Sync main into feature/lookup-join-ux#224190
Merged
darnautov merged 50 commits intofeature/lookup-join-uxfrom Jun 17, 2025
Merged
Sync main into feature/lookup-join-ux#224190darnautov merged 50 commits intofeature/lookup-join-uxfrom
darnautov merged 50 commits intofeature/lookup-join-uxfrom
Conversation
This PR updates the console definitions to match the latest ones from the @elastic/elasticsearch-specification repo.
) Closes #220464 ## Summary As part of the EUI button style updates, I reviewed the RO files for any CSS class overrides affecting `euiButton` and `euiFilter` components. I found some custom CSS overrides and I was able to safely remove them. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary Closes #223007 ### This PR fixes a couple of bugs in the visibility of the Alert Top Nave menu item: **1. When the user is in Classic space with <ins> no rule type privileges </ins> the `Alert` top nav menu item should be hidden** - Only `Discover` _**All**_ Feature Privilege <img width="465" alt="Screenshot 2025-06-11 at 11 01 03" src="https://github.com/user-attachments/assets/063a01b1-16a5-4ee1-b981-a2d4b93c08ac" /></br></br> **2. When a user has <ins> only `SLO` </ins> privilege the menu should be shown with only SLO entry.** - `Discover` & Observability `SLO` _**All**_ Feature Privilege <img width="532" alt="Screenshot 2025-06-11 at 11 00 31" src="https://github.com/user-attachments/assets/91f48791-28b0-48ce-b7fa-f1c8139556dd" /></br></br> **3. When the user has <ins> no `SLO` </ins> privilege, the `SLO` entry should be hidden** - `Discover` & Observability `Logs` _**All**_ Feature Privilege <img width="518" alt="Screenshot 2025-06-11 at 11 01 34" src="https://github.com/user-attachments/assets/c6df8a7d-c35b-43f0-be81-84ca3ef0b2e4" /></br></br> 4. **When the user has access to <ins> only manage alerts </ins> without specific rule type, the `Manage alerts` entry should be shown.** - `Discover` & Security `Security` _**All**_ Feature Privilege in **_Classic_** navigation <img width="509" alt="Screenshot 2025-06-11 at 11 02 59" src="https://github.com/user-attachments/assets/b5c370a6-f346-4bad-a8bd-d19fa6c95c76" /> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Improves the IF statement to ensure that we are dealing with an object
with loopable keys and remove the try-catch. If not loopable, we might
want to remove the user context entirely (or replace it with a known
object { id: '[INVALID]' }) since it might lead to APM traces being
discarded due to invalid user context.
closes #219095
## Summary Closes #223175 Removes some internal padding that was added to the actions header - it causes the whole header style to break. | Before | After | |--------|------| |  |  |
## Summary Closes #217627 This PR: - changes tab name truncation to middle truncation - changes default tab naming from "Untitled Session" to "Untitled" <img width="1067" alt="Screenshot 2025-06-10 at 11 30 42" src="https://github.com/user-attachments/assets/d45c078b-0c90-4459-8b54-4e9faaa996a6" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
…om recurrence component (#223949) ## Summary - Forwards `startDate` correctly to the `CustomRecurringSchedule` component. The missing prop caused the monthly custom frequency sub-options to not show up. - Fixes the `CustomRecurringSchedule` component type to correctly reflect the required prop. - Removes the `custom-recurring-form` data test subject from the `<CustomRecurringSchedule>` JSX tag. The test subject wasn't forwarded to any DOM element, but the only test with an assertion using that test subject was passing because it was checking its absence (`not.toBeInTheDocument()`). ## Verification steps 1. Open the Maintenance Window creation page 2. Toggle "Repeat" on 3. In the recurrence form, check that all the custom frequencies work, showing the correct sub-options
…nd (#223566) ## Summary Adds `DNS` to Defend policy config: <img width="952" alt="image" src="https://github.com/user-attachments/assets/de5aabe2-544a-49ae-82c2-59f9ffbca8c4" /> There is no migration for existing policies. For new policies, it is enabled by default for - Complete EDR - Data Collection and disabled for other configs. