[Security][Investigations][Timeline tabs reorg] #8
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixed bugs: - mixing concepts of LangChain `llmType` and streaming `actionTypeId` for streaming purposes; - selecting inline connector didn't affect immediately settings level connector select; - override on change conversation connector `apiConfig` `provider` and `model` values when connector doesn't have it; --------- Co-authored-by: kibanamachine <[email protected]>
…y. (elastic#179590) Improved the number of request for clear conversation functionality.
…grams (elastic#176881) towards: elastic/response-ops-team#151 ## Summary As we've found the elasticsearch histogram mapping type to be difficult to use in practice, we're switching to an "array of numbers" approach - keeping the histograms for now. We'll eventually remove the histograms, once we ensure they aren't being used.
…tension points (elastic#179577) ## Summary - Removes the capture of `Error.stack` when registering new Lists server-side extension points. Calls to `Error.stack` are costly and was contributing to kibana Plugin start up time - Fixes elastic#179405 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary Part of documentation updates required for elastic/kibana-team#720 * Removes outdated info about Angular directives * Remove outdated info about the original CSV export type * Add explanation of what an Export Type is * More detail about the job parameters for each export type * Add tips to debug using POST URLs
## Summary Closes elastic#176113 --------- Co-authored-by: Sébastien Loix <[email protected]>
…nvert to object in storage. (elastic#179722) ## Summary Summarize your PR. If it involves visual changes include a screenshot or gif. ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
`v93.5.1` ⏩ `v93.5.2` --- ## [`v93.5.2`](https://github.com/elastic/eui/releases/v93.5.2) **Dependency updates** - Updated `react-virtualized-auto-sizer` to 1.0.24 ([elastic#7598](elastic/eui#7598)) - Updated `react-window` to 1.8.10 ([elastic#7600](elastic/eui#7600)) **CSS-in-JS conversions** - Updated EUI's internal style memoization/performance utility to have configurable error/warning levels via `setEuiDevProviderWarning` ([elastic#7626](elastic/eui#7626))
## Summary Re-enables test skipped between March 29 and April 1 due to a problem (not fixed) with the Fleet Server docker image, which caused tests to fail with: ``` info [cy.dfw] 0 attempts of creating endpoint host failed, reason for the last failure was Error: Command failed with exit code 1: multipass exec test-host-3626 -- sudo ./elastic-agent-8.14.0-SNAPSHOT-linux-arm64/elastic-agent install --insecure --force --url https://192.168.64.1:8220 --enrollment-token .... {"log.level":"error","@timestamp":"2024-04-01T08:46:59.930-0400","log.origin":{"file.name":"remote/client.go","file.line":243},"message":"fleet requested a different api version \"2023-06-01\" but this is currently not implemented","http.request.id":"01HTCV5Q86GKT1KW682V7FH3MQ","ecs.version":"1.6.0"} ``` Issues (skipped tests) fixed with this PR: - fixes elastic#168340 - fixes elastic#168284 - fixes elastic#169958 - fixes elastic#170373 - fixes elastic#170424 - fixes elastic#170563 - fixes elastic#172326 - fixes elastic#179744
…elds that do not support matches that use wildcards (elastic#178688) ## Summary - [x] Fixes a bug where the Trusted Apps `Hash` and `Signature` field show a warning message telling the user to switch to the `matches` operator if they use a wildcard (* or ?) in the value. These two fields do not support `matches` so we are instead showing a different warning message notifying them of this. - [x] Unit Tests NOTE: will be merged after v8.13.0 release # Screenshots  
Co-authored-by: David Kilfoyle <[email protected]>
…nvironments (elastic#179639) ## Summary In this PR we are skipping **JUST** in MKI the tests that are failing in that type of projects.
