Keep vis config esql #36
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…private", a duplicate "private" entry gets created and the global entry remains unchanged (elastic#197157) (elastic#197516) ## Summary Original ticket describing the BUG: elastic#197157 These changes fix two issues: 1. Updating an entry from Global to Private duplicates it. After discussing with the team we decided that this is an expected behaviour and we would add a modal dialog which warns users about it. See more details here elastic#197157 (comment) 2. Editing Private entry and switching the sharing option twice from Private => Global => Private causes the issue where we would treat selected entry as a new one and thus calling "create entry" instead of "update". ### Steps to reproduce second issue: * Edit private entry * Update entry's name * Switch sharing option to Global * Switch sharing option back to Private * Save the entry **Current behaviour**: a new private entry is created **Expected behaviour**: existing private entry is updated ### Screen recording of the fixed first issue https://github.com/user-attachments/assets/e11e14bd-c557-401e-a23f-e01ac7aedf30 ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
…oped Queries (elastic#194777) ## Summary Issue: elastic/sdh-kibana#4923 Fixes maintenance window scoped query using wildcards by injecting the `analyze_wildcard` property to the DSL used to determine which alerts should be associated with the maintenance window. Also fixes the update route to correctly take into account the user's `allowLeadingWildcard` flag. It was implemented for the create route but not the update route. Fixes: elastic#194763 ### To test: 1. Install sample data:  2. Create a maintenance window with the following scoped query:  3. Create a ES query rule and trigger actions:  4. Assert the `maintenance_window_id` on the 4 alerts are set  ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios) --------- Co-authored-by: Elastic Machine <[email protected]>
…page in new tab (elastic#196763) ## Summary Currently when user clicks on Popout icon on Misconfiguration or Vulnerabilities Contextual flyout, user gets redirected to Findings page but in the same tab. Popout Icon implies that it should navigate user to other page on separate Tabs as such the current behaviour is not right. This PR addresses that issue --------- Co-authored-by: kibanamachine <[email protected]>
This PR updates the function definitions and inline docs based on the latest metadata from Elasticsearch.
…c#190113) ## Summary This PR removes index pattern field from the sourcerer model, replacing it with direct access to data view spec. The end goal for the sourcerer is to just utilize platform wide Data View Types, instead of some custom abstractions / containers such as indexPattern field which is effectively a DataViewSpec, just packed up differently.
…selected (elastic#197825) Closes elastic/observability-dev#4065 🔒 Fixes an issue when search bar is not visible unless a category is selected. 
…elastic#196112) Closes elastic#177208 ## Summary Problem: - the metrics collected in telemetry for alerts don't count the total number of alerts on a case correctly. Solution: - added new aggregation function: getUniqueAlertCommentsCountQuery, which is now responsible for defining the cardinality aggregation for counting unique alert comments by alertId. - in the aggs section of the savedObjectsClient.find, the new cardinality aggregation query was added - the total number of alerts is updated to be the result extracted from the new aggregation Example:  - in the telemetry object, we have the following info: <img width="331" alt="Screenshot 2024-10-22 at 15 21 40" src="https://github.com/user-attachments/assets/6419e72d-84b4-4068-a741-6e32c6e966f7"> --------- Co-authored-by: Antonio <[email protected]>
…the create case form (elastic#197041) Closes elastic#189246 ## Summary - A helper text was added in the create case form to tell the user that needs to create a connector in the stack management > cases > settings before attaching it to a case - A new "add connector" button was placed in the stack management > cases > settings page, in the connectors section https://github.com/user-attachments/assets/7866b41a-11b5-4ca3-bd65-988412ab1e2f --------- Co-authored-by: Antonio <[email protected]>