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary elastic/security-team#12656 https://github.com/elastic/kibana/pull/220782/files# To test: 1. https://p.elstc.co/paste/w06HF7Yw#2tr6JjZXmUbjQ6TQdpgdenH4YOjiWdAoHCZ3OpRi5JG 2. locally: ``` export VAULT_ADDR=https://secrets.elastic.co:8200/ vault login --method=oidc node scripts/eis.js ``` Callouts will not appear again once dismissed. Please clear the local storage if you want them to show up again. <img width="2557" alt="Screenshot 2025-05-29 at 15 53 21" src="https://github.com/user-attachments/assets/506925cb-5bce-4a66-918e-cd9e000c7088" /> onboarding hub: <img width="2559" alt="Screenshot 2025-05-29 at 09 32 14" src="https://github.com/user-attachments/assets/4c8b99e5-156e-4062-95a9-fa45c101b858" /> Assistant: <img width="1282" alt="Screenshot 2025-06-11 at 15 16 09" src="https://github.com/user-attachments/assets/30d47a05-ded1-4c3e-9540-6ad97fda0a8b" /> Conversation: <img width="674" alt="452997822-5c0b3933-b253-474e-92a5-d8793ebff819" src="https://github.com/user-attachments/assets/97506996-9a85-45bb-a728-79df37bd592e" /> Integration: <img width="2559" alt="Screenshot 2025-05-28 at 21 28 11" src="https://github.com/user-attachments/assets/ec564dac-2aed-4ac5-ad2c-67728d6f3eda" /> Attack Discovery: <img width="2560" alt="Screenshot 2025-06-11 at 15 35 08" src="https://github.com/user-attachments/assets/9816fc43-0e6e-40b2-862b-82673330c4da" /> ``` feature_flags.overrides: securitySolution.attackDiscoveryAlertsEnabled: true securitySolution.assistantAttackDiscoverySchedulingEnabled: true ``` <img width="2560" alt="Screenshot 2025-06-11 at 15 30 53" src="https://github.com/user-attachments/assets/7089626f-a416-4260-92f0-1be3f06cf5d3" /> Connectors: <img width="2559" alt="Screenshot 2025-06-10 at 11 15 41" src="https://github.com/user-attachments/assets/74773473-ff1c-41c1-bdd5-fe6e64b9a497" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: florent-leborgne <florent.leborgne@elastic.co> Co-authored-by: Viduni Wickramarachchi <viduni.ushanka@gmail.com>
## Summary ### Test track This is an entity that offers an easy way to distribute test loads to run in parallel by assigning them to lanes. The main metric used to determine on which lane of a test track a test load should go is *estimated runtime*. Other than load routing functions, the track itself doesn't hold any logic that pertains to the distribution strategy. In the current implementation, you can: - add new lanes - add a load to a new lane - add a load to a lane based on it's current capacity The test track also offers an easy way to serialise the specification, which holds all relevant information that describes how the load is distributed across lanes, along with some useful stats about the lanes and the combined runtime. Notes: - A lane's capacity is represented by the difference between the current estimated runtime and the target runtime - If a lane's capacity has been reached or exceeded, the lane status becomes `closed` - If a lane's expected runtime exceeds the target runtime, the lane is considered **congested** ### Test config stats By querying Scout test event data collected from previous runs, we can gather knowledge about each individual test config duration which is crucial when deciding how we distribute the test loads to run in parallel. The following duration aggregations are recorded when test config stats are collected: `avg`, `median`, `95th percentile`, `99th percentile`, `max`. The `95th percentile` value is what's currently used as the estimated runtime. ### CLI: `scout update-test-config-stats` Used to fetch the latest test config stats from Scout test events stored in an Elasticsearch instance and store them locally under `.scout/test_config_stats.json`. This assumes that the test events used to calculate the stats have been collected from Buildkite. ### CLI: `scout create-test-track` Given a list of test config manifests, it distributes the enabled configs on a test track and outputs the track specification to a file. The estimated runtime for each config is determined from the test config stats stored under `.scout/test_config_stats.json`. The _target runtime_ of the track and _maximum lane count_ are configurable to provide some flexibility depending on the use case. If stats for a config are not available, the estimated runtime will default to the target runtime of the track, effectively placing the config on a separate lane, if the maximum lane count hasn't been already reached. #### Distribution strategy - sort all test loads in descending order based on estimated runtime - assign each load to the least loaded lane - open a new lane no open lanes are available or adding it to an existing lane would lead to congestion This strategy is fairly basic, but it's pretty effective. It prioritises maximum lane saturation and avoids lane congestion. #### Example usage Distribute stateful configs on a test track ```shell node scripts/scout.js create-test-track \ --configManifest $(echo .buildkite/*_stateful_configs.yml | sed 's/ / --configManifest /g') ``` --------- Co-authored-by: Cesare de Cal <cesare.decal@elastic.co>
This PR removes the painless implementation of log document normalization and switches to the Elasticsearch version which is meant as the source of truth. This shouldn't change behavior at all.
