages allocated in in-memory bitmap, if enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_chunk_size","description":"Bitmap chunk size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_external_file","description":"External referenced bitmap file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_progress","description":"Progress of the recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_finish","description":"Estimated duration of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_speed","description":"Speed of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_progress","description":"Progress of the resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_finish","description":"Estimated duration of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_speed","description":"Speed of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_progress","description":"Progress of the reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_finish","description":"Estimated duration of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_speed","description":"Speed of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_progress","description":"Progress of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_finish","description":"Estimated duration of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_speed","description":"Speed of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unused_devices","description":"Unused devices","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"other","description":"Other information associated with array from /proc/mdstat","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_drives","description":"Drive devices used for Software RAID.","platforms":["linux"],"columns":[{"name":"md_device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_name","description":"Drive device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"Slot position of disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the drive","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_personalities","description":"Software RAID setting supported by the kernel.","platforms":["linux"],"columns":[{"name":"name","description":"Name of personality supported by kernel","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mdfind","description":"Run searches against the spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file returned from spotlight","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The query that was run to find the file","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"mdls","description":"Query file metadata in the Spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value stored in the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valuetype","description":"CoreFoundation type of data stored in value","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"memory_array_mapped_addresses","description":"Data associated for address mapping of physical memory arrays.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_handle","description":"Handle of the memory array associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_width","description":"Number of memory devices that form a single row of memory for the address partition of this structure","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_arrays","description":"Data associated with collection of memory devices that operate to form a memory address.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Physical location of the memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"Function for which the array is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_correction","description":"Primary hardware error correction or detection method supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"Maximum capacity of array in gigabytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_info_handle","description":"Handle, or instance number, associated with any error that was detected for the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number_memory_devices","description":"Number of memory devices on array","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_device_mapped_addresses","description":"Data associated for address mapping of physical memory devices.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_device_handle","description":"Handle of the memory device structure associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_mapped_address_handle","description":"Handle of the memory array mapped address to which this device range is mapped to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_row_position","description":"Identifies the position of the referenced memory device in a row of the address partition","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_position","description":"The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_data_depth","description":"The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_devices","description":"Physical memory device (type 17) information retrieved from SMBIOS.","platforms":["darwin","linux","windows"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure in SMBIOS","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"array_handle","description":"The memory array that the device is attached to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Implementation form factor for this memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"total_width","description":"Total width, in bits, of this memory device, including any check or error-correction bits","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"data_width","description":"Data width, in bits, of this memory device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of memory device in Megabyte","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"set","description":"Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"device_locator","description":"String number of the string that identifies the physically-labeled socket or board position where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bank_locator","description":"String number of the string that identifies the physically-labeled bank where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type","description":"Type of memory used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type_details","description":"Additional details for memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_speed","description":"Max speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_clock_speed","description":"Configured speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Manufacturer ID string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"asset_tag","description":"Manufacturer specific asset tag of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"part_number","description":"Manufacturer specific serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_voltage","description":"Minimum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_voltage","description":"Maximum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_voltage","description":"Configured operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_error_info","description":"Data associated with errors of a physical memory array.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_type","description":"type of error associated with current error status for array or device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_granularity","description":"Granularity to which the error can be resolved","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_operation","description":"Memory access operation that caused the error","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_syndrome","description":"Vendor specific ECC syndrome or CRC data associated with the erroneous access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_error_address","description":"32 bit physical address of the error based on the addressing of the bus to which the memory array is connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_error_address","description":"32 bit physical address of the error relative to the start of the failing memory address, in bytes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_resolution","description":"Range, in bytes, within which this error can be determined, when an error address is given","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_info","description":"Main memory information in bytes.","platforms":["linux"],"columns":[{"name":"memory_total","description":"Total amount of physical RAM, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_free","description":"The amount of physical RAM, in bytes, left unused by the system","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_available","description":"The amount of physical RAM, in bytes, available for starting new applications, without swapping","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"buffers","description":"The amount of physical RAM, in bytes, used for file buffers","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"The amount of physical RAM, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_cached","description":"The amount of swap, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"The total amount of buffer or page cache memory, in bytes, that is in active use","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"The total amount of buffer or page cache memory, in bytes, that are free and available","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_total","description":"The total amount of swap available, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_free","description":"The total amount of swap free, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_map","description":"OS memory region map.","platforms":["linux"],"columns":[{"name":"name","description":"Region name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start","description":"Start address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"End address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mounts","description":"System mounted devices and filesystems (not process specific).","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Mounted device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_alias","description":"Mounted device alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Mounted device path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Mounted device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Block size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Mounted device used blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_free","description":"Mounted device free blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_available","description":"Mounted device available blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Mounted device used inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_free","description":"Mounted device free inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Mounted device flags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"msr","description":"Various pieces of data stored in the model specific register per processor. NOTE: the msr kernel module must be enabled, and osquery must be run as root.","platforms":["linux"],"columns":[{"name":"processor_number","description":"The processor number as reported in /proc/cpuinfo","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_disabled","description":"Whether the turbo feature is disabled.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_ratio_limit","description":"The turbo feature ratio limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_info","description":"Platform information.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_ctl","description":"Performance setting for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_status","description":"Performance status for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"feature_control","description":"Bitfield controlling enabled features.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_limit","description":"Run Time Average Power Limiting power limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_energy_status","description":"Run Time Average Power Limiting energy status.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_units","description":"Run Time Average Power Limiting power units.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"nfs_shares","description":"NFS shares exported by the host.","platforms":["darwin"],"columns":[{"name":"share","description":"Filesystem path to the share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Options string set on the export share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly","description":"1 if the share is exported readonly else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"npm_packages","description":"Node packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package-supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Package-supplied author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where node_modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"ntdomains","description":"Display basic NT domain information of a Windows machine.","platforms":["windows"],"columns":[{"name":"name","description":"The label by which the object is known.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"client_site_name","description":"The name of the site where the domain controller is configured.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dc_site_name","description":"The name of the site where the domain controller is located.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_forest_name","description":"The name of the root of the DNS tree.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_address","description":"The IP Address of the discovered domain controller..","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_name","description":"The name of the discovered domain controller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_name","description":"The name of the domain.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"The current status of the domain object.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_acl_permissions","description":"Retrieve NTFS ACL permission information for files and directories.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the file or directory.","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"type","description":"Type of access mode for the access control entry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"principal","description":"User or group to which the ACE applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"access","description":"Specific permissions that indicate the rights described by the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inherited_from","description":"The inheritance policy of the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_journal_events","description":"Track time/action changes to files specified in configuration data.","platforms":["windows"],"columns":[{"name":"action","description":"Change action (Write, Delete, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category that the event originated from","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"old_path","description":"Old path (renames only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_timestamp","description":"Journal record timestamp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_usn","description":"The update sequence number that identifies the journal record","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"node_ref_number","description":"The ordinal that associates a journal record with a filename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent_ref_number","description":"The ordinal that associates a journal record with a filename's parent directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"The drive letter identifying the source journal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"file_attributes","description":"File attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"Set to 1 if either path or old_path only contains the file or folder name","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"nvram","description":"Apple NVRAM variable listing.","platforms":["darwin"],"columns":[{"name":"name","description":"Variable name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Data type (CFData, CFString, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Raw variable data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"oem_strings","description":"OEM defined strings retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the Type 11 structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"The string index of the structure","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the OEM string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"office_mru","description":"View recently opened Office documents.","platforms":["windows"],"columns":[{"name":"application","description":"Associated Office application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Office application version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"Most recent opened time file was opened","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"os_version","description":"A single row containing the operating system name and version.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Distribution or product name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Pretty, suitable for presentation, OS version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major","description":"Major release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor","description":"Minor release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"patch","description":"Optional patch release","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build","description":"Optional build-specific or variant string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"OS Platform or ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_like","description":"Closely related platforms","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"codename","description":"OS version codename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"OS Architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"The install date of the OS.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"osquery_events","description":"Information about the event publishers and subscribers.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Event publisher or subscriber name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the associated publisher","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either publisher or subscriber","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscriptions","description":"Number of subscriptions the publisher received or subscriber used","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"events","description":"Number of events emitted or received since osquery started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refreshes","description":"Publisher only: number of runloop restarts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 if the publisher or subscriber is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_extensions","description":"List of active osquery extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"uuid","description":"The transient ID assigned for communication","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension's version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk_version","description":"osquery SDK version used to build the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the extension's Thrift connection or library path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"SDK extension type: core, extension, or module","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_flags","description":"Configurable flags that modify osquery's behavior.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Flag name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Flag type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Flag description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_value","description":"Flag default value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Flag value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell_only","description":"Is the flag shell only?","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_info","description":"Top level information about the running version of osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread/handle) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_id","description":"Unique, long-lived ID per instance of osquery","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"osquery toolkit version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_hash","description":"Hash of the working configuration state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_valid","description":"1 if the config was loaded and considered valid, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"extensions","description":"osquery extensions status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_platform","description":"osquery toolkit build platform","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_distro","description":"osquery toolkit platform distribution name (os version)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"UNIX time in seconds when the process started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"watcher","description":"Process (or thread/handle) ID of optional watcher process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_mask","description":"The osquery platform bitmask","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_packs","description":"Information about the current query packs that are loaded in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query pack","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"Platforms this query is supported on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Minimum osquery version that this query will run on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shard","description":"Shard restriction limit, 1-100, 0 meaning no restriction","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_cache_hits","description":"The number of times that the discovery query used cached values since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_executions","description":"The number of times that the discovery queries have been executed since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_registry","description":"List the osquery registry plugins.","platforms":["darwin","linux","windows"],"columns":[{"name":"registry","description":"Name of the osquery registry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the plugin item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uuid","description":"Extension route UUID (0 for core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internal","description":"1 If the plugin is internal else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If this plugin is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_schedule","description":"Information about the current queries that are scheduled in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The exact query to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"The interval in seconds to run this query, not an exact interval","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"executions","description":"Number of times the query was executed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_executed","description":"UNIX time stamp in seconds of the last completed execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"denylisted","description":"1 if the query is denylisted else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"output_size","description":"Cumulative total number of bytes generated by the resultant rows of the query","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time","description":"Total wall time in seconds spent executing (deprecated), hidden=True","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time_ms","description":"Total wall time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_wall_time_ms","description":"Wall time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"Total user time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_user_time","description":"User time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"Total system time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_system_time","description":"System time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"average_memory","description":"Average of the bytes of resident memory left allocated after collecting results","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_memory","description":"Resident memory in bytes left allocated after collecting results of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_bom","description":"macOS package bill of materials (BOM) file list.","platforms":["darwin"],"columns":[{"name":"filepath","description":"Package file or directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Expected user of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Expected group of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Expected permissions","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Timestamp the file was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of package bom","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"package_install_history","description":"macOS package install history.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Label packageIdentifiers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Label date as UNIX timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package display version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Install source: usually the installer process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"content_type","description":"Package content_type (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_receipts","description":"macOS package receipt details.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Package domain identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_filename","description":"Filename of original .pkg file","type":"text","notes":"","hidden":true,"required":false,"index":true},{"name":"version","description":"Installed package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Optional relative install path on volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Timestamp of install time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"installer_name","description":"Name of installer process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of receipt plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"password_policy","description":"Password Policies for macOS.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID for the policy, -1 for policies that are global","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"policy_identifier","description":"Policy Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_content","description":"Policy content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_description","description":"Policy description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"patches","description":"Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).","platforms":["windows"],"columns":[{"name":"csname","description":"The name of the host the patch is installed on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hotfix_id","description":"The KB ID of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Short description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Fuller description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fix_comments","description":"Additional comments about the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_by","description":"The system context in which the patch as installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_on","description":"The date when the patch was installed.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pci_devices","description":"PCI devices active on the host system.","platforms":["darwin","linux"],"columns":[{"name":"pci_slot","description":"PCI Device used slot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class","description":"PCI Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"PCI Device used driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"PCI Device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded PCI Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"PCI Device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded PCI Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class_id","description":"PCI Device class ID in hex format","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass_id","description":"PCI Device subclass in hex format","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass","description":"PCI Device subclass","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor_id","description":"Vendor ID of PCI device subsystem","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor","description":"Vendor of PCI device subsystem","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model_id","description":"Model ID of PCI device subsystem","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model","description":"Device description of PCI device subsystem","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"physical_disk_performance","description":"Provides provides raw data from performance counters that monitor hard or fixed disk drives on the system.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the physical disk","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_read","description":"Average number of bytes transferred from the disk during read operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_write","description":"Average number of bytes transferred to the disk during write operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_read_queue_length","description":"Average number of read requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_write_queue_length","description":"Average number of write requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_read","description":"Average time, in seconds, of a read operation of data from the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_write","description":"Average time, in seconds, of a write operation of data to the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_disk_queue_length","description":"Number of requests outstanding on the disk at the time the performance data is collected","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_read_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_write_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read or write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_idle_time","description":"Percentage of time during the sample interval that the disk was idle","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pipes","description":"Named and Anonymous pipes.","platforms":["windows"],"columns":[{"name":"pid","description":"Process ID of the process to which the pipe belongs","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the pipe","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instances","description":"Number of instances of the named pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_instances","description":"The maximum number of instances creatable for this pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"platform_info","description":"Information about EFI/UEFI/ROM and platform/boot.","platforms":["darwin","linux","windows"],"columns":[{"name":"vendor","description":"Platform code vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Platform code version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Self-reported platform code update date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"BIOS major and minor revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Platform-specific additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_type","description":"The type of firmware (uefi, bios, iboot, openfirmware, unknown).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Relative address of firmware mapping","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"size","description":"Size in bytes of firmware","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"volume_size","description":"(Optional) size of firmware volume","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"plist","description":"Read and parse a plist file.","platforms":["darwin"],"columns":[{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intermediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"(required) read preferences from a plist","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"portage_keywords","description":"A summary about portage configurations like keywords, mask and unmask.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keyword","description":"The keyword applied to the package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"If the package is masked","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"unmask","description":"If the package is unmasked","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_packages","description":"List of currently installed packages.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"The slot used by package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Unix time when package was built","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"repository","description":"From which repository the ebuild was used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eapi","description":"The eapi for the ebuild","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the package","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"world","description":"If package is in the world file","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_use","description":"List of enabled portage USE values for specific package.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version of the installed package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"USE flag which has been enabled for package","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"power_sensors","description":"Machine power (currents, voltages, wattages, etc) sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"category","description":"The sensor category: currents, voltage, wattage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of power source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Power in Watts","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"powershell_events","description":"Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received by the osquery event publisher","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the Powershell script event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_id","description":"The unique GUID of the powershell script to which this block belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_count","description":"The total number of script blocks for this script","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"The text content of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_name","description":"The name of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_path","description":"The path for the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cosine_similarity","description":"How similar the Powershell script is to a provided 'normal' character frequency","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"preferences","description":"macOS defaults and managed preferences.","platforms":["darwin"],"columns":[{"name":"domain","description":"Application ID usually in com.name.product format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"subkey","description":"Intemediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"forced","description":"1 if the value is forced/managed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"(optional) read preferences for a specific user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"'current' or 'any' host, where 'current' takes precedence","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prefetch","description":"Prefetch files show metadata related to file execution.","platforms":["windows"],"columns":[{"name":"path","description":"Prefetch file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Executable filename.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash","description":"Prefetch CRC hash.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Most recent time application was run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"other_run_times","description":"Other execution times in prefetch file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_count","description":"Number of times the application has been run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Application file size.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_creation","description":"Volume creation time.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files_count","description":"Number of files accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories_count","description":"Number of directories accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files","description":"Files accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories","description":"Directories accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_envs","description":"A key/value table of environment variables for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_events","description":"Track time/action process executions.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File mode permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_size","description":"Actual size (bytes) of command line arguments","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env_size","description":"Actual size (bytes) of environment list","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"File owner user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_gid","description":"File owner group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"File last access in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"File modification in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"File last metadata change in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"File creation in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"overflows","description":"List of structures that overflowed","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"parent","description":"Process parent's PID, or -1 if cannot be determined.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"status","description":"OpenBSM Attribute: Status of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"fsuid","description":"Filesystem user ID at process start","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"suid","description":"Saved user ID at process start","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"fsgid","description":"Filesystem group ID at process start","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"sgid","description":"Saved group ID at process start","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"syscall","description":"Syscall name: fork, vfork, clone, execve, execveat","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"process_file_events","description":"A File Integrity Monitor implementation using the audit service.","platforms":["linux"],"columns":[{"name":"operation","description":"Operation type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"executable","description":"The executable path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"True if this is a partial event (i.e.: this process existed before we started osquery)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The current working directory of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_path","description":"The canonical path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The uid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The gid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_memory_map","description":"Process memory mapped files and pseudo device/regions.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"start","description":"Virtual start address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"Virtual end address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"r=read, w=write, x=execute, p=private (cow)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset into mapped path","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"MA:MI Major/minor device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Mapped path inode, 0 means uninitialized (BSS)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to mapped file or mapped type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pseudo","description":"1 If path is a pseudo path, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_namespaces","description":"Linux namespaces for processes running on the host system.","platforms":["linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"cgroup_namespace","description":"cgroup namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipc_namespace","description":"ipc namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mnt_namespace","description":"mnt namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"net namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_namespace","description":"pid namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_namespace","description":"user namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uts_namespace","description":"uts namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_files","description":"File descriptors for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Process-specific file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Filesystem path of descriptor","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_pipes","description":"Pipes and partner processes for each process.","platforms":["linux"],"columns":[{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"File descriptor","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Pipe open mode (r/w)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Pipe inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Pipe Type: named vs unnamed/anonymous","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_pid","description":"Process ID of partner process sharing a particular pipe","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_fd","description":"File descriptor of shared pipe at partner's end","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_mode","description":"Mode of shared pipe at partner's end","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_sockets","description":"Processes which have open network sockets on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Socket local address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Socket remote address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Socket local port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Socket remote port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"For UNIX sockets (family=AF_UNIX), the domain path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"TCP socket state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"programs","description":"Represents products as they are installed by Windows Installer. A product generally correlates to one installation package on Windows. Some fields may be blank as Windows installation details are left to the discretion of the product author.","platforms":["windows"],"columns":[{"name":"name","description":"Commonly used product name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Product version information.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_location","description":"The installation location directory of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_source","description":"The installation source of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"language","description":"The language of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the product supplier.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uninstall_string","description":"Path and filename of the uninstaller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Date that this product was installed on the system. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifying_number","description":"Product identification such as a serial number on software, or a die number on a hardware chip.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prometheus_metrics","description":"Retrieve metrics from a Prometheus server.","platforms":["darwin","linux"],"columns":[{"name":"target_name","description":"Address of prometheus target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_name","description":"Name of collected Prometheus metric","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_value","description":"Value of collected Prometheus metric","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp_ms","description":"Unix timestamp of collected data in MS","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"python_packages","description":"Python packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where Python modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"quicklook_cache","description":"Files and thumbnails within macOS's Quicklook Cache.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rowid","description":"Quicklook file rowid key","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"fs_id","description":"Quicklook file fs_id key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_id","description":"Parsed volume ID from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Parsed file ID (inode) from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Parsed version date field","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Parsed version size field","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Parsed version 'gen' field","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_hit_date","description":"Apple date format for last thumbnail cache hit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hit_count","description":"Number of cache hits on thumbnail","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icon_mode","description":"Thumbnail icon mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cache_path","description":"Path to cache data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"registry","description":"All of the Windows registry hives.","platforms":["windows"],"columns":[{"name":"key","description":"Name of the key to search for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Full path to the value","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the registry value entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the registry value, or 'subkey' if item is a subkey","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data content of registry value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"timestamp of the most recent registry write","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"routes","description":"The active route table for the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"destination","description":"Destination IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Netmask length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Route gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Route source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags to describe route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Route local interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Maximum Transmission Unit for the route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Cost of route. Lowest is preferred","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of route","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hopcount","description":"Max hops expected","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"rpm_package_files","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"package","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"path","description":"File path within the package","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"username","description":"File default username from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"File default groupname from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File permissions mode from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size in bytes from RPM info DB","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 file digest from RPM info DB","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"rpm_packages","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"name","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"release","description":"Package release","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source RPM package name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the package contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"epoch","description":"Package epoch value","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"install_time","description":"When the package was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Package vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_group","description":"Package group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"running_apps","description":"macOS applications currently running on the host system.","platforms":["darwin"],"columns":[{"name":"pid","description":"The pid of the application","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_identifier","description":"The bundle identifier of the application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"is_active","description":"(DEPRECATED)","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"safari_extensions","description":"Safari browser extension details for all users.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension long version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Bundle SDK used to compile extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Optional developer identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional extension description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension XAR bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sandboxes","description":"macOS application sandboxes container details.","platforms":["darwin"],"columns":[{"name":"label","description":"UTI-format bundle or label ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Sandbox owner","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Application sandboxings enabled on container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_id","description":"Sandbox-specific identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"Application bundle used by the sandbox","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to sandbox container directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"scheduled_tasks","description":"Lists all of the tasks in the Windows task scheduler.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Actions executed by the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the executable to be run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether or not the scheduled task is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"Whether or not the task is visible in the UI","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Timestamp the task last ran","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"next_run_time","description":"Timestamp the task is scheduled to run next","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_message","description":"Exit status message of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_code","description":"Exit status code of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"screenlock","description":"macOS screenlock status. Note: only fetches results for osquery's current logged-in user context. The user must also have recently logged in.