## Summary This PR renames Documents label to Results for ES|QL mode. <img width="1091" alt="Screenshot 2024-10-25 at 15 44 32" src="https://github.com/user-attachments/assets/8678bb86-7e4b-4341-9bb3-50becced655b"> <img width="1676" alt="Screenshot 2024-10-25 at 15 52 55" src="https://github.com/user-attachments/assets/c79d2ee0-62e1-4506-bcb5-29552287f140"> ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Since adding this test file was tied to changes in Kibana, we initially couldn’t enable it in the MKI. The MKI relies on a Kibana image built from the main branch, and at that time, the necessary changes for these tests to pass hadn’t yet been merged. Now that these updates are included in the main branch, the Kibana image used in MKI has the required changes, so we can proceed with enabling the tests. Manual MKI run - https://buildkite.com/elastic/kibana-serverless-security-solution-quality-gate-defend-workflows/builds/1545
…ts from Security Solution dev scripts (elastic#197424) ## Summary - addresses elastic#95842 --------- Co-authored-by: Ryland Herrick <[email protected]>
## Summary This PR introduces a script that allows developers to run CodeQL analysis locally. It uses a Docker container with prebuilt CodeQL queries to facilitate easy setup and execution. The script has the following key steps: - Creating a CodeQL database from the source code. The database is essentially a representation of the codebase that CodeQL uses to analyze for potential issues. - Running the analysis on the created database, `javascript-security-and-quality` suit is used. ### Usage ``` bash scripts/codeql/quick_check.sh -s path/to/your-source-dir ``` For example ``` bash scripts/codeql/quick_check.sh -s ./x-pack/plugins/security_solution/public/common/components/ml/conditional_links ``` The `-s` option allows you to specify the path to the source code directory that you wish to analyze. ### Why custom Docker file? Checked the ability to use MSFT image for local run https://github.com/microsoft/codeql-container. Turned out it has several problems: 1. The published one has an error with [execute permissions](microsoft/codeql-container#53). 2. Container has outdated nodejs version, so it didn't parse our syntax (like `??`) and failed. 3. The technique used in the repository to download the CodeQL binaries and precompile the queries is outdated in the sense that GitHub now offers pre-compiled queries you can just download. Follow this [comment](microsoft/codeql-container#53 (comment)). Taking this into consideration I have created a lightweight docker image without extraneous dependencies for go/.net/java. ## Context and interdependencies issues There are issues sometimes when analyze run returns no results, particularly when analyzing a single folder. It might be due to the missing context for the data flow graph CodeQL generates or context for interdependencies. This is actually a trade off of running it locally for a subset of source directories. We need to explicitly state that in the documentation and advise to expand the scope of source code directories involved for local scan. Documentation for triaging issues will be updated separately. __Closes: https://github.com/elastic/kibana/issues/195740__
Resolves elastic#183397 ## Summary This PR is a follow up of elastic#195927, that removes the old and migrated tests to the agnostic framework. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Dzmitry Lemechko <[email protected]>
…sing observables (elastic#196196) Resolves elastic#184952 ## Summary Changing task claimers to return promises instead of observables. This is a code refactor and should not have any effect on task claiming functionality. --------- Co-authored-by: Elastic Machine <[email protected]>
…rect info (elastic#197834) Fixes elastic#195441 ## Summary Selection agent count on agent list table gets incorrect when there are multiple hosted agents, especially if they are on inactive state. In fact to calculate the selected number of agents we were getting hosted agents, but without taking into account the filtering applied on the page, i.e. we were always getting all the hosted agent (inactive too). This caused the final calculation to be off. In this PR I'm fixing [the query](https://github.com/elastic/kibana/pull/197834/files#diff-9707a4b93a96749876e4cf173a0b39cd5a620e311e2652c5ed4b8670ca7e6becR309-R320) used to get those agents to take in account the filters and I'm also adding a small tooltip that breaks up the number of agents (selected, total, hosted) ### Testing - Make sure to have many agents, hosted and not in different states (inactive, unenrolled) - To make a hosted agent inactive follow the steps explained [here](elastic#195441) - Verify that the selection numbers are correct: select agents on all pages and hover on the new tooltip shown besides the "selected agents". This number should match the number shown on the actions dropdown ### Screenshots <img width="2376" alt="Screenshot 2024-10-25 at 17 00 44" src="https://github.com/user-attachments/assets/81d2836a-f997-4ccb-a23c-3d2cfbfa62d3"> <img width="2409" alt="Screenshot 2024-10-25 at 17 00 59" src="https://github.com/user-attachments/assets/ba21933a-f1e6-457e-8059-e87b3e29a7d1"> https://github.com/user-attachments/assets/c153c491-29a1-481c-a3e3-25bab6412963 ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]>