Fixes #221820 Fixes #220879 ## Summary This PR reverts #204296 and #218853 as these PRs caused issues in the UI due to limitations in the Query Watches API. Therefore, we are temporarily reverting back to fetching watches through the `.watches` system index until we have better support from the Query Watches API. **How to test:** 1. Start Es with `yarn es snapshot --license=trial` and Kibana with `yarn start` (no need to test in serverless as Watcher is not available there. 2. Navigate to Stack Management -> Watcher and create multiple watches (the more, the better). Make sure you create watches of different types (advanced/json or threshold), watches with or without names, etc. There are different watches and use cases described in the [documentation](https://www.elastic.co/docs/explore-analyze/alerts-cases/watcher). Also, adding sample data sets is helpful so that you can get watches to execute and have values under the "Condition last met" and "Last checked" columns. 3. After creating various watches, open the table with watches and make sure that all functionalities work correctly. For example: - All watches are displayed, check with >10 watches and different page sizes. - Sorting works for all columns. - Search bar works as expected and searching by partial id is supported. - Deleting watches updates the table correctly. https://github.com/user-attachments/assets/d0da9c24-7389-481d-8a16-a0d01bda0e80 ## Release notes: This update resolves multiple issues in Watcher UI that were introduced in 8.18.0, 8.18.1, 9.0.0, and 9.1.0, including the table not displaying more than 10 watches, an error banner appearing unexpectedly in certain scenarios, and the search bar functionality not working as expected.
…form/test/functional
## Summary Resolves elastic/streams-program#292 This PR shows the streams description below its name using an InlineEdit component. I had to pass the refreshDefinition function in the tabs/dashboard and use it whenever we update the list of dashboards since I had an issue with using the outdated definition in case we updated the dashboards list without fully refreshing the page. https://github.com/user-attachments/assets/2e742263-a9d1-447a-9222-4b2c33d79958 --------- Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
Closes #193953 upgrades sass-embedded version into a more recent one.
## Summary Parent issue: [[DataDiscovery] Replace SCSS with CSS-in-JS](#209807 (comment)) Followed [Emotion standards guide](https://docs.google.com/document/d/1CPflY8yCc3lZDg2BQkaMTgIkZlqiAEyMcAAvZbsjcTc/edit?pli=1&tab=t.0#heading=h.4zj1jq66y5an) Part 3 of SCSS -> Emotion migration. Files included: ### Part 3 - `src/platform/plugins/shared/field_formats/public/index.scss` - `src/platform/plugins/shared/field_formats/public/lib/content_types/_html_content_type.scss` - `src/platform/plugins/shared/field_formats/public/lib/content_types/_index.scss` - `src/platform/plugins/shared/field_formats/public/lib/converters/_index.scss` - `src/platform/plugins/shared/field_formats/public/lib/converters/_string.scss` - `src/platform/plugins/shared/unified_doc_viewer/public/components/doc_viewer_source/source.scss` - `src/platform/plugins/shared/unified_doc_viewer/public/components/doc_viewer_table/table.scss` - `src/platform/plugins/shared/unified_doc_viewer/public/components/json_code_editor/json_code_editor.scss`
## Summary Closes #221607 Improves naming of new tabs, so instead of determining number in tab name as `tab count + 1` we now check the highest existing number on default tab and add +1. **Possible improvements:** This logic is very similar to `onDuplicate` function, which lives in `src/platform/packages/shared/kbn-unified-tabs/src/components/tabbed_content/tabbed_content.tsx`. It may be worth to make it more DRY, I'm open for creating a new ticket for this and handling it, if we agree on refactor. Or to handle it within this PR. My rough idea was to add a parameter to `createTabItem` which tells us if we duplicate an item or not. If so, we should use a logic and regexes similar to `onDuplicate` function, otherwise logic and regexes from this PR. It adds `isDuplicate` parameter though in couple different places causing prop drilling, so I hesitated with taking this decision on my own. **EDIT** Created a new issue for extracting common parts [[OneDiscover][Tabs] Extract common parts in creating and duplicating tabs label](#223899 (comment)) ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ...
