Skip to content

Commit

Permalink
Merge branch 'main' into pjhampton/rad-update-filterlists
Browse files Browse the repository at this point in the history
  • Loading branch information
kibanamachine authored Oct 16, 2023
2 parents f7267ce + 3cbf42e commit 347f4a9
Show file tree
Hide file tree
Showing 116 changed files with 1,950 additions and 1,044 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 2
parallelism: 4
retry:
automatic:
- exit_status: '*'
Expand Down
2 changes: 1 addition & 1 deletion .buildkite/pipelines/on_merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ steps:
queue: n2-4-spot
depends_on: build
timeout_in_minutes: 60
parallelism: 2
parallelism: 4
retry:
automatic:
- exit_status: '*'
Expand Down
17 changes: 9 additions & 8 deletions .buildkite/pipelines/quality-gates/pipeline.tests-qa.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,15 @@ steps:
EC_ENV: qa
EC_REGION: aws-eu-west-1
message: "${BUILDKITE_MESSAGE} (triggered by pipeline.tests-qa.yaml)"

- label: ":pipeline::female-detective::seedling: Trigger Security Solution quality gate script"
trigger: security-serverless-quality-gate # https://buildkite.com/elastic/security-serverless-quality-gate
soft_fail: true # Remove this when tests are fixed
build:
env:
ENVIRONMENT: ${ENVIRONMENT}
message: "${BUILDKITE_MESSAGE} (triggered by pipeline.tests-qa.yaml)"

# TODO: Uncomment this code when the integration is ready.
# - label: ":pipeline::female-detective::seedling: Trigger Security Solution quality gate script"
# trigger: security-serverless-quality-gate # https://buildkite.com/elastic/security-serverless-quality-gate
# soft_fail: true # Remove this when tests are fixed
# build:
# env:
# ENVIRONMENT: ${ENVIRONMENT}
# message: "${BUILDKITE_MESSAGE} (triggered by pipeline.tests-qa.yaml)"

- label: ":pipeline::ship::seedling: Trigger Fleet serverless smoke tests for ${ENVIRONMENT}"
trigger: fleet-smoke-tests # https://buildkite.com/elastic/fleet-smoke-tests
Expand Down
2 changes: 2 additions & 0 deletions .eslintrc.js
Original file line number Diff line number Diff line change
Expand Up @@ -924,6 +924,8 @@ module.exports = {
],
rules: {
'@kbn/telemetry/event_generating_elements_should_be_instrumented': 'error',
'@kbn/i18n/strings_should_be_translated_with_i18n': 'warn',
'@kbn/i18n/strings_should_be_translated_with_formatted_message': 'warn',
},
},
{
Expand Down
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,7 @@ src/plugins/es_ui_shared @elastic/platform-deployment-management
packages/kbn-eslint-config @elastic/kibana-operations
packages/kbn-eslint-plugin-disable @elastic/kibana-operations
packages/kbn-eslint-plugin-eslint @elastic/kibana-operations
packages/kbn-eslint-plugin-i18n @elastic/actionable-observability
packages/kbn-eslint-plugin-imports @elastic/kibana-operations
packages/kbn-eslint-plugin-telemetry @elastic/actionable-observability
x-pack/test/encrypted_saved_objects_api_integration/plugins/api_consumer_plugin @elastic/kibana-security
Expand Down
17 changes: 14 additions & 3 deletions config/serverless.oblt.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,21 @@ xpack.apm.serverlessOnboarding: true

# Fleet specific configuration
xpack.fleet.internal.registry.capabilities: ['apm', 'observability']
xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false
xpack.fleet.internal.registry.spec.max: '3.0'
# Disabled until packages implement the new spec https://github.com/elastic/kibana/issues/166742
# xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false
# xpack.fleet.internal.registry.spec.min: '3.0'
# Temporary until all packages implement new spec https://github.com/elastic/kibana/issues/166742
xpack.fleet.internal.registry.spec.min: '1.0'
xpack.fleet.internal.registry.excludePackages: [
# Security integrations
'endpoint',
'beaconing',
'osquery_manager',
# Removed in 8.11 integrations
'cisco',
'microsoft',
'symantec',
'cyberark',
]