…lation (elastic#197829) ## Summary Findings from 3rd party date can have `result.evaluation: unknown`. This leads to incorrect posture/compliance score in our flows. This PR removes these findings from the score calculation and graphical representation. properly introducing `unknown` in the compliance score UX flows will be solved separately - fixes elastic/security-team#10913 ### Screenshots <img width="1473" alt="Screenshot 2024-10-25 at 14 19 03" src="https://github.com/user-attachments/assets/c69e45b0-7da1-4eb8-b83a-f895e7b7c3a4"> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
Closes elastic#191714 ## Summary Update process router to generate authz descriptions based on the new Route Security objects. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
…rk error (elastic#197818) Resolves elastic#197315 In this PR, I'm adding the following tags to the connector failure logs so it makes it easier to filter for systematic errors. - `connector-run-failed` for logs specific to connector run failures - `user-error` for errors caused by the user - `framework-error` for systematic errors ## To verify You can either use the jest test to observe the returned flags or set your logging to JSON and make connectors fail. kibana.yml to set logging to JSON ``` logging: appenders: json-layout: type: console layout: type: json root: appenders: [json-layout] ```
…stopped (elastic#198645) ## Summary Fix the dashboard page when the entity store state is stopped Previously, the EntityStoreDashboardPanels component didn't account for the installed but disabled state (stopped). I made the minimum changes necessary to fix the bug, but this component needs to be refactored, unit-tested, and written in a storybook with all possible states. Technical debt Issue: elastic/security-team#11035
…stic#198416) In this PR, I'm removing the count of stale tasks from the number of conflicts during the claiming cycle. I am also adding a new property to the task manager health report (`claim_stale_tasks`) so we can track those separately to ensure we have the proper page size. ## To verify Apply the following diff, observe the new `claim_stale_tasks` in the TM health API and that conflicts are 0 ``` diff --git a/x-pack/plugins/task_manager/server/task_claimers/strategy_mget.ts b/x-pack/plugins/task_manager/server/task_claimers/strategy_mget.ts index 4e74454e8c9..35d7fd872d8 100644 --- a/x-pack/plugins/task_manager/server/task_claimers/strategy_mget.ts +++ b/x-pack/plugins/task_manager/server/task_claimers/strategy_mget.ts @@ -145,6 +145,7 @@ async function claimAvailableTasks(opts: TaskClaimerOpts): Promise<ClaimOwnershi } if ( + false && searchVersion.seqNo === latestVersion.seqNo && searchVersion.primaryTerm === latestVersion.primaryTerm ) { ```
…ble !! (elastic#198599) ## Summary Fixes elastic#198593 Added error track trace to status/tls rule context variable !! <img width="1725" alt="image" src="https://github.com/user-attachments/assets/d04fb6f3-7505-4a01-8a6f-b1b27d50ecdd">
## Summary Fixes elastic#196425. It turns out the reason `yarn draw-graphs` produced the three-box graphs was because `.withConfig` creates an instance of RunnableInput which does not have a good way to draw itself other than as three boxes. The solution was to makes sure we are calling the original version without `.withConfig` when drawing the graphs. We still call the new version when invoking them, as demonstrated by the run names here. We are now able to generate the correct graphs for all chains. --------- Co-authored-by: Elastic Machine <[email protected]>
…ing-explore (elastic#198339) ### Authz API migration for unauthorized routes This PR migrates unauthorized routes owned by your team to a new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before migration:** ```ts router.post({ path: '/api/path', ... }, handler); ``` ### **After migration:** ```ts router.post({ path: '/api/path', access: 'internal', security: { authz: { requiredPrivileges: ['securitySolution'], }, }, ... }, handler); ``` ### What to do next? 1. Review the changes in this PR. 2. Elaborate on the reasoning to opt-out of authorization. 3. Routes without a compelling reason to opt-out of authorization should plan to introduce them as soon as possible. 2. You might need to update your tests to reflect the new security configuration: - If you have snapshot tests that include the route definition. ## Any questions? If you have any questions or need help with API authorization, please reach out to the `@elastic/kibana-security` team. --------- Co-authored-by: Angela Chuang <[email protected]> Co-authored-by: Angela Chuang <[email protected]>