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 If a password is required after sleep or the screensaver begins; else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grace_period","description":"The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"seccomp_events","description":"A virtual table that tracks seccomp events.","platforms":["linux"],"columns":[{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID (loginuid) of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ses","description":"Session ID of the session from which the analyzed process was invoked","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exe","description":"The path to the executable that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sig","description":"Signal value sent to process by seccomp","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Information about the CPU architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"Type of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compat","description":"Is system call in compatibility mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ip","description":"Instruction pointer value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code","description":"The seccomp action","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"secureboot","description":"Secure Boot UEFI Settings.","platforms":["linux","windows"],"columns":[{"name":"secure_boot","description":"Whether secure boot is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"setup_mode","description":"Whether setup mode is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"security_profile_info","description":"Information on the security profile of a given system by listing the system Account and Audit Policies. This table mimics the exported securitypolicy output from the secedit tool.","platforms":["windows"],"columns":[{"name":"minimum_password_age","description":"Determines the minimum number of days that a password must be used before the user can change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_password_age","description":"Determines the maximum number of days that a password can be used before the client requires the user to change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_password_length","description":"Determines the least number of characters that can make up a password for a user account","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_complexity","description":"Determines whether passwords must meet a series of strong-password guidelines","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_history_size","description":"Number of unique new passwords that must be associated with a user account before an old password can be reused","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lockout_bad_count","description":"Number of failed logon attempts after which a user account MUST be locked out","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_to_change_password","description":"Determines if logon session is required to change the password","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"force_logoff_when_expire","description":"Determines whether SMB client sessions with the SMB server will be forcibly disconnected when the client's logon hours expire","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"new_administrator_name","description":"Determines the name of the Administrator account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"new_guest_name","description":"Determines the name of the Guest account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"clear_text_password","description":"Determines whether passwords MUST be stored by using reversible encryption","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lsa_anonymous_name_lookup","description":"Determines if an anonymous user is allowed to query the local LSA policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_admin_account","description":"Determines whether the Administrator account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_guest_account","description":"Determines whether the Guest account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_system_events","description":"Determines whether the operating system MUST audit System Change, System Startup, System Shutdown, Authentication Component Load, and Loss or Excess of Security events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_logon_events","description":"Determines whether the operating system MUST audit each instance of a user attempt to log on or log off this computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_object_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access a non-Active Directory object that has its own SACL specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_privilege_use","description":"Determines whether the operating system MUST audit each instance of user attempts to exercise a user right","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_policy_change","description":"Determines whether the operating system MUST audit each instance of user attempts to change user rights assignment policy, audit policy, account policy, or trust policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_manage","description":"Determines whether the operating system MUST audit each event of account management on a computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_process_tracking","description":"Determines whether the operating system MUST audit process-related events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_ds_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access an Active Directory object that has its own system access control list (SACL) specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_logon","description":"Determines whether the operating system MUST audit each time this computer validates the credentials of an account","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"selinux_events","description":"Track SELinux events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"selinux_settings","description":"Track active SELinux settings.","platforms":["linux"],"columns":[{"name":"scope","description":"Where the key is located inside the SELinuxFS mount point.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key or class name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Active value.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"services","description":"Lists all installed Windows services and their relevant data.","platforms":["windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_type","description":"Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Service Display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the Process ID of the service","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"start_type","description":"Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win32_exit_code","description":"The error code that the service uses to report an error that occurs when it is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_exit_code","description":"The service-specific error code that the service returns when an error occurs while the service is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Service Executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_path","description":"Path to ServiceDll","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Service Description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account","description":"The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shadow","description":"Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access `/etc/shadow`.","platforms":["linux"],"columns":[{"name":"password_status","description":"Password status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash_alg","description":"Password hashing algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Date of last password change (starting from UNIX epoch date)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimal number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"warning","description":"Number of days before password expires to warn user about it","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Number of days after password expires until account is blocked","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"expire","description":"Number of days since UNIX epoch date until account is disabled","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flag","description":"Reserved","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"shared_folders","description":"Folders available to others via SMB or AFP.","platforms":["darwin"],"columns":[{"name":"name","description":"The shared name of the folder as it appears to other users","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute path of shared folder on the local system","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_memory","description":"OS shared memory regions.","platforms":["linux"],"columns":[{"name":"shmid","description":"Shared memory segment ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"User ID of owning process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_uid","description":"User ID of creator process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID to last use the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_pid","description":"Process ID that created the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Attached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"dtime","description":"Detached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Changed time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Memory segment permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"attached","description":"Number of attached processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Destination/attach status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"locked","description":"1 if segment is locked else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_resources","description":"Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.","platforms":["windows"],"columns":[{"name":"description","description":"A textual description of the object","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the object was installed. Lack of a value does not indicate that the object is not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"String that indicates the current status of the object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_maximum","description":"Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_allowed","description":"Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Alias given to a path set up as a share on a computer system running Windows.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local path of the Windows share.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Human readable value for the 'type' column","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sharing_preferences","description":"macOS Sharing preferences.","platforms":["darwin"],"columns":[{"name":"screen_sharing","description":"1 If screen sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"file_sharing","description":"1 If file sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"printer_sharing","description":"1 If printer sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_login","description":"1 If remote login is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_management","description":"1 If remote management is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_apple_events","description":"1 If remote apple events are enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internet_sharing","description":"1 If internet sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bluetooth_sharing","description":"1 If bluetooth sharing is enabled for any user else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disc_sharing","description":"1 If CD or DVD sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content_caching","description":"1 If content caching is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shell_history","description":"A line-delimited (command) table of per-user .*_history data.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"Shell history owner","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp. It could be absent, default value is 0.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Unparsed date/line/command history line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"history_file","description":"Path to the .*_history for this user","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shellbags","description":"Shows directories accessed via Windows Explorer.","platforms":["windows"],"columns":[{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Shellbags source Registry file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Directory name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Directory Modified time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_time","description":"Directory Created time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_time","description":"Directory Accessed time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Directory master file table entry.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Directory master file table sequence.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shimcache","description":"Application Compatibility Cache, contains artifacts of execution.","platforms":["windows"],"columns":[{"name":"entry","description":"Execution order.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the executed file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"File Modified time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"execution_flag","description":"Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher).","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"signature","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["darwin"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"hash_resources","description":"Set to 1 to also hash resources, or 0 otherwise. Default is 1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"If applicable, the arch of the signed code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"1 If the file is signed else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"The signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Hash of the application Code Directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_identifier","description":"The team signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority","description":"Certificate Common Name","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sip_config","description":"Apple's System Integrity Protection (rootless) status.","platforms":["darwin"],"columns":[{"name":"config_flag","description":"The System Integrity Protection config flag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled_nvram","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smbios_tables","description":"BIOS (DMI) structure common details and content.","platforms":["darwin","linux"],"columns":[{"name":"number","description":"Table entry number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Table entry type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Table entry description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handle","description":"Table entry handle","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"header_size","description":"Header size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Table entry size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smc_keys","description":"Apple's system management controller keys.","platforms":["darwin"],"columns":[{"name":"key","description":"4-character key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"SMC-reported type literal type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Reported size of data in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"A type-encoded representation of the key value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"1 if this key is normally hidden, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"socket_events","description":"Track network socket opens and closes.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"The socket action (bind, listen, close)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"The local path (UNIX domain socket only)","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"success","description":"Deprecated. Use the 'status' column instead","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ssh_configs","description":"A table of parsed ssh_configs.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local owner of the ssh_config file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block","description":"The host or match block","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"The option and value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_config_file","description":"Path to the ssh_config file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"startup_items","description":"Applications and binaries set as user/login startup items.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Name of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"args","description":"Arguments provided to startup executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Startup Item or Login Item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Directory or plist containing startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Startup status; either enabled or disabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"The user associated with the startup item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sudoers","description":"Rules for running commands as other users via sudo.","platforms":["darwin","linux"],"columns":[{"name":"source","description":"Source file containing the given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"header","description":"Symbol for given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rule_details","description":"Rule definition","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"suid_bin","description":"suid binaries in common locations.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Binary owner username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Binary owner group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Binary permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"syslog_events","description":"","platforms":["linux"],"columns":[{"name":"time","description":"Current unix epoch time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Time known to syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Hostname configured for syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"severity","description":"Syslog severity","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Syslog facility","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tag","description":"The syslog tag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"The syslog message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"system_controls","description":"sysctl names, values, and settings information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Full sysctl MIB name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"oid","description":"Control MIB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"Subsystem ID, control type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_value","description":"Value of setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_value","description":"The MIB value set in /etc/sysctl.conf","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"field_name","description":"Specific attribute of opaque type","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"system_extensions","description":"macOS (>= 10.15) system extension table.","platforms":["darwin"],"columns":[{"name":"path","description":"Original path of system extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"UUID","description":"Extension unique id","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"System extension state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"System extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"System extension category","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"System extension bundle path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team","description":"Signing team ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mdm_managed","description":"1 if managed by MDM system extension payload configuration, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"system_info","description":"System information for identification.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Network hostname including domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"CPU type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"CPU subtype","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_brand","description":"CPU brand string, contains vendor and model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_physical_cores","description":"Number of physical CPU cores in to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_logical_cores","description":"Number of logical CPU cores available to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_microcode","description":"Microcode version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_memory","description":"Total physical memory in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_vendor","description":"Hardware vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hardware model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_version","description":"Hardware version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_serial","description":"Device serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_vendor","description":"Board vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_model","description":"Board model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_version","description":"Board version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_serial","description":"Board serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Friendly computer name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Local hostname (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"systemd_units","description":"Track systemd units.","platforms":["linux"],"columns":[{"name":"id","description":"Unique unit identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Unit description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"load_state","description":"Reflects whether the unit definition was properly loaded","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"active_state","description":"The high-level unit activation state, i.e. generalization of SUB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sub_state","description":"The low-level unit activation state, values depend on unit type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"following","description":"The name of another unit that this unit follows in state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_path","description":"The object path for this unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_id","description":"Next queued job id","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"job_type","description":"Job type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_path","description":"The object path for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fragment_path","description":"The unit file path this unit was read from, if there is any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The configured user, if any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_path","description":"Path to the (possibly generated) unit configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"temperature_sensors","description":"Machine's temperature sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of temperature source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"celsius","description":"Temperature in Celsius","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"fahrenheit","description":"Temperature in Fahrenheit","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time","description":"Track current date and time in UTC.","platforms":["darwin","linux","windows"],"columns":[{"name":"weekday","description":"Current weekday in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"year","description":"Current year in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"Current month in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"day","description":"Current day in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"Current hour in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Current minutes in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Current seconds in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timezone","description":"Timezone for reported time (hardcoded to UTC)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_timezone","description":"Current local timezone in of the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unix_time","description":"Current UNIX time in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp","description":"Current timestamp (log format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Current date and time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iso_8601","description":"Current time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win_timestamp","description":"Timestamp value in 100 nanosecond units","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"time_machine_backups","description":"Backups to drives using TimeMachine.","platforms":["darwin"],"columns":[{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"backup_date","description":"Backup Date","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time_machine_destinations","description":"Locations backed up to using Time Machine.","platforms":["darwin"],"columns":[{"name":"alias","description":"Human readable name of drive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"consistency_scan_date","description":"Consistency scan date","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"root_volume_uuid","description":"Root UUID of backup volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_available","description":"Bytes available on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_used","description":"Bytes used on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption","description":"Last known encrypted state","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"tpm_info","description":"A table that lists the TPM related information.","platforms":["windows"],"columns":[{"name":"activated","description":"TPM is activated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"TPM is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owned","description":"TPM is owned","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_version","description":"TPM version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_id","description":"TPM manufacturers ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_name","description":"TPM manufacturers name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_name","description":"Product name of the TPM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_presence_version","description":"Version of the Physical Presence Interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"spec_version","description":"Trusted Computing Group specification that the TPM supports","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ulimit_info","description":"System resource usage limits.","platforms":["darwin","linux"],"columns":[{"name":"type","description":"System resource to be limited","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"soft_limit","description":"Current limit value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_limit","description":"Maximum limit value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"unified_log","description":"Queries the OSLog framework for entries in the system log. The maximum number of rows returned is limited for performance issues. This table introduces a new idiom for extracting sequential data in batches using multiple queries, ordered by timestamp. To trigger it, the user should include the condition \"timestamp > -1\", and the table will handle pagination.","platforms":["darwin"],"columns":[{"name":"timestamp","description":"unix timestamp associated with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"storage","description":"the storage category for the entry","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"composed message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"activity","description":"the activity ID associate with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"process","description":"the name of the process that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the pid of the process that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"the name of the binary image that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"the tid of the thread that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"the category of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"the subsystem of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"the severity level of the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_rows","description":"the max number of rows returned (defaults to 100)","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"uptime","description":"Track time passed since last boot. Some systems track this as calendar time, some as runtime.","platforms":["darwin","linux","windows"],"columns":[{"name":"days","description":"Days of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hours","description":"Hours of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Minutes of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Seconds of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"total_seconds","description":"Total uptime seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"usb_devices","description":"USB devices that are actively plugged into the host system.","platforms":["darwin","linux"],"columns":[{"name":"usb_address","description":"USB Device used address","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"usb_port","description":"USB Device used port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"USB Device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded USB Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"USB Device version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"USB Device model string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded USB Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"USB Device serial connection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"USB Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subclass","description":"USB Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"USB Device protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"removable","description":"1 If USB device is removable else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_events","description":"Track user events from the audit framework.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The file description for the process socket","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Supplied path from event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"The Internet protocol address or family ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"terminal","description":"The network protocol ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"user_groups","description":"Local system user group relationships.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"user_interaction_events","description":"Track user interaction events from macOS' event tapping framework.","platforms":["darwin"],"columns":[{"name":"time","description":"Time","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_ssh_keys","description":"Returns the private keys in the users ~/.ssh directory and whether or not they are encrypted.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the key file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to key file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"encrypted","description":"1 if key is encrypted, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"key_type","description":"The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"userassist","description":"UserAssist Registry Key tracks when a user executes an application from Windows Explorer.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of times the application has been executed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"video_info","description":"Retrieve video card information of the machine.","platforms":["windows"],"columns":[{"name":"color_depth","description":"The amount of bits per pixel to represent color.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"The driver of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_date","description":"The date listed on the installed driver.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_version","description":"The version of the installed driver.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"series","description":"The series of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"video_mode","description":"The current resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"virtual_memory_info","description":"Darwin Virtual Memory statistics.","platforms":["darwin"],"columns":[{"name":"free","description":"Total number of free pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Total number of active pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Total number of inactive pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"speculative","description":"Total number of speculative pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"throttled","description":"Total number of throttled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired","description":"Total number of wired down pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purgeable","description":"Total number of purgeable pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"faults","description":"Total number of calls to vm_faults.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"copy","description":"Total number of copy-on-write pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"zero_fill","description":"Total number of zero filled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"reactivated","description":"Total number of reactivated pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purged","description":"Total number of purged pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_backed","description":"Total number of file backed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"anonymous","description":"Total number of anonymous pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uncompressed","description":"Total number of uncompressed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressor","description":"The number of pages used to store compressed VM pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"decompressed","description":"The total number of pages that have been decompressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressed","description":"The total number of pages that have been compressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_ins","description":"The total number of requests for pages from a pager.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_outs","description":"Total number of pages paged out.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_ins","description":"The total number of compressed pages that have been swapped out to disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_outs","description":"The total number of compressed pages that have been swapped back in from disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_networks","description":"macOS known/remembered Wi-Fi networks list.","platforms":["darwin"],"columns":[{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_connected","description":"Last time this network was connected to as a unix_time","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"passpoint","description":"1 if Passpoint is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"possibly_hidden","description":"1 if network is possibly a hidden network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"roaming","description":"1 if roaming is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"roaming_profile","description":"Describe the roaming profile, usually one of Single, Dual or Multi","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_login","description":"1 if auto login is enabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"temporarily_disabled","description":"1 if this network is temporarily disabled, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 if this network is disabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"add_reason","description":"Shows why this network was added, via menubar or command line or something else ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"added_at","description":"Time this network was added as a unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_portal","description":"1 if this network has a captive portal, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_login_date","description":"Time this network logged in to a captive portal as unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"was_captive_network","description":"1 if this network was previously a captive network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_join","description":"1 if this network set to join automatically, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"personal_hotspot","description":"1 if this network is a personal hotspot, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_status","description":"macOS current WiFi status.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"transmit_rate","description":"The current transmit rate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"The current operating mode for the Wi-Fi interface","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_survey","description":"Scan for nearby WiFi networks.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"winbaseobj","description":"Lists named Windows objects in the default object directories, across all terminal services sessions. Example Windows ojbect types include Mutexes, Events, Jobs and Semaphors.","platforms":["windows"],"columns":[{"name":"session_id","description":"Terminal Services Session Id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"object_name","description":"Object Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_type","description":"Object Type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_crashes","description":"Extracted information from Windows crash logs (Minidumps).","platforms":["windows"],"columns":[{"name":"datetime","description":"Timestamp (log format) of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module","description":"Path of the crashed module within the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the executable file for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID of the crashed thread","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"File version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_uptime","description":"Uptime of the process in seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Multiple stack frames from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_code","description":"The Windows exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_message","description":"The NTSTATUS error message associated with the exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_address","description":"Address (in hex) where the exception occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The values of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line","description":"Command-line string passed to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_directory","description":"Current working directory of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username of the user who ran the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"machine_name","description":"Name of the machine where the crash happened","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major_version","description":"Windows major version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor_version","description":"Windows minor version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_number","description":"Windows build number of the crashing machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Path of the log file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_eventlog","description":"Table for querying all recorded Windows event logs.","platforms":["windows"],"columns":[{"name":"channel","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_range","description":"System time to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"timestamp","description":"Timestamp to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"xpath","description":"The custom query to filter events","type":"text","notes":"","hidden":true,"required":true,"index":false}]},{"name":"windows_events","description":"Windows Event logs.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"The severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_firewall_rules","description":"Provides the list of Windows firewall rules.","platforms":["windows"],"columns":[{"name":"name","description":"Friendly name of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"app_name","description":"Friendly name of the application to which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Action for the rule or default setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if the rule is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grouping","description":"Group to which an individual rule belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"direction","description":"Direction of traffic for which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"IP protocol of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_addresses","description":"Local addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_addresses","description":"Remote addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ports","description":"Local ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_ports","description":"Remote ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icmp_types_codes","description":"ICMP types and codes for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_domain","description":"1 if the rule profile type is domain","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_private","description":"1 if the rule profile type is private","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_public","description":"1 if the rule profile type is public","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_name","description":"Service name property of the application","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_optional_features","description":"Lists names and installation states of windows features. Maps to Win32_OptionalFeature WMI class.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Caption of feature in settings UI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"statename","description":"Installation state name. 'Enabled','Disabled','Absent'","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_security_center","description":"The health status of Window Security features. Health values can be \"Good\", \"Poor\". \"Snoozed\", \"Not Monitored\", and \"Error\".","platforms":["windows"],"columns":[{"name":"firewall","description":"The health of the monitored Firewall (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"The health of the Windows Autoupdate feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antivirus","description":"The health of the monitored Antivirus solution (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antispyware","description":"Deprecated (always 'Good').","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"internet_settings","description":"The health of the Internet Settings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"windows_security_center_service","description":"The health of the Windows Security Center Service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account_control","description":"The health of the User Account Control (UAC) capability in Windows","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_security_products","description":"Enumeration of registered Windows security products.","platforms":["windows"],"columns":[{"name":"type","description":"Type of security product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of protection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state_timestamp","description":"Timestamp for the product state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remediation_path","description":"Remediation path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signatures_up_to_date","description":"1 if product signatures are up to date, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_update_history","description":"Provides the history of the windows update events.","platforms":["windows"],"columns":[{"name":"client_app_id","description":"Identifier of the client application that processed an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Date and the time an update was applied","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hresult","description":"HRESULT value that is returned from the operation on an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result_code","description":"Result of an operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_selection","description":"Value that indicates which server provided an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_id","description":"Service identifier of an update service that is not a Windows update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"support_url","description":"Hyperlink to the language-specific support information for an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"title","description":"Title of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_id","description":"Revision-independent identifier of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_revision","description":"Revision number of an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_bios_info","description":"Lists important information from the system bios.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_cli_event_consumers","description":"WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique name of a consumer.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line_template","description":"Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"executable_path","description":"Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_event_filters","description":"Lists WMI event filters.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier of an event filter.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query_language","description":"Query language that the query is written in.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_filter_consumer_binding","description":"Lists the relationship between event consumers and filters.","platforms":["windows"],"columns":[{"name":"consumer","description":"Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filter","description":"Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_script_event_consumers","description":"WMI ActiveScriptEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier for the event consumer. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"scripting_engine","description":"Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_file_name","description":"Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_entries","description":"Database of the machine's XProtect signatures.","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"launch_type","description":"Launch services content type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identity","description":"XProtect identity (SHA1) of content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Use this file name to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filetype","description":"Use this file type to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional","description":"Match any of the identities/patterns for this XProtect name","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uses_pattern","description":"Uses a match pattern instead of identity","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_meta","description":"Database of the machine's XProtect browser-related signatures.","platforms":["darwin"],"columns":[{"name":"identifier","description":"Browser plugin or extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either plugin or extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Developer identity (SHA1) of extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_version","description":"The minimum allowed plugin version.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_reports","description":"Database of XProtect matches (if user generated/sent an XProtect report).","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_action","description":"Action taken by user after prompted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Quarantine alert time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"yara","description":"Triggers one-off YARA query for files at the specified path. Requires one of `sig_group`, `sigfile`, or `sigrule`.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sig_group","description":"Signature group used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigfile","description":"Signature file used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigrule","description":"Signature strings used","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigurl","description":"Signature url","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"yara_events","description":"Track YARA matches for files specified in configuration data.","platforms":["darwin","linux","windows"],"columns":[{"name":"target_path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of the scan","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ycloud_instance_metadata","description":"Yandex.Cloud instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"folder_id","description":"Folder identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Hostname of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_port_enabled","description":"Indicates if serial port is enabled for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metadata_endpoint","description":"Endpoint used to fetch VM metadata","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"yum_sources","description":"Current list of Yum repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"baseurl","description":"Repository base URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mirrorlist","description":"Mirrorlist URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether the repository is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgcheck","description":"Whether packages are GPG checked","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgkey","description":"URL to GPG key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/components/osquery_schema_link.tsx b/x-pack/plugins/osquery/public/components/osquery_schema_link.tsx index 09e1be0923e45..23d5f4874db51 100644 --- a/x-pack/plugins/osquery/public/components/osquery_schema_link.tsx +++ b/x-pack/plugins/osquery/public/components/osquery_schema_link.tsx @@ -11,7 +11,7 @@ import React from 'react'; export const OsquerySchemaLink = React.memo(() => ( - + diff --git a/x-pack/plugins/osquery/public/editor/osquery_tables.ts b/x-pack/plugins/osquery/public/editor/osquery_tables.ts index 5b2e990fcccca..18a74cb6ac9b6 100644 --- a/x-pack/plugins/osquery/public/editor/osquery_tables.ts +++ b/x-pack/plugins/osquery/public/editor/osquery_tables.ts @@ -17,7 +17,7 @@ let osqueryTables: TablesJSON | null = null; export const getOsqueryTables = () => { if (!osqueryTables) { // eslint-disable-next-line @typescript-eslint/no-var-requires - osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.7.0.json')); + osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.10.2.json')); } return osqueryTables; diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx index 9015836a93bcb..51f046768afac 100644 --- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx +++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx @@ -47,8 +47,8 @@ import { convertECSMappingToArray, convertECSMappingToObject, } from '../../../common/utils/converters'; -import ECSSchema from '../../common/schemas/ecs/v8.7.0.json'; -import osquerySchema from '../../common/schemas/osquery/v5.7.0.json'; +import ECSSchema from '../../common/schemas/ecs/v8.11.0.json'; +import osquerySchema from '../../common/schemas/osquery/v5.10.2.json'; import { FieldIcon } from '../../common/lib/kibana'; import { OsqueryIcon } from '../../components/osquery_icon'; diff --git a/x-pack/plugins/screenshotting/server/browsers/download/fetch.test.ts b/x-pack/plugins/screenshotting/server/browsers/download/fetch.test.ts index cc22f152216af..b32f98aeffe20 100644 --- a/x-pack/plugins/screenshotting/server/browsers/download/fetch.test.ts +++ b/x-pack/plugins/screenshotting/server/browsers/download/fetch.test.ts @@ -8,7 +8,7 @@ import mockFs from 'mock-fs'; import axios from 'axios'; import { createHash } from 'crypto'; -import { readFileSync } from 'fs'; +import { readFile } from 'fs/promises'; import { resolve as resolvePath } from 'path'; import { Readable } from 'stream'; import { fetch } from './fetch'; @@ -38,7 +38,7 @@ describe('fetch', () => { test('downloads the url to the path', async () => { await fetch('url', TEMP_FILE); - expect(readFileSync(TEMP_FILE, 'utf8')).toEqual('foobar'); + await expect(readFile(TEMP_FILE, 'utf8')).resolves.toBe('foobar'); }); test('returns the md5 hex hash of the http body', async () => { diff --git a/x-pack/plugins/screenshotting/server/browsers/download/fetch.ts b/x-pack/plugins/screenshotting/server/browsers/download/fetch.ts index ba3e083816937..e248aad94c14e 100644 --- a/x-pack/plugins/screenshotting/server/browsers/download/fetch.ts +++ b/x-pack/plugins/screenshotting/server/browsers/download/fetch.ts @@ -7,7 +7,8 @@ import Axios from 'axios'; import { createHash } from 'crypto'; -import { closeSync, mkdirSync, openSync, writeSync } from 'fs'; +import { mkdir, open } from 'fs/promises'; +import { writeSync } from 'fs'; import { dirname } from 'path'; import { finished, Readable } from 'stream'; import { promisify } from 'util'; @@ -21,9 +22,8 @@ export async function fetch(url: string, path: string, logger?: Logger): Promise const hash = createHash('md5'); - mkdirSync(dirname(path), { recursive: true }); - const handle = openSync(path, 'w'); - + await mkdir(dirname(path), { recursive: true }); + const handle = await open(path, 'w'); try { const response = await Axios.request({ url, @@ -32,7 +32,7 @@ export async function fetch(url: string, path: string, logger?: Logger): Promise }); response.data.on('data', (chunk: Buffer) => { - writeSync(handle, chunk); + writeSync(handle.fd, chunk); hash.update(chunk); }); @@ -43,7 +43,7 @@ export async function fetch(url: string, path: string, logger?: Logger): Promise throw new Error(`Unable to download ${url}: ${error}`); } finally { - closeSync(handle); + await handle.close(); } return hash.digest('hex'); diff --git a/x-pack/plugins/screenshotting/server/browsers/download/index.test.ts b/x-pack/plugins/screenshotting/server/browsers/download/index.test.ts index 887a631a2c1d7..8b8115c5a6164 100644 --- a/x-pack/plugins/screenshotting/server/browsers/download/index.test.ts +++ b/x-pack/plugins/screenshotting/server/browsers/download/index.test.ts @@ -7,7 +7,7 @@ import path from 'path'; import mockFs from 'mock-fs'; -import { existsSync, readdirSync } from 'fs'; +import { access, readdir } from 'fs/promises'; import { ChromiumArchivePaths, PackageInfo } from '../chromium'; import { fetch } from './fetch'; import { md5 } from './checksum'; @@ -55,8 +55,8 @@ describe('ensureDownloaded', () => { await download(paths, pkg); - expect(existsSync(unexpectedPath1)).toBe(false); - expect(existsSync(unexpectedPath2)).toBe(false); + await expect(access(unexpectedPath1)).rejects.toThrow(); + await expect(access(unexpectedPath2)).rejects.toThrow(); }); it('should reject when download fails', async () => { @@ -84,14 +84,14 @@ describe('ensureDownloaded', () => { await download(paths, pkg); expect(fetch).not.toHaveBeenCalled(); - expect(readdirSync(path.resolve(`${paths.archivesPath}/x64`))).toEqual( + await expect(readdir(path.resolve(`${paths.archivesPath}/x64`))).resolves.toEqual( expect.arrayContaining([ 'chrome-mac.zip', 'chrome-win.zip', expect.stringMatching(/^chromium-[0-9a-f]{7}-locales-linux_x64\.zip$/), ]) ); - expect(readdirSync(path.resolve(`${paths.archivesPath}/arm64`))).toEqual( + await expect(readdir(path.resolve(`${paths.archivesPath}/arm64`))).resolves.toEqual( expect.arrayContaining([ 'chrome-mac.zip', expect.stringMatching(/^chromium-[0-9a-f]{7}-locales-linux_arm64\.zip$/), diff --git a/x-pack/plugins/screenshotting/server/browsers/download/index.ts b/x-pack/plugins/screenshotting/server/browsers/download/index.ts index ff8de66df743a..61b46ac84c588 100644 --- a/x-pack/plugins/screenshotting/server/browsers/download/index.ts +++ b/x-pack/plugins/screenshotting/server/browsers/download/index.