## Summary A system action is an action that triggers Kibana workflows—for example, creating a case, running an OsQuery, running an ML job, or logging. In this PR: - Enable rule routes to accept system actions. The schema of the action is not changed. The framework deducts which action is a system action automatically. System actions do not accept properties like the `notifyWhen` or `group`. - Enable rule client methods to accept system actions. The methods accept a new property called `systemActions`. The methods merge the actions with the system actions before persisting the rule to ES. The methods split the actions from the system actions and return two arrays, `actions` and `systemActions`. - Introduce connector adapters: a way to transform the action params to the corresponding connector params. - Allow the execution of system actions. Only alert summaries are supported. Users cannot control the execution of system actions. - Register an example system action. - Change the UI to handle system action. All configuration regarding execution like "Run when" is hidden for system actions. Users cannot select the same system action twice. Closes elastic#160367 This PR merges the system actions framework, a culmination of several issues merged to the `system_actions_mvp` feature branch over the past several months. ## Testing A system action with ID `system-connector-.system-log-example` will be available to be used by the APIs and the UI if you start Kibana with `--run-examples`. Please ensure the following: - You can create and update rules with actions and system actions. - A rule with actions and system actions is executed as expected. - Entries about the system action execution are added to the event log as expected. - Existing rules with actions work without issues (BWC). - You can perform bulk actions in the rules table to rules with actions and system actions. - License restrictions are respected. - Permission restrictions are respected. - Disabled system actions cannot be used. - Users cannot specify how the system action will run in the UI and the API. ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) --------- Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Julia <[email protected]> Co-authored-by: Zacqary Xeper <[email protected]> Co-authored-by: Zacqary Adam Xeper <[email protected]> Co-authored-by: Ying Mao <[email protected]> Co-authored-by: Xavier Mouligneau <[email protected]>
## Summary After packaging the ES|QL grammar stuff the `git add` didn't change accordingly for the new path, hence the error. This PR fixes it.
…ore/index_status requests (elastic#179510) ## Summary The Entity Analytics Dashboard page called the `/risk_score/index_status` API many times, which led to a very long loading time. I wrapped all API calls inside `useEntityAnalyticsRoute` with `useMemo` to quick-fix the multiple unnecessary HTTP calls. ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
## Summary This PR fixes custom empty page layout in Threat Intelligence page, and also optimizes some of the loading that happens during the init phase (integrations retrieval). **Before**  Broken api calls made:  **After**  ### Checklist
Fixes broken copy instructions and updates links
## Summary Upgrades development dependency `webpack-dev-middleware` from v5.3.3 to v5.3.4.
elastic#179718) Resolves elastic#179195 ## Summary Adds an `aria-label` for the AI Assistant for Observability button.
elastic#179720) Resolves elastic#176963 ## Summary Adds an aria-label for the AI Assistant for Observability flyout.
## Summary Closes elastic#179592 The UI calls the semver version check functions on every keystroke, it seems the semver functions throw error if the input is not a valid semver (e.g. `8.14` instead of `8.14.0`). Added try-catch around the logic which is called from the UI. To verify: - run a stack 8.14.0-SNAPSHOT with fleet-server - enroll an agent with version 8.13.0 - upgrade agent, type in `8.14` - verify that the UI error is no longer visible - the submit button should only be enabled if typing a valid semver e.g. `8.14.0` <img width="1139" alt="image" src="https://github.com/elastic/kibana/assets/90178898/756e1995-f16b-4689-af19-5ffcdb57b18e"> <img width="829" alt="image" src="https://github.com/elastic/kibana/assets/90178898/1dd7ea6f-5686-4163-b367-850563abc336"> ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary The following PR needs to be merged first: elastic#178701 This fixes elastic#174764 (comment) and elastic#179030 **To reproduce:** Add whatever filter in the Threat Intelligence (via table filter in), then click it (in the top bar) - filter edit popover is not filled in with data. On Alerts page though, it is filled in correctly - and it should look like that on TI: 
## Summary Fix elastic#179258 Change the version compatibility and mapping generation (`checkVersionCompatibility` and `generateAdditiveMappingDiff`) of the ZDT migration algorithm to support the scenario were root fields are added (adding new fields to our base mappings)
…inelOne to support Sub-Action new `UnsecuredActionsClient` (elastic#179388) ## Summary Changes are in support of Bi-Directional response actions and includes: - `EndpointAppContextService.getInternalResponseActionsClient()` now supports retrieving clients for non-endpoint EDR systems (ex. SentinelOne) - Refactored SentinelOne Response Actions Client and pulled logic around using the Connector into its own class. This new class allows it to normalize the use of connectors regardless of the Action plugin service being used (`ActionClient` or `IUnsecuredActionsClient`) - `CompleteExternalActionsTaskRunner` was adjust to ignore errors for `agentType`'s that are not configured in the system (don't log useless errors) - The `run_sentinelone_host.js` script was enhanced to **not** create multiple VMs running SentinelOne agent on them if one is already running. A new CLI argument - `forceNewS1Host` - was also added to by pass this behaviour and allow for a VM to always be created ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary Assertions were failing on [serverless](https://buildkite.com/elastic/appex-qa-serverless-kibana-ftr-tests/builds/1339). So use helper methods to print out more info in case of failure.