## Summary These tests rely on having system indices superuser permissions to run, causing them to break in MKI.
This PR guards changes to the streams state that go through `State.attemptChanges` via the newly introduced lock manager. If two requests are happening at the same time, one of them now fails with a 409. ## Concerns * Lock expiry is 30s for now - is this too little? Should be good enough for now, maybe we need to reconsider once we introduce the bulk api * This is only guarding changes that go through the `State` class - some things like queries and dashboards do not, so they can still be subject to race conditions. We could sprinkle more locks over the code base, but I would like to solve this by moving them into `State` as well, that seems like the cleaner approach, even though a bit more effort * Biggest question - on this PR the concurrent request fails directly with a 409. Is this OK or should it wait and retry a couple times? I'm in favor of starting like this and seeing if this is actually a problem. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kevin Lacabane <kevin.lacabane@elastic.co>
## Summary Removes the tech preview designation from the session invalidation API. Resolves #224070 ## Release Note The Session Invalidation API is now marked as Stable. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…tart contract (#223149) Closes #223170 Closes #223168 PR does the following: * Removes `injectReferences` from `loadDashboardState` * `type` and `id` are populated from matching panelRef server side with dashboard api transform. * Dynamic action `inject` is run during embeddable bootstrapping as part of `initializeEmbeddableDynamicActions`. * Removes `extractReferences` from dashboard `getSerializedState` * extracts panelRef in `layoutManager.serializeLayout` * Dynamic action `extract` is run during `embeddable.serializeState` * Updates embeddable implementations that use `initializeEmbeddableDynamicActions` to serialize dynamic action state with references in `serializeState` * Removes `PersistableStateService` from `EmbeddableStart` contract * Moves `embeddable.common` `PersistableStateService` code to `embeddable.server` The PR is all ready large, so the following TODOs will be addressed in follow on work * Move `embeddable_enhanced` plugin to package. * Clean-up dashboard/common folder, moving src/platform/plugins/shared/dashboard/common/dashboard_container/persistable_state/dashboard_container_references.ts and src/platform/plugins/shared/dashboard/common/dashboard_saved_object/persistable_state/dashboard_saved_object_references.ts functionality to server folder. The plan will be to break these files into `inject_references` and `extract_references`. ### Embeddable owner test instructions * open dashboard with panel type and drilldown. Verify drilldown works as expected * Create new dashboard with panel type and drilldown. Save dashboard. Open dashboard and verify drilldown works as expected. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Simplify `FunctionVisibility` to only two possible states: `internal` and `all` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
closes #221032 closes #221031 New trace waterfall location: `public/components/shared/trace_waterfall/index.tsx` Pending items (not done on this PR): - [ ] Add marks (non-blocking) - [ ] Add errors count per trace node (non-blocking) - [ ] Paginate trace fetching (non-blocking) - [ ] Add span links (non-blocking) - [x] Truncate item label with ellipsis - [x] Remove vertical scroll in narrow view (caused by wrapped duration text?) - [ ] Remove left side gap and indentation? (FocusedTraceWaterfall only) - [ ] Broken on mobile (UnifiedTraceWaterfall only) (non-blocking) This PR creates a new trace waterfall that must work with both APM and unprocessed OTel documents. It follows this simple interface to create the waterfall: ``` export interface TraceItem { id: string; timestamp: string; name: string; traceId: string; duration: number; hasError?: boolean; parentId?: string; serviceName: string; } ``` How to test it: ``` yarn storybook apm ``` Some examples