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { existsSync } from 'fs'; +import { access } from 'fs/promises'; import del from 'del'; import type { Logger } from '@kbn/core/server'; import type { ChromiumArchivePaths, PackageInfo } from '../chromium'; @@ -42,7 +42,13 @@ export async function download( const resolvedPath = paths.resolvePath(pkg); const foundChecksum = await md5(resolvedPath).catch(() => 'MISSING'); - const pathExists = existsSync(resolvedPath); + let pathExists = null; + try { + await access(resolvedPath); + pathExists = true; + } catch (e) { + pathExists = false; + } if (pathExists && foundChecksum === archiveChecksum) { logger?.debug( `Browser archive for ${pkg.platform}/${pkg.architecture} already found in ${resolvedPath} with matching checksum.` diff --git a/x-pack/plugins/screenshotting/server/browsers/extract/unzip.test.ts b/x-pack/plugins/screenshotting/server/browsers/extract/unzip.test.ts index 4af457a0c3a6e..08eac21450f26 100644 --- a/x-pack/plugins/screenshotting/server/browsers/extract/unzip.test.ts +++ b/x-pack/plugins/screenshotting/server/browsers/extract/unzip.test.ts @@ -6,7 +6,7 @@ */ import mockFs from 'mock-fs'; -import { readFileSync } from 'fs'; +import { readFile } from 'fs/promises'; import { ExtractError } from './extract_error'; import { unzip } from './unzip'; @@ -28,7 +28,7 @@ describe('unzip', () => { it('should extract zipped contents', async () => { await unzip('/test.zip', '/output'); - expect(readFileSync('/output/test.txt').toString()).toEqual('test'); + await expect(readFile('/output/test.txt', 'utf8')).resolves.toBe('test'); }); it('should reject on invalid archive', async () => { diff --git a/x-pack/plugins/searchprofiler/public/application/lib/check_for_json_errors.test.ts b/x-pack/plugins/searchprofiler/public/application/lib/check_for_json_errors.test.ts index ccd8761c031b2..606b302fc8559 100644 --- a/x-pack/plugins/searchprofiler/public/application/lib/check_for_json_errors.test.ts +++ b/x-pack/plugins/searchprofiler/public/application/lib/check_for_json_errors.test.ts @@ -12,7 +12,7 @@ describe('checkForParseErrors', function () { it('returns error from bad JSON', function () { const json = '{"foo": {"bar": {"baz": "buzz}}}'; const result = checkForParseErrors(json); - expect(result.error.message).to.be(`Unexpected end of JSON input`); + expect(result.error.message).to.be(`Unterminated string in JSON at position 32`); }); it('returns parsed value from good JSON', function () { diff --git a/x-pack/plugins/security_solution/common/risk_engine/indices.ts b/x-pack/plugins/security_solution/common/risk_engine/indices.ts index e148985b3139a..281b4495e0c47 100644 --- a/x-pack/plugins/security_solution/common/risk_engine/indices.ts +++ b/x-pack/plugins/security_solution/common/risk_engine/indices.ts @@ -13,3 +13,6 @@ export const latestRiskScoreIndexPattern = 'risk-score.risk-score-latest-*'; export const getRiskScoreLatestIndex = (spaceId = 'default') => `${riskScoreBaseIndexName}.risk-score-latest-${spaceId}`; + +export const getRiskScoreTimeSeriesIndex = (spaceId = 'default') => + `${riskScoreBaseIndexName}.risk-score-${spaceId}`; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts index 1214a17c85867..efbf12b3e5e90 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/all/index.ts @@ -103,11 +103,3 @@ export const EMPTY_SEVERITY_COUNT = { [RiskSeverity.moderate]: 0, [RiskSeverity.unknown]: 0, }; - -export const SEVERITY_UI_SORT_ORDER = [ - RiskSeverity.unknown, - RiskSeverity.low, - RiskSeverity.moderate, - RiskSeverity.high, - RiskSeverity.critical, -]; diff --git a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts index 1bf6ef39097d3..b5e0c62526a61 100644 --- a/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts +++ b/x-pack/plugins/security_solution/common/search_strategy/security_solution/risk_score/common/index.ts @@ -7,7 +7,11 @@ import type { ESQuery } from '../../../../typed_json'; import { RISKY_HOSTS_INDEX_PREFIX, RISKY_USERS_INDEX_PREFIX } from '../../../../constants'; -import { RiskScoreEntity, getRiskScoreLatestIndex } from '../../../../risk_engine'; +import { + RiskScoreEntity, + getRiskScoreLatestIndex, + getRiskScoreTimeSeriesIndex, +} from '../../../../risk_engine'; export { RiskQueries } from '../../../../api/search_strategy'; /** @@ -30,7 +34,9 @@ export const getUserRiskIndex = ( isNewRiskScoreModuleInstalled: boolean ): string => { return isNewRiskScoreModuleInstalled - ? getRiskScoreLatestIndex(spaceId) + ? onlyLatest + ? getRiskScoreLatestIndex(spaceId) + : getRiskScoreTimeSeriesIndex(spaceId) : `${RISKY_USERS_INDEX_PREFIX}${onlyLatest ? 'latest_' : ''}${spaceId}`; }; diff --git a/x-pack/plugins/security_solution/public/actions/constants.ts b/x-pack/plugins/security_solution/public/actions/constants.ts index 95e72e70ccbab..c477d5c6fc9c1 100644 --- a/x-pack/plugins/security_solution/public/actions/constants.ts +++ b/x-pack/plugins/security_solution/public/actions/constants.ts @@ -4,6 +4,9 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + +import { FILTER_CELL_ACTION_TYPE, COPY_CELL_ACTION_TYPE } from '@kbn/cell-actions/constants'; + export enum SecurityCellActionsTrigger { DEFAULT = 'security-default-cellActions', DETAILS_FLYOUT = 'security-detailsFlyout-cellActions', @@ -26,3 +29,8 @@ export enum SecurityCellActionType { SHOW_TOP_N = 'security-cellAction-type-showTopN', TOGGLE_COLUMN = 'security-cellAction-type-toggleColumn', } + +export const DefaultCellActionTypes = { + FILTER: FILTER_CELL_ACTION_TYPE, + COPY: COPY_CELL_ACTION_TYPE, +} as const; diff --git a/x-pack/plugins/security_solution/public/actions/filter/index.ts b/x-pack/plugins/security_solution/public/actions/filter/index.ts index 2759d5cc20d36..b2e492956ecde 100644 --- a/x-pack/plugins/security_solution/public/actions/filter/index.ts +++ b/x-pack/plugins/security_solution/public/actions/filter/index.ts @@ -9,7 +9,5 @@ export { createFilterInCellActionFactory } from './cell_action/filter_in'; export { createFilterOutCellActionFactory } from './cell_action/filter_out'; export { createFilterInDiscoverCellActionFactory } from './discover/filter_in'; export { createFilterOutDiscoverCellActionFactory } from './discover/filter_out'; -export { createTimelineHistogramFilterInLegendActionFactory } from './lens/filter_in_timeline'; -export { createFilterInHistogramLegendActionFactory } from './lens/filter_in'; -export { createTimelineHistogramFilterOutLegendActionFactory } from './lens/filter_out_timeline'; -export { createFilterOutHistogramLegendActionFactory } from './lens/filter_out'; +export { createFilterInLensAction } from './lens/filter_in'; +export { createFilterOutLensAction } from './lens/filter_out'; diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/helpers.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/create_action.ts similarity index 72% rename from x-pack/plugins/security_solution/public/actions/filter/lens/helpers.ts rename to x-pack/plugins/security_solution/public/actions/filter/lens/create_action.ts index d138561aab1b6..78a0a9d46ff21 100644 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/helpers.ts +++ b/x-pack/plugins/security_solution/public/actions/filter/lens/create_action.ts @@ -16,15 +16,12 @@ import type { CellValueContext } from '@kbn/embeddable-plugin/public'; import { createAction } from '@kbn/ui-actions-plugin/public'; import { ACTION_INCOMPATIBLE_VALUE_WARNING } from '@kbn/cell-actions/src/actions/translations'; import { i18n } from '@kbn/i18n'; -import { KibanaServices } from '../../../common/lib/kibana'; import { timelineSelectors } from '../../../timelines/store/timeline'; import { fieldHasCellActions, isInSecurityApp, isLensEmbeddable } from '../../utils'; import { TimelineId } from '../../../../common/types'; -import { SecurityCellActionType } from '../../constants'; +import { DefaultCellActionTypes } from '../../constants'; import type { SecurityAppStore } from '../../../common/store'; import type { StartServices } from '../../../types'; -import { HISTOGRAM_LEGEND_ACTION_FILTER_IN } from './filter_in'; -import { HISTOGRAM_LEGEND_ACTION_FILTER_OUT } from './filter_out'; function isDataColumnsValid(data?: CellValueContext['data']): boolean { return ( @@ -34,7 +31,7 @@ function isDataColumnsValid(data?: CellValueContext['data']): boolean { ); } -export const createHistogramFilterLegendActionFactory = ({ +export const createFilterLensAction = ({ id, order, store, @@ -47,14 +44,13 @@ export const createHistogramFilterLegendActionFactory = ({ services: StartServices; negate?: boolean; }) => { - const { application: applicationService } = KibanaServices.get(); + const { application, notifications, data: dataService, topValuesPopover } = services; + let currentAppId: string | undefined; - applicationService.currentAppId$.subscribe((appId) => { + application.currentAppId$.subscribe((appId) => { currentAppId = appId; }); const getTimelineById = timelineSelectors.getTimelineByIdSelector(); - const { notifications } = services; - const { filterManager } = services.data.query; return createAction({ id, @@ -68,7 +64,7 @@ export const createHistogramFilterLegendActionFactory = ({ : i18n.translate('xpack.securitySolution.actions.filterForTimeline', { defaultMessage: `Filter for`, }), - type: SecurityCellActionType.FILTER, + type: DefaultCellActionTypes.FILTER, isCompatible: async ({ embeddable, data }) => !isErrorEmbeddable(embeddable) && isLensEmbeddable(embeddable) && @@ -85,27 +81,19 @@ export const createHistogramFilterLegendActionFactory = ({ }); return; } - if (!field) return; + topValuesPopover.closePopover(); + + const addFilter = negate === true ? addFilterOut : addFilterIn; + const timeline = getTimelineById(store.getState(), TimelineId.active); - services.topValuesPopover.closePopover(); + // timeline is open add the filter to timeline, otherwise add filter to global filters + const filterManager = timeline?.show + ? timeline.filterManager + : dataService.query.filterManager; - if (!negate) { - addFilterIn({ - filterManager: - id === HISTOGRAM_LEGEND_ACTION_FILTER_IN ? filterManager : timeline.filterManager, - fieldName: field, - value, - }); - } else { - addFilterOut({ - filterManager: - id === HISTOGRAM_LEGEND_ACTION_FILTER_OUT ? filterManager : timeline.filterManager, - fieldName: field, - value, - }); - } + addFilter({ filterManager, fieldName: field, value }); }, }); }; diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in.ts index aee91a849d898..fae9175879c9f 100644 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in.ts +++ b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in.ts @@ -8,11 +8,11 @@ import type { SecurityAppStore } from '../../../common/store'; import type { StartServices } from '../../../types'; -import { createHistogramFilterLegendActionFactory } from './helpers'; +import { createFilterLensAction } from './create_action'; -export const HISTOGRAM_LEGEND_ACTION_FILTER_IN = 'histogramLegendActionFilterIn'; +export const ACTION_ID = 'embeddable_filterIn'; -export const createFilterInHistogramLegendActionFactory = ({ +export const createFilterInLensAction = ({ store, order, services, @@ -21,8 +21,8 @@ export const createFilterInHistogramLegendActionFactory = ({ order: number; services: StartServices; }) => - createHistogramFilterLegendActionFactory({ - id: HISTOGRAM_LEGEND_ACTION_FILTER_IN, + createFilterLensAction({ + id: ACTION_ID, order, store, services, diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in_timeline.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in_timeline.ts deleted file mode 100644 index 6721972f0bcfb..0000000000000 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_in_timeline.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SecurityAppStore } from '../../../common/store'; - -import type { StartServices } from '../../../types'; -import { createHistogramFilterLegendActionFactory } from './helpers'; - -export const TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_IN = 'timelineHistogramLegendActionFilterIn'; - -export const createTimelineHistogramFilterInLegendActionFactory = ({ - store, - order, - services, -}: { - store: SecurityAppStore; - order: number; - services: StartServices; -}) => - createHistogramFilterLegendActionFactory({ - id: TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_IN, - order, - store, - services, - }); diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out.ts index 4e32a3bee1b1f..2b629ac1be861 100644 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out.ts +++ b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out.ts @@ -8,11 +8,11 @@ import type { SecurityAppStore } from '../../../common/store'; import type { StartServices } from '../../../types'; -import { createHistogramFilterLegendActionFactory } from './helpers'; +import { createFilterLensAction } from './create_action'; -export const HISTOGRAM_LEGEND_ACTION_FILTER_OUT = 'histogramLegendActionFilterOut'; +export const ACTION_ID = 'embeddable_filterOut'; -export const createFilterOutHistogramLegendActionFactory = ({ +export const createFilterOutLensAction = ({ store, order, services, @@ -21,8 +21,8 @@ export const createFilterOutHistogramLegendActionFactory = ({ order: number; services: StartServices; }) => - createHistogramFilterLegendActionFactory({ - id: HISTOGRAM_LEGEND_ACTION_FILTER_OUT, + createFilterLensAction({ + id: ACTION_ID, order, store, services, diff --git a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out_timeline.ts b/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out_timeline.ts deleted file mode 100644 index 1712c94c21b79..0000000000000 --- a/x-pack/plugins/security_solution/public/actions/filter/lens/filter_out_timeline.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SecurityAppStore } from '../../../common/store'; - -import type { StartServices } from '../../../types'; -import { createHistogramFilterLegendActionFactory } from './helpers'; - -export const TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_OUT = 'timelineHistogramLegendActionFilterOut'; - -export const createTimelineHistogramFilterOutLegendActionFactory = ({ - store, - order, - services, -}: { - store: SecurityAppStore; - order: number; - services: StartServices; -}) => - createHistogramFilterLegendActionFactory({ - id: TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_OUT, - order, - store, - services, - negate: true, - }); diff --git a/x-pack/plugins/security_solution/public/actions/register.ts b/x-pack/plugins/security_solution/public/actions/register.ts index 5aa0794ae9c49..46f37f68f48d1 100644 --- a/x-pack/plugins/security_solution/public/actions/register.ts +++ b/x-pack/plugins/security_solution/public/actions/register.ts @@ -13,12 +13,8 @@ import type { StartServices } from '../types'; import { createFilterInCellActionFactory, createFilterInDiscoverCellActionFactory, - createTimelineHistogramFilterInLegendActionFactory, - createFilterInHistogramLegendActionFactory, createFilterOutCellActionFactory, createFilterOutDiscoverCellActionFactory, - createFilterOutHistogramLegendActionFactory, - createTimelineHistogramFilterOutLegendActionFactory, } from './filter'; import { createAddToTimelineLensAction, @@ -41,7 +37,9 @@ import type { SecurityCellActions, } from './types'; import { enhanceActionWithTelemetry } from './telemetry'; -import { registerDiscoverHistogramActions } from './discover_in_timeline/vis_apply_filter'; +import { registerDiscoverHistogramActions } from './register_discover_histogram_actions'; +import { createFilterInLensAction } from './filter/lens/filter_in'; +import { createFilterOutLensAction } from './filter/lens/filter_out'; export const registerUIActions = ( store: SecurityAppStore, @@ -51,45 +49,24 @@ export const registerUIActions = ( registerLensEmbeddableActions(store, services); registerDiscoverCellActions(store, services); registerCellActions(store, history, services); + // TODO: Remove discover histogram actions when timeline esql tab is extracted from discover registerDiscoverHistogramActions(store, history, services); }; const registerLensEmbeddableActions = (store: SecurityAppStore, services: StartServices) => { const { uiActions } = services; + const filterInLegendActions = createFilterInLensAction({ store, order: 2, services }); + uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterInLegendActions); + + const filterOutLegendActions = createFilterOutLensAction({ store, order: 3, services }); + uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterOutLegendActions); + const addToTimelineAction = createAddToTimelineLensAction({ store, order: 4 }); uiActions.addTriggerAction(CELL_VALUE_TRIGGER, addToTimelineAction); const copyToClipboardAction = createCopyToClipboardLensAction({ order: 5 }); uiActions.addTriggerAction(CELL_VALUE_TRIGGER, copyToClipboardAction); - - const filterInTimelineLegendActions = createTimelineHistogramFilterInLegendActionFactory({ - store, - order: 0, - services, - }); - uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterInTimelineLegendActions); - - const filterOutTimelineLegendActions = createTimelineHistogramFilterOutLegendActionFactory({ - store, - order: 1, - services, - }); - uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterOutTimelineLegendActions); - - const filterInLegendActions = createFilterInHistogramLegendActionFactory({ - store, - order: 2, - services, - }); - uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterInLegendActions); - - const filterOutLegendActions = createFilterOutHistogramLegendActionFactory({ - store, - order: 3, - services, - }); - uiActions.addTriggerAction(CELL_VALUE_TRIGGER, filterOutLegendActions); }; const registerDiscoverCellActions = (store: SecurityAppStore, services: StartServices) => { diff --git a/x-pack/plugins/security_solution/public/actions/discover_in_timeline/vis_apply_filter.ts b/x-pack/plugins/security_solution/public/actions/register_discover_histogram_actions.ts similarity index 88% rename from x-pack/plugins/security_solution/public/actions/discover_in_timeline/vis_apply_filter.ts rename to x-pack/plugins/security_solution/public/actions/register_discover_histogram_actions.ts index 8c3f9e0214a63..5235cef932e4f 100644 --- a/x-pack/plugins/security_solution/public/actions/discover_in_timeline/vis_apply_filter.ts +++ b/x-pack/plugins/security_solution/public/actions/register_discover_histogram_actions.ts @@ -7,9 +7,9 @@ import { createFilterAction } from '@kbn/unified-search-plugin/public'; import type { History } from 'history'; -import type { SecurityAppStore } from '../../common/store'; -import type { StartServices } from '../../types'; -import { EsqlInTimelineTrigger, EsqlInTimelineAction } from '../constants'; +import type { SecurityAppStore } from '../common/store'; +import type { StartServices } from '../types'; +import { EsqlInTimelineTrigger, EsqlInTimelineAction } from './constants'; const createDiscoverHistogramCustomFilterAction = ( store: SecurityAppStore, diff --git a/x-pack/plugins/security_solution/public/cases/pages/index.tsx b/x-pack/plugins/security_solution/public/cases/pages/index.tsx index 041fd9378382e..dd639862e2812 100644 --- a/x-pack/plugins/security_solution/public/cases/pages/index.tsx +++ b/x-pack/plugins/security_solution/public/cases/pages/index.tsx @@ -11,7 +11,7 @@ import type { CaseViewRefreshPropInterface } from '@kbn/cases-plugin/common'; import { CaseMetricsFeature } from '@kbn/cases-plugin/common'; import { useUiSetting$ } from '@kbn/kibana-react-plugin/public'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; -import { RightPanelKey } from '../../flyout/document_details/right'; +import { DocumentDetailsRightPanelKey } from '../../flyout/document_details/right'; import { useTourContext } from '../../common/components/guided_onboarding_tour'; import { AlertsCasesTourSteps, @@ -74,7 +74,7 @@ const CaseContainerComponent: React.FC = () => { if (isSecurityFlyoutEnabled) { openFlyout({ right: { - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, params: { id: alertId, indexName: index, diff --git a/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx b/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx index ca82da005c703..80e3e0f9f5641 100644 --- a/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx +++ b/x-pack/plugins/security_solution/public/common/components/control_columns/row_action/index.tsx @@ -13,7 +13,7 @@ import { dataTableActions, TableId } from '@kbn/securitysolution-data-table'; import { useUiSetting$ } from '@kbn/kibana-react-plugin/public'; import { timelineActions } from '../../../../timelines/store/timeline'; import { ENABLE_EXPANDABLE_FLYOUT_SETTING } from '../../../../../common/constants'; -import { RightPanelKey } from '../../../../flyout/document_details/right'; +import { DocumentDetailsRightPanelKey } from '../../../../flyout/document_details/right'; import type { SetEventsDeleted, SetEventsLoading, @@ -103,7 +103,7 @@ const RowActionComponent = ({ if (isSecurityFlyoutEnabled && tableId !== TableId.rulePreview) { openFlyout({ right: { - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, params: { id: eventId, indexName, diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/__snapshots__/risk_score_summary.test.ts.snap b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/__snapshots__/risk_score_summary.test.ts.snap new file mode 100644 index 0000000000000..225ff3ef8c7a0 --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/__snapshots__/risk_score_summary.test.ts.snap @@ -0,0 +1,180 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`getRiskScoreSummaryAttributes should render 1`] = ` +Object { + "description": "", + "references": Array [], + "state": Object { + "adHocDataViews": Object { + "2cc5663b-f062-43f8-8688-fc8166c2ca8e": Object { + "allowNoIndex": false, + "fieldAttrs": Object {}, + "fieldFormats": Object {}, + "id": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "name": "risk-score.risk-score-default", + "runtimeFieldMap": Object {}, + "sourceFilters": Array [], + "timeFieldName": "@timestamp", + "title": "risk-score.risk-score-default", + }, + }, + "datasourceStates": Object { + "formBased": Object { + "layers": Object { + "2cc5663b-f062-43f8-8688-fc8166c2ca8e": Object { + "columnOrder": Array [ + "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + ], + "columns": Object { + "2cc5663b-f062-43f8-8688-fc8166c2ca8e": Object { + "customLabel": true, + "dataType": "number", + "filter": Object { + "language": "kuery", + "query": "", + }, + "isBucketed": false, + "label": "Risk value", + "operationType": "last_value", + "params": Object { + "format": Object { + "id": "number", + "params": Object { + "compact": false, + "decimals": 0, + }, + }, + "sortField": "@timestamp", + }, + "reducedTimeRange": "", + "scale": "ratio", + "sourceField": "user.risk.calculated_score_norm", + "timeShift": "", + }, + }, + "ignoreGlobalFilters": false, + "incompleteColumns": Object {}, + "linkToLayers": Array [ + "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + ], + "sampling": 1, + }, + }, + }, + "indexpattern": Object { + "layers": Object {}, + }, + "textBased": Object { + "layers": Object {}, + }, + }, + "filters": Array [ + Object { + "meta": Object { + "alias": null, + "disabled": false, + "key": "host.id", + "negate": false, + "params": Object { + "query": "123", + }, + "type": "phrase", + }, + "query": Object { + "match_phrase": Object { + "host.id": "123", + }, + }, + }, + ], + "internalReferences": Array [ + Object { + "id": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "name": "indexpattern-datasource-layer-2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "type": "index-pattern", + }, + Object { + "id": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "name": "indexpattern-datasource-layer-2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "type": "index-pattern", + }, + ], + "query": Object { + "language": "kql", + "query": "host.name: *", + }, + "visualization": Object { + "layerId": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "layerType": "data", + "metricAccessor": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "palette": Object { + "name": "custom", + "params": Object { + "colorStops": Array [ + Object { + "color": "#98a2b3", + "stop": 0, + }, + Object { + "color": "#54B399", + "stop": 20, + }, + Object { + "color": "#D6BF57", + "stop": 40, + }, + Object { + "color": "#DA8B45", + "stop": 70, + }, + Object { + "color": "#E7664C", + "stop": 90, + }, + ], + "continuity": "above", + "maxSteps": 5, + "name": "custom", + "progression": "fixed", + "rangeMax": null, + "rangeMin": 0, + "rangeType": "number", + "reverse": false, + "steps": 3, + "stops": Array [ + Object { + "color": "#98a2b3", + "stop": 20, + }, + Object { + "color": "#54B399", + "stop": 40, + }, + Object { + "color": "#D6BF57", + "stop": 70, + }, + Object { + "color": "#DA8B45", + "stop": 90, + }, + Object { + "color": "#E7664C", + "stop": 100, + }, + ], + }, + "type": "palette", + }, + "subtitle": "Low", + "trendlineLayerId": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "trendlineLayerType": "metricTrendline", + "trendlineMetricAccessor": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + "trendlineTimeAccessor": "2cc5663b-f062-43f8-8688-fc8166c2ca8e", + }, + }, + "title": "Risk score summary", + "visualizationType": "lnsMetric", +} +`; diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.test.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.test.ts new file mode 100644 index 0000000000000..4e3aaa69129fc --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.test.ts @@ -0,0 +1,82 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { RiskScoreEntity } from '../../../../../../../common/risk_engine'; +import { renderHook } from '@testing-library/react-hooks'; +import { wrapper } from '../../../mocks'; +import { useLensAttributes } from '../../../use_lens_attributes'; +import { getRiskScoreSummaryAttributes } from './risk_score_summary'; +import { RiskSeverity } from '../../../../../../../common/search_strategy'; +import type { MetricVisualizationState } from '@kbn/lens-plugin/public'; + +jest.mock('../../../../../containers/sourcerer', () => ({ + useSourcererDataView: jest.fn().mockReturnValue({ + selectedPatterns: ['auditbeat-mytest-*'], + dataViewId: 'security-solution-my-test', + indicesExist: true, + }), +})); + +jest.mock('uuid', () => ({ + v4: jest.fn().mockReturnValue('2cc5663b-f062-43f8-8688-fc8166c2ca8e'), +})); + +describe('getRiskScoreSummaryAttributes', () => { + it('should render', () => { + const { result } = renderHook( + () => + useLensAttributes({ + lensAttributes: getRiskScoreSummaryAttributes({ + severity: RiskSeverity.low, + query: `user.name: test.user`, + spaceId: 'default', + riskEntity: RiskScoreEntity.user, + }), + }), + { wrapper } + ); + + expect(result?.current).toMatchSnapshot(); + }); + + it('renders the subtitle', () => { + const { result } = renderHook( + () => + useLensAttributes({ + lensAttributes: getRiskScoreSummaryAttributes({ + severity: RiskSeverity.low, + query: `user.name: test.user`, + spaceId: 'default', + riskEntity: RiskScoreEntity.user, + }), + }), + { wrapper } + ); + + expect((result?.current?.state.visualization as MetricVisualizationState).subtitle).toBe('Low'); + }); + + it('renders the query when applyGlobalQueriesAndFilters is false', () => { + const query = `test.field: test.user`; + + const { result } = renderHook( + () => + useLensAttributes({ + lensAttributes: getRiskScoreSummaryAttributes({ + severity: RiskSeverity.low, + query, + spaceId: 'default', + riskEntity: RiskScoreEntity.user, + }), + applyGlobalQueriesAndFilters: false, + }), + { wrapper } + ); + + expect(result?.current?.state.query.query).toBe(query); + }); +}); diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.ts new file mode 100644 index 0000000000000..728c6e1771373 --- /dev/null +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary.ts @@ -0,0 +1,193 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { v4 as uuidv4 } from 'uuid'; +import { + SEVERITY_UI_SORT_ORDER, + RISK_SEVERITY_COLOUR, + RISK_SCORE_RANGES, +} from '../../../../../../entity_analytics/common/utils'; +import type { RiskSeverity } from '../../../../../../../common/search_strategy'; +import { RiskScoreEntity, RiskScoreFields } from '../../../../../../../common/search_strategy'; +import type { LensAttributes } from '../../../types'; + +interface GetRiskScoreSummaryAttributesProps { + query?: string; + spaceId?: string; + severity?: RiskSeverity; + riskEntity: RiskScoreEntity; +} + +export const getRiskScoreSummaryAttributes: ( + props: GetRiskScoreSummaryAttributesProps +) => LensAttributes = ({ spaceId, query, severity, riskEntity }) => { + const layerIds = [uuidv4(), uuidv4()]; + const internalReferenceId = uuidv4(); + const columnIds = [uuidv4(), uuidv4(), uuidv4()]; + const sourceField = + riskEntity === RiskScoreEntity.user + ? RiskScoreFields.userRiskScore + : RiskScoreFields.hostRiskScore; + + return { + title: 'Risk score summary', + description: '', + visualizationType: 'lnsMetric', + state: { + visualization: { + layerId: layerIds[0], + layerType: 'data', + metricAccessor: columnIds[0], + trendlineLayerId: layerIds[1], + trendlineLayerType: 'metricTrendline', + trendlineTimeAccessor: columnIds[1], + trendlineMetricAccessor: columnIds[2], + palette: { + type: 'palette', + name: 'custom', + params: { + steps: 3, + name: 'custom', + reverse: false, + rangeType: 'number', + rangeMin: 0, + rangeMax: null, + progression: 'fixed', + colorStops: SEVERITY_UI_SORT_ORDER.map((riskSeverity) => ({ + color: RISK_SEVERITY_COLOUR[riskSeverity], + stop: RISK_SCORE_RANGES[riskSeverity].start, + })), + stops: SEVERITY_UI_SORT_ORDER.map((riskSeverity) => ({ + color: RISK_SEVERITY_COLOUR[riskSeverity], + stop: RISK_SCORE_RANGES[riskSeverity].stop, + })), + continuity: 'above', + maxSteps: 5, + }, + }, + subtitle: severity, + }, + query: { + query: query ?? '', + language: 'kuery', + }, + filters: [], + datasourceStates: { + formBased: { + layers: { + [layerIds[0]]: { + columns: { + [columnIds[0]]: { + label: 'Risk', + dataType: 'number', + operationType: 'max', + isBucketed: false, + scale: 'ratio', + sourceField, + reducedTimeRange: '', + params: { + sortField: '@timestamp', + format: { + id: 'number', + params: { + decimals: 0, + compact: false, + }, + }, + emptyAsNull: true, + }, + customLabel: true, + }, + }, + columnOrder: [columnIds[0]], + incompleteColumns: {}, + }, + [layerIds[1]]: { + linkToLayers: [layerIds[0]], + columns: { + [columnIds[1]]: { + label: '@timestamp', + dataType: 'date', + operationType: 'date_histogram', + sourceField: RiskScoreFields.timestamp, + isBucketed: true, + scale: 'interval', + params: { + interval: 'auto', + includeEmptyRows: true, + dropPartials: false, + }, + }, + [columnIds[2]]: { + label: 'Risk value', + dataType: 'number', + operationType: 'last_value', + isBucketed: false, + scale: 'ratio', + sourceField, + filter: { + query: '', + language: 'kuery', + }, + timeShift: '', + reducedTimeRange: '', + params: { + sortField: '@timestamp', + format: { + id: 'number', + params: { + decimals: 0, + compact: false, + }, + }, + }, + customLabel: true, + }, + }, + columnOrder: [columnIds[1], columnIds[2]], + sampling: 1, + ignoreGlobalFilters: false, + incompleteColumns: {}, + }, + }, + }, + indexpattern: { + layers: {}, + }, + textBased: { + layers: {}, + }, + }, + internalReferences: [ + { + type: 'index-pattern', + id: internalReferenceId, + name: `indexpattern-datasource-layer-${layerIds[0]}`, + }, + { + type: 'index-pattern', + id: internalReferenceId, + name: `indexpattern-datasource-layer-${layerIds[1]}`, + }, + ], + adHocDataViews: { + [internalReferenceId]: { + id: internalReferenceId, + title: `risk-score.risk-score-${spaceId ?? 'default'}`, + timeFieldName: '@timestamp', + sourceFilters: [], + fieldFormats: {}, + runtimeFieldMap: {}, + fieldAttrs: {}, + allowNoIndex: false, + name: `risk-score.risk-score-${spaceId ?? 'default'}`, + }, + }, + }, + references: [], + }; +}; diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx index df564277122ce..fdaa006e15f56 100644 --- a/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/lens_embeddable.tsx @@ -14,7 +14,7 @@ import styled from 'styled-components'; import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem, EuiText } from '@elastic/eui'; import type { RangeFilterParams } from '@kbn/es-query'; import type { ClickTriggerEvent, MultiClickTriggerEvent } from '@kbn/charts-plugin/public'; -import type { XYState } from '@kbn/lens-plugin/public'; +import type { EmbeddableComponentProps, XYState } from '@kbn/lens-plugin/public'; import { setAbsoluteRangeDatePicker } from '../../store/inputs/actions'; import { useKibana } from '../../lib/kibana'; import { useLensAttributes } from './use_lens_attributes'; @@ -24,7 +24,7 @@ import { inputsSelectors } from '../../store'; import { useDeepEqualSelector } from '../../hooks/use_selector'; import { ModalInspectQuery } from '../inspect/modal'; import { InputsModelId } from '../../store/inputs/constants'; -import { getRequestsAndResponses, showLegendActionsByActionId } from './utils'; +import { getRequestsAndResponses } from './utils'; import { SourcererScopeName } from '../../store/sourcerer/model'; import { VisualizationActions } from './actions'; @@ -81,6 +81,7 @@ const LensEmbeddableComponent: React.FC = ({ timerange, width: wrapperWidth, withActions = true, + disableOnClickFilter = false, }) => { const style = useMemo( () => ({ @@ -185,9 +186,10 @@ const LensEmbeddableComponent: React.FC = ({ [onLoad] ); - const onFilterCallback = useCallback( - async (e: ClickTriggerEvent['data'] | MultiClickTriggerEvent['data']) => { - if (!isClickTriggerEvent(e) || preferredSeriesType !== 'area') { + const onFilterCallback = useCallback(() => { + const callback: EmbeddableComponentProps['onFilter'] = async (e) => { + if (!isClickTriggerEvent(e) || preferredSeriesType !== 'area' || disableOnClickFilter) { + e.preventDefault(); return; } // Update timerange when clicking on a dot in an area chart @@ -201,9 +203,14 @@ const LensEmbeddableComponent: React.FC = ({ range: [rangeFilter.gte, rangeFilter.lt], }); } - }, - [createFiltersFromValueClickAction, updateDateRange, preferredSeriesType] - ); + }; + return callback; + }, [ + createFiltersFromValueClickAction, + updateDateRange, + preferredSeriesType, + disableOnClickFilter, + ]); const adHocDataViews = useMemo( () => @@ -218,11 +225,6 @@ const LensEmbeddableComponent: React.FC = ({ [attributes?.state?.adHocDataViews] ); - const shouldShowLegendAction = useCallback( - (actionId: string) => showLegendActionsByActionId({ actionId, scopeId }), - [scopeId] - ); - if (!searchSessionId) { return null; } @@ -286,7 +288,6 @@ const LensEmbeddableComponent: React.FC = ({ showInspector={false} syncTooltips={false} syncCursor={false} - shouldShowLegendAction={shouldShowLegendAction} /> )} diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/types.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/types.ts index 854aff1860a2e..6f513e445660e 100644 --- a/x-pack/plugins/security_solution/public/common/components/visualization_actions/types.ts +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/types.ts @@ -79,6 +79,10 @@ export interface LensEmbeddableComponentProps { timerange: { from: string; to: string }; width?: string | number; withActions?: boolean; + /** + * Disable the on click filter for the visualization. + */ + disableOnClickFilter?: boolean; } export enum RequestStatus { diff --git a/x-pack/plugins/security_solution/public/common/components/visualization_actions/utils.ts b/x-pack/plugins/security_solution/public/common/components/visualization_actions/utils.ts index 678cc16c915ef..ef3aa936d293d 100644 --- a/x-pack/plugins/security_solution/public/common/components/visualization_actions/utils.ts +++ b/x-pack/plugins/security_solution/public/common/components/visualization_actions/utils.ts @@ -8,10 +8,6 @@ import type { Filter } from '@kbn/es-query'; import { SecurityPageName } from '../../../../common/constants'; -import { HISTOGRAM_LEGEND_ACTION_FILTER_IN } from '../../../actions/filter/lens/filter_in'; -import { TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_IN } from '../../../actions/filter/lens/filter_in_timeline'; -import { HISTOGRAM_LEGEND_ACTION_FILTER_OUT } from '../../../actions/filter/lens/filter_out'; -import { TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_OUT } from '../../../actions/filter/lens/filter_out_timeline'; import type { Request } from './types'; export const VISUALIZATION_ACTIONS_BUTTON_CLASS = 'histogram-actions-trigger'; @@ -199,28 +195,3 @@ export const parseVisualizationData = (data: string[]): T[] => return acc; } }, [] as T[]); - -export const showLegendActionsByActionId = ({ - actionId, - scopeId, -}: { - actionId: string; - scopeId: string; -}) => { - switch (actionId) { - /** We no longer use Lens' default filter in / out actions - * as extra custom actions needed after filters applied. - * For example: hide the topN panel after filters applied */ - case FILTER_IN_LEGEND_ACTION: - case FILTER_OUT_LEGEND_ACTION: - return false; - case HISTOGRAM_LEGEND_ACTION_FILTER_IN: - case HISTOGRAM_LEGEND_ACTION_FILTER_OUT: - return scopeId !== 'timeline'; - case TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_IN: - case TIMELINE_HISTOGRAM_LEGEND_ACTION_FILTER_OUT: - return scopeId === 'timeline'; - default: - return true; - } -}; diff --git a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alerts_by_ids.ts b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alerts_by_ids.ts index cb853aa9488c1..1ac9948818bcc 100644 --- a/x-pack/plugins/security_solution/public/common/containers/alerts/use_alerts_by_ids.ts +++ b/x-pack/plugins/security_solution/public/common/containers/alerts/use_alerts_by_ids.ts @@ -17,6 +17,8 @@ interface UseAlertByIdsOptions { interface Hit { fields: Record; + _index: string; + _id: string; } interface UserAlertByIdsResult { @@ -25,6 +27,9 @@ interface UserAlertByIdsResult { data?: Hit[]; } +// It prevents recreating the array on every hook call +const ALL_FIELD = ['*']; + /** * Fetches the alert documents associated to the ids that are passed. * By default it fetches all fields but they can be limited by passing @@ -32,7 +37,7 @@ interface UserAlertByIdsResult { */ export const useAlertsByIds = ({ alertIds, - fields = ['*'], + fields = ALL_FIELD, }: UseAlertByIdsOptions): UserAlertByIdsResult => { const [initialQuery] = useState(() => generateAlertByIdsQuery(alertIds, fields)); diff --git a/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx b/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx index 479174a92722f..6fb3ca1ff0f5b 100644 --- a/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx +++ b/x-pack/plugins/security_solution/public/common/mock/storybook_providers.tsx @@ -14,6 +14,8 @@ import type { CoreStart } from '@kbn/core/public'; import { createKibanaReactContext } from '@kbn/kibana-react-plugin/public'; import { I18nProvider } from '@kbn/i18n-react'; import { CellActionsProvider } from '@kbn/cell-actions'; +import { NavigationProvider } from '@kbn/security-solution-navigation'; +import { CASES_FEATURE_ID } from '../../../common'; import { createStore } from '../store'; import { mockGlobalState } from './global_state'; import { SUB_PLUGINS_REDUCER } from './utils'; @@ -39,11 +41,36 @@ const uiSettings = { const coreMock = { application: { getUrlForApp: () => {}, + capabilities: { [CASES_FEATURE_ID]: {} }, + }, + lens: { + EmbeddableComponent: () => , + }, + cases: { + helpers: { + getUICapabilities: () => ({}), + }, + hooks: { + useCasesAddToExistingCaseModal: () => {}, + useCasesAddToNewCaseFlyout: () => {}, + }, }, data: { query: { filterManager: {}, }, + search: { + session: React.createRef(), + }, + actions: { + createFiltersFromValueClickAction: () => {}, + }, + }, + settings: { + client: { + get: () => {}, + set: () => {}, + }, }, uiSettings, notifications: { @@ -78,13 +105,15 @@ export const StorybookProviders: React.FC = ({ children }) => { return ( - Promise.resolve([])}> - - ({ eui: euiLightVars, darkMode: false })}> - {children} - - - + + Promise.resolve([])}> + + ({ eui: euiLightVars, darkMode: false })}> + {children} + + + + ); diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_to_case_actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_to_case_actions.tsx index 50e1e11268e5e..821a638e893c2 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_to_case_actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_to_case_actions.tsx @@ -29,7 +29,7 @@ export interface UseAddToCaseActions { onSuccess?: () => Promise; isActiveTimelines: boolean; isInDetections: boolean; - refetch: (() => void) | undefined; + refetch?: (() => void) | undefined; } export const useAddToCaseActions = ({ @@ -173,5 +173,6 @@ export const useAddToCaseActions = ({ return { addToCaseActionItems, handleAddToNewCaseClick, + handleAddToExistingCaseClick, }; }; diff --git a/x-pack/plugins/security_solution/public/entity_analytics/common/utils.ts b/x-pack/plugins/security_solution/public/entity_analytics/common/utils.ts new file mode 100644 index 0000000000000..361d6d133a93d --- /dev/null +++ b/x-pack/plugins/security_solution/public/entity_analytics/common/utils.ts @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { euiLightVars } from '@kbn/ui-theme'; +import { RiskSeverity } from '../../../common/search_strategy'; +import { SEVERITY_COLOR } from '../../overview/components/detection_response/utils'; + +export const SEVERITY_UI_SORT_ORDER = [ + RiskSeverity.unknown, + RiskSeverity.low, + RiskSeverity.moderate, + RiskSeverity.high, + RiskSeverity.critical, +]; + +export const RISK_SEVERITY_COLOUR: { [k in RiskSeverity]: string } = { + [RiskSeverity.unknown]: euiLightVars.euiColorMediumShade, + [RiskSeverity.low]: SEVERITY_COLOR.low, + [RiskSeverity.moderate]: SEVERITY_COLOR.medium, + [RiskSeverity.high]: SEVERITY_COLOR.high, + [RiskSeverity.critical]: SEVERITY_COLOR.critical, +}; + +export const RISK_SCORE_RANGES = { + [RiskSeverity.unknown]: { start: 0, stop: 20 }, + [RiskSeverity.low]: { start: 20, stop: 40 }, + [RiskSeverity.moderate]: { start: 40, stop: 70 }, + [RiskSeverity.high]: { start: 70, stop: 90 }, + [RiskSeverity.critical]: { start: 90, stop: 100 }, +}; diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/common/index.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/common/index.tsx index b28898b384e00..9430690394b49 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/common/index.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/common/index.tsx @@ -12,17 +12,9 @@ import { EuiHealth, transparentize } from '@elastic/eui'; import styled, { css } from 'styled-components'; import { euiLightVars } from '@kbn/ui-theme'; +import { RISK_SEVERITY_COLOUR } from '../../../../../entity_analytics/common/utils'; import { WithHoverActions } from '../../../../../common/components/with_hover_actions'; -import { RiskSeverity } from '../../../../../../common/search_strategy'; -import { SEVERITY_COLOR } from '../../../../../overview/components/detection_response/utils'; - -export const RISK_SEVERITY_COLOUR: { [k in RiskSeverity]: string } = { - [RiskSeverity.unknown]: euiLightVars.euiColorMediumShade, - [RiskSeverity.low]: SEVERITY_COLOR.low, - [RiskSeverity.moderate]: SEVERITY_COLOR.medium, - [RiskSeverity.high]: SEVERITY_COLOR.high, - [RiskSeverity.critical]: SEVERITY_COLOR.critical, -}; +import type { RiskSeverity } from '../../../../../../common/search_strategy'; const RiskBadge = styled.div<{ $severity: RiskSeverity; $hideBackgroundColor: boolean }>` ${({ theme, $severity, $hideBackgroundColor }) => css` diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_badges.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_badges.tsx index f1ebae0897595..53c7e270f2e31 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_badges.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_badges.tsx @@ -7,8 +7,9 @@ import { EuiFlexGroup, EuiNotificationBadge, EuiFlexItem } from '@elastic/eui'; import React from 'react'; +import { RISK_SEVERITY_COLOUR } from '../../../../entity_analytics/common/utils'; import type { RiskSeverity } from '../../../../../common/search_strategy'; -import { RiskScoreLevel, RISK_SEVERITY_COLOUR } from './common'; +import { RiskScoreLevel } from './common'; import type { SeverityCount } from './types'; export const SeverityBadges: React.FC<{ diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_bar.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_bar.tsx index d53693b6d8e69..847488869bcd3 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_bar.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_bar.tsx @@ -9,8 +9,8 @@ import styled from 'styled-components'; import { EuiColorPaletteDisplay } from '@elastic/eui'; import React, { useMemo } from 'react'; +import { RISK_SEVERITY_COLOUR } from '../../../../entity_analytics/common/utils'; import type { RiskSeverity } from '../../../../../common/search_strategy'; -import { RISK_SEVERITY_COLOUR } from './common'; import type { SeverityCount } from './types'; const StyledEuiColorPaletteDisplay = styled(EuiColorPaletteDisplay)` diff --git a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_filter_group.tsx b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_filter_group.tsx index 02ce5e01e8873..1ca7020bc818d 100644 --- a/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_filter_group.tsx +++ b/x-pack/plugins/security_solution/public/explore/components/risk_score/severity/severity_filter_group.tsx @@ -16,8 +16,8 @@ import { useEuiTheme, } from '@elastic/eui'; +import { SEVERITY_UI_SORT_ORDER } from '../../../../entity_analytics/common/utils'; import type { RiskScoreEntity, RiskSeverity } from '../../../../../common/search_strategy'; -import { SEVERITY_UI_SORT_ORDER } from '../../../../../common/search_strategy'; import type { SeverityCount } from './types'; import { RiskScoreLevel } from './common'; import { ENTITY_RISK_LEVEL } from '../translations'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/content.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/content.tsx index 0684bf05b7924..b4a97832e77ce 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/content.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/content.tsx @@ -8,7 +8,7 @@ import type { FC } from 'react'; import React, { useCallback } from 'react'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; -import { RightPanelKey } from '../right'; +import { DocumentDetailsRightPanelKey } from '../right'; import { useBasicDataFromDetailsData } from '../../../timelines/components/side_panel/event_details/helpers'; import { EndpointIsolateSuccess } from '../../../common/components/endpoint/host_isolation'; import { useHostIsolationTools } from '../../../timelines/components/side_panel/event_details/use_host_isolation_tools'; @@ -32,7 +32,7 @@ export const PanelContent: FC = () => { const showAlertDetails = useCallback( () => openRightPanel({ - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, params: { id: eventId, indexName, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/index.tsx index ff02d7b78a115..b56282a542646 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/isolate_host/index.tsx @@ -11,7 +11,8 @@ import type { FlyoutPanelProps } from '@kbn/expandable-flyout'; import { PanelContent } from './content'; import { PanelHeader } from './header'; -export const IsolateHostPanelKey: IsolateHostPanelProps['key'] = 'document-details-isolate-host'; +export const DocumentDetailsIsolateHostPanelKey: IsolateHostPanelProps['key'] = + 'document-details-isolate-host'; export interface IsolateHostPanelProps extends FlyoutPanelProps { key: 'document-details-isolate-host'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts index b36f674892f58..1ac4fb1c5f263 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/test_ids.ts @@ -11,7 +11,6 @@ import { PREFIX } from '../../../shared/test_ids'; export const ANALYZER_GRAPH_TEST_ID = `${PREFIX}AnalyzerGraph` as const; export const SESSION_VIEW_TEST_ID = `${PREFIX}SessionView` as const; -export const SESSION_VIEW_ERROR_TEST_ID = `${PREFIX}SessionViewError` as const; /* Insights tab */ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx index a6e4e865adfa8..049210326c016 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx @@ -16,7 +16,7 @@ import { tabs } from './tabs'; import { useLeftPanelContext } from './context'; export type LeftPanelPaths = 'visualize' | 'insights' | 'investigation' | 'response'; -export const LeftPanelKey: LeftPanelProps['key'] = 'document-details-left'; +export const DocumentDetailsLeftPanelKey: LeftPanelProps['key'] = 'document-details-left'; export const LeftPanelVisualizeTab: LeftPanelPaths = 'visualize'; export const LeftPanelInsightsTab: LeftPanelPaths = 'insights'; export const LeftPanelInvestigationTab: LeftPanelPaths = 'investigation'; @@ -45,7 +45,7 @@ export const LeftPanel: FC> = memo(({ path }) => { const setSelectedTabId = (tabId: LeftPanelTabsType[number]['id']) => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: tabId, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx index 3e8c1f22de622..f3297b57183f3 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/insights_tab.tsx @@ -20,7 +20,7 @@ import { INSIGHTS_TAB_CORRELATIONS_BUTTON_TEST_ID, } from './test_ids'; import { useLeftPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelInsightsTab } from '..'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '..'; import { ENTITIES_TAB_ID, EntitiesDetails } from '../components/entities_details'; import { THREAT_INTELLIGENCE_TAB_ID, @@ -86,7 +86,7 @@ export const InsightsTab: React.FC = memo(() => { (optionId: string) => { setActiveInsightsId(optionId); openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: optionId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx index b23d61f19e053..2ff079feeeb98 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx @@ -13,7 +13,7 @@ import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { useLeftPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelVisualizeTab } from '..'; +import { DocumentDetailsLeftPanelKey, LeftPanelVisualizeTab } from '..'; import { VISUALIZE_TAB_BUTTON_GROUP_TEST_ID, VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON_TEST_ID, @@ -64,7 +64,7 @@ export const VisualizeTab: FC = memo(() => { startTransaction({ name: ALERTS_ACTIONS.OPEN_ANALYZER }); } openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelVisualizeTab, subTab: optionId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx index db9f7bb5ba58a..5bc4ebf31ab40 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/preview/index.tsx @@ -13,7 +13,7 @@ import { panels } from './panels'; export type PreviewPanelPaths = 'rule-preview' | 'alert-reason-preview'; export const RulePreviewPanel: PreviewPanelPaths = 'rule-preview'; export const AlertReasonPreviewPanel: PreviewPanelPaths = 'alert-reason-preview'; -export const PreviewPanelKey: PreviewPanelProps['key'] = 'document-details-preview'; +export const DocumentDetailsPreviewPanelKey: PreviewPanelProps['key'] = 'document-details-preview'; export interface PreviewPanelProps extends FlyoutPanelProps { key: 'document-details-preview'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx index 38a80490ea22f..c97db50a0798b 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.test.tsx @@ -12,7 +12,7 @@ import { RightPanelContext } from '../context'; import { TestProviders } from '../../../../common/mock'; import { CorrelationsOverview } from './correlations_overview'; import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { CORRELATIONS_RELATED_ALERTS_BY_ANCESTRY_TEST_ID, CORRELATIONS_RELATED_ALERTS_BY_SAME_SOURCE_EVENT_TEST_ID, @@ -196,7 +196,7 @@ describe('', () => { getByTestId(TITLE_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: CORRELATIONS_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx index a273257ba0fc7..52e66fed55b5d 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/correlations_overview.tsx @@ -22,7 +22,7 @@ import { RelatedCases } from './related_cases'; import { useShowRelatedCases } from '../../shared/hooks/use_show_related_cases'; import { CORRELATIONS_TEST_ID } from './test_ids'; import { useRightPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelInsightsTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '../../left'; import { CORRELATIONS_TAB_ID } from '../../left/components/correlations_details'; /** @@ -43,7 +43,7 @@ export const CorrelationsOverview: React.FC = () => { const goToCorrelationsTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: CORRELATIONS_TAB_ID, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.test.tsx index 2cf9276a1853e..7b99e426c8abc 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.test.tsx @@ -18,7 +18,7 @@ import { RightPanelContext } from '../context'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common'; -import { PreviewPanelKey } from '../../preview'; +import { DocumentDetailsPreviewPanelKey } from '../../preview'; const ruleUuid = { category: 'kibana', @@ -119,7 +119,7 @@ describe('', () => { getByTestId(RULE_SUMMARY_BUTTON_TEST_ID).click(); expect(flyoutContextValue.openPreviewPanel).toHaveBeenCalledWith({ - id: PreviewPanelKey, + id: DocumentDetailsPreviewPanelKey, path: { tab: 'rule-preview' }, params: { id: panelContext.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.tsx index 0003a5cd2c123..5c65d9231eef0 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/description.tsx @@ -20,7 +20,11 @@ import { DESCRIPTION_TITLE_TEST_ID, RULE_SUMMARY_BUTTON_TEST_ID, } from './test_ids'; -import { PreviewPanelKey, type PreviewPanelProps, RulePreviewPanel } from '../../preview'; +import { + DocumentDetailsPreviewPanelKey, + type PreviewPanelProps, + RulePreviewPanel, +} from '../../preview'; /** * Displays the description of a document. @@ -35,7 +39,7 @@ export const Description: FC = () => { const openRulePreview = useCallback(() => { const PreviewPanelRulePreview: PreviewPanelProps['path'] = { tab: RulePreviewPanel }; openPreviewPanel({ - id: PreviewPanelKey, + id: DocumentDetailsPreviewPanelKey, path: PreviewPanelRulePreview, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx index 9434553156063..e52728b880d7b 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/entities_overview.tsx @@ -15,7 +15,7 @@ import { useRightPanelContext } from '../context'; import { getField } from '../../shared/utils'; import { HostEntityOverview } from './host_entity_overview'; import { UserEntityOverview } from './user_entity_overview'; -import { LeftPanelKey, LeftPanelInsightsTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; /** @@ -29,7 +29,7 @@ export const EntitiesOverview: React.FC = () => { const goToEntitiesTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_title.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_title.tsx index 1573f5ef33bcf..ac52136e3afae 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_title.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/header_title.tsx @@ -56,7 +56,7 @@ export const HeaderTitle: FC = memo(() => { const eventTitle = ( -