## Required for force installation of APM Package
xpack.fleet.packages:
Expand Down
16 changes: 13 additions & 3 deletions config/serverless.security.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,19 @@ telemetry.labels.serverless: security
# Fleet specific configuration
xpack.fleet.internal.registry.capabilities: ['security']
xpack.fleet.internal.registry.spec.max: '3.0'
# Disabled until packages implement the new spec https://github.com/elastic/kibana/issues/166742
# xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false
# xpack.fleet.internal.registry.spec.min: '3.0'
xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false
# Temporary until all packages implement new spec https://github.com/elastic/kibana/issues/166742
xpack.fleet.internal.registry.spec.min: '1.0'
xpack.fleet.internal.registry.excludePackages: [
# Oblt integrations
'apm',
'synthetics',
# Removed in 8.11 integrations
'cisco',
'microsoft',
'symantec',
'cyberark',
]

xpack.ml.ad.enabled: true
xpack.ml.dfa.enabled: true
Expand Down
35 changes: 1 addition & 34 deletions docs/action-type-template.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -28,42 +28,9 @@ List of user-facing connector configurations. This should align with the fields
Property1:: A short description of this property.
Property2:: A short description of this property with format hints. This can be specified in `this specific format`.

[float]
[[preconfigured-<ACTION-TYPE>-configuration]]
=== Create preconfigured connectors

If you are running {kib} on-prem, you can define connectors by
adding `xpack.actions.preconfigured` settings to your `kibana.yml` file.
For example:

////
Example preconfigured format for this connector type
////

[source,text]
--
xpack.actions.preconfigured:
my-<ACTION-TYPE>:
name: preconfigured-<ACTION-TYPE>-connector-type
actionTypeId: .<ACTION-TYPE>
config:
property1: value1
property2: value2
secrets:
property3: value3
--

////
List of properties from the ConfigSchema and SecretsSchema for this action type.
Add preconfigured settings for this connector type in alert-action-settings.asciidoc and an example in pre-configured-connectors.asciidoc.
////
Config defines information for the connector type.

`property1`:: A short description of this property.
`property2`:: A short descriptionn of this property.

Secrets defines sensitive information for the connector type.

`property3`:: A short descriptionn of this property.

[float]
[[<ACTION-TYPE>-action-configuration]]
Expand Down
4 changes: 2 additions & 2 deletions docs/management/action-types.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ Connectors provide a central place to store connection information for services
[cols="2"]
|===

a| <<bedrock-action-type,AWS Bedrock>>
a| <<bedrock-action-type,{bedrock}>>

| Send a request to AWS Bedrock.
| Send a request to {bedrock}.

a| <<d3security-action-type,D3 Security>>

Expand Down
9 changes: 6 additions & 3 deletions docs/management/cases/add-connectors.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
[[add-case-connectors]]
== Add connectors

preview::[]
:frontmatter-description: Configure connectors to push case details to external incident management systems.
:frontmatter-tags-products: [kibana]
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

You can add connectors to cases to push information to these external incident
management systems:
Expand All @@ -24,7 +27,7 @@ You can create connectors in *{stack-manage-app} > {connectors-ui}*,
as described in <<action-types>>. Alternatively, you can create them in
*{stack-manage-app} > Cases*:

. Click *Edit external connection*.
. Click *Settings*.
+
--
[role="screenshot"]
Expand All @@ -50,7 +53,7 @@ configuration details.
You can create additional connectors, update existing connectors, change
the default connector, and change case closure options.

. Go to *{stack-manage-app} > Cases*, click *Edit external connection*.
. Go to *{stack-manage-app} > Cases* and click *Settings*.

. To change whether cases are automatically closed after they are sent to an
external system, update the case closure options.
Expand Down
6 changes: 4 additions & 2 deletions docs/management/cases/cases.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
[[cases]]
== Cases

preview::[]
:frontmatter-description: Open and track issues in {kib} cases.
:frontmatter-tags-products: [kibana]
:frontmatter-tags-content-type: [overview]
:frontmatter-tags-user-goals: [analyze]

Cases are used to open and track issues directly in {kib}. You can add
assignees and tags to your cases, set their severity and status, and add alerts,
Expand Down
Binary file modified docs/management/cases/images/cases-connectors.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/management/cases/images/cases-files.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/management/cases/images/cases-visualization.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/management/cases/images/cases.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 0 additions & 2 deletions docs/management/cases/manage-cases.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [analyze]

preview::[]

[[open-case]]
=== Open a new case

Expand Down
5 changes: 4 additions & 1 deletion docs/management/cases/setup-cases.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
[[setup-cases]]
== Configure access to cases

preview::[]
:frontmatter-description: Learn about the {kib} feature privileges required to access cases.
:frontmatter-tags-products: [kibana]
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