…lastic#176064) ## Fixes below issues - elastic/security-team#8726 - elastic/security-team#7234 ## Details ### Objective The objective of this PR is to implement basic unified data table replacing the current timeline table. It is intended to behave exactly like discover table. Below are the functionalities of the timeline table that are out of scope of this PR and will be included in the follow up PR. |Before|After| |---|---| |<video src="https://github.com/elastic/kibana/assets/7485038/fd8e4a42-06ed-4705-96cf-3ed0a22caa46" />|<video src="https://github.com/elastic/kibana/assets/7485038/d248856f-dcc0-4d5b-a710-b1218a4898f5" />| This feature can be enabled with below feature flag: ```yaml xpack.securitySolution.enableExperimental: - unifiedComponentsInTimelineEnabled ``` ### Out of scope functionalities - Row Renderers - elastic/security-team#8728 - Notes / Pinned Events / Analyzer / Session View Link - elastic/security-team#8727 - Drag / Drop from table --> data providers. - Telemetry ### Desk Testing Guide Below are some areas which have changes and would warrant some desk testing. One pre-requisite is to enable feature flag `unifiedComponentsInTimelineEnabled` which will replace traditional timeline table with the new unified timeline table. 1. **Pagination** - If total number of events are > sample size ( default 500 ), table footer on last page should display the notification so that user can `Load More` on-demand. - Page changes should be instant, because it is just client-side pagination where we download multiple pages ( 500 events ) at once. 3. **Flyouts** - Event Detail ( Open / Close ) - should be new Expandable flyout - Host / User / IP details flyout ( Open / Close) 4. Unified List - Add column by dragging & by clicking ⨁ control. - Remove columns by clicking on column header & by clicking on ❌ control 3. Full screen mode 6. Last updated date 7. Columns Order - Change columns order from table controls 8. Sort Order - timestamp - Any number column - Any string column 9. Column Actions - Move Right/Left - Sort Asc/Desc - Copy Column and Column Name - Edit Data View Field with custom label 8. Table Control - Display Options - <img width="517" alt="image" src="https://github.com/elastic/kibana/assets/7485038/efd4514a-20f1-4461-8686-78366bc9a611"> - Try different row heights and Sample sizes. ## Current Observations of Unified table vis-a-vis discover UI + Issues - [ ] Discover has custom UI on toolbar visibility when compared to vanilla unified data table - [x] Full screen behaviour of unified data table - [x] column width calculation is not automatic. - [x] Unsaved Timeline - [x] Saved Timeline - [x] Host/Network Flyout is not opening when timeline is not saved - [x] Flyout is not closing after it has been opened - [ ] Row highlighting for building block -> Will be covered with Actions Column - [x] Additional Controls - [x] Row Renderer Selection - [x] Last updated Date - [x] Full Screen - [ ] Table controls tab order - [ ] Refactor singleton ActiveTimeline class ( Inform @PhilippeOberti ) - [ ] Total Count not visible ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Jatin Kathuria <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
closes elastic#178843 ## 📝 Summary This PR adds actions to the integration section in the dataset quality flyout. These actions navigate to different integration-related pages. The Dashboards action is only visible if the integration does have dashboard assets installed, otherwise its hidden. ## 🎥 Demo https://github.com/elastic/kibana/assets/11225826/91c417e6-be7d-45eb-91dc-2f5b29e7aeb5 --------- Co-authored-by: kibanamachine <[email protected]>
…re decorative and should be removed from the accessibility tree (elastic#179805) Closes: elastic/security-team#8989 ## Description The Add integration prompt has a number of images that are decorative, but have alt text added. This could be confusing to screen reader users because the images do not provide additional context or information. Let's update them to have `alt=""` attributes so the images are removed from the accessibility tree. Screenshot attached below. ### Steps to recreate 1. Create a new Security Serverless project if none exist 2. When the project is ready, open it and go to Integrations, under the Project Settings in the lower left navigation 3. Search for DynamoDB in the Integrations, and click on the card 4. From the DynamoDB detail view, click "Add Amazon DynamoDB" 5. When the "Ready to add your first integration?" view loads, open Dev Tools and verify the images highlighted have alt text. ### What was done? 1. _role="presentation"_ was set to image container 2. removed extra `alt`'s attributes