+

{ {timestamp && } - {isAlert && !isEmpty(ruleName) ? ruleTitle : eventTitle} +
+ {isAlert && !isEmpty(ruleName) ? ruleTitle : eventTitle} +
diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx index 6f4711651ffc2..c56fef68a8bfa 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.test.tsx @@ -15,7 +15,7 @@ import { import { HighlightedFieldsCell } from './highlighted_fields_cell'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { RightPanelContext } from '../context'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { TestProviders } from '../../../../common/mock'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; import { useGetEndpointDetails } from '../../../../management/hooks'; @@ -64,7 +64,7 @@ describe('', () => { getByTestId(HIGHLIGHTED_FIELDS_LINKED_CELL_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx index 60c561116c38a..6d7c5652eadea 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/highlighted_fields_cell.tsx @@ -16,7 +16,7 @@ import { HOST_NAME_FIELD_NAME, USER_NAME_FIELD_NAME, } from '../../../../timelines/components/timeline/body/renderers/constants'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; import { HIGHLIGHTED_FIELDS_AGENT_STATUS_CELL_TEST_ID, @@ -42,7 +42,7 @@ const LinkFieldCell: VFC = ({ value }) => { const goToInsightsEntities = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx index 25c25b87aa38d..31a86495d0561 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.test.tsx @@ -22,7 +22,7 @@ import { RightPanelContext } from '../context'; import { mockContextValue } from '../mocks/mock_context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; const hostName = 'host'; @@ -160,7 +160,7 @@ describe('', () => { getByTestId(ENTITIES_HOST_OVERVIEW_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx index 58d9bf9d8a418..a1d42871a42e4 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/host_entity_overview.tsx @@ -49,7 +49,7 @@ import { ENTITIES_HOST_OVERVIEW_LINK_TEST_ID, ENTITIES_HOST_OVERVIEW_LOADING_TEST_ID, } from './test_ids'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { RiskScoreDocTooltip } from '../../../../overview/components/common'; const HOST_ICON = 'storage'; @@ -70,7 +70,7 @@ export const HostEntityOverview: React.FC = ({ hostName const { openLeftPanel } = useExpandableFlyoutContext(); const goToEntitiesTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx index 1dd3af16ff415..f774fe67e179b 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.test.tsx @@ -19,7 +19,7 @@ import { mockContextValue } from '../mocks/mock_context'; import { mockFlyoutContextValue } from '../../shared/mocks/mock_flyout_context'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide'; -import { LeftPanelInvestigationTab, LeftPanelKey } from '../../left'; +import { LeftPanelInvestigationTab, DocumentDetailsLeftPanelKey } from '../../left'; jest.mock('../../shared/hooks/use_investigation_guide'); @@ -109,7 +109,7 @@ describe('', () => { getByTestId(INVESTIGATION_GUIDE_BUTTON_TEST_ID).click(); expect(mockFlyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInvestigationTab, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx index d00310b360c26..04c73baad9d78 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/investigation_guide.tsx @@ -11,7 +11,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; import { useInvestigationGuide } from '../../shared/hooks/use_investigation_guide'; import { useRightPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelInvestigationTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInvestigationTab } from '../../left'; import { INVESTIGATION_GUIDE_BUTTON_TEST_ID, INVESTIGATION_GUIDE_LOADING_TEST_ID, @@ -32,7 +32,7 @@ export const InvestigationGuide: React.FC = () => { const goToInvestigationsTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInvestigationTab, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx index 79fcf89977291..fe711387dbf17 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.test.tsx @@ -10,7 +10,7 @@ import { render } from '@testing-library/react'; import { TestProviders } from '../../../../common/mock'; import { RightPanelContext } from '../context'; import { PREVALENCE_TEST_ID } from './test_ids'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import React from 'react'; import { PrevalenceOverview } from './prevalence_overview'; import { PREVALENCE_TAB_ID } from '../../left/components/prevalence_details'; @@ -167,7 +167,7 @@ describe('', () => { getByTestId(TITLE_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: PREVALENCE_TAB_ID }, params: { id: 'eventId', diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx index 674b9d662f460..c7249f66065df 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/prevalence_overview.tsx @@ -14,7 +14,7 @@ import { ExpandablePanel } from '../../../shared/components/expandable_panel'; import { usePrevalence } from '../../shared/hooks/use_prevalence'; import { PREVALENCE_TEST_ID } from './test_ids'; import { useRightPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelInsightsTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '../../left'; import { PREVALENCE_TAB_ID } from '../../left/components/prevalence_details'; import { InsightsSummaryRow } from './insights_summary_row'; @@ -33,7 +33,7 @@ export const PrevalenceOverview: FC = () => { const goPrevalenceTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: PREVALENCE_TAB_ID, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx index f407c33a1e210..65a241a00e6bb 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.test.tsx @@ -14,7 +14,7 @@ import { RightPanelContext } from '../context'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; -import { PreviewPanelKey } from '../../preview'; +import { DocumentDetailsPreviewPanelKey } from '../../preview'; const flyoutContextValue = { openPreviewPanel: jest.fn(), @@ -82,7 +82,7 @@ describe('', () => { getByTestId(REASON_DETAILS_PREVIEW_BUTTON_TEST_ID).click(); expect(flyoutContextValue.openPreviewPanel).toHaveBeenCalledWith({ - id: PreviewPanelKey, + id: DocumentDetailsPreviewPanelKey, path: { tab: 'alert-reason-preview' }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx index 37629cd0678ca..392e753213714 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/reason.tsx @@ -13,7 +13,7 @@ import { ALERT_REASON } from '@kbn/rule-data-utils'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; import { getField } from '../../shared/utils'; -import { AlertReasonPreviewPanel, PreviewPanelKey } from '../../preview'; +import { AlertReasonPreviewPanel, DocumentDetailsPreviewPanelKey } from '../../preview'; import { REASON_DETAILS_PREVIEW_BUTTON_TEST_ID, REASON_DETAILS_TEST_ID, @@ -34,7 +34,7 @@ export const Reason: FC = () => { const { openPreviewPanel } = useExpandableFlyoutContext(); const openRulePreview = useCallback(() => { openPreviewPanel({ - id: PreviewPanelKey, + id: DocumentDetailsPreviewPanelKey, path: { tab: AlertReasonPreviewPanel }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx index 0d1b6fac8df4b..c114530f4b664 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/response_button.tsx @@ -9,7 +9,7 @@ import { EuiButton } from '@elastic/eui'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; import { FormattedMessage } from '@kbn/i18n-react'; import { useRightPanelContext } from '../context'; -import { LeftPanelKey, LeftPanelResponseTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelResponseTab } from '../../left'; import { RESPONSE_BUTTON_TEST_ID } from './test_ids'; /** @@ -21,7 +21,7 @@ export const ResponseButton: React.FC = () => { const goToResponseTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelResponseTab }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts index 28d76c040ebbb..0cbde8fa94e1a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts @@ -97,8 +97,6 @@ export const ENTITIES_HOST_OVERVIEW_LAST_SEEN_TEST_ID = `${ENTITIES_HOST_OVERVIEW_TEST_ID}LastSeen` as const; export const ENTITIES_HOST_OVERVIEW_RISK_LEVEL_TEST_ID = `${ENTITIES_HOST_OVERVIEW_TEST_ID}RiskLevel` as const; -export const TECHNICAL_PREVIEW_ICON_TEST_ID = - `${INSIGHTS_ENTITIES_TEST_ID}TechnicalPreviewIcon` as const; /* Threat intelligence */ diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx index 1b8a646f1d356..f5ae35db72f16 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.test.tsx @@ -11,7 +11,7 @@ import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { RightPanelContext } from '../context'; import { TestProviders } from '../../../../common/mock'; import { ThreatIntelligenceOverview } from './threat_intelligence_overview'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { useFetchThreatIntelligence } from '../hooks/use_fetch_threat_intelligence'; import { THREAT_INTELLIGENCE_TAB_ID } from '../../left/components/threat_intelligence_details'; import { INSIGHTS_THREAT_INTELLIGENCE_TEST_ID } from './test_ids'; @@ -161,7 +161,7 @@ describe('', () => { getByTestId(TITLE_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: THREAT_INTELLIGENCE_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx index ebaea597219ac..d57fb1d6c0aab 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/threat_intelligence_overview.tsx @@ -15,7 +15,7 @@ import { useFetchThreatIntelligence } from '../hooks/use_fetch_threat_intelligen import { InsightsSummaryRow } from './insights_summary_row'; import { useRightPanelContext } from '../context'; import { INSIGHTS_THREAT_INTELLIGENCE_TEST_ID } from './test_ids'; -import { LeftPanelKey, LeftPanelInsightsTab } from '../../left'; +import { DocumentDetailsLeftPanelKey, LeftPanelInsightsTab } from '../../left'; import { THREAT_INTELLIGENCE_TAB_ID } from '../../left/components/threat_intelligence_details'; /** @@ -29,7 +29,7 @@ export const ThreatIntelligenceOverview: FC = () => { const goToThreatIntelligenceTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: THREAT_INTELLIGENCE_TAB_ID, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx index 37b4666611efe..155f2c127fc3c 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.test.tsx @@ -22,7 +22,7 @@ import { mockContextValue } from '../mocks/mock_context'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; import { RightPanelContext } from '../context'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; const userName = 'user'; @@ -169,7 +169,7 @@ describe('', () => { getByTestId(ENTITIES_USER_OVERVIEW_LINK_TEST_ID).click(); expect(flyoutContextValue.openLeftPanel).toHaveBeenCalledWith({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: panelContextValue.eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx index 81b1b75df57e9..313719ec1c0ba 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/user_entity_overview.tsx @@ -19,7 +19,7 @@ import { css } from '@emotion/css'; import { getOr } from 'lodash/fp'; import { i18n } from '@kbn/i18n'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; -import { LeftPanelInsightsTab, LeftPanelKey } from '../../left'; +import { LeftPanelInsightsTab, DocumentDetailsLeftPanelKey } from '../../left'; import { ENTITIES_TAB_ID } from '../../left/components/entities_details'; import { useRightPanelContext } from '../context'; import type { DescriptionList } from '../../../../../common/utility_types'; @@ -70,7 +70,7 @@ export const UserEntityOverview: React.FC = ({ userName const { openLeftPanel } = useExpandableFlyoutContext(); const goToEntitiesTab = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, path: { tab: LeftPanelInsightsTab, subTab: ENTITIES_TAB_ID }, params: { id: eventId, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx index 35470f21f8085..39abe1f818a96 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/index.tsx @@ -20,7 +20,7 @@ import { tabs } from './tabs'; import { PanelFooter } from './footer'; export type RightPanelPaths = 'overview' | 'table' | 'json'; -export const RightPanelKey: RightPanelProps['key'] = 'document-details-right'; +export const DocumentDetailsRightPanelKey: RightPanelProps['key'] = 'document-details-right'; export interface RightPanelProps extends FlyoutPanelProps { key: 'document-details-right'; @@ -51,7 +51,7 @@ export const RightPanel: FC> = memo(({ path }) => { const setSelectedTabId = (tabId: RightPanelTabsType[number]['id']) => { openRightPanel({ - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, path: { tab: tabId, }, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx index 12e36ea29e5a0..d78784f164985 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/navigation.tsx @@ -10,7 +10,7 @@ import React, { memo, useCallback } from 'react'; import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; import { HeaderActions } from './components/header_actions'; import { FlyoutNavigation } from '../../shared/components/flyout_navigation'; -import { LeftPanelKey } from '../left'; +import { DocumentDetailsLeftPanelKey } from '../left'; import { useRightPanelContext } from './context'; interface PanelNavigationProps { @@ -26,7 +26,7 @@ export const PanelNavigation: FC = memo(({ flyoutIsExpanda const expandDetails = useCallback(() => { openLeftPanel({ - id: LeftPanelKey, + id: DocumentDetailsLeftPanelKey, params: { id: eventId, indexName, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/url/expandable_flyout_state_from_event_meta.ts b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/url/expandable_flyout_state_from_event_meta.ts index 95e5c509f96d6..e25824ed8b68a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/url/expandable_flyout_state_from_event_meta.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/url/expandable_flyout_state_from_event_meta.ts @@ -6,7 +6,7 @@ */ import type { ExpandableFlyoutContext } from '@kbn/expandable-flyout'; -import { RightPanelKey } from '../../../right'; +import { DocumentDetailsRightPanelKey } from '../../../right'; interface RedirectParams { index: string; @@ -26,7 +26,7 @@ export const expandableFlyoutStateFromEventMeta = ({ }: RedirectParams): ExpandableFlyoutContext['panels'] => { return { right: { - id: RightPanelKey, + id: DocumentDetailsRightPanelKey, params: { id: eventId, indexName: index, diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.test.tsx new file mode 100644 index 0000000000000..9df74c2d60846 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.test.tsx @@ -0,0 +1,36 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render } from '@testing-library/react'; +import React from 'react'; +import { TestProviders } from '../../../../common/mock'; +import { ActionColumn } from './action_column'; +import { alertDataMock } from '../mocks'; + +describe('ActionColumn', () => { + it('renders', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-inputs-actions')).toBeInTheDocument(); + }); + + it('toggles the popover when button is clicked', () => { + const { getByRole } = render( + + + + ); + + fireEvent.click(getByRole('button')); + + expect(getByRole('dialog')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.tsx new file mode 100644 index 0000000000000..35b25d69fffce --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/action_column.tsx @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiButtonIcon, EuiContextMenu, EuiPopover } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import React, { useCallback, useMemo, useState } from 'react'; +import type { AlertRawData } from '../content'; +import { useRiskInputActionsPanels } from '../hooks/use_risk_input_actions_panels'; + +interface ActionColumnProps { + alert: AlertRawData; +} + +export const ActionColumn: React.FC = ({ alert }) => { + const [isPopoverOpen, setIsPopoverOpen] = useState(false); + const closePopover = useCallback(() => setIsPopoverOpen(false), []); + const togglePopover = useCallback(() => setIsPopoverOpen((isOpen) => !isOpen), []); + const alerts = useMemo(() => [alert], [alert]); + const panels = useRiskInputActionsPanels(alerts, closePopover); + + return ( + + } + isOpen={isPopoverOpen} + closePopover={closePopover} + panelPaddingSize="none" + anchorPosition="downLeft" + > + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.test.tsx new file mode 100644 index 0000000000000..aeb244e537bda --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.test.tsx @@ -0,0 +1,116 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { fireEvent, render } from '@testing-library/react'; +import React from 'react'; +import { TestProviders } from '../../../../common/mock'; +import { alertDataMock } from '../mocks'; +import { RiskInputsUtilityBar } from './utility_bar'; + +describe('RiskInputsPanel', () => { + it('renders', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toBeInTheDocument(); + }); + + it('renders current page message when totalItemCount is 1', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toHaveTextContent('Showing 1 Risk input'); + }); + + it('renders current page message when totalItemCount is 20', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toHaveTextContent( + 'Showing 1-10 of 20 Risk input' + ); + }); + + it('renders current page message when totalItemCount is 20 and on the second page', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toHaveTextContent( + 'Showing 11-20 of 20 Risk inputs' + ); + }); + + it('renders selected risk input message', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-input-utility-bar')).toHaveTextContent('3 selected risk input'); + }); + + it('toggles the popover when button is clicked', () => { + const { getByRole } = render( + + + + ); + + fireEvent.click(getByRole('button')); + + expect(getByRole('dialog')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.tsx new file mode 100644 index 0000000000000..40e3497a04945 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/components/utility_bar.tsx @@ -0,0 +1,127 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { FunctionComponent } from 'react'; +import React, { useCallback, useState } from 'react'; +import type { Pagination } from '@elastic/eui'; +import { + EuiButtonEmpty, + EuiContextMenu, + EuiFlexGroup, + EuiFlexItem, + EuiPopover, + EuiText, + useEuiTheme, +} from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { css } from '@emotion/react'; +import { useRiskInputActionsPanels } from '../hooks/use_risk_input_actions_panels'; +import type { AlertRawData } from '../content'; + +interface Props { + selectedAlerts: AlertRawData[]; + pagination: Pagination; +} + +export const RiskInputsUtilityBar: FunctionComponent = React.memo( + ({ selectedAlerts, pagination }) => { + const { euiTheme } = useEuiTheme(); + const [isPopoverOpen, setIsPopoverOpen] = useState(false); + const togglePopover = useCallback(() => setIsPopoverOpen(!isPopoverOpen), [isPopoverOpen]); + const closePopover = useCallback(() => setIsPopoverOpen(false), []); + const panels = useRiskInputActionsPanels(selectedAlerts, closePopover); + const displayedCurrentPage = pagination.pageIndex + 1; + const pageSize = pagination.pageSize ?? 10; + const fromItem: number = pagination.pageIndex * pageSize + 1; + const toItem: number = Math.min(pagination.totalItemCount, pageSize * displayedCurrentPage); + + return ( + <> + + + + {pagination.totalItemCount <= 1 ? ( + + + + ), + }} + /> + ) : ( + {`${fromItem}-${toItem}`}, + totalInputs: pagination.totalItemCount, + riskInputs: ( + + + + ), + }} + /> + )} + + + + {selectedAlerts.length > 0 && ( + + + + } + > + + + )} + + + + ); + } +); + +RiskInputsUtilityBar.displayName = 'RiskInputsUtilityBar'; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.test.tsx new file mode 100644 index 0000000000000..93396e7dea03a --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.test.tsx @@ -0,0 +1,74 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SimpleRiskInput } from '../../../../common/risk_engine'; +import { RiskCategories } from '../../../../common/risk_engine'; +import { fireEvent, render } from '@testing-library/react'; +import React from 'react'; +import { RiskInputsPanel } from '.'; +import { TestProviders } from '../../../common/mock'; +import { times } from 'lodash/fp'; +import { alertDataMock } from './mocks'; + +const mockUseAlertsByIds = jest.fn().mockReturnValue({ loading: false, data: [] }); + +jest.mock('../../../common/containers/alerts/use_alerts_by_ids', () => ({ + useAlertsByIds: () => mockUseAlertsByIds(), +})); + +const TEST_RISK_INPUT: SimpleRiskInput = { + id: '123', + index: '_test_index', + category: RiskCategories.category_1, + description: 'test description', + risk_score: 70, + timestamp: '2023-05-15T16:12:14.967Z', +}; + +describe('RiskInputsPanel', () => { + it('renders', () => { + mockUseAlertsByIds.mockReturnValue({ + loading: false, + error: false, + data: [alertDataMock], + }); + + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-inputs-panel')).toBeInTheDocument(); + expect(getByTestId('risk-input-table-description-cell')).toHaveTextContent( + 'Risk inputRule Name' + ); + }); + + it('paginates', () => { + const riskInputs = times((index) => ({ ...TEST_RISK_INPUT, id: index.toString() }), 11); + const alerts = times((index) => ({ ...alertDataMock, _id: index.toString() }), 11); + + mockUseAlertsByIds.mockReturnValue({ + loading: false, + error: false, + data: alerts, + }); + + const { getAllByTestId, getByLabelText } = render( + + + + ); + + expect(getAllByTestId('risk-input-table-description-cell')).toHaveLength(10); + + fireEvent.click(getByLabelText('Next page')); + + expect(getAllByTestId('risk-input-table-description-cell')).toHaveLength(1); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.tsx new file mode 100644 index 0000000000000..544dca9df62a8 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/content.tsx @@ -0,0 +1,158 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { EuiBasicTableColumn, Pagination } from '@elastic/eui'; +import { useEuiBackgroundColor, EuiSpacer, EuiInMemoryTable, EuiTitle } from '@elastic/eui'; +import React, { useCallback, useMemo, useState } from 'react'; +import { css } from '@emotion/react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { get } from 'lodash/fp'; +import { ALERT_RULE_NAME } from '@kbn/rule-data-utils'; +import type { RiskInputs } from '../../../../common/risk_engine'; +import { ActionColumn } from './components/action_column'; +import { PreferenceFormattedDate } from '../../../common/components/formatted_date'; +import { RiskInputsUtilityBar } from './components/utility_bar'; +import { useAlertsByIds } from '../../../common/containers/alerts/use_alerts_by_ids'; +import { FlyoutBody } from '../../shared/components/flyout_body'; + +export interface RiskInputsPanelContentProps extends Record { + riskInputs: RiskInputs; +} + +export interface AlertRawData { + fields: Record; + _index: string; + _id: string; +} + +export const RiskInputsPanelContent = ({ riskInputs }: RiskInputsPanelContentProps) => { + const [selectedItems, setSelectedItems] = useState([]); + const alertIds = useMemo(() => riskInputs.map(({ id }) => id), [riskInputs]); + const { loading, data: alertsData } = useAlertsByIds({ alertIds }); + + const euiTableSelectionProps = useMemo( + () => ({ + onSelectionChange: (selected: AlertRawData[]) => { + setSelectedItems(selected); + }, + initialSelected: [], + selectable: () => true, + }), + [] + ); + + const columns: Array> = useMemo( + () => [ + { + name: ( + + ), + width: '80px', + render: (alert: AlertRawData) => { + return ; + }, + }, + { + field: 'fields.@timestamp', + name: ( + + ), + truncateText: false, + mobileOptions: { show: true }, + sortable: true, + width: '30%', + render: (timestamp: string) => , + }, + { + field: 'fields', + 'data-test-subj': 'risk-input-table-description-cell', + name: ( + + ), + truncateText: true, + mobileOptions: { show: true }, + sortable: true, + render: (fields: AlertRawData['fields']) => get(ALERT_RULE_NAME, fields), + }, + ], + [] + ); + + const [currentPage, setCurrentPage] = useState<{ + index: number; + size: number; + }>({ index: 0, size: 10 }); + + const onTableChange = useCallback(({ page }) => { + setCurrentPage(page); + }, []); + + const pagination: Pagination = useMemo( + () => ({ + totalItemCount: riskInputs.length, + pageIndex: currentPage.index, + pageSize: currentPage.size, + }), + [currentPage.index, currentPage.size, riskInputs.length] + ); + + return ( + <> + + +

+ +

+ + + {/* Temporary label. It will be replaced by a filter */} + +

+ +

+ + + + + + + + ); +}; + +RiskInputsPanelContent.displayName = 'RiskInputsPanelContent'; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions.ts b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions.ts new file mode 100644 index 0000000000000..6a8643c7fd9f3 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions.ts @@ -0,0 +1,84 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { TableId } from '@kbn/securitysolution-data-table'; +import { useMemo } from 'react'; +import { get, noop } from 'lodash/fp'; +import { AttachmentType } from '@kbn/cases-plugin/common'; +import type { CaseAttachmentsWithoutOwner } from '@kbn/cases-plugin/public'; +import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils'; +import { useGlobalTime } from '../../../../common/containers/use_global_time'; +import { SourcererScopeName } from '../../../../common/store/sourcerer/model'; +import { useAddBulkToTimelineAction } from '../../../../detections/components/alerts_table/timeline_actions/use_add_bulk_to_timeline'; +import { useKibana } from '../../../../common/lib/kibana/kibana_react'; +import type { AlertRawData } from '../content'; + +/** + * The returned actions only support alerts risk inputs. + */ +export const useRiskInputActions = (alerts: AlertRawData[], closePopover: () => void) => { + const { from, to } = useGlobalTime(); + const timelineAction = useAddBulkToTimelineAction({ + localFilters: [], + from, + to, + scopeId: SourcererScopeName.detections, + tableId: TableId.riskInputs, + }); + + const { cases: casesService } = useKibana().services; + const createCaseFlyout = casesService?.hooks.useCasesAddToNewCaseFlyout({ onSuccess: noop }); + const selectCaseModal = casesService?.hooks.useCasesAddToExistingCaseModal(); + + const caseAttachments: CaseAttachmentsWithoutOwner = useMemo( + () => + alerts.map((alert: AlertRawData) => ({ + alertId: alert._id, + index: alert._index, + type: AttachmentType.alert, + rule: { + id: get(ALERT_RULE_UUID, alert.fields)[0], + name: get(ALERT_RULE_NAME, alert.fields)[0], + }, + })), + [alerts] + ); + + return useMemo( + () => ({ + addToExistingCase: () => { + closePopover(); + selectCaseModal.open({ getAttachments: () => caseAttachments }); + }, + addToNewCaseClick: () => { + closePopover(); + createCaseFlyout.open({ attachments: caseAttachments }); + }, + addToNewTimeline: () => { + closePopover(); + timelineAction.onClick( + alerts.map((alert: AlertRawData) => { + return { + _id: alert._id, + _index: alert._index, + data: [], + ecs: { + _id: alert._id, + _index: alert._index, + }, + }; + }), + false, + noop, + noop, + noop + ); + }, + }), + [alerts, caseAttachments, closePopover, createCaseFlyout, selectCaseModal, timelineAction] + ); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.test.tsx new file mode 100644 index 0000000000000..49bad231f2767 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.test.tsx @@ -0,0 +1,93 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { EuiContextMenuPanelDescriptor } from '@elastic/eui'; +import { EuiContextMenu } from '@elastic/eui'; +import { casesPluginMock } from '@kbn/cases-plugin/public/mocks'; +import { render } from '@testing-library/react'; +import { renderHook } from '@testing-library/react-hooks'; +import React from 'react'; +import { TestProviders } from '../../../../common/mock'; +import { alertDataMock } from '../mocks'; +import { useRiskInputActionsPanels } from './use_risk_input_actions_panels'; + +const casesServiceMock = casesPluginMock.createStartContract(); +const mockCanUseCases = jest.fn().mockReturnValue({ + create: true, + read: true, +}); + +const mockedCasesServices = { + ...casesServiceMock, + helpers: { + ...casesServiceMock.helpers, + canUseCases: mockCanUseCases, + }, +}; + +jest.mock('@kbn/kibana-react-plugin/public', () => { + const original = jest.requireActual('@kbn/kibana-react-plugin/public'); + return { + ...original, + useKibana: () => ({ + ...original.useKibana(), + services: { + ...original.useKibana().services, + cases: mockedCasesServices, + }, + }), + }; +}); + +const TestMenu = ({ panels }: { panels: EuiContextMenuPanelDescriptor[] }) => ( + +); + +const customRender = (alerts = [alertDataMock]) => { + const { result } = renderHook(() => useRiskInputActionsPanels(alerts, () => {}), { + wrapper: TestProviders, + }); + + return render( + + + + ); +}; + +describe('useRiskInputActionsPanels', () => { + it('displays the rule name when only one alert is selected', () => { + const { getByTestId } = customRender(); + + expect(getByTestId('contextMenuPanelTitle')).toHaveTextContent('Risk input: Rule Name'); + }); + + it('displays number of selected alerts when more than one alert is selected', () => { + const { getByTestId } = customRender([alertDataMock, alertDataMock]); + + expect(getByTestId('contextMenuPanelTitle')).toHaveTextContent('2 selected'); + }); + + it('displays cases actions when user has cases permissions', () => { + const { container } = customRender(); + + expect(container).toHaveTextContent('Add to existing case'); + expect(container).toHaveTextContent('Add to new case'); + }); + + it('does NOT display cases actions when user has NO cases permissions', () => { + mockCanUseCases.mockReturnValue({ + create: false, + read: false, + }); + + const { container } = customRender(); + + expect(container).not.toHaveTextContent('Add to existing case'); + expect(container).not.toHaveTextContent('Add to new case'); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.tsx new file mode 100644 index 0000000000000..176b2a13db72d --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/hooks/use_risk_input_actions_panels.tsx @@ -0,0 +1,100 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiTextTruncate } from '@elastic/eui'; +import React, { useMemo } from 'react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { SECURITY_SOLUTION_OWNER } from '@kbn/cases-plugin/common'; +import type { CasesService } from '@kbn/triggers-actions-ui-plugin/public/application/sections/alerts_table/types'; +import { i18n } from '@kbn/i18n'; +import { get } from 'lodash/fp'; +import { ALERT_RULE_NAME } from '@kbn/rule-data-utils'; +import { useRiskInputActions } from './use_risk_input_actions'; +import type { AlertRawData } from '../content'; + +export const useRiskInputActionsPanels = (alerts: AlertRawData[], closePopover: () => void) => { + const { cases: casesService } = useKibana<{ cases?: CasesService }>().services; + const { addToExistingCase, addToNewCaseClick, addToNewTimeline } = useRiskInputActions( + alerts, + closePopover + ); + const userCasesPermissions = casesService?.helpers.canUseCases([SECURITY_SOLUTION_OWNER]); + const hasCasesPermissions = userCasesPermissions?.create && userCasesPermissions?.read; + + return useMemo(() => { + const timelinePanel = { + name: ( + + ), + + onClick: addToNewTimeline, + }; + const ruleName = get(['fields', ALERT_RULE_NAME], alerts[0]) ?? ['']; + const title = i18n.translate( + 'xpack.securitySolution.flyout.entityDetails.riskInputs.actions.title', + { + defaultMessage: 'Risk input: {description}', + values: { + description: + alerts.length === 1 + ? ruleName[0] + : i18n.translate( + 'xpack.securitySolution.flyout.entityDetails.riskInputs.actions.titleDescription', + { + defaultMessage: '{quantity} selected', + values: { + quantity: alerts.length, + }, + } + ), + }, + } + ); + + return [ + { + title: ( + + ), + id: 0, + items: hasCasesPermissions + ? [ + timelinePanel, + { + name: ( + + ), + + onClick: addToNewCaseClick, + }, + + { + name: ( + + ), + + onClick: addToExistingCase, + }, + ] + : [timelinePanel], + }, + ]; + }, [addToExistingCase, addToNewCaseClick, addToNewTimeline, alerts, hasCasesPermissions]); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/index.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/index.tsx new file mode 100644 index 0000000000000..386ec25bfeaf8 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/index.tsx @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import type { FlyoutPanelProps } from '@kbn/expandable-flyout'; +import type { RiskInputs } from '../../../../common/risk_engine'; +import { RiskInputsPanelContent } from './content'; + +export interface RiskInputsPanelProps extends Record { + riskInputs: RiskInputs; +} + +export interface RiskInputsExpandableFlyoutProps extends FlyoutPanelProps { + key: 'all-risk-inputs'; + params: RiskInputsPanelProps; +} + +export const RiskInputsPanelKey: RiskInputsExpandableFlyoutProps['key'] = 'all-risk-inputs'; + +export const RiskInputsPanel = ({ riskInputs }: RiskInputsPanelProps) => { + return ; +}; + +RiskInputsPanel.displayName = 'RiskInputsPanel'; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/mocks/index.ts b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/mocks/index.ts new file mode 100644 index 0000000000000..9e6f5db17034c --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/risk_inputs_left/mocks/index.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils'; +import type { AlertRawData } from '../content'; + +export const alertDataMock: AlertRawData = { + _id: 'test-id', + _index: 'test-index', + fields: { + [ALERT_RULE_UUID]: ['2e051244-b3c6-4779-a241-e1b4f0beceb9'], + '@timestamp': ['2023-07-20T20:31:24.896Z'], + [ALERT_RULE_NAME]: ['Rule Name'], + }, +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.stories.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.stories.tsx new file mode 100644 index 0000000000000..e45869115c50f --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.stories.tsx @@ -0,0 +1,35 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import type { Story } from '@storybook/react'; +import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; +import { StorybookProviders } from '../../../../common/mock/storybook_providers'; +import { mockRiskScoreState } from '../../../../timelines/components/side_panel/new_user_detail/__mocks__'; +import { RiskSummary } from './risk_summary'; + +export default { + component: RiskSummary, + title: 'Components/RiskSummary', +}; + +const flyoutContextValue = { + openLeftPanel: () => window.alert('openLeftPanel called'), + panels: {}, +} as unknown as ExpandableFlyoutContext; + +export const Default: Story = () => { + return ( + + +
+ +
+ + + ); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.test.tsx new file mode 100644 index 0000000000000..774a7c8a8458e --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.test.tsx @@ -0,0 +1,60 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render } from '@testing-library/react'; +import React from 'react'; +import { TestProviders } from '../../../../common/mock'; +import { mockRiskScoreState } from '../../user_right/mocks'; +import { RiskSummary } from './risk_summary'; + +jest.mock('../../../../common/components/visualization_actions/visualization_embeddable'); + +describe('RiskSummary', () => { + it('renders risk summary table', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-summary-table')).toBeInTheDocument(); + expect(getByTestId('risk-summary-table')).toHaveTextContent('Inputs1'); + expect(getByTestId('risk-summary-table')).toHaveTextContent('CategoryAlerts'); + }); + + it('renders risk summary table when riskScoreData is empty', () => { + const { getByTestId } = render( + + + + ); + expect(getByTestId('risk-summary-table')).toBeInTheDocument(); + }); + + it('renders visualization embeddable', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('visualization-embeddable')).toBeInTheDocument(); + }); + + it('renders updated at', () => { + const { getByTestId } = render( + + + + ); + + expect(getByTestId('risk-summary-updatedAt')).toHaveTextContent('Updated Nov 8, 1989'); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.tsx new file mode 100644 index 0000000000000..763a6377a9d67 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/shared/components/risk_summary.tsx @@ -0,0 +1,254 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { useCallback, useMemo } from 'react'; +import type { EuiBasicTableColumn } from '@elastic/eui'; +import { + useEuiTheme, + EuiAccordion, + EuiTitle, + EuiSpacer, + EuiBasicTable, + EuiFlexGroup, + EuiFlexItem, + useEuiFontSize, +} from '@elastic/eui'; +import { css } from '@emotion/react'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { euiThemeVars } from '@kbn/ui-theme'; +import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; +import { i18n } from '@kbn/i18n'; +import { InspectButton, InspectButtonContainer } from '../../../../common/components/inspect'; +import { ONE_WEEK_IN_HOURS } from '../../../../timelines/components/side_panel/new_user_detail/constants'; +import { FormattedRelativePreferenceDate } from '../../../../common/components/formatted_date'; +import { RiskScoreEntity } from '../../../../../common/risk_engine'; +import type { RiskScoreState } from '../../../../explore/containers/risk_score'; +import { VisualizationEmbeddable } from '../../../../common/components/visualization_actions/visualization_embeddable'; +import { getRiskScoreSummaryAttributes } from '../../../../common/components/visualization_actions/lens_attributes/common/risk_scores/risk_score_summary'; +import { ExpandablePanel } from '../../../shared/components/expandable_panel'; +import { RiskInputsPanelKey } from '../../risk_inputs_left'; + +export interface RiskSummaryProps { + riskScoreData: RiskScoreState; + queryId: string; +} + +interface TableItem { + category: string; + count: number; +} +const LENS_VISUALIZATION_HEIGHT = 126; // Static height in pixels specified by design +const LAST_30_DAYS = { from: 'now-30d', to: 'now' }; + +export const RiskSummary = React.memo(({ riskScoreData, queryId }: RiskSummaryProps) => { + const { data: userRisk } = riskScoreData; + const userRiskData = userRisk && userRisk.length > 0 ? userRisk[0] : undefined; + const { euiTheme } = useEuiTheme(); + + const { openLeftPanel } = useExpandableFlyoutContext(); + const openPanel = useCallback(() => { + openLeftPanel({ + id: RiskInputsPanelKey, + params: { + riskInputs: userRiskData?.user.risk.inputs, + }, + }); + }, [openLeftPanel, userRiskData?.user.risk.inputs]); + + const lensAttributes = useMemo(() => { + return getRiskScoreSummaryAttributes({ + severity: userRiskData?.user?.risk?.calculated_level, + query: `user.name: ${userRiskData?.user?.name}`, + spaceId: 'default', + riskEntity: RiskScoreEntity.user, + }); + }, [userRiskData]); + + const columns: Array> = useMemo( + () => [ + { + field: 'category', + name: ( + + ), + truncateText: false, + mobileOptions: { show: true }, + sortable: true, + }, + { + field: 'count', + name: ( + + ), + truncateText: false, + mobileOptions: { show: true }, + sortable: true, + dataType: 'number', + }, + ], + [] + ); + + const xsFontSize = useEuiFontSize('xxs').fontSize; + + const items: TableItem[] = useMemo( + () => [ + { + category: i18n.translate('xpack.securitySolution.flyout.entityDetails.alertsGroupLabel', { + defaultMessage: 'Alerts', + }), + count: userRiskData?.user.risk.inputs?.length ?? 0, + }, + ], + [userRiskData?.user.risk.inputs?.length] + ); + + return ( + +