To access cases in *{stack-manage-app}*, you must have the appropriate {kib}
privileges:
Expand Down
24 changes: 12 additions & 12 deletions docs/management/connectors/action-types/bedrock.asciidoc
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
[[bedrock-action-type]]
== AWS Bedrock connector and action
== {bedrock} connector and action
++++
<titleabbrev>AWS Bedrock</titleabbrev>
<titleabbrev>{bedrock}</titleabbrev>
++++
:frontmatter-description: Add a connector that can send requests to AWS Bedrock.
:frontmatter-description: Add a connector that can send requests to {bedrock}.
:frontmatter-tags-products: [kibana]
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]


The AWS Bedrock connector uses https://github.com/axios/axios[axios] to send a POST request to AWS Bedrock. The connector uses the <<execute-connector-api,run connector API>> to send the request.
The {bedrock} connector uses https://github.com/axios/axios[axios] to send a POST request to {bedrock}. The connector uses the <<execute-connector-api,run connector API>> to send the request.

[float]
[[define-bedrock-ui]]
Expand All @@ -19,18 +19,18 @@ You can create connectors in *{stack-manage-app} > {connectors-ui}*. For exampl

[role="screenshot"]
// TODO: need logo before screenshot
image::management/connectors/images/bedrock-connector.png[AWS Bedrock connector]
image::management/connectors/images/bedrock-connector.png[{bedrock} connector]

[float]
[[bedrock-connector-configuration]]
==== Connector configuration

AWS Bedrock connectors have the following configuration properties:
{bedrock} connectors have the following configuration properties:

Name:: The name of the connector.
API URL:: The AWS Bedrock request URL.
Default model:: The GAI model for AWS Bedrock to use. Current support is for the Anthropic Claude models, defaulting to Claude 2. The model can be set on a per request basis by including a "model" parameter alongside the request body.
Region:: The AWS Bedrock request URL.
API URL:: The {bedrock} request URL.
Default model:: The GAI model for {bedrock} to use. Current support is for the Anthropic Claude models, defaulting to Claude 2. The model can be set on a per request basis by including a "model" parameter alongside the request body.
Region:: The {bedrock} request URL.
Access Key:: The AWS access key for authentication.
Secret:: The secret for authentication.

Expand All @@ -43,11 +43,11 @@ as you're creating or editing the connector in {kib}. For example:

[role="screenshot"]
// TODO: need logo before screenshot
image::management/connectors/images/bedrock-params.png[AWS Bedrock params test]
image::management/connectors/images/bedrock-params.png[{bedrock} params test]

The AWS Bedrock actions have the following configuration properties.
The {bedrock} actions have the following configuration properties.

Body:: A stringified JSON payload sent to the AWS Bedrock Invoke Model API URL. For example:
Body:: A stringified JSON payload sent to the {bedrock} Invoke Model API URL. For example:
+
[source,text]
--
Expand Down
32 changes: 31 additions & 1 deletion docs/management/connectors/pre-configured-connectors.asciidoc
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
[[pre-configured-connectors]]
== Preconfigured connectors
:frontmatter-description: Define connectors in the {kib} configuration file.
:frontmatter-tags-products: [kibana]
:frontmatter-tags-content-type: [how-to]
:frontmatter-tags-user-goals: [configure]

If you are running {kib} on-prem, you can preconfigure a connector to have all
the information it needs prior to startup by adding it to the `kibana.yml` file.
Expand All @@ -20,6 +24,7 @@ predefined, including the connector name and ID.

Add `xpack.actions.preconfigured` settings to your `kibana.yml` file. The
settings vary depending on which type of connector you're adding.
Refer to <<preconfigured-connector-settings>>.

This example shows a valid configuration for a Slack connector and a Webhook
connector:
Expand Down Expand Up @@ -107,6 +112,7 @@ Index names must start with `kibana-alert-history-` to take advantage of the pre
[[preconfigured-connector-examples]]
=== Examples

* <<preconfigured-bedrock-configuration>>
* <<preconfigured-d3security-configuration>>
* <<preconfigured-email-configuration>>
* <<preconfigured-gen-ai-configuration>>
Expand All @@ -128,6 +134,30 @@ Index names must start with `kibana-alert-history-` to take advantage of the pre
* <<preconfigured-cases-webhook-configuration>>
* <<preconfigured-xmatters-configuration>>