## Summary Part of elastic#195418 This PR moves the `STATS` completion logic to its own home. There are also a few changes in behavior. I am open for feedback on any of these. - the cursor is automatically advanced after accepting a comma suggestion - variables from previous `EVAL` commands are no longer suggested (e.g. `...| EVAL foo = 1 | STATS /`). I'm not sure about this change, but it seemed potentially unintended to suggest variables but no other columns such as field names. - a new variable is suggested for new expressions in the `BY` clause. Formerly, new variables were only suggested in the `STATS` clause. - `+` and `-` are no longer suggested after a completed function call within an assignment in the `BY` clause (e.g. `... | STATS ... BY var1 = BUCKET(dateField, 1 day) /`. This behavior was encoded in our tests, but it feels unintended to me, especially since it only applied when the result of the function was assigned to a new variable in the `BY` clause. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Stratoula Kalafateli <[email protected]>
) ## Summary Fixes: elastic#198370 **Before** - The was an unexpected outline for each visualization.  **After** - Overriding the style to avoid unexpected styling changed. <img width="2555" alt="Screenshot 2024-10-30 at 17 28 38" src="https://github.com/user-attachments/assets/3116a798-c859-4543-a732-ebf1ff556c68"> https://github.com/user-attachments/assets/b19ec64e-1fa0-475a-9c14-9c0e237b8f95
…run cypress tests (elastic#198586) ## Summary This PR updates the list of dependencies that need to be watched to trigger the Cypress tests for the Threat Hunting Investigations team. The list is unfortunately not exhaustive. I went through all the imports in the following folders: - `/packages/kbn-expandable-flyout` - `/x-pack/plugins/security_solution/public/timelines` - `/x-pack/plugins/security_solution/public/flyout` - `/x-pack/plugins/security_solution/public/notes` I did not go through the `/x-pack/plugins/security_solution/public/common` as they were way too many files... Also I did not go through the dependencies of all of our listed dependencies as this would take days... It is an improvement on what we've had until now though, and should protect us from outside code being changed! elastic/security-team#10579
…ests timing out on ci (elastic#196591) addresses elastic#196216 Removing accessibility selectors to ensure 10x speed of tests with data-test-subj locators.
## Summary Recently we had issues investigating SAML auth failures against MKI. The issue was caused by missing `TEST_CLOUD` env var that led to `isCloud` property to be set to false. This PR adds `isCloud` validation by checking if `kbnHost` is pointing to Cloud instance and throwing error about misconfiguration **How to test:** Try to run FTR tests against MKI without defining `TEST_CLOUD` env var --------- Co-authored-by: Aleh Zasypkin <[email protected]>
## Summary closes elastic#198533 - filter `builtin*` - add simple e2e
…in Serverless and 9.0 (elastic#197422) **Partially addresses:** elastic#193184 **Breaking change proposal:** elastic/dev#2772 (internal) ## Summary This PR disables the following deprecated [bulk API endpoints for creating, updating and deleting detection rules](https://www.elastic.co/guide/en/security/current/bulk-actions-rules-api.html) from [Elastic Security APIs](https://www.elastic.co/guide/en/security/current/security-apis.html) in Serverless and upcoming `v9.0.0`: | Method | Endpoint | | ------ | ------------------------------------------------------- | | POST | /api/detection_engine/rules/\_bulk_create | | PUT | /api/detection_engine/rules/\_bulk_update | | PATCH | /api/detection_engine/rules/\_bulk_update | | DELETE | /api/detection_engine/rules/\_bulk_delete | | POST | /api/detection_engine/rules/\_bulk_delete | Specifically, as a first step we remove the endpoints from the route registrations. Once elastic/dev#2772 is approved, we will merge this PR and remove the corresponding endpoint handlers and associated code in a follow-up PR. ### Checklist - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] elastic/security-docs#5981 - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [x] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
…ic#198308) ### Overview This PR updates all app and page references to align with the new style guide guidelines. ### Related issue elastic/search-docs-team#205 ### Preview Machine learning AIOps Labs --------- Co-authored-by: florent-leborgne <[email protected]>
## Summary Fix elastic#198744 Test was subtracting 7 days, but there is 1 hour less now, so the test setup is incorrect. Fixing it by using moment to handle time switch edge case
Co-authored-by: Marta Bondyra <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Summarize your PR. If it involves visual changes include a screenshot or gif.
Checklist
Delete any items that are not applicable to this PR.