+ +

+ + } + extraAction={ + + {userRiskData && ( + + ), + }} + /> + )} + + } + > + + + + ), + link: { + callback: openPanel, + tooltip: ( + + ), + }, + iconType: 'arrowStart', + }} + expand={{ + expandable: false, + }} + > + + +
+ {userRiskData && ( + + } + /> + )} +
+ + + +
+
+ + } + /> +
+ +
+ + + + + + + ); +}); +RiskSummary.displayName = 'RiskSummary'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.stories.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.stories.tsx similarity index 79% rename from x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.stories.tsx rename to x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.stories.tsx index 1f82d21c65321..746aa8b25e0f1 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.stories.tsx +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/content.stories.tsx @@ -7,22 +7,33 @@ import React from 'react'; import { storiesOf } from '@storybook/react'; -import { EuiFlyout, EuiFlyoutBody } from '@elastic/eui'; -import { UserDetailsContentComponent } from './user_details_content'; -import { StorybookProviders } from '../../../../common/mock/storybook_providers'; -import { mockManagedUser, mockObservedUser, mockRiskScoreState } from './__mocks__'; +import { EuiFlyout } from '@elastic/eui'; +import { ExpandableFlyoutContext } from '@kbn/expandable-flyout/src/context'; +import { StorybookProviders } from '../../../common/mock/storybook_providers'; +import { + mockManagedUser, + mockObservedUser, + mockRiskScoreState, +} from '../../../timelines/components/side_panel/new_user_detail/__mocks__'; +import { UserPanelContent } from './content'; -storiesOf('UserDetailsContent', module) +const flyoutContextValue = { + openLeftPanel: () => window.alert('openLeftPanel called'), + panels: {}, +} as unknown as ExpandableFlyoutContext; + +storiesOf('Components/UserPanelContent', module) .addDecorator((storyFn) => ( - {}}> - {storyFn()} - + + {}}> + {storyFn()} + + )) .add('default', () => ( - )) .add('integration disabled', () => ( - )) .add('no managed data', () => ( - )) .add('no observed data', () => ( - )) .add('loading', () => ( - ; + contextID: string; + scopeId: string; + isDraggable: boolean; +} + +export const UserPanelContent = ({ + observedUser, + managedUser, + riskScoreState, + contextID, + scopeId, + isDraggable, +}: UserPanelContentProps) => { + return ( + + {riskScoreState.isModuleEnabled && riskScoreState.data?.length !== 0 && ( + <> + + + + )} + + + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.test.tsx similarity index 67% rename from x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.test.tsx rename to x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.test.tsx index 2d984cc926e4f..e4e4186919b6d 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.test.tsx @@ -7,36 +7,37 @@ import { render } from '@testing-library/react'; import React from 'react'; -import { TestProviders } from '../../../../common/mock'; -import { mockManagedUser, mockObservedUser, mockRiskScoreState } from './__mocks__'; -import { UserDetailsContentComponent } from './user_details_content'; +import { TestProviders } from '../../../common/mock'; +import { + mockManagedUser, + mockObservedUser, +} from '../../../timelines/components/side_panel/new_user_detail/__mocks__'; +import { UserPanelHeader } from './header'; const mockProps = { userName: 'test', managedUser: mockManagedUser, observedUser: mockObservedUser, - riskScoreState: mockRiskScoreState, - contextID: 'test-user-details', - scopeId: 'test-scope-id', - isDraggable: false, }; -describe('UserDetailsContentComponent', () => { +jest.mock('../../../common/components/visualization_actions/visualization_embeddable'); + +describe('UserDetailsContent', () => { it('renders', () => { const { getByTestId } = render( - + ); - expect(getByTestId('user-details-content-header')).toBeInTheDocument(); + expect(getByTestId('user-panel-header')).toBeInTheDocument(); }); it('renders observed user date when it is bigger than managed user date', () => { const futureDay = '2989-03-07T20:00:00.000Z'; const { getByTestId } = render( - { ); - expect(getByTestId('user-details-content-lastSeen').textContent).toContain('Mar 7, 2989'); + expect(getByTestId('user-panel-header-lastSeen').textContent).toContain('Mar 7, 2989'); }); it('renders managed user date when it is bigger than observed user date', () => { const futureDay = '2989-03-07T20:00:00.000Z'; const { getByTestId } = render( - { ); - expect(getByTestId('user-details-content-lastSeen').textContent).toContain('Mar 7, 2989'); + expect(getByTestId('user-panel-header-lastSeen').textContent).toContain('Mar 7, 2989'); }); it('renders observed and managed badges when lastSeen is defined', () => { const { getByTestId } = render( - + ); - expect(getByTestId('user-details-content-observed-badge')).toBeInTheDocument(); - expect(getByTestId('user-details-content-managed-badge')).toBeInTheDocument(); + expect(getByTestId('user-panel-header-observed-badge')).toBeInTheDocument(); + expect(getByTestId('user-panel-header-managed-badge')).toBeInTheDocument(); }); it('does not render observed badge when lastSeen date is undefined', () => { const { queryByTestId } = render( - { ); - expect(queryByTestId('user-details-content-observed-badge')).not.toBeInTheDocument(); + expect(queryByTestId('user-panel-header-observed-badge')).not.toBeInTheDocument(); }); it('does not render managed badge when lastSeen date is undefined', () => { const { queryByTestId } = render( - { ); - expect(queryByTestId('user-details-content-managed-badge')).not.toBeInTheDocument(); + expect(queryByTestId('user-panel-header-managed-badge')).not.toBeInTheDocument(); }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.tsx new file mode 100644 index 0000000000000..12acfd0d2815d --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/header.tsx @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiSpacer, EuiBadge, EuiText, EuiFlexItem, EuiFlexGroup } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; +import React, { useMemo } from 'react'; +import { max } from 'lodash/fp'; +import { SecurityPageName } from '@kbn/security-solution-navigation'; +import { getUsersDetailsUrl } from '../../../common/components/link_to/redirect_to_users'; +import type { + ManagedUserData, + ObservedUserData, +} from '../../../timelines/components/side_panel/new_user_detail/types'; + +import { SecuritySolutionLinkAnchor } from '../../../common/components/links'; +import { PreferenceFormattedDate } from '../../../common/components/formatted_date'; +import { FlyoutHeader } from '../../shared/components/flyout_header'; +import { FlyoutTitle } from '../../shared/components/flyout_title'; + +interface UserPanelHeaderProps { + userName: string; + observedUser: ObservedUserData; + managedUser: ManagedUserData; +} + +export const UserPanelHeader = ({ userName, observedUser, managedUser }: UserPanelHeaderProps) => { + const lastSeenDate = useMemo( + () => + max([observedUser.lastSeen, managedUser.lastSeen].map((el) => el.date && new Date(el.date))), + [managedUser.lastSeen, observedUser.lastSeen] + ); + + return ( + + + + + {lastSeenDate && } + + + + + + + + + + + + {observedUser.lastSeen.date && ( + + + + )} + + + {managedUser.lastSeen.date && ( + + + + )} + + + + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.test.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.test.tsx new file mode 100644 index 0000000000000..e06399305fe05 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.test.tsx @@ -0,0 +1,112 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { render } from '@testing-library/react'; +import React from 'react'; +import { TestProviders } from '../../../common/mock'; +import type { UserPanelProps } from '.'; +import { UserPanel } from '.'; +import { mockRiskScoreState } from './mocks'; + +import { + mockManagedUser, + mockObservedUser, +} from '../../../timelines/components/side_panel/new_user_detail/__mocks__'; + +const mockProps: UserPanelProps = { + userName: 'test', + contextID: 'test-user-panel', + scopeId: 'test-scope-id', + isDraggable: false, +}; + +jest.mock('../../../common/components/visualization_actions/visualization_embeddable'); + +const mockedUseRiskScore = jest.fn().mockReturnValue(mockRiskScoreState); +jest.mock('../../../explore/containers/risk_score', () => ({ + useRiskScore: () => mockedUseRiskScore(), +})); + +const mockedUseManagedUser = jest.fn().mockReturnValue(mockManagedUser); +const mockedUseObservedUser = jest.fn().mockReturnValue(mockObservedUser); + +jest.mock('../../../timelines/components/side_panel/new_user_detail/hooks', () => { + const originalModule = jest.requireActual( + '../../../timelines/components/side_panel/new_user_detail/hooks' + ); + return { + ...originalModule, + useManagedUser: () => mockedUseManagedUser(), + useObservedUser: () => mockedUseObservedUser(), + }; +}); + +describe('UserPanel', () => { + beforeEach(() => { + mockedUseRiskScore.mockReturnValue(mockRiskScoreState); + mockedUseManagedUser.mockReturnValue(mockManagedUser); + mockedUseObservedUser.mockReturnValue(mockObservedUser); + }); + + it('renders', () => { + const { getByTestId, queryByTestId } = render( + + + + ); + + expect(getByTestId('user-panel-header')).toBeInTheDocument(); + expect(queryByTestId('securitySolutionFlyoutLoading')).not.toBeInTheDocument(); + expect(getByTestId('securitySolutionFlyoutNavigationExpandDetailButton')).toBeInTheDocument(); + }); + + it('renders loading state when risk score is loading', () => { + mockedUseRiskScore.mockReturnValue({ + ...mockRiskScoreState, + data: undefined, + loading: true, + }); + + const { getByTestId } = render( + + + + ); + + expect(getByTestId('securitySolutionFlyoutLoading')).toBeInTheDocument(); + }); + + it('renders loading state when observed user is loading', () => { + mockedUseObservedUser.mockReturnValue({ + ...mockObservedUser, + isLoading: true, + }); + + const { getByTestId } = render( + + + + ); + + expect(getByTestId('securitySolutionFlyoutLoading')).toBeInTheDocument(); + }); + + it('renders loading state when managed user is loading', () => { + mockedUseManagedUser.mockReturnValue({ + ...mockManagedUser, + isLoading: true, + }); + + const { getByTestId } = render( + + + + ); + + expect(getByTestId('securitySolutionFlyoutLoading')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx new file mode 100644 index 0000000000000..8f22560730bf0 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/index.tsx @@ -0,0 +1,135 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { useCallback, useMemo } from 'react'; +import type { FlyoutPanelProps } from '@kbn/expandable-flyout'; +import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; +import { useQueryInspector } from '../../../common/components/page/manage_query'; +import { UsersType } from '../../../explore/users/store/model'; +import { getCriteriaFromUsersType } from '../../../common/components/ml/criteria/get_criteria_from_users_type'; +import { useGlobalTime } from '../../../common/containers/use_global_time'; +import { + useManagedUser, + useObservedUser, +} from '../../../timelines/components/side_panel/new_user_detail/hooks'; +import { AnomalyTableProvider } from '../../../common/components/ml/anomaly/anomaly_table_provider'; +import { buildUserNamesFilter } from '../../../../common/search_strategy'; +import { useRiskScore } from '../../../explore/containers/risk_score'; +import { RiskScoreEntity } from '../../../../common/risk_engine'; +import { FlyoutLoading } from '../../shared/components/flyout_loading'; +import { RiskInputsPanelKey } from '../risk_inputs_left'; +import { FlyoutNavigation } from '../../shared/components/flyout_navigation'; +import { UserPanelContent } from './content'; +import { UserPanelHeader } from './header'; + +export interface UserPanelProps extends Record { + contextID: string; + scopeId: string; + userName: string; + isDraggable?: boolean; +} + +export interface UserPanelExpandableFlyoutProps extends FlyoutPanelProps { + key: 'user-panel'; + params: UserPanelProps; +} + +export const UserPanelKey: UserPanelExpandableFlyoutProps['key'] = 'user-panel'; +export const USER_PANEL_RISK_SCORE_QUERY_ID = 'userPanelRiskScoreQuery'; +const FIRST_RECORD_PAGINATION = { + cursorStart: 0, + querySize: 1, +}; + +export const UserPanel = ({ contextID, scopeId, userName, isDraggable }: UserPanelProps) => { + const userNameFilterQuery = useMemo( + () => (userName ? buildUserNamesFilter([userName]) : undefined), + [userName] + ); + + const riskScoreState = useRiskScore({ + riskEntity: RiskScoreEntity.user, + filterQuery: userNameFilterQuery, + onlyLatest: false, + pagination: FIRST_RECORD_PAGINATION, + }); + + const { inspect, refetch, loading } = riskScoreState; + const { to, from, isInitializing, setQuery, deleteQuery } = useGlobalTime(); + + const observedUser = useObservedUser(userName); + const managedUser = useManagedUser(userName); + + const { data: userRisk } = riskScoreState; + const userRiskData = userRisk && userRisk.length > 0 ? userRisk[0] : undefined; + + useQueryInspector({ + deleteQuery, + inspect, + loading, + queryId: USER_PANEL_RISK_SCORE_QUERY_ID, + refetch, + setQuery, + }); + + const { openLeftPanel } = useExpandableFlyoutContext(); + const openPanel = useCallback(() => { + openLeftPanel({ + id: RiskInputsPanelKey, + params: { + riskInputs: userRiskData?.user.risk.inputs, + }, + }); + }, [openLeftPanel, userRiskData?.user.risk.inputs]); + + if (riskScoreState.loading || observedUser.isLoading || managedUser.isLoading) { + return ; + } + + return ( + + {({ isLoadingAnomaliesData, anomaliesData, jobNameById }) => { + const observedUserWithAnomalies = { + ...observedUser, + anomalies: { + isLoading: isLoadingAnomaliesData, + anomalies: anomaliesData, + jobNameById, + }, + }; + return ( + <> + + + + + ); + }} + + ); +}; + +UserPanel.displayName = 'UserPanel'; diff --git a/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/mocks/index.ts b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/mocks/index.ts new file mode 100644 index 0000000000000..bfd1a9a802199 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/entity_details/user_right/mocks/index.ts @@ -0,0 +1,51 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { RiskScoreState } from '../../../../explore/containers/risk_score'; +import type { RiskScoreEntity, UserRiskScore } from '../../../../../common/search_strategy'; +import { RiskSeverity } from '../../../../../common/search_strategy'; +import { RiskCategories } from '../../../../../common/risk_engine'; + +const userRiskScore: UserRiskScore = { + '@timestamp': '626569200000', + user: { + name: 'test', + risk: { + rule_risks: [], + calculated_score_norm: 70, + multipliers: [], + calculated_level: RiskSeverity.high, + inputs: [ + { + id: '_id', + index: '_index', + category: RiskCategories.category_1, + description: 'Alert from Rule: My rule', + risk_score: 30, + timestamp: '2021-08-19T18:55:59.000Z', + }, + ], + }, + }, + alertsCount: 0, + oldestAlertTimestamp: '626569200000', +}; + +export const mockRiskScoreState: RiskScoreState = { + data: [userRiskScore], + inspect: { + dsl: [], + response: [], + }, + isInspected: false, + refetch: () => {}, + totalCount: 0, + isModuleEnabled: true, + isAuthorized: true, + isDeprecated: false, + loading: false, +}; diff --git a/x-pack/plugins/security_solution/public/flyout/index.tsx b/x-pack/plugins/security_solution/public/flyout/index.tsx index a29654659c74c..1c8ac6c4cc2c9 100644 --- a/x-pack/plugins/security_solution/public/flyout/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/index.tsx @@ -12,21 +12,28 @@ import { ExpandableFlyoutProvider, } from '@kbn/expandable-flyout'; import type { IsolateHostPanelProps } from './document_details/isolate_host'; -import { IsolateHostPanel, IsolateHostPanelKey } from './document_details/isolate_host'; +import { + IsolateHostPanel, + DocumentDetailsIsolateHostPanelKey, +} from './document_details/isolate_host'; import { IsolateHostPanelProvider } from './document_details/isolate_host/context'; import type { RightPanelProps } from './document_details/right'; -import { RightPanel, RightPanelKey } from './document_details/right'; +import { RightPanel, DocumentDetailsRightPanelKey } from './document_details/right'; import { RightPanelProvider } from './document_details/right/context'; import type { LeftPanelProps } from './document_details/left'; -import { LeftPanel, LeftPanelKey } from './document_details/left'; +import { LeftPanel, DocumentDetailsLeftPanelKey } from './document_details/left'; import { LeftPanelProvider } from './document_details/left/context'; import { SecuritySolutionFlyoutUrlSyncProvider, useSecurityFlyoutUrlSync, } from './document_details/shared/context/url_sync'; import type { PreviewPanelProps } from './document_details/preview'; -import { PreviewPanel, PreviewPanelKey } from './document_details/preview'; +import { PreviewPanel, DocumentDetailsPreviewPanelKey } from './document_details/preview'; import { PreviewPanelProvider } from './document_details/preview/context'; +import type { UserPanelExpandableFlyoutProps } from './entity_details/user_right'; +import { UserPanel, UserPanelKey } from './entity_details/user_right'; +import type { RiskInputsExpandableFlyoutProps } from './entity_details/risk_inputs_left'; +import { RiskInputsPanel, RiskInputsPanelKey } from './entity_details/risk_inputs_left'; /** * List of all panels that will be used within the document details expandable flyout. @@ -34,7 +41,7 @@ import { PreviewPanelProvider } from './document_details/preview/context'; */ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] = [ { - key: RightPanelKey, + key: DocumentDetailsRightPanelKey, component: (props) => ( @@ -42,7 +49,7 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] ), }, { - key: LeftPanelKey, + key: DocumentDetailsLeftPanelKey, component: (props) => ( @@ -50,7 +57,7 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] ), }, { - key: PreviewPanelKey, + key: DocumentDetailsPreviewPanelKey, component: (props) => ( @@ -58,13 +65,23 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] ), }, { - key: IsolateHostPanelKey, + key: DocumentDetailsIsolateHostPanelKey, component: (props) => ( ), }, + { + key: UserPanelKey, + component: (props) => , + }, + { + key: RiskInputsPanelKey, + component: (props) => ( + + ), + }, ]; const OuterProviders: FC = ({ children }) => { diff --git a/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.test.tsx b/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.test.tsx index 8668f727201de..1f2d0c128f411 100644 --- a/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.test.tsx @@ -9,46 +9,40 @@ import React from 'react'; import { render } from '@testing-library/react'; import { FlyoutTitle } from './flyout_title'; import { - FLYOUT_TITLE_TEST_ID, TITLE_HEADER_ICON_TEST_ID, + TITLE_HEADER_TEXT_TEST_ID, TITLE_LINK_ICON_TEST_ID, } from './test_ids'; const title = 'test title'; +const TEST_ID = 'test'; describe('', () => { it('should render title and icon', () => { const { getByTestId, queryByTestId } = render( - + ); - expect(getByTestId(FLYOUT_TITLE_TEST_ID)).toHaveTextContent(title); - expect( - getByTestId(FLYOUT_TITLE_TEST_ID).querySelector('[data-euiicon-type="warning"]') - ).toBeInTheDocument(); - expect(queryByTestId(TITLE_LINK_ICON_TEST_ID)).not.toBeInTheDocument(); + expect(getByTestId(TITLE_HEADER_TEXT_TEST_ID(TEST_ID))).toHaveTextContent(title); + expect(getByTestId(TITLE_HEADER_ICON_TEST_ID(TEST_ID))).toBeInTheDocument(); + expect(queryByTestId(TITLE_LINK_ICON_TEST_ID(TEST_ID))).not.toBeInTheDocument(); }); it('should not render icon if iconType is not passed', () => { - const { getByTestId, queryByTestId } = render(); + const { getByTestId, queryByTestId } = render( + + ); - expect(getByTestId(FLYOUT_TITLE_TEST_ID)).toBeInTheDocument(); - expect(queryByTestId(TITLE_HEADER_ICON_TEST_ID)).not.toBeInTheDocument(); - expect(queryByTestId(TITLE_LINK_ICON_TEST_ID)).not.toBeInTheDocument(); + expect(getByTestId(TITLE_HEADER_TEXT_TEST_ID(TEST_ID))).toBeInTheDocument(); + expect(queryByTestId(TITLE_HEADER_ICON_TEST_ID(TEST_ID))).not.toBeInTheDocument(); + expect(queryByTestId(TITLE_LINK_ICON_TEST_ID(TEST_ID))).not.toBeInTheDocument(); }); it('should render popout icon if title is a link', () => { - const { getByTestId } = render(); - - expect(getByTestId(FLYOUT_TITLE_TEST_ID)).toHaveTextContent(title); - expect(getByTestId(TITLE_LINK_ICON_TEST_ID)).toBeInTheDocument(); - expect( - getByTestId(FLYOUT_TITLE_TEST_ID).querySelector('[data-euiicon-type="popout"]') - ).toBeInTheDocument(); - }); + const { getByTestId } = render(); - it('should render title with custom data test subject', () => { - const { getByTestId } = render(); - expect(getByTestId('test-title')).toHaveTextContent(title); + expect(getByTestId(TITLE_HEADER_TEXT_TEST_ID(TEST_ID))).toHaveTextContent(title); + expect(getByTestId(TITLE_LINK_ICON_TEST_ID(TEST_ID))).toBeInTheDocument(); + expect(getByTestId(TITLE_LINK_ICON_TEST_ID(TEST_ID))).toBeInTheDocument(); }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.tsx b/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.tsx index d9e9d280d38cc..8c2c12ab80e94 100644 --- a/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.tsx +++ b/x-pack/plugins/security_solution/public/flyout/shared/components/flyout_title.tsx @@ -18,11 +18,6 @@ import { EuiTextColor, } from '@elastic/eui'; import { css } from '@emotion/react'; -import { - FLYOUT_TITLE_TEST_ID, - TITLE_HEADER_ICON_TEST_ID, - TITLE_LINK_ICON_TEST_ID, -} from './test_ids'; export interface FlyoutTitleProps { /** @@ -48,7 +43,7 @@ export interface FlyoutTitleProps { * Title component with optional icon to indicate the type of document, can be used for text or a link */ export const FlyoutTitle: FC = memo( - ({ title, iconType, isLink = false, 'data-test-subj': dataTestSubj = FLYOUT_TITLE_TEST_ID }) => { + ({ title, iconType, isLink = false, 'data-test-subj': dataTestSubj }) => { const { euiTheme } = useEuiTheme(); const titleIcon = useMemo(() => { @@ -57,23 +52,23 @@ export const FlyoutTitle: FC = memo( type={iconType} size="m" className="eui-alignBaseline" - data-test-subj={TITLE_HEADER_ICON_TEST_ID} + data-test-subj={`${dataTestSubj}Icon`} css={css` margin-right: ${euiTheme.size.xs}; `} /> ) : null; - }, [iconType, euiTheme.size.xs]); + }, [dataTestSubj, iconType, euiTheme.size.xs]); const titleComponent = useMemo(() => { return ( - + {title} ); - }, [title, isLink, euiTheme.colors.primaryText]); + }, [dataTestSubj, title, isLink, euiTheme.colors.primaryText]); const linkIcon = useMemo(() => { return ( @@ -83,19 +78,14 @@ export const FlyoutTitle: FC = memo( css={css` margin-bottom: ${euiTheme.size.xs}; `} - data-test-subj={TITLE_LINK_ICON_TEST_ID} + data-test-subj={`${dataTestSubj}LinkIcon`} /> ); - }, [euiTheme.size.xs]); + }, [dataTestSubj, euiTheme.size.xs]); return ( - +
`${dataTestSubj}Icon`; +export const TITLE_HEADER_TEXT_TEST_ID = (dataTestSubj: string) => `${dataTestSubj}Text`; +export const TITLE_LINK_ICON_TEST_ID = (dataTestSubj: string) => `${dataTestSubj}LinkIcon`; diff --git a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx index 2ee81c42949be..2bb850e0c312c 100644 --- a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx +++ b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/risk_score_donut_chart.tsx @@ -8,11 +8,11 @@ import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import React from 'react'; import styled from 'styled-components'; +import { RISK_SEVERITY_COLOUR } from '../../../../entity_analytics/common/utils'; import type { SeverityCount } from '../../../../explore/components/risk_score/severity/types'; import { useRiskDonutChartData } from './use_risk_donut_chart_data'; import type { FillColor } from '../../../../common/components/charts/donutchart'; import { emptyDonutColor } from '../../../../common/components/charts/donutchart_empty'; -import { RISK_SEVERITY_COLOUR } from '../../../../explore/components/risk_score/severity/common'; import { DonutChart } from '../../../../common/components/charts/donutchart'; import { Legend } from '../../../../common/components/charts/legend'; import { ChartLabel } from '../../detection_response/alerts_by_status/chart_label'; diff --git a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/use_risk_donut_chart_data.ts b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/use_risk_donut_chart_data.ts index 6ba4ad7c03d1b..4b31142aef3c9 100644 --- a/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/use_risk_donut_chart_data.ts +++ b/x-pack/plugins/security_solution/public/overview/components/entity_analytics/common/use_risk_donut_chart_data.ts @@ -6,10 +6,10 @@ */ import { sum } from 'lodash/fp'; import { useMemo } from 'react'; +import { RISK_SEVERITY_COLOUR } from '../../../../entity_analytics/common/utils'; import type { LegendItem } from '../../../../common/components/charts/legend_item'; import type { SeverityCount } from '../../../../explore/components/risk_score/severity/types'; import type { DonutChartProps } from '../../../../common/components/charts/donutchart'; -import { RISK_SEVERITY_COLOUR } from '../../../../explore/components/risk_score/severity/common'; import type { RiskSeverity } from '../../../../../common/search_strategy'; const legendField = 'kibana.alert.severity'; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx index bf590a5d55cdf..ad33fdfe1b73e 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/index.tsx @@ -23,7 +23,6 @@ import { EventDetailsPanel } from './event_details'; import { HostDetailsPanel } from './host_details'; import { NetworkDetailsPanel } from './network_details'; import { UserDetailsPanel } from './user_details'; -import { useIsExperimentalFeatureEnabled } from '../../../common/hooks/use_experimental_features'; interface DetailsPanelProps { browserFields: BrowserFields; @@ -53,7 +52,6 @@ export const DetailsPanel = React.memo( isReadOnly, }: DetailsPanelProps) => { const dispatch = useDispatch(); - const isNewUserDetailsFlyoutEnable = useIsExperimentalFeatureEnabled('newUserDetailsFlyout'); const getScope = useMemo(() => { if (isTimelineScope(scopeId)) { return timelineSelectors.getTimelineByIdSelector(); @@ -142,9 +140,6 @@ export const DetailsPanel = React.memo( if (currentTabDetail?.panelView === 'userDetail' && currentTabDetail?.params?.userName) { flyoutUniqueKey = currentTabDetail.params.userName; - if (isNewUserDetailsFlyoutEnable) { - panelSize = 'm'; - } visiblePanel = ( ); diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.test.tsx index 9e0e60caf80de..a8e1744c0c04e 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.test.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { fireEvent, render } from '@testing-library/react'; +import { render } from '@testing-library/react'; import React from 'react'; import { TestProviders } from '../../../../common/mock'; import { ManagedUser } from './managed_user'; @@ -29,19 +29,6 @@ describe('ManagedUser', () => { expect(getByTestId('managedUser-data')).toBeInTheDocument(); }); - it('updates the accordion button title when visibility toggles', () => { - const { getByTestId } = render( - - - - ); - const accordionButton = getByTestId('managedUser-accordion-button'); - - expect(accordionButton).toHaveTextContent('Show Azure AD data'); - fireEvent.click(accordionButton); - expect(accordionButton).toHaveTextContent('Hide Azure AD data'); - }); - it('renders the formatted date', () => { const { getByTestId } = render( diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx index a802b49e85cae..5cb8f2138e363 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/managed_user.tsx @@ -14,9 +14,10 @@ import { useEuiTheme, EuiEmptyPrompt, EuiCallOut, + useEuiFontSize, } from '@elastic/eui'; -import React, { useCallback, useMemo, useState } from 'react'; +import React, { useMemo } from 'react'; import { css } from '@emotion/react'; import { FormattedMessage } from '@kbn/i18n-react'; import * as i18n from './translations'; @@ -44,10 +45,6 @@ export const ManagedUser = ({ }) => { const { euiTheme } = useEuiTheme(); const managedItems = useManagedUserItems(managedUser.details); - const [isManagedDataToggleOpen, setManagedDataToggleOpen] = useState(false); - const onToggleManagedData = useCallback(() => { - setManagedDataToggleOpen((isOpen) => !isOpen); - }, [setManagedDataToggleOpen]); const managedUserTableColumns = useMemo( () => getManagedUserTableColumns(contextID, scopeId, isDraggable), [isDraggable, contextID, scopeId] @@ -59,40 +56,16 @@ export const ManagedUser = ({ [getAppUrl] ); - if (!managedUser.isLoading && !managedUser.isIntegrationEnabled) { - return ( - <> - -
{i18n.MANAGED_DATA_TITLE}
- - - - {i18n.NO_ACTIVE_INTEGRATION_TITLE}

} - body={

{i18n.NO_ACTIVE_INTEGRATION_TEXT}

} - actions={ - - {i18n.ADD_EXTERNAL_INTEGRATION_BUTTON} - - } - /> - - - ); - } + const xsFontSize = useEuiFontSize('xxs').fontSize; return ( <> - -
{i18n.MANAGED_DATA_TITLE}
- - +
{i18n.MANAGED_DATA_TITLE}
+ } - onToggle={onToggleManagedData} extraAction={ <> {managedUser.lastSeen.date && ( - - ), - }} - /> + + + ), + }} + /> + )} } @@ -138,16 +118,34 @@ export const ManagedUser = ({ } `} > - - {managedItems || managedUser.isLoading ? ( - + {!managedUser.isLoading && !managedUser.isIntegrationEnabled ? ( + + {i18n.NO_ACTIVE_INTEGRATION_TITLE}

} + titleSize="s" + body={

{i18n.NO_ACTIVE_INTEGRATION_TEXT}

} + actions={ + + {i18n.ADD_EXTERNAL_INTEGRATION_BUTTON} + + } /> - ) : ( - <> + + ) : ( + <> + {managedItems || managedUser.isLoading ? ( + + ) : (

{i18n.NO_AZURE_DATA_TEXT}

 - - )} - + )} + + )} diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.test.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.test.tsx index f57eda9b1fb26..90934c533a2c4 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.test.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.test.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { fireEvent, render } from '@testing-library/react'; +import { render } from '@testing-library/react'; import React from 'react'; import { TestProviders } from '../../../../common/mock'; import { mockObservedUser } from './__mocks__'; @@ -29,19 +29,6 @@ describe('ObservedUser', () => { expect(getByTestId('observedUser-data')).toBeInTheDocument(); }); - it('updates the accordion button title when visibility toggles', () => { - const { getByTestId } = render( - - - - ); - const accordionButton = getByTestId('observedUser-accordion-button'); - - expect(accordionButton).toHaveTextContent('Show observed data'); - fireEvent.click(accordionButton); - expect(accordionButton).toHaveTextContent('Hide observed data'); - }); - it('renders the formatted date', () => { const { getByTestId } = render( diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.tsx index 01335997813a0..9a0891c24a925 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/observed_user.tsx @@ -5,9 +5,9 @@ * 2.0. */ -import { EuiAccordion, EuiSpacer, EuiTitle, useEuiTheme, EuiPanel } from '@elastic/eui'; +import { EuiAccordion, EuiSpacer, EuiTitle, useEuiTheme, useEuiFontSize } from '@elastic/eui'; -import React, { useCallback, useMemo, useState } from 'react'; +import React, { useMemo } from 'react'; import { css } from '@emotion/react'; import { FormattedMessage } from '@kbn/i18n-react'; import * as i18n from './translations'; @@ -33,27 +33,21 @@ export const ObservedUser = ({ }) => { const { euiTheme } = useEuiTheme(); const observedItems = useObservedUserItems(observedUser); - const [isObservedDataToggleOpen, setObservedDataToggleOpen] = useState(false); - const onToggleObservedData = useCallback(() => { - setObservedDataToggleOpen((isOpen) => !isOpen); - }, [setObservedDataToggleOpen]); + const observedUserTableColumns = useMemo( () => getObservedUserTableColumns(contextID, scopeId, isDraggable), [contextID, scopeId, isDraggable] ); + const xsFontSize = useEuiFontSize('xxs').fontSize; return ( <> - -
{i18n.OBSERVED_DATA_TITLE}
- - +