[float]
[[preconfigured-bedrock-configuration]]
==== {bedrock} connectors

The following example creates an <<bedrock-action-type,{bedrock} connector>>:

[source,text]
--
xpack.actions.preconfigured:
my-bedrock:
name: preconfigured-bedrock-connector-type
actionTypeId: .bedrock
config:
apiUrl: https://bedrock.us-east-1.amazonaws.com <1>
defaultModel: anthropic.claude-v2 <2>
secrets:
accessKey: key-value <3>
secret: secret-value <4>
--
<1> The {bedrock} request URL.
<2> The default model to use for requests. Current support is for the Anthropic Claude models, defaulting to Claude 2.
<3> The AWS access key for authentication.
<4> The AWS secret for authentication.

[float]
[[preconfigured-d3security-configuration]]
==== D3 Security connectors
Expand Down Expand Up @@ -302,7 +332,7 @@ xpack.actions.preconfigured:
secrets:
apiKey: superlongapikey <4>
--
<1> The OpenAI request URL
<1> The OpenAI request URL.
<2> The OpenAI API provider, either `OpenAI` or `Azure OpenAI`.
<3> The default model to use for requests. This setting is optional and applicable only when `apiProvider` is `OpenAI`.
<4> The OpenAI or Azure OpenAI API key for authentication.
Expand Down
14 changes: 13 additions & 1 deletion docs/settings/alert-action-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,7 @@ For a <<openai-action-type,OpenAI connector>>, specifies the OpenAI API provider
A configuration URL that varies by connector:
+
--
* For an <<bedrock-action-type,{bedrock} connector>>, specifies the {bedrock} request URL.
* For a <<openai-action-type,OpenAI connector>>, specifies the OpenAI request URL.
* For a <<resilient-action-type,{ibm-r} connector>>, specifies the {ibm-r} instance URL.
* For a <<jira-action-type,Jira connector>>, specifies the Jira instance URL.
Expand Down Expand Up @@ -327,7 +328,12 @@ NOTE: If you are using the `xpack.actions.allowedHosts` setting, make sure the h
For a <<cases-webhook-action-type,{webhook-cm} connector>>, specifies a string from the response body of the create case method that corresponds to the external service identifier.

`xpack.actions.preconfigured.<connector-id>.config.defaultModel`::
For a <<openai-action-type,OpenAI connector>>, specifies the default model to use for requests. It is optional and applicable only when `xpack.actions.preconfigured.<connector-id>.config.apiProvider` is `OpenAI`.
The default model to use for requests, which varies by connector:
+
--
* For an <<bedrock-action-type,{bedrock} connector>>, current support is for the Anthropic Claude models. Defaults to `anthropic.claude-v2`.
* For a <<openai-action-type,OpenAI connector>>, it is optional and applicable only when `xpack.actions.preconfigured.<connector-id>.config.apiProvider` is `OpenAI`.
--

`xpack.actions.preconfigured.<connector-id>.config.executionTimeField`::
For an <<index-action-type,index connector>>, a field that indicates when the document was indexed.
Expand Down Expand Up @@ -463,6 +469,9 @@ Sensitive configuration details, such as username, password, and keys, which are
+
TIP: Sensitive properties, such as passwords, should be stored in the <<creating-keystore,{kib} keystore>>.

`xpack.actions.preconfigured.<connector-id>.secrets.accessKey`::
For an <<bedrock-action-type,{bedrock} connector>>, specifies the AWS access key for authentication.

`xpack.actions.preconfigured.<connector-id>.secrets.apikey`::
An API key secret that varies by connector:
+
Expand Down Expand Up @@ -517,6 +526,9 @@ For a <<servicenow-action-type,{sn-itsm}>>, <<servicenow-sir-action-type,{sn-sir
`xpack.actions.preconfigured.<connector-id>.secrets.routingKey`::
For a <<pagerduty-action-type,PagerDuty connector>>, specifies the 32 character PagerDuty Integration Key for an integration on a service, also referred to as the routing key.

`xpack.actions.preconfigured.<connector-id>.secrets.secret`::
For an <<bedrock-action-type,{bedrock} connector>>, specifies the AWS secret for authentication.

`xpack.actions.preconfigured.<connector-id>.secrets.secretsUrl`::
For an <<xmatters-action-type,xMatters connector>> with URL authentication, specifies the request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL.
It is used only when `xpack.actions.preconfigured.<connector-id>.config.usesBasic` is `false`.
Expand Down
Loading

0 comments on commit 347f4a9

Please sign in to comment.