have been created under `UnifiedTraceWaterfall` folder: <img width="288" alt="Screenshot 2025-06-05 at 13 56 32" src="https://github.com/user-attachments/assets/7c122364-74d8-4c4c-842f-b91c4b97fc57" /> --- <img width="1068" alt="Screenshot 2025-06-05 at 13 57 46" src="https://github.com/user-attachments/assets/5d482326-55b7-4328-a0ce-de1f4760673e" /> <img width="1052" alt="Screenshot 2025-06-05 at 13 58 01" src="https://github.com/user-attachments/assets/91e16223-8e4c-456f-a812-ca2fe338380e" /> <img width="1047" alt="Screenshot 2025-06-05 at 13 58 09" src="https://github.com/user-attachments/assets/c027f074-32b4-41ad-9140-acbc401b8140" /> Traces in Discover with Otel documents: <img width="691" alt="Screenshot 2025-06-05 at 15 07 23" src="https://github.com/user-attachments/assets/e20448b5-4a7e-43a4-bef1-bc6da2354c94" /> <img width="694" alt="Screenshot 2025-06-05 at 15 07 44" src="https://github.com/user-attachments/assets/f29572e4-98f6-41c2-bb5f-51948c29288f" /> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Milosz Marcinkowski <38698566+miloszmarcinkowski@users.noreply.github.com> Co-authored-by: Milosz Marcinkowski <milosz.marcinkowski@elastic.co> Co-authored-by: Katerina <kate@kpatticha.com>
…ing Rule Migration (#222542) Handles : - elastic/security-team#12236 - elastic/security-team#12012 - elastic/security-team#12235 ## Summary This PR adds the ability to change rule migration execution settings when `re-processing` a migration. Now users can change : - `connector` they want to use for this particular occasion. - whether `prebuilt rules` should be matched or not. This PR include below changes: ### Changes to `Re-process` workflow Previously, clicking on `Reprocess Rules` would automatically start the migration on the Translated Rules Page. This has been changed to add the ability for user to change the settings when starting the migrations can be seen below : > [!Note] > Sample Graph executions with `skipPrebuiltRulesMatching == true` can be found [here](https://smith.langchain.com/o/a9ce6102-b198-4b3d-9190-95bedc24ca4f/projects/p/66aedda3-8cfd-4eee-950d-7ba2f93a317e?timeModel=%7B%22duration%22%3A%227d%22%7D&searchModel=%7B%22filter%22%3A%22and%28eq%28is_root%2C+true%29%2C+and%28eq%28metadata_key%2C+%5C%22skipPrebuiltRulesMatching%5C%22%29%2C+eq%28metadata_value%2C+true%29%29%29%22%2C%22searchFilter%22%3A%22eq%28is_root%2C+true%29%22%7D&runtab=2) https://github.com/user-attachments/assets/73c22157-f688-410d-852d-aff7be612771 ### Changes to `/start` API As can be seen below `connector_id` and new option `skip_prebuilt_rules_matching` have been combined into a single `settings` object. #### Before ```ts POST /start { "connector_id": boolean, "retry": string, "langsmith_options": { "project_name": string, "api_key": string } } ``` #### After ```ts { "settings": { "connector_id": string, "skip_prebuilt_rules_matching": boolean }, "retry": string, "langsmith_options": { "project_name": string, "api_key": string } } ``` ### Changes to `rules/{migration_id}/stats` and `rules/stats` Endpoints Now both `stats` and `stats_all` endpoints include migration's last_execution details. ### Changes to Langsmith Graph A new [run-time config](https://v02.api.js.lang.chat/interfaces/_langchain_core.runnables.RunnableConfig.html#configurable) called `skip_prebuilt_rules_matching` has been added to the graph which does 2 things - conditionally skips the `matchPrebuiltRule` node as can be seen by graphs below - Assigns a default `prebuilt_rule_id` of `null` in the `translationResult` node.  ### Re-processing `STOPPED` migrations Previously we used to automatically reprocess `STOPPED` migrations with the default `connector_id` selected by the user in `Siem Migrations` Now, we first try to inherit the `last_execution` settings to re-start the migration as can be seen [here](https://github.com/elastic/kibana/pull/222542/files#diff-fa4ce089bfa7b6afec449c289c817f03eb074ae5ffcae828434255c800d9a9a2R287). If not present, for example, for old migrations before this PR was merged, then we use stored/default values. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ...