{i18n.OBSERVED_DATA_TITLE}

+ } - onToggle={onToggleObservedData} extraAction={ <> {observedUser.lastSeen.date && ( - - ), - }} - /> + + + ), + }} + /> + )} } @@ -101,19 +100,19 @@ export const ObservedUser = ({ } `} > - - - + + + diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/translations.ts b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/translations.ts index 01563fcb94781..4671cf815162d 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/translations.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/translations.ts @@ -46,20 +46,6 @@ export const OBSERVED_DATA_TITLE = i18n.translate( } ); -export const HIDE_OBSERVED_DATA_BUTTON = i18n.translate( - 'xpack.securitySolution.timeline.userDetails.hideObservedDataButton', - { - defaultMessage: 'Hide observed data', - } -); - -export const SHOW_OBSERVED_DATA_BUTTON = i18n.translate( - 'xpack.securitySolution.timeline.userDetails.showObservedDataButton', - { - defaultMessage: 'Show observed data', - } -); - export const HIDE_AZURE_DATA_BUTTON = i18n.translate( 'xpack.securitySolution.timeline.userDetails.hideManagedDataButton', { @@ -166,7 +152,7 @@ export const PHONE = i18n.translate('xpack.securitySolution.timeline.userDetails export const NO_ACTIVE_INTEGRATION_TITLE = i18n.translate( 'xpack.securitySolution.timeline.userDetails.noActiveIntegrationTitle', { - defaultMessage: 'You don’t have any active integrations', + defaultMessage: 'You don’t have any active asset repository integrations', } ); @@ -174,14 +160,14 @@ export const NO_ACTIVE_INTEGRATION_TEXT = i18n.translate( 'xpack.securitySolution.timeline.userDetails.noActiveIntegrationText', { defaultMessage: - 'External integrations can provide additional metadata and help you manage users.', + 'Additional metadata from integrations may help you to manage and identify risky entities.', } ); export const ADD_EXTERNAL_INTEGRATION_BUTTON = i18n.translate( 'xpack.securitySolution.timeline.userDetails.addExternalIntegrationButton', { - defaultMessage: 'Add external integrations', + defaultMessage: 'Add asset repository integrations', } ); diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.tsx deleted file mode 100644 index 95ffb05a16889..0000000000000 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/new_user_detail/user_details_content.tsx +++ /dev/null @@ -1,197 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - EuiSpacer, - EuiHorizontalRule, - EuiIcon, - EuiBadge, - EuiText, - EuiFlexItem, - EuiFlexGroup, - useEuiFontSize, - useEuiTheme, - euiTextBreakWord, - EuiProgress, -} from '@elastic/eui'; - -import React, { useMemo } from 'react'; -import { css } from '@emotion/react'; -import { max } from 'lodash'; -import * as i18n from './translations'; - -import { RiskScoreEntity } from '../../../../../common/search_strategy'; -import { UserDetailsLink } from '../../../../common/components/links'; -import { useGlobalTime } from '../../../../common/containers/use_global_time'; -import type { RiskScoreState } from '../../../../explore/containers/risk_score'; -import { useRiskScore } from '../../../../explore/containers/risk_score'; - -import { useManagedUser, useObservedUser } from './hooks'; -import { AnomalyTableProvider } from '../../../../common/components/ml/anomaly/anomaly_table_provider'; -import { getCriteriaFromUsersType } from '../../../../common/components/ml/criteria/get_criteria_from_users_type'; -import { UsersType } from '../../../../explore/users/store/model'; -import { PreferenceFormattedDate } from '../../../../common/components/formatted_date'; -import type { ManagedUserData, ObservedUserData } from './types'; -import { RiskScoreField } from './risk_score_field'; -import { ObservedUser } from './observed_user'; -import { ManagedUser } from './managed_user'; - -export const QUERY_ID = 'usersDetailsQuery'; - -interface UserDetailsContentComponentProps { - userName: string; - observedUser: ObservedUserData; - managedUser: ManagedUserData; - riskScoreState: RiskScoreState; - contextID: string; - scopeId: string; - isDraggable: boolean; -} - -/** - * This is a visual component. It doesn't access any external Context or API. - * It designed for unit testing the UI and previewing changes on storybook. - */ -export const UserDetailsContentComponent = ({ - userName, - observedUser, - managedUser, - riskScoreState, - contextID, - scopeId, - isDraggable, -}: UserDetailsContentComponentProps) => { - const { euiTheme } = useEuiTheme(); - const { fontSize: xlFontSize } = useEuiFontSize('xl'); - - const lastSeenDate = useMemo( - () => - max([observedUser.lastSeen, managedUser.lastSeen].map((el) => el.date && new Date(el.date))), - [managedUser.lastSeen, observedUser.lastSeen] - ); - - return ( - <> - - - - - {i18n.USER} - - - {observedUser.lastSeen.date && ( - - {i18n.OBSERVED_BADGE} - - )} - - - {managedUser.lastSeen.date && ( - - {i18n.MANAGED_BADGE} - - )} - - - - - {observedUser.lastSeen.isLoading || managedUser.lastSeen.isLoading ? ( - - ) : ( - - )} - - - - - {userName} - - - - - {i18n.LAST_SEEN} - {': '} - {lastSeenDate && } - - - - - - - - - - ); -}; - -export const UserDetailsContent = ({ - userName, - contextID, - scopeId, - isDraggable = false, -}: { - userName: string; - contextID: string; - scopeId: string; - isDraggable?: boolean; -}) => { - const { to, from, isInitializing } = useGlobalTime(); - const riskScoreState = useRiskScore({ - riskEntity: RiskScoreEntity.user, - }); - const observedUser = useObservedUser(userName); - const managedUser = useManagedUser(userName); - - return ( - - {({ isLoadingAnomaliesData, anomaliesData, jobNameById }) => ( - - )} - - ); -}; diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/index.tsx index 17a1e21ceebd0..4eefc6aa44f8a 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/index.tsx @@ -6,13 +6,9 @@ */ import React from 'react'; -import { EuiFlyoutBody, EuiSpacer, EuiButtonIcon } from '@elastic/eui'; -import { css } from '@emotion/react'; import { UserDetailsFlyout } from './user_details_flyout'; import { UserDetailsSidePanel } from './user_details_side_panel'; import type { UserDetailsProps } from './types'; -import { UserDetailsContent } from '../new_user_detail/user_details_content'; -import * as i18n from './translations'; const UserDetailsPanelComponent = ({ contextID, @@ -21,40 +17,7 @@ const UserDetailsPanelComponent = ({ handleOnClose, isFlyoutView, isDraggable, - isNewUserDetailsFlyoutEnable, }: UserDetailsProps) => { - if (isNewUserDetailsFlyoutEnable) { - return isFlyoutView ? ( - - - - ) : ( -
- - - - -
- ); - } - return isFlyoutView ? ( ) : ( diff --git a/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/types.ts b/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/types.ts index 96d17c57c08f4..9e1fd0a6b1498 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/types.ts +++ b/x-pack/plugins/security_solution/public/timelines/components/side_panel/user_details/types.ts @@ -12,5 +12,4 @@ export interface UserDetailsProps { handleOnClose: () => void; isFlyoutView?: boolean; isDraggable?: boolean; - isNewUserDetailsFlyoutEnable?: boolean; } diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/user_name.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/user_name.tsx index 58b2a8fbbbb97..083d0651fbab4 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/user_name.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/body/renderers/user_name.tsx @@ -9,9 +9,13 @@ import React, { useCallback, useContext, useMemo } from 'react'; import type { EuiButtonEmpty, EuiButtonIcon } from '@elastic/eui'; import { useDispatch } from 'react-redux'; import { isString } from 'lodash/fp'; +import { useExpandableFlyoutContext } from '@kbn/expandable-flyout'; +import { TableId } from '@kbn/securitysolution-data-table'; +import { UserPanelKey } from '../../../../../flyout/entity_details/user_right'; +import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features'; import { StatefulEventContext } from '../../../../../common/components/events_viewer/stateful_event_context'; import type { ExpandedDetailType } from '../../../../../../common/types'; -import { getScopedActions } from '../../../../../helpers'; +import { getScopedActions, isTimelineScope } from '../../../../../helpers'; import { TimelineId, TimelineTabs } from '../../../../../../common/types/timeline'; import { DefaultDraggable } from '../../../../../common/components/draggables'; import { getEmptyTagValue } from '../../../../../common/components/empty_value'; @@ -48,9 +52,11 @@ const UserNameComponent: React.FC = ({ }) => { const dispatch = useDispatch(); const eventContext = useContext(StatefulEventContext); + const isNewUserDetailsFlyoutEnable = useIsExperimentalFeatureEnabled('newUserDetailsFlyout'); const userName = `${value}`; - const isInTimelineContext = userName && eventContext?.timelineID; + const { openRightPanel } = useExpandableFlyoutContext(); + const openUserDetailsSidePanel = useCallback( (e) => { e.preventDefault(); @@ -58,31 +64,55 @@ const UserNameComponent: React.FC = ({ if (onClick) { onClick(); } + if (eventContext && isInTimelineContext) { const { timelineID, tabType } = eventContext; - const updatedExpandedDetail: ExpandedDetailType = { - panelView: 'userDetail', - params: { - userName, - }, - }; - const scopedActions = getScopedActions(timelineID); - if (scopedActions) { - dispatch( - scopedActions.toggleDetailPanel({ - ...updatedExpandedDetail, - id: timelineID, - tabType: tabType as TimelineTabs, - }) - ); - } - if (timelineID === TimelineId.active && tabType === TimelineTabs.query) { - activeTimeline.toggleExpandedDetail({ ...updatedExpandedDetail }); + if (isNewUserDetailsFlyoutEnable && !isTimelineScope(timelineID)) { + openRightPanel({ + id: UserPanelKey, + params: { + userName, + contextID: contextId, + scopeId: TableId.alertsOnAlertsPage, + isDraggable, + }, + }); + } else { + const updatedExpandedDetail: ExpandedDetailType = { + panelView: 'userDetail', + params: { + userName, + }, + }; + const scopedActions = getScopedActions(timelineID); + if (scopedActions) { + dispatch( + scopedActions.toggleDetailPanel({ + ...updatedExpandedDetail, + id: timelineID, + tabType: tabType as TimelineTabs, + }) + ); + } + + if (timelineID === TimelineId.active && tabType === TimelineTabs.query) { + activeTimeline.toggleExpandedDetail({ ...updatedExpandedDetail }); + } } } }, - [onClick, eventContext, isInTimelineContext, userName, dispatch] + [ + onClick, + eventContext, + isNewUserDetailsFlyoutEnable, + isInTimelineContext, + openRightPanel, + userName, + contextId, + isDraggable, + dispatch, + ] ); // The below is explicitly defined this way as the onClick takes precedence when it and the href are both defined diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts index f383a9d11cc00..da4f9e67d7b8f 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts @@ -167,7 +167,7 @@ describe('Import rules route', () => { errors: [ { error: { - message: 'Unexpected token h in JSON at position 1', + message: `Unexpected token 'h', "this is not"... is not valid JSON`, status_code: 400, }, rule_id: '(unknown id)', diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/create_rules_stream_from_ndjson.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/create_rules_stream_from_ndjson.test.ts index be9561598fd08..50b8d5e7ee6fc 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/create_rules_stream_from_ndjson.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/create_rules_stream_from_ndjson.test.ts @@ -234,7 +234,9 @@ describe('create_rules_stream_from_ndjson', () => { type: 'query', immutable: false, }); - expect(resultOrError[1].message).toEqual('Unexpected token , in JSON at position 1'); + expect(resultOrError[1].message).toEqual( + `Expected property name or '}' in JSON at position 1` + ); expect(resultOrError[2]).toEqual({ rule_id: 'rule-2', output_index: '.siem-signals', diff --git a/x-pack/plugins/task_manager/server/saved_objects/migrations.test.ts b/x-pack/plugins/task_manager/server/saved_objects/migrations.test.ts index 081918673d82a..794a9c466906f 100644 --- a/x-pack/plugins/task_manager/server/saved_objects/migrations.test.ts +++ b/x-pack/plugins/task_manager/server/saved_objects/migrations.test.ts @@ -282,7 +282,7 @@ describe('handles errors during migrations', () => { migration800(taskInstance, migrationContext); }).toThrowError(); expect(migrationContext.log.error).toHaveBeenCalledWith( - `savedObject 8.0.0 migration failed for task instance ${taskInstance.id} with error: Unexpected token s in JSON at position 2`, + `savedObject 8.0.0 migration failed for task instance ${taskInstance.id} with error: Expected property name or '}' in JSON at position 2`, { migrations: { taskInstanceDocument: { diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index c656e54ee8f5f..360be51913f25 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -8684,7 +8684,6 @@ "xpack.apm.dashboard.addDashboard.useContextFilterLabel.tooltip": "L'activation de cette option applique des filtres au tableau de bord en fonction du service et de l'environnement choisis.", "xpack.apm.data_view.creation_failed": "Une erreur s'est produite lors de la création de la vue de données", "xpack.apm.dataView.alreadyExistsInActiveSpace": "La vue de données existe déjà dans l'espace actif", - "xpack.apm.dataView.alreadyExistsInAnotherSpace": "La vue de données existe déjà dans un autre espace mais elle n'est pas disponible dans cet espace", "xpack.apm.dataView.autoCreateDisabled": "La création automatique des vues de données a été désactivée via l'option de configuration \"autoCreateApmDataView\"", "xpack.apm.dataView.noApmData": "Aucune donnée APM", "xpack.apm.dependecyOperationDetailView.header.backLinkLabel": "Toutes les opérations", @@ -17101,7 +17100,6 @@ "xpack.fleet.agentActivityFlyout.inProgressTitle": "En cours", "xpack.fleet.agentActivityFlyout.noActivityDescription": "Le fil d'activités s'affichera ici au fur et à mesure que les agents seront réaffectés, mis à niveau ou désenregistrés.", "xpack.fleet.agentActivityFlyout.noActivityText": "Aucune activité à afficher", - "xpack.fleet.agentActivityFlyout.reviewErrorLogs": "Vérifier les logs d'erreur", "xpack.fleet.agentActivityFlyout.scheduledDescription": "Planifié pour ", "xpack.fleet.agentActivityFlyout.title": "Activité des agents", "xpack.fleet.agentActivityFlyout.todayTitle": "Aujourd'hui", @@ -36768,7 +36766,6 @@ "xpack.securitySolution.timeline.userDetails.firstSeenLabel": "Vu en premier", "xpack.securitySolution.timeline.userDetails.fullNameLabel": "Nom complet", "xpack.securitySolution.timeline.userDetails.hideManagedDataButton": "Masquer les données Azure AD", - "xpack.securitySolution.timeline.userDetails.hideObservedDataButton": "Masquer les données observées", "xpack.securitySolution.timeline.userDetails.hostOsNameLabel": "Système d'exploitation", "xpack.securitySolution.timeline.userDetails.ipAddressesLabel": "Adresses IP", "xpack.securitySolution.timeline.userDetails.lastNameLabel": "Nom", @@ -36787,7 +36784,6 @@ "xpack.securitySolution.timeline.userDetails.phoneLabel": "Téléphone", "xpack.securitySolution.timeline.userDetails.riskScoreLabel": "Score de risque", "xpack.securitySolution.timeline.userDetails.showManagedDataButton": "Afficher les données Azure AD", - "xpack.securitySolution.timeline.userDetails.showObservedDataButton": "Afficher les données observées", "xpack.securitySolution.timeline.userDetails.userIdLabel": "ID utilisateur", "xpack.securitySolution.timeline.userDetails.userLabel": "Utilisateur", "xpack.securitySolution.timeline.userDetails.valuesColumnTitle": "Valeurs", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 157391ad9a6ff..a8e3d4b417f54 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -8699,7 +8699,6 @@ "xpack.apm.dashboard.addDashboard.useContextFilterLabel.tooltip": "このオプションを有効にすると、選択したサービスと環境に基づいてダッシュボードにフィルターが適用されます。", "xpack.apm.data_view.creation_failed": "データビューの作成中にエラーが発生しました", "xpack.apm.dataView.alreadyExistsInActiveSpace": "アクティブなスペースにはすでにデータビューが存在します", - "xpack.apm.dataView.alreadyExistsInAnotherSpace": "データビューはすでに別のスペースに存在しますが、このスペースでは使用できません", "xpack.apm.dataView.autoCreateDisabled": "データビューの自動作成は、「autoCreateApmDataView」構成オプションによって無効化されています", "xpack.apm.dataView.noApmData": "APMデータがありません", "xpack.apm.dependecyOperationDetailView.header.backLinkLabel": "すべての演算", @@ -17114,7 +17113,6 @@ "xpack.fleet.agentActivityFlyout.inProgressTitle": "進行中", "xpack.fleet.agentActivityFlyout.noActivityDescription": "エージェントが再割り当て、アップグレード、または登録解除されたときに、アクティビティフィードがここに表示されます。", "xpack.fleet.agentActivityFlyout.noActivityText": "表示するアクティビティがありません", - "xpack.fleet.agentActivityFlyout.reviewErrorLogs": "エラーログを確認", "xpack.fleet.agentActivityFlyout.scheduledDescription": "スケジュール済み ", "xpack.fleet.agentActivityFlyout.title": "エージェントアクティビティ", "xpack.fleet.agentActivityFlyout.todayTitle": "今日", @@ -36766,7 +36764,6 @@ "xpack.securitySolution.timeline.userDetails.firstSeenLabel": "初回の認識", "xpack.securitySolution.timeline.userDetails.fullNameLabel": "フルネーム", "xpack.securitySolution.timeline.userDetails.hideManagedDataButton": "Azure ADデータを非表示", - "xpack.securitySolution.timeline.userDetails.hideObservedDataButton": "観測されたデータを非表示", "xpack.securitySolution.timeline.userDetails.hostOsNameLabel": "オペレーティングシステム", "xpack.securitySolution.timeline.userDetails.ipAddressesLabel": "IP アドレス", "xpack.securitySolution.timeline.userDetails.lastNameLabel": "姓", @@ -36785,7 +36782,6 @@ "xpack.securitySolution.timeline.userDetails.phoneLabel": "電話", "xpack.securitySolution.timeline.userDetails.riskScoreLabel": "リスクスコア", "xpack.securitySolution.timeline.userDetails.showManagedDataButton": "Azure ADデータを表示", - "xpack.securitySolution.timeline.userDetails.showObservedDataButton": "観測されたデータを表示", "xpack.securitySolution.timeline.userDetails.userIdLabel": "ユーザーID", "xpack.securitySolution.timeline.userDetails.userLabel": "ユーザー", "xpack.securitySolution.timeline.userDetails.valuesColumnTitle": "値", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 192297f53e6ec..879ccde09a001 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -8698,7 +8698,6 @@ "xpack.apm.dashboard.addDashboard.useContextFilterLabel.tooltip": "启用此选项会根据您选择的服务和环境,将筛选应用于仪表板。", "xpack.apm.data_view.creation_failed": "创建数据视图时出错", "xpack.apm.dataView.alreadyExistsInActiveSpace": "活动工作区中已存在数据视图", - "xpack.apm.dataView.alreadyExistsInAnotherSpace": "数据视图已在另一工作区中存在,但在此工作区中不可用", "xpack.apm.dataView.autoCreateDisabled": "已通过“autoCreateApmDataView”配置选项禁止自动创建数据视图", "xpack.apm.dataView.noApmData": "无 APM 数据", "xpack.apm.dependecyOperationDetailView.header.backLinkLabel": "所有操作", @@ -17114,7 +17113,6 @@ "xpack.fleet.agentActivityFlyout.inProgressTitle": "进行中", "xpack.fleet.agentActivityFlyout.noActivityDescription": "重新分配、升级或取消注册代理时,活动源将在此处显示。", "xpack.fleet.agentActivityFlyout.noActivityText": "没有可显示的活动", - "xpack.fleet.agentActivityFlyout.reviewErrorLogs": "查看错误日志", "xpack.fleet.agentActivityFlyout.scheduledDescription": "计划进行 ", "xpack.fleet.agentActivityFlyout.title": "代理活动", "xpack.fleet.agentActivityFlyout.todayTitle": "今日", @@ -36762,7 +36760,6 @@ "xpack.securitySolution.timeline.userDetails.firstSeenLabel": "首次看到时间", "xpack.securitySolution.timeline.userDetails.fullNameLabel": "全名", "xpack.securitySolution.timeline.userDetails.hideManagedDataButton": "隐藏 Azure AD 数据", - "xpack.securitySolution.timeline.userDetails.hideObservedDataButton": "隐藏观察数据", "xpack.securitySolution.timeline.userDetails.hostOsNameLabel": "操作系统", "xpack.securitySolution.timeline.userDetails.ipAddressesLabel": "IP 地址", "xpack.securitySolution.timeline.userDetails.lastNameLabel": "姓氏", @@ -36781,7 +36778,6 @@ "xpack.securitySolution.timeline.userDetails.phoneLabel": "电话", "xpack.securitySolution.timeline.userDetails.riskScoreLabel": "风险分数", "xpack.securitySolution.timeline.userDetails.showManagedDataButton": "显示 Azure AD 数据", - "xpack.securitySolution.timeline.userDetails.showObservedDataButton": "显示观察数据", "xpack.securitySolution.timeline.userDetails.userIdLabel": "用户 ID", "xpack.securitySolution.timeline.userDetails.userLabel": "用户", "xpack.securitySolution.timeline.userDetails.valuesColumnTitle": "值", diff --git a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts index b38b4b0ee672c..e3ed2144876ad 100644 --- a/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts +++ b/x-pack/test/alerting_api_integration/observability/custom_threshold_rule/avg_pct_fired.ts @@ -16,7 +16,6 @@ import { FIRED_ACTIONS_ID } from '@kbn/observability-plugin/server/lib/rules/cus import expect from '@kbn/expect'; import { OBSERVABILITY_THRESHOLD_RULE_TYPE_ID } from '@kbn/rule-data-utils'; import { createIndexConnector, createRule } from '../helpers/alerting_api_helper'; -import { createDataView, deleteDataView } from '../helpers/data_view'; import { waitForAlertInIndex, waitForDocumentInIndex, @@ -38,8 +37,19 @@ export default function ({ getService }: FtrProviderContext) { // DATE_VIEW should match the index template: // x-pack/packages/kbn-infra-forge/src/data_sources/composable/template.json const DATE_VIEW = 'kbn-data-forge-fake_hosts'; - const DATE_VIEW_NAME = 'data-view-name'; + const DATE_VIEW_NAME = 'ad-hoc-data-view-name'; const DATA_VIEW_ID = 'data-view-id'; + const MOCKED_AD_HOC_DATA_VIEW = { + id: DATA_VIEW_ID, + title: DATE_VIEW, + timeFieldName: '@timestamp', + sourceFilters: [], + fieldFormats: {}, + runtimeFieldMap: {}, + allowNoIndex: false, + name: DATE_VIEW_NAME, + allowHidden: false, + }; let infraDataIndex: string; let actionId: string; let ruleId: string; @@ -48,12 +58,6 @@ export default function ({ getService }: FtrProviderContext) { before(async () => { infraDataIndex = await generate({ esClient, lookback: 'now-15m', logger }); - await createDataView({ - supertest, - name: DATE_VIEW_NAME, - id: DATA_VIEW_ID, - title: DATE_VIEW, - }); }); after(async () => { @@ -67,10 +71,6 @@ export default function ({ getService }: FtrProviderContext) { index: '.kibana-event-log-*', query: { term: { 'kibana.alert.rule.consumer': 'logs' } }, }); - await deleteDataView({ - supertest, - id: DATA_VIEW_ID, - }); await esDeleteAllIndices([ALERT_ACTION_INDEX, infraDataIndex]); await cleanup({ esClient, logger }); }); @@ -109,7 +109,7 @@ export default function ({ getService }: FtrProviderContext) { query: '', language: 'kuery', }, - index: DATA_VIEW_ID, + index: MOCKED_AD_HOC_DATA_VIEW, }, }, actions: [ @@ -199,7 +199,10 @@ export default function ({ getService }: FtrProviderContext) { ], alertOnNoData: true, alertOnGroupDisappear: true, - searchConfiguration: { index: 'data-view-id', query: { query: '', language: 'kuery' } }, + searchConfiguration: { + index: MOCKED_AD_HOC_DATA_VIEW, + query: { query: '', language: 'kuery' }, + }, }); }); diff --git a/x-pack/test/alerting_api_integration/observability/helpers/alerting_api_helper.ts b/x-pack/test/alerting_api_integration/observability/helpers/alerting_api_helper.ts index d56b91dda5515..57b5721701a40 100644 --- a/x-pack/test/alerting_api_integration/observability/helpers/alerting_api_helper.ts +++ b/x-pack/test/alerting_api_integration/observability/helpers/alerting_api_helper.ts @@ -5,8 +5,9 @@ * 2.0. */ -import { ThresholdParams } from '@kbn/observability-plugin/common/custom_threshold_rule/types'; import type { SuperTest, Test } from 'supertest'; +import expect from '@kbn/expect'; +import { ThresholdParams } from '@kbn/observability-plugin/common/custom_threshold_rule/types'; export async function createIndexConnector({ supertest, @@ -64,5 +65,8 @@ export async function createRule({ rule_type_id: ruleTypeId, actions, }); + if (body.statusCode) { + expect(body.statusCode).eql(200, body.message); + } return body; } diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts b/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts index 4ebfacb4d10c9..b4daf5172b164 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/mock_data.ts @@ -24,6 +24,10 @@ export const findingsMockData = [ type: 'process', }, cluster_id: 'Upper case cluster id', + event: { + ingested: '2023-08-19T18:20:41Z', + created: '2023-08-19T18:17:15.609124281Z', + }, }, { resource: { id: chance.guid(), name: `Pod`, sub_type: 'Upper case sub type' }, @@ -40,6 +44,10 @@ export const findingsMockData = [ type: 'process', }, cluster_id: 'Another Upper case cluster id', + event: { + ingested: '2023-08-19T18:20:41Z', + created: '2023-08-19T18:17:15.609124281Z', + }, }, ]; diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts index 6a3f8fbbfeda5..06f80adf46034 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts @@ -247,8 +247,8 @@ export default function (providerContext: FtrProviderContext) { `expected unprivileged but got ${res.cspm.status} instead` ); expect(res.vuln_mgmt.status).to.eql( - 'not-installed', - `expected not-installed but got ${res.vuln_mgmt.status} instead` + 'unprivileged', + `expected unprivileged but got ${res.vuln_mgmt.status} instead` ); assertIndexStatus(res.indicesDetails, LATEST_FINDINGS_INDEX_DEFAULT_NS, 'unprivileged'); diff --git a/x-pack/test/api_integration/apis/maps/migrations.js b/x-pack/test/api_integration/apis/maps/migrations.js index 1295dac5bbb49..30301a80577b3 100644 --- a/x-pack/test/api_integration/apis/maps/migrations.js +++ b/x-pack/test/api_integration/apis/maps/migrations.js @@ -75,7 +75,7 @@ export default function ({ getService }) { try { panels = JSON.parse(resp.body.attributes.panelsJSON); } catch (error) { - throw 'Unable to parse panelsJSON from dashboard saved object'; + throw new Error('Unable to parse panelsJSON from dashboard saved object'); } expect(panels.length).to.be(1); expect(panels[0].type).to.be('map'); diff --git a/x-pack/test/apm_api_integration/common/apm_api_supertest.ts b/x-pack/test/apm_api_integration/common/apm_api_supertest.ts index ac16abff4098b..4fe7ae4a62e71 100644 --- a/x-pack/test/apm_api_integration/common/apm_api_supertest.ts +++ b/x-pack/test/apm_api_integration/common/apm_api_supertest.ts @@ -20,6 +20,7 @@ export function createApmApiClient(st: supertest.SuperTest) { options: { type?: 'form-data'; endpoint: TEndpoint; + spaceId?: string; } & APIClientRequestParamsOf & { params?: { query?: { _inspect?: boolean } } } ): Promise> => { const { endpoint, type } = options; @@ -27,7 +28,8 @@ export function createApmApiClient(st: supertest.SuperTest) { const params = 'params' in options ? (options.params as Record) : {}; const { method, pathname, version } = formatRequest(endpoint, params.path); - const url = format({ pathname, query: params?.query }); + const pathnameWithSpaceId = options.spaceId ? `/s/${options.spaceId}${pathname}` : pathname; + const url = format({ pathname: pathnameWithSpaceId, query: params?.query }); const headers: Record = { 'kbn-xsrf': 'foo', diff --git a/x-pack/test/apm_api_integration/tests/data_view/static.spec.ts b/x-pack/test/apm_api_integration/tests/data_view/static.spec.ts index a49e698c86c65..dcc8fc76044cf 100644 --- a/x-pack/test/apm_api_integration/tests/data_view/static.spec.ts +++ b/x-pack/test/apm_api_integration/tests/data_view/static.spec.ts @@ -8,7 +8,7 @@ import { apm, timerange } from '@kbn/apm-synthtrace-client'; import type { ApmSynthtraceEsClient } from '@kbn/apm-synthtrace'; import expect from '@kbn/expect'; -import { APM_STATIC_DATA_VIEW_ID } from '@kbn/apm-plugin/common/data_view_constants'; +import { getDataViewId } from '@kbn/apm-plugin/common/data_view_constants'; import { DataView } from '@kbn/data-views-plugin/common'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import request from 'superagent'; @@ -20,28 +20,33 @@ export default function ApiTest({ getService }: FtrProviderContext) { const apmApiClient = getService('apmApiClient'); const supertest = getService('supertest'); const synthtrace = getService('synthtraceEsClient'); + const logger = getService('log'); const dataViewPattern = 'traces-apm*,apm-*,logs-apm*,apm-*,metrics-apm*,apm-*'; - function createDataViewWithWriteUser() { + function createDataViewWithWriteUser({ spaceId }: { spaceId: string }) { return apmApiClient.writeUser({ endpoint: 'POST /internal/apm/data_view/static', + spaceId, }); } - function createDataViewWithReadUser() { - return apmApiClient.readUser({ endpoint: 'POST /internal/apm/data_view/static' }); + function createDataViewWithReadUser({ spaceId }: { spaceId: string }) { + return apmApiClient.readUser({ + endpoint: 'POST /internal/apm/data_view/static', + spaceId, + }); } - function deleteDataView() { + function deleteDataView(spaceId: string) { return supertest - .delete(`/api/saved_objects/index-pattern/${APM_STATIC_DATA_VIEW_ID}?force=true`) + .delete(`/s/${spaceId}/api/saved_objects/index-pattern/${getDataViewId(spaceId)}?force=true`) .set('kbn-xsrf', 'foo'); } - function getDataView({ space }: { space: string }) { - const spacePrefix = space !== 'default' ? `/s/${space}` : ''; + function getDataView({ spaceId }: { spaceId: string }) { + const spacePrefix = spaceId !== 'default' ? `/s/${spaceId}` : ''; return supertest.get( - `${spacePrefix}/api/saved_objects/index-pattern/${APM_STATIC_DATA_VIEW_ID}` + `${spacePrefix}/api/saved_objects/index-pattern/${getDataViewId(spaceId)}` ); } @@ -56,7 +61,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { registry.when('no mappings exist', { config: 'basic', archives: [] }, () => { let response: SupertestReturnType<'POST /internal/apm/data_view/static'>; before(async () => { - response = await createDataViewWithWriteUser(); + response = await createDataViewWithWriteUser({ spaceId: 'default' }); }); it('does not create data view', async () => { @@ -68,10 +73,10 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); it('cannot fetch data view', async () => { - const res = await getDataView({ space: 'default' }); + const res = await getDataView({ spaceId: 'default' }); expect(res.status).to.be(404); expect(res.body.message).to.eql( - 'Saved object [index-pattern/apm_static_index_pattern_id] not found' + 'Saved object [index-pattern/apm_static_data_view_id_default] not found' ); }); }); @@ -86,14 +91,18 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); afterEach(async () => { - await deleteDataView(); + try { + await Promise.all([deleteDataView('default'), deleteDataView('foo')]); + } catch (e) { + logger.error(`Could not delete data views ${e.message}`); + } }); describe('when creating data view with write user', () => { let response: SupertestReturnType<'POST /internal/apm/data_view/static'>; before(async () => { - response = await createDataViewWithWriteUser(); + response = await createDataViewWithWriteUser({ spaceId: 'default' }); }); it('successfully creates the apm data view', async () => { @@ -102,7 +111,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { // @ts-expect-error const dataView = response.body.dataView as DataView; - expect(dataView.id).to.be('apm_static_index_pattern_id'); + expect(dataView.id).to.be('apm_static_data_view_id_default'); expect(dataView.name).to.be('APM'); expect(dataView.title).to.be('traces-apm*,apm-*,logs-apm*,apm-*,metrics-apm*,apm-*'); }); @@ -112,8 +121,8 @@ export default function ApiTest({ getService }: FtrProviderContext) { let dataViewResponse: request.Response; before(async () => { - await createDataViewWithWriteUser(); - dataViewResponse = await getDataView({ space: 'default' }); + await createDataViewWithWriteUser({ spaceId: 'default' }); + dataViewResponse = await getDataView({ spaceId: 'default' }); }); it('return 200', () => { @@ -121,7 +130,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); it('has correct id', () => { - expect(dataViewResponse.body.id).to.be('apm_static_index_pattern_id'); + expect(dataViewResponse.body.id).to.be('apm_static_data_view_id_default'); }); it('has correct title', () => { @@ -170,7 +179,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('when creating data view via read user', () => { it('throws an error', async () => { try { - await createDataViewWithReadUser(); + await createDataViewWithReadUser({ spaceId: 'default' }); } catch (e) { const err = e as ApmApiError; const responseBody = err.res.body; @@ -184,30 +193,44 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('when creating data view twice', () => { it('returns 200 response with reason, if data view already exists', async () => { - await createDataViewWithWriteUser(); - const res = await createDataViewWithWriteUser(); + await createDataViewWithWriteUser({ spaceId: 'default' }); + const res = await createDataViewWithWriteUser({ spaceId: 'default' }); expect(res.status).to.be(200); expect(res.body).to.eql({ created: false, - reason: 'Dataview already exists in the active space', + reason: 'Dataview already exists in the active space and does not need to be updated', }); }); }); describe('when creating data view in "default" space', async () => { - it('can be retrieved from the "default space"', async () => { - await createDataViewWithWriteUser(); - const res = await getDataView({ space: 'default' }); - expect(res.body.id).to.eql('apm_static_index_pattern_id'); - expect(res.body.namespaces).to.eql(['*', 'default']); + it('can be retrieved from the "default" space', async () => { + await createDataViewWithWriteUser({ spaceId: 'default' }); + const res = await getDataView({ spaceId: 'default' }); + expect(res.body.id).to.eql('apm_static_data_view_id_default'); + expect(res.body.namespaces).to.eql(['default']); }); + it('cannot be retrieved from the "foo" space', async () => { + await createDataViewWithWriteUser({ spaceId: 'default' }); + const res = await getDataView({ spaceId: 'foo' }); + expect(res.body.statusCode).to.be(404); + }); + }); + + describe('when creating data view in "foo" space', async () => { it('can be retrieved from the "foo" space', async () => { - await createDataViewWithWriteUser(); - const res = await getDataView({ space: 'foo' }); - expect(res.body.id).to.eql('apm_static_index_pattern_id'); - expect(res.body.namespaces).to.eql(['*', 'default']); + await createDataViewWithWriteUser({ spaceId: 'foo' }); + const res = await getDataView({ spaceId: 'foo' }); + expect(res.body.id).to.eql('apm_static_data_view_id_foo'); + expect(res.body.namespaces).to.eql(['foo']); + }); + + it('cannot be retrieved from the "default" space', async () => { + await createDataViewWithWriteUser({ spaceId: 'foo' }); + const res = await getDataView({ spaceId: 'default' }); + expect(res.body.statusCode).to.be(404); }); }); }); diff --git a/x-pack/test/cloud_security_posture_functional/mocks/vulnerabilities_latest_mock.ts b/x-pack/test/cloud_security_posture_functional/mocks/vulnerabilities_latest_mock.ts index 813c72743e7fc..f0ffd4aebb388 100644 --- a/x-pack/test/cloud_security_posture_functional/mocks/vulnerabilities_latest_mock.ts +++ b/x-pack/test/cloud_security_posture_functional/mocks/vulnerabilities_latest_mock.ts @@ -83,7 +83,7 @@ export const vulnerabilitiesLatestMock = [ id: '704479110758', }, }, - '@timestamp': '2023-06-29T02:08:44.993Z', + '@timestamp': (Date.now() - 249200000).toString(), cloudbeat: { commit_sha: '4d990caa0c9c1594441da6bf24a685599aeb2bd5', commit_time: '2023-05-15T14:48:10Z', @@ -189,7 +189,7 @@ export const vulnerabilitiesLatestMock = [ id: '704479110758', }, }, - '@timestamp': '2023-06-29T02:08:16.535Z', + '@timestamp': (Date.now() - 249200000).toString(), ecs: { version: '8.6.0', }, diff --git a/x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts b/x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts index 49f4ab0a6d12f..0fd0e463e7087 100644 --- a/x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts +++ b/x-pack/test/cloud_security_posture_functional/page_objects/findings_page.ts @@ -410,6 +410,12 @@ export function FindingsPageProvider({ getService, getPageObjects }: FtrProvider }, }); + const isLatestFindingsTableThere = async () => { + const table = await testSubjects.findAll('docTable'); + const trueOrFalse = table.length > 0 ? true : false; + return trueOrFalse; + }; + return { navigateToLatestFindingsPage, navigateToVulnerabilities, @@ -426,5 +432,6 @@ export function FindingsPageProvider({ getService, getPageObjects }: FtrProvider misconfigurationsFlyout, toastMessage, detectionRuleApi, + isLatestFindingsTableThere, }; } diff --git a/x-pack/test/cloud_security_posture_functional/pages/findings.ts b/x-pack/test/cloud_security_posture_functional/pages/findings.ts index 69c1fd6949f51..4ec0240f735c9 100644 --- a/x-pack/test/cloud_security_posture_functional/pages/findings.ts +++ b/x-pack/test/cloud_security_posture_functional/pages/findings.ts @@ -17,12 +17,13 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { const retry = getService('retry'); const pageObjects = getPageObjects(['common', 'findings', 'header']); const chance = new Chance(); + const timeFiveHoursAgo = (Date.now() - 18000000).toString(); // We need to use a dataset for the tests to run // We intentionally make some fields start with a capital letter to test that the query bar is case-insensitive/case-sensitive const data = [ { - '@timestamp': '1695819664234', + '@timestamp': timeFiveHoursAgo, resource: { id: chance.guid(), name: `kubelet`, sub_type: 'lower case sub type' }, result: { evaluation: chance.integer() % 2 === 0 ? 'passed' : 'failed' }, rule: { @@ -39,7 +40,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { cluster_id: 'Upper case cluster id', }, { - '@timestamp': '1695819673242', + '@timestamp': timeFiveHoursAgo, resource: { id: chance.guid(), name: `Pod`, sub_type: 'Upper case sub type' }, result: { evaluation: chance.integer() % 2 === 0 ? 'passed' : 'failed' }, rule: { @@ -56,7 +57,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { cluster_id: 'Another Upper case cluster id', }, { - '@timestamp': '1695819676242', + '@timestamp': timeFiveHoursAgo, resource: { id: chance.guid(), name: `process`, sub_type: 'another lower case type' }, result: { evaluation: 'passed' }, rule: { @@ -73,7 +74,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { cluster_id: 'lower case cluster id', }, { - '@timestamp': '1695819680202', + '@timestamp': timeFiveHoursAgo, resource: { id: chance.guid(), name: `process`, sub_type: 'Upper case type again' }, result: { evaluation: 'failed' }, rule: { @@ -122,7 +123,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await findings.index.add(data); await findings.navigateToLatestFindingsPage(); - await retry.waitFor( 'Findings table to be loaded', async () => (await latestFindingsTable.getRowsCount()) === data.length diff --git a/x-pack/test/cloud_security_posture_functional/pages/findings_old_data.ts b/x-pack/test/cloud_security_posture_functional/pages/findings_old_data.ts new file mode 100644 index 0000000000000..fc12d593333b2 --- /dev/null +++ b/x-pack/test/cloud_security_posture_functional/pages/findings_old_data.ts @@ -0,0 +1,94 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import Chance from 'chance'; +import type { FtrProviderContext } from '../ftr_provider_context'; + +// eslint-disable-next-line import/no-default-export +export default function ({ getPageObjects, getService }: FtrProviderContext) { + const pageObjects = getPageObjects(['common', 'findings', 'header']); + const chance = new Chance(); + const hoursToMillisecond = (hours: number) => hours * 60 * 60 * 1000; + + const dataOldKspm = [ + { + '@timestamp': (Date.now() - hoursToMillisecond(27)).toString(), + resource: { id: chance.guid(), name: `kubelet`, sub_type: 'lower case sub type' }, + result: { evaluation: chance.integer() % 2 === 0 ? 'passed' : 'failed' }, + rule: { + name: 'Upper case rule name', + section: 'Upper case section', + benchmark: { + id: 'cis_k8s', + posture_type: 'kspm', + name: 'CIS Kubernetes V1.23', + version: 'v1.0.0', + }, + type: 'process', + }, + cluster_id: 'Upper case cluster id', + }, + ]; + + const dataOldCspm = [ + { + '@timestamp': (Date.now() - hoursToMillisecond(27)).toString(), + resource: { id: chance.guid(), name: `kubelet`, sub_type: 'lower case sub type' }, + result: { evaluation: chance.integer() % 2 === 0 ? 'passed' : 'failed' }, + rule: { + name: 'Upper case rule name', + section: 'Upper case section', + benchmark: { + id: 'cis_aws', + posture_type: 'cspm', + name: 'CIS AWS V1.23', + version: 'v1.0.0', + }, + type: 'process', + }, + cluster_id: 'Upper case cluster id', + }, + ]; + + describe('Old Data', function () { + this.tags(['cloud_security_posture_findings']); + let findings: typeof pageObjects.findings; + + before(async () => { + findings = pageObjects.findings; + + // Before we start any test we must wait for cloud_security_posture plugin to complete its initialization + await findings.waitForPluginInitialized(); + }); + + after(async () => { + await findings.index.remove(); + }); + + describe('Findings page with old data', () => { + it('returns no Findings KSPM', async () => { + // Prepare mocked findings + await findings.index.remove(); + await findings.index.add(dataOldKspm); + + await findings.navigateToLatestFindingsPage(); + pageObjects.header.waitUntilLoadingHasFinished(); + expect(await findings.isLatestFindingsTableThere()).to.be(false); + }); + it('returns no Findings CSPM', async () => { + // Prepare mocked findings + await findings.index.remove(); + await findings.index.add(dataOldCspm); + + await findings.navigateToLatestFindingsPage(); + pageObjects.header.waitUntilLoadingHasFinished(); + expect(await findings.isLatestFindingsTableThere()).to.be(false); + }); + }); + }); +} diff --git a/x-pack/test/cloud_security_posture_functional/pages/index.ts b/x-pack/test/cloud_security_posture_functional/pages/index.ts index 9d4e17ec0c88c..f1bb7f8fb7875 100644 --- a/x-pack/test/cloud_security_posture_functional/pages/index.ts +++ b/x-pack/test/cloud_security_posture_functional/pages/index.ts @@ -16,5 +16,6 @@ export default function ({ loadTestFile }: FtrProviderContext) { loadTestFile(require.resolve('./compliance_dashboard')); loadTestFile(require.resolve('./vulnerability_dashboard')); loadTestFile(require.resolve('./cis_integration')); + loadTestFile(require.resolve('./findings_old_data')); }); } diff --git a/x-pack/test/functional/apps/infra/index.ts b/x-pack/test/functional/apps/infra/index.ts index e34b074f8829e..5ad5c004c30c9 100644 --- a/x-pack/test/functional/apps/infra/index.ts +++ b/x-pack/test/functional/apps/infra/index.ts @@ -29,6 +29,7 @@ export default ({ loadTestFile }: FtrProviderContext) => { loadTestFile(require.resolve('./logs/log_stream_date_nano')); loadTestFile(require.resolve('./logs/link_to')); loadTestFile(require.resolve('./logs/log_stream')); + loadTestFile(require.resolve('./logs/ml_job_id_formats/tests')); }); }); }; diff --git a/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/assert_id_formats.ts b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/assert_id_formats.ts new file mode 100644 index 0000000000000..fb89001425d94 --- /dev/null +++ b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/assert_id_formats.ts @@ -0,0 +1,46 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import { IdFormat } from '@kbn/infra-plugin/common/http_api/latest'; + +const rateHashedPattern = /logs-[0-9a-fA-F]{32,}-log-entry-rate/; +const rateLegacyPattern = /kibana-logs-ui-.*-.*-log-entry-rate/; +const categoriesCountHashedPattern = /logs-[0-9a-fA-F]{32,}-log-entry-categories-count/; +const categoriesCountLegacyPattern = /kibana-logs-ui-.*-.