michaelolo24
pushed a commit
that referenced
this pull request
Sep 17, 2024
fixes [#8](elastic/observability-accessibility#8) fixes [#7](elastic/observability-accessibility#7) ## Summary Fixes APM breadcrumbs on serverless | Serverless | Stateful | |---|---| | <img width="700px" alt="image" src="https://github.com/user-attachments/assets/944a7d58-7de3-4a7f-be02-3c8c1110a0e2"> |<img width="800px" alt="image" src="https://github.com/user-attachments/assets/450664b1-ddfc-4395-9fa3-a7b941affb3b">| |<img width="500px" alt="image" src="https://github.com/user-attachments/assets/944a7d58-7de3-4a7f-be02-3c8c1110a0e2"> |<img width="500px" alt="image" src="https://github.com/user-attachments/assets/450664b1-ddfc-4395-9fa3-a7b941affb3b">| | <img width="500px" alt="image" src="https://github.com/user-attachments/assets/944a7d58-7de3-4a7f-be02-3c8c1110a0e2"> |<img width="500px" alt="image" src="https://github.com/user-attachments/assets/cb8a39e2-ca33-4cf9-a8ac-4c84566d092d">| |<img width="500px" alt="image" src="https://github.com/user-attachments/assets/151a3a9c-c81e-4558-9d00-e695e3d1d79c">|<img width="500px" alt="image" src="https://github.com/user-attachments/assets/2562e96f-d5e4-4aa4-a221-6721f8995883">| |<img width="500px" alt="image" src="https://github.com/user-attachments/assets/8d877d11-8c3f-4ac5-8146-6a11125eae7c">|<img width="500px" alt="image" src="https://github.com/user-attachments/assets/36e588cb-4c18-4d66-a2c6-f0e66392f708">| |<img width="500px" alt="image" src="https://github.com/user-attachments/assets/14253196-06de-4343-811f-61aa31ea0d1e">|<img width="500px" alt="image" src="https://github.com/user-attachments/assets/0cdfc83f-6545-433f-8c14-5bbf2a581175">| |<img width="500px" alt="image" src="https://github.com/user-attachments/assets/89a58e2b-2cef-4188-b2be-f359ba6890db">|<img width="500px" alt="image" src="https://github.com/user-attachments/assets/f15e767f-5b60-4485-ac71-7b6fd850ec50">| |<img width="500px" alt="image" src="https://github.com/user-attachments/assets/a0f7bfae-bfda-4f49-b92a-e736d80fea4c">|<img width="500px" alt="image" src="https://github.com/user-attachments/assets/680db8ab-58b8-454b-a0d7-6e1681dbe616">| ### How to test #### Serverless - Start a local ES serverless instance: `yarn es serverless --projectType=oblt --ssl -k/--insecure` - Start a local Kibana serverless instance: ` yarn start --serverless=oblt --no-ssl` - Run some synthtrace scenarios - `NODE_TLS_REJECT_UNAUTHORIZED=0 node scripts/synthtrace mobile.ts --live --target=https://elastic_serverless:[email protected]:9200 --kibana=http://elastic_serverless:[email protected]:5601` - `NODE_TLS_REJECT_UNAUTHORIZED=0 node scripts/synthtrace service_map.ts --live --target=https://elastic_serverless:[email protected]:9200 --kibana=http://elastic_serverless:[email protected]:5601` - Navigate to Applications and click through the links ### Stateful - Start a local ES and Kibana instance - Run the some synthtrace scenarios: - `node scripts/synthtrace mobile.ts --live` - `node scripts/synthtrace service_map.ts --live` - Navigate to Applications and click through the links --------- Co-authored-by: kibanamachine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR has no functional changes, but re-organizes the timeline tabs and pulls out shared ux components, types, and utils.
In the future we'll want to move from the
connectorpattern touseSelector, but making that change in this PR would've made it that much largerMoving tab folders into a sub_folder: 89fa2d8
Pulling out shared components: c6eecdb
Checklist
Delete any items that are not applicable to this PR.
Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.
When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:
For maintainers