…pace awareness (#222700) ## Summary PR adds migration of Response Actions and Artifacts when the space awareness feature flag is enabled. Changes include: - New saved object type (`security:reference-data`) to keep internal data/information used by security solution. Currently being used to keep migration state for both the Artifacts and Response actions migrations - Two records will be populated in this new saved object related to the migration being introduced here: - ID: `SPACE-AWARENESS-ARTIFACT-MIGRATION` - keeps state information about migration of Artifacts (see below for example) - ID: `SPACE-AWARENESS-RESPONSE-ACTIONS-MIGRATION` - keeps state information about migration of response actions (see below for example) - NOTE: my goal was to also introduce a `client` for working with internal reference data, but due to timing constraints, that will be done at a later time - Adds migration for Endpoint artifacts (Trusted applications, Event filters, Blocklists, Host isolation exceptions and Endpoint exceptions) to add the `spaceOwnerId:default` to all artifact records - Adds migration for Response Action Requests (both Elastic Defend and external EDRs) to populate `originSpaceId` as well `agent.policy.*` fields. - NOTE: when populating the `agent.policy.*` data, it may be possible that the agent that the response action was sent to is no longer available (ex. unenrolled). In such cases, the migration will populate any field that it is not able to retrieve information for with the text `MIGRATION:NOT-FOUND` > [!IMPORTANT] > The migration currently assumes that the `9.1.0` endpoint package is already installed, which will not be the case with a real migration. To test this PR, you should start a 9.1 stack with the feature flags disabled... Install the `9.1.0` endpoint package, and then enable the feature flags. > We will be working on a solution handling this data condition in a subsequent PR
… legacy SIEM actions in bulk (#219432) ## Summary Legacy actions context: #112327 This PR modifies legacy SIEM action migration logic to migrate actions in bulk, significantly improving performance. Response time and # of requests to ES for SIEM rule management HTTP APIs are both significantly reduced. When tested on 800 rules, this saves about 1-1.5 seconds per bulk API call and eliminates hundreds of individual requests to Elasticsearch. Bulk disable for example goes from taking ~3.3 seconds to ~2.3 seconds, and the APM transaction for the API call no longer drops spans due to hitting the max span limit. ## Testing I added a helper function in the quickstart tooling, `createRuleWithLegacyAction`, to make it easier to get started with manual testing. The function creates a connector, a rule, and then a legacy action referencing the connector and the rule. The legacy action (a `siem.notification` type rule) and rule can be viewed in the alerting SO index via dev tools: ``` GET .kibana_alerting_cases/_search { "query": { "bool": { "filter": { "term": { "type": "alert" } } } } } ``` Viewing the rule details via the Security Solution UI should display only one rule with the action as part of the rule. After making any kind of change to the rule (enable, disable, update, etc), the dev tools command above should show only a single rule with the action inside the rule instead of as a separate `siem.notification` type rule. --------- Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR upgrades Puppeteer version to v24.10.1. Tested locally, works as expected: <img width="968" alt="Screenshot 2025-06-14 at 02 28 49" src="https://github.com/user-attachments/assets/52ede4a6-d342-45f6-9fdf-5a01ce77fb47" /> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Alexi Doak <109488926+doakalexi@users.noreply.github.com> Co-authored-by: Alexandra Doak <alexandra.doak@elastic.co>
…kboxes in anomaly detection job selection flyout (#224025) ## Summary This PR resolves [[ML] Anomaly Detection: Job selector flyout checkboxes in the first column missing title from announcement](#216802). #### This is a follow up from #221865 pr. (Closed because of merge issues.) https://github.com/user-attachments/assets/a6796576-cc46-4769-ab3d-c8f5dc37409e Fixes #216802
darnautov
requested review from
ashokaditya,
machadoum,
rylnd,
tomsonpl and
xcrzx
and removed request for
a team
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Count of Enzyme imports
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
async chunk count
ESLint disabled in files
ESLint disabled line counts
miscellaneous assets size
References to deprecated APIs
Total ESLint disabled count
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sync latest changes from main