*-log-entry-categories-count/; + +export function assertIdFormats( + url: string, + expected: { + 'log-entry-rate': IdFormat | undefined; + 'log-entry-categories-count': IdFormat | undefined; + } +) { + const idFormats = extractIdFormats(url); + expect(idFormats).to.eql(expected); +} + +function extractIdFormats(url: string) { + let rateFormat; + if (rateHashedPattern.test(url)) { + rateFormat = 'hashed'; + } else if (rateLegacyPattern.test(url)) { + rateFormat = 'legacy'; + } + + let categoriesCountFormat; + if (categoriesCountHashedPattern.test(url)) { + categoriesCountFormat = 'hashed'; + } else if (categoriesCountLegacyPattern.test(url)) { + categoriesCountFormat = 'legacy'; + } + + return { + 'log-entry-rate': rateFormat, + 'log-entry-categories-count': categoriesCountFormat, + }; +} diff --git a/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/ml_job_configs.ts b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/ml_job_configs.ts new file mode 100644 index 0000000000000..facd1a059d3f5 --- /dev/null +++ b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/ml_job_configs.ts @@ -0,0 +1,129 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { TypeOf } from '@kbn/config-schema'; +import { setupModuleBodySchema } from '@kbn/ml-plugin/server/routes/schemas/modules'; + +export interface MlJob { + jobId: string; + module: 'logs_ui_analysis' | 'logs_ui_categories'; + config: TypeOf; +} + +const rateConfig = { + prefix: '', + start: Date.now(), + indexPatternName: 'filebeat-*', + startDatafeed: true, + useDedicatedIndex: true, + jobOverrides: [ + { + job_id: 'log-entry-rate', + analysis_config: { + bucket_span: '900000ms', + }, + data_description: { + time_field: '@timestamp', + }, + custom_settings: { + logs_source_config: { + indexPattern: 'filebeat-*', + timestampField: '@timestamp', + bucketSpan: 900000, + }, + }, + }, + ], + datafeedOverrides: [ + { + job_id: 'log-entry-rate', + runtime_mappings: {}, + }, + ], +}; + +const categoriesCountConfig = { + prefix: '', + start: Date.now(), + indexPatternName: 'filebeat-*', + startDatafeed: true, + useDedicatedIndex: true, + jobOverrides: [ + { + job_id: 'log-entry-categories-count', + analysis_config: { + bucket_span: '900000ms', + }, + data_description: { + time_field: '@timestamp', + }, + custom_settings: { + logs_source_config: { + indexPattern: 'filebeat-*', + timestampField: '@timestamp', + bucketSpan: 900000, + datasetFilter: { + type: 'includeAll', + }, + }, + }, + }, + ], + datafeedOverrides: [ + { + job_id: 'log-entry-categories-count', + runtime_mappings: {}, + }, + ], + query: { + bool: { + filter: [ + { + exists: { + field: 'message', + }, + }, + ], + }, + }, +}; + +export const hashedRateJob: MlJob = { + jobId: 'logs-11558ee526445db2b42eb3d6b4af58d0-log-entry-rate', + module: 'logs_ui_analysis', + config: { + ...rateConfig, + prefix: 'logs-11558ee526445db2b42eb3d6b4af58d0-', + }, +}; + +export const hashedCategoriesCountJob: MlJob = { + jobId: 'logs-11558ee526445db2b42eb3d6b4af58d0-log-entry-categories-count', + module: 'logs_ui_categories', + config: { + ...categoriesCountConfig, + prefix: 'logs-11558ee526445db2b42eb3d6b4af58d0-', + }, +}; + +export const legacyRateJob: MlJob = { + jobId: 'kibana-logs-ui-default-default-log-entry-rate', + module: 'logs_ui_analysis', + config: { + ...rateConfig, + prefix: 'kibana-logs-ui-default-default-', + }, +}; + +export const legacyCategoriesCountJob: MlJob = { + jobId: 'kibana-logs-ui-default-default-log-entry-categories-count', + module: 'logs_ui_categories', + config: { + ...categoriesCountConfig, + prefix: 'kibana-logs-ui-default-default-', + }, +}; diff --git a/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/ml_job_helper.ts b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/ml_job_helper.ts new file mode 100644 index 0000000000000..7c6dcc9b5575f --- /dev/null +++ b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/ml_job_helper.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { MlApi } from '../../../../services/ml/api'; +import { MlJob } from './ml_job_configs'; + +export function createMlJobHelper(ml: MlApi) { + async function createMlJobs(jobs: MlJob[]) { + for (const mlJob of jobs) { + await ml.setupModule(mlJob.module, mlJob.config, 'default'); + await ml.waitForAnomalyDetectionJobToExist(mlJob.jobId); + } + } + + async function deleteMlJobs(jobs: MlJob[]) { + for (const mlJob of jobs) { + await ml.deleteAnomalyDetectionJobES(mlJob.jobId); + await ml.waitForAnomalyDetectionJobNotToExist(mlJob.jobId); + } + } + + return { createMlJobs, deleteMlJobs }; +} + +export type MlJobHelper = ReturnType; diff --git a/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/request_tracker.ts b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/request_tracker.ts new file mode 100644 index 0000000000000..fe7fb5a49b15d --- /dev/null +++ b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/request_tracker.ts @@ -0,0 +1,101 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Browser } from '../../../../../../../test/functional/services/common/browser'; +import { CommonPageObject } from '../../../../../../../test/functional/page_objects/common_page'; + +type PerformanceResourceTimingWithHttpStatus = PerformanceResourceTiming & { + responseStatus: number; +}; + +export interface RequestLogEntry { + url: string; + timestamp: number; + status: number; +} + +declare global { + interface Window { + ftrLogsUiAnomalies?: { + requests: RequestLogEntry[]; + observer: PerformanceObserver; + }; + } +} + +export function createRequestTracker(browser: Browser, common: CommonPageObject) { + async function install() { + await browser.execute(() => { + function handleTimings(entryList: PerformanceObserverEntryList) { + const entries = entryList.getEntriesByType( + 'resource' + ) as PerformanceResourceTimingWithHttpStatus[]; + + entries + .filter((entry) => entry.initiatorType === 'fetch') + .forEach((entry) => { + if (window.ftrLogsUiAnomalies) { + window.ftrLogsUiAnomalies.requests.push({ + url: entry.name, + timestamp: entry.startTime, + status: entry.responseStatus, + }); + } else { + throw new Error('Request tracker not installed'); + } + }); + } + + const observer = new PerformanceObserver(handleTimings); + observer.observe({ type: 'resource', buffered: true }); + + window.ftrLogsUiAnomalies = { + observer, + requests: [], + }; + }); + } + + async function getRequests(pattern: RegExp, timeToWait: number = 0) { + if (timeToWait > 0) { + await common.sleep(timeToWait); + } + + // Passing RegExp to the browser doesn't seem to serialize well + // so we pass a string, but .toString returns it like /pattern/ which + // when we compile it in the browser gets escaped to /\/pattern\// + // thus we remove the surrounding slashes + const patternString = pattern.toString(); + const trimmedPattern = patternString.substring(1, patternString.length - 1); + + return await browser.execute((browserPattern: string) => { + const regExp = new RegExp(browserPattern); + if (window.ftrLogsUiAnomalies) { + const entries = window.ftrLogsUiAnomalies.requests.filter((entry) => + regExp.test(entry.url) + ); + entries.sort((a, b) => a.timestamp - b.timestamp); + return entries; + } else { + throw new Error('Request tracker not installed'); + } + }, trimmedPattern); + } + + async function uninstall() { + await browser.execute(() => { + if (window.ftrLogsUiAnomalies) { + window.ftrLogsUiAnomalies.observer.disconnect(); + delete window.ftrLogsUiAnomalies; + } else { + throw new Error('Request tracker not installed'); + } + }); + } + + return { install, getRequests, uninstall }; +} diff --git a/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/tests.ts b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/tests.ts new file mode 100644 index 0000000000000..ec16fe567f4ea --- /dev/null +++ b/x-pack/test/functional/apps/infra/logs/ml_job_id_formats/tests.ts @@ -0,0 +1,324 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from '@kbn/expect'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { assertIdFormats } from './assert_id_formats'; +import { createMlJobHelper, MlJobHelper } from './ml_job_helper'; +import { createRequestTracker } from './request_tracker'; +import { + hashedRateJob, + hashedCategoriesCountJob, + legacyRateJob, + legacyCategoriesCountJob, +} from './ml_job_configs'; + +const anomalyDetectorsPattern = + /anomaly_detectors\/.*-log-entry-(rate|categories-count)\/results\/overall_buckets/; + +export default ({ getService, getPageObjects }: FtrProviderContext) => { + const retry = getService('retry'); + const esArchiver = getService('esArchiver'); + const browser = getService('browser'); + const pageObjects = getPageObjects(['common']); + const logsUi = getService('logsUi'); + const ml = getService('ml'); + const requestTracker = createRequestTracker(browser, pageObjects.common); + let mlJobHelper: MlJobHelper; + + describe('ML job ID formats', function () { + this.tags('includeFirefox'); + + this.beforeAll(async () => { + // Access to ml.api has to happen inside a test or test hook + mlJobHelper = createMlJobHelper(ml.api); + await esArchiver.load('x-pack/test/functional/es_archives/infra/simple_logs'); + }); + + this.afterAll(async () => { + await esArchiver.unload('x-pack/test/functional/es_archives/infra/simple_logs'); + }); + + describe('hashed format', () => { + // The hashed format always takes priority. If, for some reason, the same job exists + // in both formats, only the hashed format job will be used. + + it('loads rate job in the hashed ID format', async () => { + await mlJobHelper.createMlJobs([hashedRateJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + + expect(requests).not.to.be.empty(); + assertIdFormats(requests[0].url, { + 'log-entry-rate': 'hashed', + 'log-entry-categories-count': undefined, + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([hashedRateJob]); + }); + + it('loads category count job in the hashed ID format', async () => { + await mlJobHelper.createMlJobs([hashedCategoriesCountJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + assertIdFormats(requests[0].url, { + 'log-entry-rate': undefined, + 'log-entry-categories-count': 'hashed', + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([hashedCategoriesCountJob]); + }); + + it('loads rate and category count job in the hashed ID format', async () => { + await mlJobHelper.createMlJobs([hashedRateJob, hashedCategoriesCountJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + assertIdFormats(requests[0].url, { + 'log-entry-rate': 'hashed', + 'log-entry-categories-count': 'hashed', + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([hashedRateJob, hashedCategoriesCountJob]); + }); + }); + + describe('legacy format', () => { + it('loads rate job in the legacy ID format', async () => { + await mlJobHelper.createMlJobs([legacyRateJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + assertIdFormats(requests[0].url, { + 'log-entry-rate': 'legacy', + 'log-entry-categories-count': undefined, + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([legacyRateJob]); + }); + + it('loads category count job in the legacy ID format', async () => { + await mlJobHelper.createMlJobs([legacyCategoriesCountJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + assertIdFormats(requests[0].url, { + 'log-entry-rate': undefined, + 'log-entry-categories-count': 'legacy', + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([legacyCategoriesCountJob]); + }); + + it('loads rate and category count job in the legacy ID format', async () => { + await mlJobHelper.createMlJobs([legacyRateJob, legacyCategoriesCountJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + assertIdFormats(requests[0].url, { + 'log-entry-rate': 'legacy', + 'log-entry-categories-count': 'legacy', + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([legacyRateJob, legacyCategoriesCountJob]); + }); + }); + + describe('mixed formats', () => { + it('loads rate job in the hashed format and category count job in the legacy format', async () => { + await mlJobHelper.createMlJobs([hashedRateJob, legacyCategoriesCountJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + assertIdFormats(requests[0].url, { + 'log-entry-rate': 'hashed', + 'log-entry-categories-count': 'legacy', + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([hashedRateJob, legacyCategoriesCountJob]); + }); + + it('loads rate job in the legacy format and category count job in the hashed format', async () => { + await mlJobHelper.createMlJobs([legacyRateJob, hashedCategoriesCountJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + assertIdFormats(requests[0].url, { + 'log-entry-rate': 'legacy', + 'log-entry-categories-count': 'hashed', + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([legacyRateJob, hashedCategoriesCountJob]); + }); + }); + + // FLAKY: https://github.com/elastic/kibana/issues/171493 + describe.skip('creation and recreation', () => { + it('create first ML job', async () => { + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getSetupScreen()).to.be.ok(); + }); + + await logsUi.logEntryRatePage.startJobSetup(); + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getSetupFlyout()).to.be.ok(); + }); + + await logsUi.logEntryRatePage.startRateJobCreation(); + await retry.waitFor( + 'Create ML job button is enabled', + async () => await logsUi.logEntryRatePage.canCreateJob() + ); + + await logsUi.logEntryRatePage.createJob(); + await retry.waitFor( + 'ML job created', + async () => await logsUi.logEntryRatePage.jobCreationDone() + ); + + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + + assertIdFormats(requests[requests.length - 1].url, { + 'log-entry-rate': 'hashed', + 'log-entry-categories-count': undefined, + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([hashedRateJob]); + }); + + it('create second ML job', async () => { + await mlJobHelper.createMlJobs([legacyRateJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + + await logsUi.logEntryRatePage.manageMlJobs(); + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getSetupFlyout()).to.be.ok(); + }); + + await logsUi.logEntryRatePage.startCategoriesCountJobCreation(); + await retry.waitFor( + 'Create ML job button is enabled', + async () => await logsUi.logEntryRatePage.canCreateJob() + ); + + await logsUi.logEntryRatePage.createJob(); + await retry.waitFor( + 'ML job created', + async () => await logsUi.logEntryRatePage.jobCreationDone() + ); + + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + + assertIdFormats(requests[requests.length - 1].url, { + 'log-entry-rate': 'legacy', + 'log-entry-categories-count': 'hashed', + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([legacyRateJob, hashedCategoriesCountJob]); + }); + + it('migrate legacy job', async () => { + await mlJobHelper.createMlJobs([legacyRateJob, hashedCategoriesCountJob]); + await logsUi.logEntryRatePage.navigateTo(); + await requestTracker.install(); + + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getResultsScreen()).to.be.ok(); + }); + + await logsUi.logEntryRatePage.manageMlJobs(); + await retry.try(async () => { + expect(await logsUi.logEntryRatePage.getSetupFlyout()).to.be.ok(); + }); + + await logsUi.logEntryRatePage.startRateJobCreation(); + await retry.waitFor( + 'Recreate ML job button is enabled', + async () => await logsUi.logEntryRatePage.canRecreateJob() + ); + + await logsUi.logEntryRatePage.recreateJob(); + await retry.waitFor( + 'ML job recreated', + async () => await logsUi.logEntryRatePage.jobCreationDone() + ); + + const requests = await requestTracker.getRequests(anomalyDetectorsPattern, 2000); + expect(requests).not.to.be.empty(); + + assertIdFormats(requests[requests.length - 1].url, { + 'log-entry-rate': 'hashed', + 'log-entry-categories-count': 'hashed', + }); + + await requestTracker.uninstall(); + await mlJobHelper.deleteMlJobs([hashedRateJob, hashedCategoriesCountJob]); + }); + }); + }); +}; diff --git a/x-pack/test/functional/services/logs_ui/log_entry_rate.ts b/x-pack/test/functional/services/logs_ui/log_entry_rate.ts index 6be84edeb1940..bf58d74a06c44 100644 --- a/x-pack/test/functional/services/logs_ui/log_entry_rate.ts +++ b/x-pack/test/functional/services/logs_ui/log_entry_rate.ts @@ -21,8 +21,60 @@ export function LogEntryRatePageProvider({ getPageObjects, getService }: FtrProv return await testSubjects.find('logEntryRateSetupPage'); }, + async getResultsScreen(): Promise { + return await testSubjects.find('logEntryRateResultsPage'); + }, + async getNoDataScreen() { return await testSubjects.find('noDataPage'); }, + + async startJobSetup() { + await testSubjects.click('infraLogEntryRateSetupContentMlSetupButton'); + }, + + async manageMlJobs() { + await testSubjects.click('infraManageJobsButtonManageMlJobsButton'); + }, + + async getSetupFlyout(): Promise { + return await testSubjects.find('infraLogAnalysisSetupFlyout'); + }, + + async startRateJobCreation() { + const buttons = await testSubjects.findAll('infraCreateJobButtonButton'); + await buttons[0].click(); + }, + + async startCategoriesCountJobCreation() { + const buttons = await testSubjects.findAll('infraCreateJobButtonButton'); + await buttons[1].click(); + }, + + async canCreateJob() { + const createJobButton = await testSubjects.find('infraCreateMLJobsButtonCreateMlJobButton'); + const disabled = await createJobButton.getAttribute('disabled'); + return disabled !== 'true'; + }, + + async createJob() { + await testSubjects.click('infraCreateMLJobsButtonCreateMlJobButton'); + }, + + async canRecreateJob() { + const createJobButton = await testSubjects.find( + 'infraRecreateMLJobsButtonRecreateMlJobsButton' + ); + const disabled = await createJobButton.getAttribute('disabled'); + return disabled !== 'true'; + }, + + async recreateJob() { + await testSubjects.click('infraRecreateMLJobsButtonRecreateMlJobsButton'); + }, + + async jobCreationDone() { + return await testSubjects.exists('infraProcessStepViewResultsButton'); + }, }; } diff --git a/x-pack/test/observability_onboarding_api_integration/common/config.ts b/x-pack/test/observability_onboarding_api_integration/common/config.ts index 32d51a6388b09..55b98b2eaa233 100644 --- a/x-pack/test/observability_onboarding_api_integration/common/config.ts +++ b/x-pack/test/observability_onboarding_api_integration/common/config.ts @@ -13,6 +13,7 @@ import { createObservabilityOnboardingUsers } from '@kbn/observability-onboardin import { FtrConfigProviderContext } from '@kbn/test'; import supertest from 'supertest'; import { format, UrlObject } from 'url'; +import { createLogger, LogLevel, LogsSynthtraceEsClient } from '@kbn/apm-synthtrace'; import { ObservabilityOnboardingFtrConfigName } from '../configs'; import { FtrProviderContext, @@ -64,6 +65,9 @@ export interface CreateTest { services: InheritedServices & { observabilityOnboardingFtrConfig: () => ObservabilityOnboardingFtrConfig; registry: ({ getService }: FtrProviderContext) => ReturnType; + logSynthtraceEsClient: ( + context: InheritedFtrProviderContext + ) => Promise; observabilityOnboardingApiClient: ( context: InheritedFtrProviderContext ) => ObservabilityOnboardingApiClient; @@ -97,6 +101,12 @@ export function createTestConfig( ...services, observabilityOnboardingFtrConfig: () => config, registry: RegistryProvider, + logSynthtraceEsClient: (context: InheritedFtrProviderContext) => + new LogsSynthtraceEsClient({ + client: context.getService('es'), + logger: createLogger(LogLevel.info), + refreshAfterIndex: true, + }), observabilityOnboardingApiClient: async (_: InheritedFtrProviderContext) => { const { username, password } = servers.kibana; const esUrl = format(esServer); diff --git a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/es_utils.ts b/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/es_utils.ts deleted file mode 100644 index 33207ed6cdd8c..0000000000000 --- a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/es_utils.ts +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -export function createLogDoc({ - time, - logFilepath, - serviceName, - namespace, - datasetName, - message, - agentId, -}: { - time: number; - logFilepath: string; - serviceName?: string; - namespace: string; - datasetName: string; - message: string; - agentId?: string; -}) { - return { - input: { - type: 'log', - }, - '@timestamp': new Date(time).toISOString(), - log: { - file: { - path: logFilepath, - }, - }, - ...(serviceName - ? { - service: { - name: serviceName, - }, - } - : {}), - data_stream: { - namespace, - type: 'logs', - dataset: datasetName, - }, - message, - event: { - dataset: datasetName, - }, - ...(agentId - ? { - agent: { - id: agentId, - }, - } - : {}), - }; -} diff --git a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts b/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts index 7311f116736a3..0a7802e9682c6 100644 --- a/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts +++ b/x-pack/test/observability_onboarding_api_integration/tests/flow/progress/progress.spec.ts @@ -5,17 +5,17 @@ * 2.0. */ +import { log, timerange } from '@kbn/apm-synthtrace-client'; import expect from '@kbn/expect'; import { ObservabilityOnboardingApiClientKey } from '../../../common/config'; import { FtrProviderContext } from '../../../common/ftr_provider_context'; import { ObservabilityOnboardingApiError } from '../../../common/observability_onboarding_api_supertest'; import { expectToReject } from '../../../common/utils/expect_to_reject'; -import { createLogDoc } from './es_utils'; export default function ApiTest({ getService }: FtrProviderContext) { const registry = getService('registry'); const observabilityOnboardingApiClient = getService('observabilityOnboardingApiClient'); - const es = getService('es'); + const synthtrace = getService('logSynthtraceEsClient'); async function callApi({ onboardingId, @@ -141,24 +141,24 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('with a different agentId', () => { describe('and onboarding type is logFiles', () => { before(async () => { - await es.indices.createDataStream({ - name: `logs-${datasetName}-${namespace}`, - }); - - const doc = createLogDoc({ - time: new Date('06/28/2023').getTime(), - logFilepath: '/my-service.log', - serviceName: 'my-service', - namespace, - datasetName, - message: 'This is a log message', - agentId: 'another-agent-id', - }); - - await es.bulk({ - body: [{ create: { _index: `logs-${datasetName}-${namespace}` } }, doc], - refresh: 'wait_for', - }); + await synthtrace.index([ + timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') + .interval('1m') + .rate(1) + .generator((timestamp) => + log + .create() + .message('This is a log message') + .timestamp(timestamp) + .dataset(datasetName) + .namespace(namespace) + .service('my-service') + .defaults({ + 'agent.id': 'another-agent-id', + 'log.file.path': '/my-service.log', + }) + ), + ]); }); it('should return log-ingest as incomplete', async () => { @@ -173,9 +173,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); after(async () => { - await es.indices.deleteDataStream({ - name: `logs-${datasetName}-${namespace}`, - }); + await synthtrace.clean(); }); }); @@ -211,23 +209,23 @@ export default function ApiTest({ getService }: FtrProviderContext) { }, }); - await es.indices.createDataStream({ - name: `logs-system.syslog-${namespace}`, - }); - - const doc = createLogDoc({ - time: new Date('06/28/2023').getTime(), - logFilepath: '/var/log/system.log', - namespace, - datasetName: 'system.syslog', - message: 'This is a system log message', - agentId: 'another-agent-id', - }); - - await es.bulk({ - body: [{ create: { _index: `logs-system.syslog-${namespace}` } }, doc], - refresh: 'wait_for', - }); + await synthtrace.index([ + timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') + .interval('1m') + .rate(1) + .generator((timestamp) => + log + .create() + .message('This is a system log message') + .timestamp(timestamp) + .dataset('system.syslog') + .namespace(namespace) + .defaults({ + 'agent.id': 'another-agent-id', + 'log.file.path': '/var/log/system.log', + }) + ), + ]); }); it('should return log-ingest as incomplete', async () => { @@ -242,9 +240,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); after(async () => { - await es.indices.deleteDataStream({ - name: `logs-system.syslog-${namespace}`, - }); + await synthtrace.clean(); }); }); }); @@ -252,24 +248,24 @@ export default function ApiTest({ getService }: FtrProviderContext) { describe('with the expected agentId', () => { describe('and onboarding type is logFiles', () => { before(async () => { - await es.indices.createDataStream({ - name: `logs-${datasetName}-${namespace}`, - }); - - const doc = createLogDoc({ - time: new Date('06/28/2023').getTime(), - logFilepath: '/my-service.log', - serviceName: 'my-service', - namespace, - datasetName, - message: 'This is a log message', - agentId, - }); - - await es.bulk({ - body: [{ create: { _index: `logs-${datasetName}-${namespace}` } }, doc], - refresh: 'wait_for', - }); + await synthtrace.index([ + timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') + .interval('1m') + .rate(1) + .generator((timestamp) => + log + .create() + .message('This is a log message') + .timestamp(timestamp) + .dataset(datasetName) + .namespace(namespace) + .service('my-service') + .defaults({ + 'agent.id': agentId, + 'log.file.path': '/my-service.log', + }) + ), + ]); }); it('should return log-ingest as complete', async () => { @@ -284,9 +280,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); after(async () => { - await es.indices.deleteDataStream({ - name: `logs-${datasetName}-${namespace}`, - }); + await synthtrace.clean(); }); }); @@ -322,23 +316,23 @@ export default function ApiTest({ getService }: FtrProviderContext) { }, }); - await es.indices.createDataStream({ - name: `logs-system.syslog-${namespace}`, - }); - - const doc = createLogDoc({ - time: new Date('06/28/2023').getTime(), - logFilepath: '/var/log/system.log', - namespace, - datasetName: 'system.syslog', - message: 'This is a system log message', - agentId, - }); - - await es.bulk({ - body: [{ create: { _index: `logs-system.syslog-${namespace}` } }, doc], - refresh: 'wait_for', - }); + await synthtrace.index([ + timerange('2023-11-20T10:00:00.000Z', '2023-11-20T10:01:00.000Z') + .interval('1m') + .rate(1) + .generator((timestamp) => + log + .create() + .message('This is a system log message') + .timestamp(timestamp) + .dataset('system.syslog') + .namespace(namespace) + .defaults({ + 'agent.id': agentId, + 'log.file.path': '/var/log/system.log', + }) + ), + ]); }); it('should return log-ingest as complete', async () => { @@ -353,9 +347,7 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); after(async () => { - await es.indices.deleteDataStream({ - name: `logs-system.syslog-${namespace}`, - }); + await synthtrace.clean(); }); }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts index 7bb492d51d25c..7210bacd1aa77 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/explore/dashboards/entity_analytics.cy.ts @@ -169,8 +169,7 @@ describe('Entity Analytics Dashboard', { tags: ['@ess', '@serverless'] }, () => cy.get(HOSTS_TABLE_ALERT_CELL).should('have.length', 5); }); - // FLAKY: https://github.com/elastic/kibana/issues/168490 - it.skip('filters by risk level', () => { + it('filters by risk level', () => { openRiskTableFilterAndSelectTheLowOption(); cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts index 9e1ace19972a8..3868625e9b339 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts @@ -9,10 +9,7 @@ import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON, DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT, } from '../../../../screens/expandable_flyout/alert_details_left_panel_analyzer_graph_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB, - DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { openGraphAnalyzerTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_analyzer_graph_tab'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; @@ -41,17 +38,15 @@ describe.skip( it('should display analyzer graph and node list under visualize', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB) - .should('be.visible') - .and('have.text', 'Visualize'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP).should('be.visible'); + .should('have.text', 'Visualize') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON) - .should('be.visible') - .and('have.text', 'Analyzer Graph'); + .should('have.text', 'Analyzer Graph') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT).should('be.visible'); - cy.get(ANALYZER_NODE).first().should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT).should('exist'); + cy.get(ANALYZER_NODE).first().should('exist'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts index a0e080e71ce12..fe89d50dd520d 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts @@ -20,10 +20,7 @@ import { CORRELATIONS_SOURCE_SECTION_TITLE, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON, } from '../../../../screens/expandable_flyout/alert_details_left_panel_correlations_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { openCorrelationsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_correlations_tab'; import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; @@ -50,24 +47,15 @@ describe('Expandable flyout left panel correlations', { tags: ['@ess', '@serverl }); it('should render correlations details correctly', () => { - cy.log('link the alert to a new case'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB).scrollIntoView(); - - cy.log('should render the Insights header'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB).should('be.visible').and('have.text', 'Insights'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB) + .should('have.text', 'Insights') + .and('have.class', 'euiTab-isSelected'); - cy.log('should render the inner tab switch'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible'); - - cy.log('should render correlations tab activator / button'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON) - .should('be.visible') - .and('have.text', 'Correlations'); - - cy.log('should render all the correlations sections'); + .should('have.text', 'Correlations') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.log('suppressed alerts'); + // cy.log('suppressed alerts'); // TODO get proper data to test suppressed alerts // cy.get(CORRELATIONS_SUPPRESSED_ALERTS_TITLE).scrollIntoView(); @@ -78,38 +66,42 @@ describe('Expandable flyout left panel correlations', { tags: ['@ess', '@serverl cy.log('related cases'); - cy.get(CORRELATIONS_CASES_SECTION_TITLE).scrollIntoView(); - cy.get(CORRELATIONS_CASES_SECTION_TITLE) - .should('be.visible') - .and('contain.text', '1 related case'); - cy.get(CORRELATIONS_CASES_SECTION_TABLE).should('be.visible'); + cy.get(CORRELATIONS_CASES_SECTION_TITLE).should('contain.text', '1 related case'); + cy.get(CORRELATIONS_CASES_SECTION_TABLE) + .should('contain.text', 'case') + .and('contain.text', 'open'); cy.log('related alerts by source event'); - cy.get(CORRELATIONS_SOURCE_SECTION_TITLE).scrollIntoView(); - cy.get(CORRELATIONS_SOURCE_SECTION_TITLE) - .should('be.visible') - .and('contain.text', '1 alert related by source event'); - cy.get(CORRELATIONS_SOURCE_SECTION_TABLE).should('be.visible'); - cy.get(CORRELATIONS_SOURCE_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should('be.visible'); + cy.get(CORRELATIONS_SOURCE_SECTION_TITLE).should( + 'contain.text', + '1 alert related by source event' + ); + cy.get(CORRELATIONS_SOURCE_SECTION_TABLE).should('exist'); + cy.get(CORRELATIONS_SOURCE_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should( + 'contain.text', + 'Investigate in timeline' + ); cy.log('related alerts by session'); - cy.get(CORRELATIONS_SESSION_SECTION_TITLE).scrollIntoView(); - cy.get(CORRELATIONS_SESSION_SECTION_TITLE) - .should('be.visible') - .and('contain.text', '1 alert related by session'); - cy.get(CORRELATIONS_SESSION_SECTION_TABLE).should('be.visible'); - cy.get(CORRELATIONS_SESSION_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should('be.visible'); + cy.get(CORRELATIONS_SESSION_SECTION_TITLE).should('contain.text', '1 alert related by session'); + cy.get(CORRELATIONS_SESSION_SECTION_TABLE).should('exist'); + cy.get(CORRELATIONS_SESSION_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should( + 'contain.text', + 'Investigate in timeline' + ); cy.log('related alerts by ancestry'); - cy.get(CORRELATIONS_ANCESTRY_SECTION_TITLE).scrollIntoView(); - cy.get(CORRELATIONS_ANCESTRY_SECTION_TITLE) - .should('be.visible') - .and('contain.text', '1 alert related by ancestry'); - cy.get(CORRELATIONS_ANCESTRY_SECTION_TABLE).scrollIntoView(); - cy.get(CORRELATIONS_ANCESTRY_SECTION_TABLE).should('be.visible'); - cy.get(CORRELATIONS_ANCESTRY_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should('be.visible'); + cy.get(CORRELATIONS_ANCESTRY_SECTION_TITLE).should( + 'contain.text', + '1 alert related by ancestry' + ); + cy.get(CORRELATIONS_ANCESTRY_SECTION_TABLE).should('exist'); + cy.get(CORRELATIONS_ANCESTRY_SECTION_INVESTIGATE_IN_TIMELINE_BUTTON).should( + 'contain.text', + 'Investigate in timeline' + ); }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts index 06bba72700c2b..567a60752398c 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts @@ -8,12 +8,13 @@ import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS, + DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_RIGHT_SECTION, + DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_TITLE, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS, + DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_RIGHT_SECTION, + DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_TITLE, } from '../../../../screens/expandable_flyout/alert_details_left_panel_entities_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { openEntitiesTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_entities_tab'; import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; @@ -42,20 +43,32 @@ describe( it('should display host details and user details under Insights Entities', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB) - .should('be.visible') - .and('have.text', 'Insights'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible'); + .should('have.text', 'Insights') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON) - .should('be.visible') - .and('have.text', 'Entities'); + .should('have.text', 'Entities') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_TITLE).should( + 'contain.text', + 'test' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_RIGHT_SECTION).should( + 'contain.text', + 'Related hosts: 0' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS).should('exist'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_TITLE).should( + 'contain.text', + 'siem-kibana' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_RIGHT_SECTION).should( + 'contain.text', + 'Related users: 0' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS).should('exist'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts index 36bd13e5c103d..c4e4cf5535352 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts @@ -35,10 +35,13 @@ describe( it('should display investigation guide', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB) - .should('be.visible') - .and('have.text', 'Investigation'); + .should('have.text', 'Investigation') + .and('have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).should( + 'contain.text', + 'test markdown' + ); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts index 38fd4ffb7496a..44f48f7f74d0c 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts @@ -9,10 +9,7 @@ import { openPrevalenceTab } from '../../../../tasks/expandable_flyout/alert_det import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; -import { - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_ALERT_COUNT_CELL, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON, @@ -21,7 +18,6 @@ import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_DOC_COUNT_CELL, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_HOST_PREVALENCE_CELL, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_USER_PREVALENCE_CELL, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE, DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_DATE_PICKER, } from '../../../../screens/expandable_flyout/alert_details_left_panel_prevalence_tab'; import { login } from '../../../../tasks/login'; @@ -48,18 +44,18 @@ describe( it('should display prevalence tab', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB) - .should('be.visible') - .and('have.text', 'Insights'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible'); + .should('have.text', 'Insights') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON) - .should('be.visible') - .and('have.text', 'Prevalence'); + .should('have.text', 'Prevalence') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_DATE_PICKER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_DATE_PICKER).should( + 'contain.text', + 'Last 30 days' + ); - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE).should('be.visible'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_TYPE_CELL) .should('contain.text', 'host.os.name') .and('contain.text', 'host.name') diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_response_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_response_tab.cy.ts index 8948480911c96..e4c2baba4e87e 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_response_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_response_tab.cy.ts @@ -5,7 +5,10 @@ * 2.0. */ -import { DOCUMENT_DETAILS_FLYOUT_RESPONSE_EMPTY } from '../../../../screens/expandable_flyout/alert_details_left_panel_response_tab'; +import { + DOCUMENT_DETAILS_FLYOUT_RESPONSE_DETAILS, + DOCUMENT_DETAILS_FLYOUT_RESPONSE_EMPTY, +} from '../../../../screens/expandable_flyout/alert_details_left_panel_response_tab'; import { openResponseTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_response_tab'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; @@ -15,6 +18,7 @@ import { createRule } from '../../../../tasks/api_calls/rules'; import { getNewRule } from '../../../../objects/rule'; import { ALERTS_URL } from '../../../../urls/navigation'; import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { DOCUMENT_DETAILS_FLYOUT_RESPONSE_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; describe( 'Alert details expandable flyout left panel investigation', @@ -31,7 +35,16 @@ describe( }); it('should display empty response message', () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_RESPONSE_EMPTY).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_RESPONSE_TAB) + .should('have.text', 'Response') + .and('have.class', 'euiTab-isSelected'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_RESPONSE_DETAILS).should('contain.text', 'Responses'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_RESPONSE_EMPTY).and( + 'contain.text', + "There are no response actions defined for this event. To add some, edit the rule's settings and set up response actions(opens in a new tab or window)." + ); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts index cbe17d55271e2..0c37aa9b835bb 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts @@ -6,10 +6,7 @@ */ import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON } from '../../../../screens/expandable_flyout/alert_details_left_panel_session_view_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB, - DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; import { login } from '../../../../tasks/login'; @@ -35,14 +32,12 @@ describe.skip( it('should display session view under visualize', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB) - .should('be.visible') - .and('have.text', 'Visualize'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP).should('be.visible'); + .and('have.text', 'Visualize') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON) - .should('be.visible') - .and('have.text', 'Session View'); + .should('have.text', 'Session View') + .and('have.class', 'euiButtonGroupButton-isSelected'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts index 85338d85ed732..17080cbd32ae8 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts @@ -16,10 +16,7 @@ import { visit } from '../../../../tasks/navigation'; import { ALERTS_URL } from '../../../../urls/navigation'; import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel'; import { openThreatIntelligenceTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_threat_intelligence_tab'; -import { - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB, - DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP, -} from '../../../../screens/expandable_flyout/alert_details_left_panel'; +import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../../../screens/expandable_flyout/alert_details_left_panel'; import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON } from '../../../../screens/expandable_flyout/alert_details_left_panel_threat_intelligence_tab'; describe( @@ -39,16 +36,14 @@ describe( it('should serialize its state to url', () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB) - .should('be.visible') - .and('have.text', 'Insights'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible'); + .should('have.text', 'Insights') + .and('have.class', 'euiTab-isSelected'); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON) - .should('be.visible') - .and('have.text', 'Threat intelligence'); + .should('have.text', 'Threat intelligence') + .and('have.class', 'euiButtonGroupButton-isSelected'); - cy.get(INDICATOR_MATCH_ENRICHMENT_SECTION).should('be.visible'); + cy.get(INDICATOR_MATCH_ENRICHMENT_SECTION).should('exist'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_alert_reason_preview.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_alert_reason_preview.cy.ts index 09d90627d8b1b..89596877fb3e8 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_alert_reason_preview.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_alert_reason_preview.cy.ts @@ -32,8 +32,15 @@ describe( describe('alert reason preview', () => { it('should display alert reason preview', () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_ALERT_REASON_PREVIEW_CONTAINER).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_ALERT_REASON_PREVIEW_CONTAINER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_ALERT_REASON_PREVIEW_CONTAINER) + .should('contain.text', 'Alert reason') + .and('contain.text', 'process') + .and('contain.text', 'zsh') + .and('contain.text', '80') + .and('contain.text', 'test') + .and('contain.text', 'siem-kibana') + .and('contain.text', 'high') + .and('contain.text', rule.name); }); }); } diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_rule_preview.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_rule_preview.cy.ts index 13c98358ec3ee..82ce990292901 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_rule_preview.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_preview_panel_rule_preview.cy.ts @@ -7,12 +7,9 @@ import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; import { - DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SECTION, - DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_HEADER, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE, DOCUMENT_DETAILS_FLYOUT_CREATED_BY, DOCUMENT_DETAILS_FLYOUT_UPDATED_BY, - DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_BODY, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER, @@ -20,6 +17,7 @@ import { DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT, DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER, + DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER_LINK, } from '../../../../screens/expandable_flyout/alert_details_preview_panel_rule_preview'; import { toggleRulePreviewAboutSection, @@ -53,48 +51,75 @@ describe( it('should display rule preview and its sub sections', () => { cy.log('rule preview panel'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SECTION).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_HEADER).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_BODY).should('be.visible'); - cy.log('title'); cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE).scrollIntoView(); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE).should('contain.text', rule.name); cy.get(DOCUMENT_DETAILS_FLYOUT_CREATED_BY).should('be.visible'); cy.get(DOCUMENT_DETAILS_FLYOUT_UPDATED_BY).should('be.visible'); cy.log('about'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER) - .should('be.visible') - .and('contain.text', 'About'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER).should( + 'contain.text', + 'About' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT) + .should('contain.text', 'Severity') + .and('contain.text', 'High') + .and('contain.text', 'Risk score') + .and('contain.text', '17'); + toggleRulePreviewAboutSection(); cy.log('definition'); toggleRulePreviewDefinitionSection(); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER) - .should('be.visible') - .and('contain.text', 'Definition'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER).should( + 'contain.text', + 'Definition' + ); cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT).should( - 'be.visible' + 'contain.text', + 'Index patterns' + ); + // @ts-ignore + rule.index.forEach((index: string) => + cy + .get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT) + .should('contain.text', index) ); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT) + .should('contain.text', 'Custom query') + .and('contain.text', rule.query); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT) + .should('contain.text', 'Rule type') + .and('contain.text', rule.type); + toggleRulePreviewDefinitionSection(); cy.log('schedule'); toggleRulePreviewScheduleSection(); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER) - .should('be.visible') - .and('contain.text', 'Schedule'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT).should('be.visible'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER).should( + 'contain.text', + 'Schedule' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT) + .should('contain.text', 'Runs every') + .and('contain.text', rule.interval); + toggleRulePreviewScheduleSection(); cy.log('footer'); - cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER).scrollIntoView(); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER_LINK).should( + 'contain.text', + 'Show rule details' + ); }); }); } diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts index d89cc4ad4eb50..6e0b437f2e2e6 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts @@ -30,6 +30,8 @@ import { DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED, DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND, DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON, + DOCUMENT_DETAILS_FLYOUT_HEADER_ICON, + DOCUMENT_DETAILS_FLYOUT_HEADER_LINK_ICON, DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE, DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE, DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE, @@ -56,167 +58,158 @@ import { createRule } from '../../../../tasks/api_calls/rules'; import { getNewRule } from '../../../../objects/rule'; import { ALERTS_URL } from '../../../../urls/navigation'; import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { TOASTER } from '../../../../screens/alerts_detection_rules'; -// FLAKY: https://github.com/elastic/kibana/issues/171002 -describe.skip( - 'Alert details expandable flyout right panel', - { tags: ['@ess', '@serverless'] }, - () => { - const rule = getNewRule(); - - beforeEach(() => { - deleteAlertsAndRules(); - login(); - createRule(rule); - visit(ALERTS_URL); - waitForAlertsToPopulate(); - }); - - it('should display header and footer basics', () => { - expandFirstAlertExpandableFlyout(); - - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('have.text', rule.name); - - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_STATUS).should('have.text', 'open'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE).should('have.text', 'Risk score:'); - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE) - .should('be.visible') - .and('have.text', rule.risk_score); - - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE) - .should('be.visible') - .and('have.text', upperFirst(rule.severity)); - - cy.log('Verify all 3 tabs are visible'); - - cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB) - .should('have.text', 'Overview') - .and('have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB) - .should('have.text', 'Table') - .and('not.have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB) - .should('have.text', 'JSON') - .and('not.have.class', 'euiTab-isSelected'); - - cy.log('Verify the expand/collapse button is visible and functionality works'); - - expandDocumentDetailsExpandableFlyoutLeftSection(); - cy.get(DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON).should( - 'have.text', - 'Collapse details' - ); +describe('Alert details expandable flyout right panel', { tags: ['@ess', '@serverless'] }, () => { + const rule = getNewRule(); + + beforeEach(() => { + deleteAlertsAndRules(); + login(); + createRule(rule); + visit(ALERTS_URL); + waitForAlertsToPopulate(); + }); + + it('should display header and footer basics', () => { + expandFirstAlertExpandableFlyout(); + + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ICON).should('exist'); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('have.text', rule.name); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_LINK_ICON).should('exist'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_STATUS).should('have.text', 'open'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE).should('have.text', 'Risk score:'); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE) + .should('be.visible') + .and('have.text', rule.risk_score); + + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE) + .should('be.visible') + .and('have.text', upperFirst(rule.severity)); + + cy.log('Verify all 3 tabs are visible'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB) + .should('have.text', 'Overview') + .and('have.class', 'euiTab-isSelected'); + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB) + .should('have.text', 'Table') + .and('not.have.class', 'euiTab-isSelected'); + cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB) + .should('have.text', 'JSON') + .and('not.have.class', 'euiTab-isSelected'); + + cy.log('Verify the expand/collapse button is visible and functionality works'); + + expandDocumentDetailsExpandableFlyoutLeftSection(); + cy.get(DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON).should('have.text', 'Collapse details'); + + collapseDocumentDetailsExpandableFlyoutLeftSection(); + cy.get(DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON).should('have.text', 'Expand details'); + + cy.log('Verify the take action button is visible on all tabs'); + + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); + + openTableTab(); + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).should('have.class', 'euiTab-isSelected'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); + + openJsonTab(); + cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).should('have.class', 'euiTab-isSelected'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); + }); + + // TODO this will change when add to existing case is improved + // https://github.com/elastic/security-team/issues/6298 + it('should add to existing case', () => { + expandFirstAlertExpandableFlyout(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE); + fillOutFormToCreateNewCase(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE); + + cy.get(EXISTING_CASE_SELECT_BUTTON).contains('Select').click(); - collapseDocumentDetailsExpandableFlyoutLeftSection(); - cy.get(DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON).should('have.text', 'Expand details'); + cy.get(VIEW_CASE_TOASTER_LINK).should('contain.text', 'View case'); + }); - cy.log('Verify the take action button is visible on all tabs'); + // TODO this will change when add to new case is improved + // https://github.com/elastic/security-team/issues/6298 + it('should add to new case', () => { + expandFirstAlertExpandableFlyout(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE); + fillOutFormToCreateNewCase(); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); + cy.get(VIEW_CASE_TOASTER_LINK).should('contain.text', 'View case'); + }); - openTableTab(); - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).should('have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); - - openJsonTab(); - cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).should('have.class', 'euiTab-isSelected'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible'); - }); - - // TODO this will change when add to existing case is improved - // https://github.com/elastic/security-team/issues/6298 - it('should add to existing case', () => { - expandFirstAlertExpandableFlyout(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE); - fillOutFormToCreateNewCase(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE); - - cy.get(EXISTING_CASE_SELECT_BUTTON).should('be.visible').contains('Select').click(); - - cy.get(VIEW_CASE_TOASTER_LINK).should('be.visible').and('contain.text', 'View case'); - }); - - // TODO this will change when add to new case is improved - // https://github.com/elastic/security-team/issues/6298 - it('should add to new case', () => { - expandFirstAlertExpandableFlyout(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE); - fillOutFormToCreateNewCase(); - - cy.get(VIEW_CASE_TOASTER_LINK).should('be.visible').and('contain.text', 'View case'); - }); - - it('should mark as acknowledged', () => { - cy.get(ALERT_CHECKBOX).should('have.length', 1); - - expandFirstAlertExpandableFlyout(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED); - - // TODO figure out how to verify the toasts pops up - // cy.get(KIBANA_TOAST) - // .should('be.visible') - // .and('have.text', 'Successfully marked 1 alert as acknowledged.'); - cy.get(EMPTY_ALERT_TABLE).should('exist'); - }); - - it('should mark as closed', () => { - cy.get(ALERT_CHECKBOX).should('have.length', 1); - - expandFirstAlertExpandableFlyout(); - openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED); - - // TODO figure out how to verify the toasts pops up - // cy.get(KIBANA_TOAST).should('be.visible').and('have.text', 'Successfully closed 1 alert.'); - cy.get(EMPTY_ALERT_TABLE).should('exist'); - }); - - // these actions are now grouped together as we're not really testing their functionality but just the existence of the option in the dropdown - it('should test other action within take action dropdown', () => { - expandFirstAlertExpandableFlyout(); - - cy.log('should add endpoint exception'); - - // TODO figure out why this option is disabled in Cypress but not running the app locally - // https://github.com/elastic/security-team/issues/6300 - openTakeActionButton(); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION).should('be.disabled'); - - cy.log('should add rule exception'); - - // TODO this isn't fully testing the add rule exception yet - // https://github.com/elastic/security-team/issues/6301 - selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER).should('exist'); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON) - .should('be.visible') - .click(); - - // cy.log('should isolate host'); - - // TODO figure out why isolate host isn't showing up in the dropdown - // https://github.com/elastic/security-team/issues/6302 - // openTakeActionButton(); - // cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ISOLATE_HOST).should('be.visible'); - - cy.log('should respond'); - - // TODO this will change when respond is improved - // https://github.com/elastic/security-team/issues/6303 - openTakeActionButton(); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND).should('be.disabled'); - - cy.log('should investigate in timeline'); - - selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE); - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION) - .first() - .within(() => - cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY).should('exist') - ); - }); - } -); + it('should mark as acknowledged', () => { + cy.get(ALERT_CHECKBOX).should('have.length', 1); + + expandFirstAlertExpandableFlyout(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED); + + cy.get(TOASTER).should('have.text', 'Successfully marked 1 alert as acknowledged.'); + cy.get(EMPTY_ALERT_TABLE).should('exist'); + }); + + it('should mark as closed', () => { + cy.get(ALERT_CHECKBOX).should('have.length', 1); + + expandFirstAlertExpandableFlyout(); + openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED); + + cy.get(TOASTER).should('have.text', 'Successfully closed 1 alert.'); + cy.get(EMPTY_ALERT_TABLE).should('exist'); + }); + + // these actions are now grouped together as we're not really testing their functionality but just the existence of the option in the dropdown + it('should test other action within take action dropdown', () => { + expandFirstAlertExpandableFlyout(); + + cy.log('should add endpoint exception'); + + // TODO figure out why this option is disabled in Cypress but not running the app locally + // https://github.com/elastic/security-team/issues/6300 + openTakeActionButton(); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION).should('be.disabled'); + + cy.log('should add rule exception'); + + // TODO this isn't fully testing the add rule exception yet + // https://github.com/elastic/security-team/issues/6301 + selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER).should('exist'); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON) + .should('be.visible') + .click(); + + // cy.log('should isolate host'); + + // TODO figure out why isolate host isn't showing up in the dropdown + // https://github.com/elastic/security-team/issues/6302 + // openTakeActionButton(); + // cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ISOLATE_HOST).should('be.visible'); + + cy.log('should respond'); + + // TODO this will change when respond is improved + // https://github.com/elastic/security-team/issues/6303 + openTakeActionButton(); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND).should('be.disabled'); + + cy.log('should investigate in timeline'); + + selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE); + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION) + .first() + .within(() => + cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY).should('exist') + ); + }); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts index a7bb39381ad9a..f41dba6dd1006 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts @@ -7,7 +7,10 @@ import { openJsonTab } from '../../../../tasks/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common'; -import { DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT } from '../../../../screens/expandable_flyout/alert_details_right_panel_json_tab'; +import { + DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT, + DOCUMENT_DETAILS_FLYOUT_JSON_TAB_COPY_TO_CLIPBOARD_BUTTON, +} from '../../../../screens/expandable_flyout/alert_details_right_panel_json_tab'; import { login } from '../../../../tasks/login'; import { visit } from '../../../../tasks/navigation'; import { createRule } from '../../../../tasks/api_calls/rules'; @@ -29,7 +32,13 @@ describe( }); it('should display the json component', () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT).should('exist'); + cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB_COPY_TO_CLIPBOARD_BUTTON).should( + 'have.text', + 'Copy to clipboard' + ); + cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT) + .should('contain.text', '_index') + .and('contain.text', '_id'); }); } ); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts index 9f10b73065ba8..aa320000a256c 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts @@ -12,6 +12,7 @@ import { PROVIDER_BADGE } from '../../../../screens/timeline'; import { removeKqlFilter } from '../../../../tasks/search_bar'; import { COLUMN_HEADER, FILTER_BADGE, TIMESTAMP_COLUMN } from '../../../../screens/alerts'; import { + DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_HOST_OS_BUILD_ROW, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_COPY_TO_CLIPBOARD, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_CELL, @@ -19,7 +20,6 @@ import { } from '../../../../screens/expandable_flyout/alert_details_right_panel_table_tab'; import { addToTimelineTableTabTable, - clearFilterTableTabTable, filterInTableTabTable, filterOutTableTabTable, filterTableTabTable, @@ -48,11 +48,23 @@ describe( }); it('should display and filter the table', () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW).should('be.visible'); - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW).should('be.visible'); + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW) + .should('be.visible') + .and('contain.text', '@timestamp'); + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW) + .should('be.visible') + .and('contain.text', '_id'); + + // this entry is the last one of the first page of the table and should not be visible + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_HOST_OS_BUILD_ROW) + .should('not.be.visible') + .and('contain.text', 'host.os.build'); + filterTableTabTable('timestamp'); - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW).should('be.visible'); - clearFilterTableTabTable(); + + cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW) + .should('be.visible') + .and('contain.text', '@timestamp'); }); it('should test cell actions', () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts index 5e46dea3ee245..fae802cbfc190 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts @@ -33,7 +33,7 @@ describe('Expandable flyout state sync', { tags: ['@ess', '@serverless'] }, () = cy.log('should serialize its state to url'); cy.url().should('include', 'eventFlyout'); - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('have.text', rule.name); cy.log('should reopen the flyout after browser refresh'); @@ -41,7 +41,7 @@ describe('Expandable flyout state sync', { tags: ['@ess', '@serverless'] }, () = waitForAlertsToPopulate(); cy.url().should('include', 'eventFlyout'); - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('have.text', rule.name); cy.log('should clear the url state when flyout is closed'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts index 1b69b314daf75..546cdaa6b64c1 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/timelines/creation.cy.ts @@ -75,7 +75,8 @@ describe('Timelines', (): void => { deleteTimelines(); }); - describe('Toggle create timeline from plus icon', () => { + // FLAKY: https://github.com/elastic/kibana/issues/169866 + describe.skip('Toggle create timeline from plus icon', () => { context('Privileges: CRUD', { tags: '@ess' }, () => { beforeEach(() => { login(); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/alerts.ts b/x-pack/test/security_solution_cypress/cypress/screens/alerts.ts index f616b63e45e19..0eaec7ce0b471 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/alerts.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/alerts.ts @@ -140,10 +140,8 @@ export const SELECT_HISTOGRAM = '[data-test-subj="chart-select-trend"]'; export const LEGEND_ACTIONS = { ADD_TO_TIMELINE: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_addToTimeline"]`, - FILTER_FOR: (ruleName: string) => - `[data-test-subj="legend-${ruleName}-histogramLegendActionFilterIn"]`, - FILTER_OUT: (ruleName: string) => - `[data-test-subj="legend-${ruleName}-histogramLegendActionFilterOut"]`, + FILTER_FOR: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_filterIn"]`, + FILTER_OUT: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_filterOut"]`, COPY: (ruleName: string) => `[data-test-subj="legend-${ruleName}-embeddable_copyToClipboard"]`, }; diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel.ts index 5b8c8255dffee..7edd12dcf1eda 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel.ts @@ -5,10 +5,6 @@ * 2.0. */ -import { - INSIGHTS_TAB_BUTTON_GROUP_TEST_ID, - VISUALIZE_TAB_BUTTON_GROUP_TEST_ID, -} from '@kbn/security-solution-plugin/public/flyout/document_details/left/tabs/test_ids'; import { INSIGHTS_TAB_TEST_ID, INVESTIGATION_TAB_TEST_ID, @@ -25,9 +21,3 @@ export const DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB = getDataTestSubjectSelector(INVESTIGATION_TAB_TEST_ID); export const DOCUMENT_DETAILS_FLYOUT_RESPONSE_TAB = getDataTestSubjectSelector(RESPONSE_TAB_TEST_ID); -export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP = getDataTestSubjectSelector( - VISUALIZE_TAB_BUTTON_GROUP_TEST_ID -); -export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP = getDataTestSubjectSelector( - INSIGHTS_TAB_BUTTON_GROUP_TEST_ID -); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts index 0cda5fb1c87ee..8d4bb411c9e3e 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts @@ -6,23 +6,33 @@ */ import { - ENTITIES_DETAILS_TEST_ID, HOST_DETAILS_TEST_ID, USER_DETAILS_TEST_ID, } from '@kbn/security-solution-plugin/public/flyout/document_details/left/components/test_ids'; import { INSIGHTS_TAB_ENTITIES_BUTTON_TEST_ID } from '@kbn/security-solution-plugin/public/flyout/document_details/left/tabs/test_ids'; -import { EXPANDABLE_PANEL_CONTENT_TEST_ID } from '@kbn/security-solution-plugin/public/flyout/shared/components/test_ids'; +import { + EXPANDABLE_PANEL_CONTENT_TEST_ID, + EXPANDABLE_PANEL_HEADER_RIGHT_SECTION_TEST_ID, + EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID, +} from '@kbn/security-solution-plugin/public/flyout/shared/components/test_ids'; import { getDataTestSubjectSelector } from '../../helpers/common'; export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON = getDataTestSubjectSelector( INSIGHTS_TAB_ENTITIES_BUTTON_TEST_ID ); - -export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT = - getDataTestSubjectSelector(ENTITIES_DETAILS_TEST_ID); +export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_TITLE = getDataTestSubjectSelector( + EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(USER_DETAILS_TEST_ID) +); +export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS_RIGHT_SECTION = + getDataTestSubjectSelector(EXPANDABLE_PANEL_HEADER_RIGHT_SECTION_TEST_ID(USER_DETAILS_TEST_ID)); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS = getDataTestSubjectSelector( EXPANDABLE_PANEL_CONTENT_TEST_ID(USER_DETAILS_TEST_ID) ); +export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_TITLE = getDataTestSubjectSelector( + EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID(HOST_DETAILS_TEST_ID) +); +export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS_RIGHT_SECTION = + getDataTestSubjectSelector(EXPANDABLE_PANEL_HEADER_RIGHT_SECTION_TEST_ID(HOST_DETAILS_TEST_ID)); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS = getDataTestSubjectSelector( EXPANDABLE_PANEL_CONTENT_TEST_ID(HOST_DETAILS_TEST_ID) ); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts index 0efc48511c9be..fe7f7d2fc9e8e 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts @@ -10,7 +10,6 @@ import { PREVALENCE_DETAILS_TABLE_DOC_COUNT_CELL_TEST_ID, PREVALENCE_DETAILS_TABLE_HOST_PREVALENCE_CELL_TEST_ID, PREVALENCE_DETAILS_TABLE_VALUE_CELL_TEST_ID, - PREVALENCE_DETAILS_TABLE_TEST_ID, PREVALENCE_DETAILS_TABLE_FIELD_CELL_TEST_ID, PREVALENCE_DETAILS_TABLE_USER_PREVALENCE_CELL_TEST_ID, PREVALENCE_DETAILS_DATE_PICKER_TEST_ID, @@ -23,9 +22,6 @@ export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON = getDataTes ); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_DATE_PICKER = getDataTestSubjectSelector(PREVALENCE_DETAILS_DATE_PICKER_TEST_ID); -export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE = getDataTestSubjectSelector( - PREVALENCE_DETAILS_TABLE_TEST_ID -); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_TYPE_CELL = getDataTestSubjectSelector(PREVALENCE_DETAILS_TABLE_FIELD_CELL_TEST_ID); export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_TABLE_NAME_CELL = diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts index 90d051aec1b57..e808a3c07a7db 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_preview_panel_rule_preview.ts @@ -9,7 +9,6 @@ import { RULE_PREVIEW_TITLE_TEST_ID, RULE_PREVIEW_RULE_CREATED_BY_TEST_ID, RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID, - RULE_PREVIEW_BODY_TEST_ID, RULE_PREVIEW_ABOUT_HEADER_TEST_ID, RULE_PREVIEW_ABOUT_CONTENT_TEST_ID, RULE_PREVIEW_DEFINITION_HEADER_TEST_ID, @@ -17,46 +16,35 @@ import { RULE_PREVIEW_SCHEDULE_HEADER_TEST_ID, RULE_PREVIEW_SCHEDULE_CONTENT_TEST_ID, RULE_PREVIEW_FOOTER_TEST_ID, + RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID, } from '@kbn/security-solution-plugin/public/flyout/document_details/preview/components/test_ids'; import { getDataTestSubjectSelector } from '../../helpers/common'; -export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SECTION = - getDataTestSubjectSelector('previewSection'); - -export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_HEADER = - getDataTestSubjectSelector('previewSectionHeader'); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_TITLE = getDataTestSubjectSelector( RULE_PREVIEW_TITLE_TEST_ID ); - export const DOCUMENT_DETAILS_FLYOUT_CREATED_BY = getDataTestSubjectSelector( RULE_PREVIEW_RULE_CREATED_BY_TEST_ID ); - export const DOCUMENT_DETAILS_FLYOUT_UPDATED_BY = getDataTestSubjectSelector( RULE_PREVIEW_RULE_UPDATED_BY_TEST_ID ); - -export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_BODY = - getDataTestSubjectSelector(RULE_PREVIEW_BODY_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_HEADER = getDataTestSubjectSelector( RULE_PREVIEW_ABOUT_HEADER_TEST_ID ); export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_ABOUT_SECTION_CONTENT = getDataTestSubjectSelector(RULE_PREVIEW_ABOUT_CONTENT_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_HEADER = getDataTestSubjectSelector(RULE_PREVIEW_DEFINITION_HEADER_TEST_ID); export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_DEFINITION_SECTION_CONTENT = getDataTestSubjectSelector(RULE_PREVIEW_DEFINITION_CONTENT_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_HEADER = getDataTestSubjectSelector(RULE_PREVIEW_SCHEDULE_HEADER_TEST_ID); export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_SCHEDULE_SECTION_CONTENT = getDataTestSubjectSelector(RULE_PREVIEW_SCHEDULE_CONTENT_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER = getDataTestSubjectSelector( RULE_PREVIEW_FOOTER_TEST_ID ); +export const DOCUMENT_DETAILS_FLYOUT_RULE_PREVIEW_FOOTER_LINK = getDataTestSubjectSelector( + RULE_PREVIEW_NAVIGATE_TO_RULE_TEST_ID +); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts index de2a25749d6a9..abf9585e368ec 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts @@ -21,6 +21,8 @@ import { import { COLLAPSE_DETAILS_BUTTON_TEST_ID, EXPAND_DETAILS_BUTTON_TEST_ID, + TITLE_HEADER_TEXT_TEST_ID, + TITLE_LINK_ICON_TEST_ID, } from '@kbn/security-solution-plugin/public/flyout/shared/components/test_ids'; import { getDataTestSubjectSelector } from '../../helpers/common'; @@ -28,8 +30,14 @@ export const DOCUMENT_DETAILS_FLYOUT_BODY = getDataTestSubjectSelector(FLYOUT_BO /* Header */ +export const DOCUMENT_DETAILS_FLYOUT_HEADER_ICON = getDataTestSubjectSelector( + TITLE_LINK_ICON_TEST_ID(FLYOUT_HEADER_TITLE_TEST_ID) +); export const DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE = getDataTestSubjectSelector( - FLYOUT_HEADER_TITLE_TEST_ID + TITLE_HEADER_TEXT_TEST_ID(FLYOUT_HEADER_TITLE_TEST_ID) +); +export const DOCUMENT_DETAILS_FLYOUT_HEADER_LINK_ICON = getDataTestSubjectSelector( + TITLE_LINK_ICON_TEST_ID(FLYOUT_HEADER_TITLE_TEST_ID) ); export const DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON = getDataTestSubjectSelector('euiFlyoutCloseButton'); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts index e53d1af68d455..66549fea944c6 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts @@ -5,11 +5,14 @@ * 2.0. */ -import { JSON_TAB_CONTENT_TEST_ID } from '@kbn/security-solution-plugin/public/flyout/document_details/right/tabs/test_ids'; -import { RIGHT_SECTION_TEST_ID } from '@kbn/expandable-flyout/src/components/test_ids'; +import { + JSON_TAB_CONTENT_TEST_ID, + JSON_TAB_COPY_TO_CLIPBOARD_BUTTON_TEST_ID, +} from '@kbn/security-solution-plugin/public/flyout/document_details/right/tabs/test_ids'; import { getDataTestSubjectSelector } from '../../helpers/common'; -export const DOCUMENT_DETAILS_FLYOUT_RIGHT_PANEL_CONTENT = - getDataTestSubjectSelector(RIGHT_SECTION_TEST_ID); +export const DOCUMENT_DETAILS_FLYOUT_JSON_TAB_COPY_TO_CLIPBOARD_BUTTON = getDataTestSubjectSelector( + JSON_TAB_COPY_TO_CLIPBOARD_BUTTON_TEST_ID +); export const DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT = getDataTestSubjectSelector(JSON_TAB_CONTENT_TEST_ID); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts index 771180e1be13f..18c0bd9029ff6 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts @@ -5,15 +5,9 @@ * 2.0. */ -import { TABLE_TAB_CONTENT_TEST_ID } from '@kbn/security-solution-plugin/public/flyout/document_details/right/tabs/test_ids'; import { getClassSelector, getDataTestSubjectSelector } from '../../helpers/common'; -export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT = - getDataTestSubjectSelector(TABLE_TAB_CONTENT_TEST_ID); - export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER = getClassSelector('euiFieldSearch'); -export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER = - getDataTestSubjectSelector('clearSearchButton'); export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW = getDataTestSubjectSelector( 'event-fields-table-row-@timestamp' ); @@ -22,6 +16,9 @@ export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_CELL = export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW = getDataTestSubjectSelector( 'event-fields-table-row-_id' ); +export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_HOST_OS_BUILD_ROW = getDataTestSubjectSelector( + 'event-fields-table-row-host.os.build' +); const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ACTIONS = 'actionItem-security-detailsFlyout-cellActions-'; export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN = getDataTestSubjectSelector( diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts b/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts index abc08842c2fc6..cf023e4bd9a68 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts @@ -14,7 +14,3 @@ export const openCorrelationsTab = () => { cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON).scrollIntoView(); cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON).should('be.visible').click(); }; - -export const expandCorrelationsSection = (sectionSelector: string) => { - cy.get(`${sectionSelector} button`).should('be.visible').click(); -}; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts b/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts index fe578fd145179..0e87a938d6277 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts @@ -7,7 +7,6 @@ import { DOCUMENT_DETAILS_FLYOUT_BODY } from '../../screens/expandable_flyout/alert_details_right_panel'; import { - DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ADD_TO_TIMELINE, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN, @@ -24,14 +23,6 @@ export const filterTableTabTable = (filterValue: string) => cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER).type(filterValue); }); -/** - * Clear table filter under the Table tab in the alert details expandable flyout right section - */ -export const clearFilterTableTabTable = () => - cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => { - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER).click(); - }); - /** * Filter In action in the first table row under the Table tab in the alert details expandable flyout right section */ @@ -65,11 +56,3 @@ export const toggleColumnTableTabTable = () => { cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_CELL).first().realHover(); cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_TOGGLE_COLUMN).click(); }; - -/** - * Clear filters in the alert page KQL bar - */ -export const clearFilters = () => - cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => { - cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT).first().click(); - }); diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts index 07a91a903536b..4bf71413f8a57 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/login.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/login.ts @@ -12,7 +12,7 @@ import { LoginState } from '@kbn/security-plugin/common/login_state'; import type { SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; import { KNOWN_SERVERLESS_ROLE_DEFINITIONS } from '@kbn/security-solution-plugin/common/test'; import { LOGOUT_URL } from '../urls/navigation'; -import { rootRequest } from './common'; +import { API_HEADERS, rootRequest } from './common'; import { CLOUD_SERVERLESS, ELASTICSEARCH_PASSWORD, @@ -210,7 +210,7 @@ const loginWithUsernameAndPassword = (username: string, password: string): void (provider) => provider.type === 'basic' ); - return rootRequest({ + cy.request({ url: `${baseUrl}/internal/security/login`, method: 'POST', body: { @@ -219,6 +219,7 @@ const loginWithUsernameAndPassword = (username: string, password: string): void currentURL: '/', params: { username, password }, }, + headers: API_HEADERS, }); }); }; diff --git a/x-pack/test/security_solution_cypress/cypress/tsconfig.json b/x-pack/test/security_solution_cypress/cypress/tsconfig.json index ad3ad00e19af6..3e3563fa2e97b 100644 --- a/x-pack/test/security_solution_cypress/cypress/tsconfig.json +++ b/x-pack/test/security_solution_cypress/cypress/tsconfig.json @@ -33,7 +33,6 @@ "@kbn/cases-components", "@kbn/security-solution-plugin", "@kbn/dev-utils", - "@kbn/expandable-flyout", "@kbn/config-schema", "@kbn/lists-plugin", "@kbn/securitysolution-list-constants", diff --git a/x-pack/test/security_solution_endpoint/apps/integrations/artifact_entries_list.ts b/x-pack/test/security_solution_endpoint/apps/integrations/artifact_entries_list.ts index 9fcc87ceffa81..45dbff31170f8 100644 --- a/x-pack/test/security_solution_endpoint/apps/integrations/artifact_entries_list.ts +++ b/x-pack/test/security_solution_endpoint/apps/integrations/artifact_entries_list.ts @@ -52,8 +52,19 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { .set('kbn-xsrf', 'true'); }; + // Several flaky tests from this file in serverless, hence @skipInServerless + // - https://github.com/elastic/kibana/issues?q=is%3Aissue+is%3Aopen+X-pack+endpoint+integrations++artifact+entries+list + // https://github.com/elastic/kibana/issues/171475 + // https://github.com/elastic/kibana/issues/171476 + // https://github.com/elastic/kibana/issues/171477 + // https://github.com/elastic/kibana/issues/171478 + // https://github.com/elastic/kibana/issues/171487 + // https://github.com/elastic/kibana/issues/171488 + // https://github.com/elastic/kibana/issues/171489 + // https://github.com/elastic/kibana/issues/171491 + // https://github.com/elastic/kibana/issues/171492 describe('For each artifact list under management', function () { - targetTags(this, ['@ess', '@serverless']); + targetTags(this, ['@ess', '@serverless', '@skipInServerless']); this.timeout(60_000 * 5); let indexedData: IndexedHostsAndAlertsResponse; @@ -235,7 +246,9 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }; for (const testData of getArtifactsListTestsData()) { - describe(`When on the ${testData.title} entries list`, function () { + // FLAKY: https://github.com/elastic/kibana/issues/171489 + // FLAKY: https://github.com/elastic/kibana/issues/171475 + describe.skip(`When on the ${testData.title} entries list`, function () { beforeEach(async () => { policyInfo = await policyTestResources.createPolicy(); await removeAllArtifacts(); @@ -321,7 +334,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { }); } - describe('Should check artifacts are correctly generated when multiple entries', function () { + // FLAKY: https://github.com/elastic/kibana/issues/171476 + describe.skip('Should check artifacts are correctly generated when multiple entries', function () { let firstPolicy: PolicyTestResourceInfo; let secondPolicy: PolicyTestResourceInfo; diff --git a/x-pack/test/security_solution_endpoint/apps/integrations/trusted_apps_list.ts b/x-pack/test/security_solution_endpoint/apps/integrations/trusted_apps_list.ts index e00dde08d58fb..1d48a415b1577 100644 --- a/x-pack/test/security_solution_endpoint/apps/integrations/trusted_apps_list.ts +++ b/x-pack/test/security_solution_endpoint/apps/integrations/trusted_apps_list.ts @@ -16,7 +16,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { const browser = getService('browser'); const endpointTestResources = getService('endpointTestResources'); - describe('When on the Trusted Apps list', function () { + // FLAKY: https://github.com/elastic/kibana/issues/171481 + describe.skip('When on the Trusted Apps list', function () { targetTags(this, ['@ess', '@serverless']); let indexedData: IndexedHostsAndAlertsResponse; @@ -33,7 +34,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => { await testSubjects.missingOrFail('header-page-title'); }); - it('should be able to add a new trusted app and remove it', async () => { + // FLAKY: https://github.com/elastic/kibana/issues/171481 + it.skip('should be able to add a new trusted app and remove it', async () => { const SHA256 = 'A4370C0CF81686C0B696FA6261c9d3e0d810ae704ab8301839dffd5d5112f476'; // Add it diff --git a/x-pack/test_serverless/functional/test_suites/common/management/data_views/_data_view_create_delete.ts b/x-pack/test_serverless/functional/test_suites/common/management/data_views/_data_view_create_delete.ts index 7d88ca968f0a6..ca7bc4bc55569 100644 --- a/x-pack/test_serverless/functional/test_suites/common/management/data_views/_data_view_create_delete.ts +++ b/x-pack/test_serverless/functional/test_suites/common/management/data_views/_data_view_create_delete.ts @@ -19,6 +19,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const PageObjects = getPageObjects(['settings', 'common', 'header']); describe('creating and deleting default data view', function describeIndexTests() { + // failsOnMKI, see https://github.com/elastic/kibana/issues/171479 + this.tags(['failsOnMKI']); before(async function () { // TODO: emptyKibanaIndex fails in Serverless with // "index_not_found_exception: no such index [.kibana_ingest]", diff --git a/yarn.lock b/yarn.lock index d4c11213d10b8..9c63cd2f60542 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4133,6 +4133,10 @@ version "0.0.0" uid "" +"@kbn/custom-icons@link:packages/kbn-custom-icons": + version "0.0.0" + uid "" + "@kbn/custom-integrations-plugin@link:src/plugins/custom_integrations": version "0.0.0" uid "" @@ -4305,6 +4309,10 @@ version "0.0.0" uid "" +"@kbn/elastic-agent-utils@link:packages/kbn-elastic-agent-utils": + version "0.0.0" + uid "" + "@kbn/elastic-assistant-plugin@link:x-pack/plugins/elastic_assistant": version "0.0.0" uid "" @@ -4857,7 +4865,7 @@ version "0.0.0" uid "" -"@kbn/log-explorer-plugin@link:x-pack/plugins/observability_solution/log_explorer": +"@kbn/log-explorer-plugin@link:x-pack/plugins/log_explorer": version "0.0.0" uid "" @@ -5117,7 +5125,7 @@ version "0.0.0" uid "" -"@kbn/observability-log-explorer-plugin@link:x-pack/plugins/observability_solution/observability_log_explorer": +"@kbn/observability-log-explorer-plugin@link:x-pack/plugins/observability_log_explorer": version "0.0.0" uid "" @@ -5125,7 +5133,7 @@ version "0.0.0" uid "" -"@kbn/observability-plugin@link:x-pack/plugins/observability_solution/observability": +"@kbn/observability-plugin@link:x-pack/plugins/observability": version "0.0.0" uid "" @@ -9541,10 +9549,12 @@ dependencies: "@types/node" "*" -"@types/node@*", "@types/node@18.18.5", "@types/node@>= 8", "@types/node@>=12.12.47", "@types/node@>=13.7.0", "@types/node@>=8.9.0", "@types/node@^10.1.0", "@types/node@^14.0.10 || ^16.0.0", "@types/node@^14.14.20 || ^16.0.0", "@types/node@^18.11.18", "@types/node@^18.17.5": - version "18.18.5" - resolved "https://registry.yarnpkg.com/@types/node/-/node-18.18.5.tgz#afc0fd975df946d6e1add5bbf98264225b212244" - integrity sha512-4slmbtwV59ZxitY4ixUZdy1uRLf9eSIvBWPQxNjhHYWEtn0FryfKpyS2cvADYXTayWdKEIsJengncrVvkI4I6A== +"@types/node@*", "@types/node@20.9.0", "@types/node@>= 8", "@types/node@>=12.12.47", "@types/node@>=13.7.0", "@types/node@>=8.9.0", "@types/node@^10.1.0", "@types/node@^14.0.10 || ^16.0.0", "@types/node@^14.14.20 || ^16.0.0", "@types/node@^18.11.18", "@types/node@^18.17.5": + version "20.9.0" + resolved "https://registry.yarnpkg.com/@types/node/-/node-20.9.0.tgz#bfcdc230583aeb891cf51e73cfdaacdd8deae298" + integrity sha512-nekiGu2NDb1BcVofVcEKMIwzlx4NjHlcjhoxxKBNLtz15Y1z7MYf549DFvkHSId02Ax6kGwWntIBPC3l/JZcmw== + dependencies: + undici-types "~5.26.4" "@types/nodemailer@^6.4.0": version "6.4.0" @@ -17863,13 +17873,13 @@ handle-thing@^2.0.0: resolved "https://registry.yarnpkg.com/handle-thing/-/handle-thing-2.0.0.tgz#0e039695ff50c93fc288557d696f3c1dc6776754" integrity sha512-d4sze1JNC454Wdo2fkuyzCr6aHcbL6PGGuFAz0Li/NcOm1tCHGnWDRmJP85dh9IhQErTc2svWFEX5xHIOo//kQ== -handlebars@4.7.7, handlebars@^4.7.7: - version "4.7.7" - resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1" - integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA== +handlebars@4.7.8, handlebars@^4.7.7: + version "4.7.8" + resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.8.tgz#41c42c18b1be2365439188c77c6afae71c0cd9e9" + integrity sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ== dependencies: minimist "^1.2.5" - neo-async "^2.6.0" + neo-async "^2.6.2" source-map "^0.6.1" wordwrap "^1.0.0" optionalDependencies: @@ -22666,7 +22676,7 @@ negotiator@0.6.3, negotiator@^0.6.2, negotiator@^0.6.3: resolved "https://registry.yarnpkg.com/negotiator/-/negotiator-0.6.3.tgz#58e323a72fedc0d6f9cd4d31fe49f51479590ccd" integrity sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg== -neo-async@^2.5.0, neo-async@^2.6.0, neo-async@^2.6.1, neo-async@^2.6.2: +neo-async@^2.5.0, neo-async@^2.6.1, neo-async@^2.6.2: version "2.6.2" resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f" integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw== @@ -29376,6 +29386,11 @@ unc-path-regex@^0.1.2: resolved "https://registry.yarnpkg.com/unc-path-regex/-/unc-path-regex-0.1.2.tgz#e73dd3d7b0d7c5ed86fbac6b0ae7d8c6a69d50fa" integrity sha1-5z3T17DXxe2G+6xrCufYxqadUPo= +undici-types@~5.26.4: + version "5.26.5" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" + integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== + undici@^5.21.2, undici@^5.22.1: version "5.26.3" resolved "https://registry.yarnpkg.com/undici/-/undici-5.26.3.tgz#ab3527b3d5bb25b12f898dfd22165d472dd71b79"