[Security Solution] Rework Update flyout to display all field updates and build Three-Way-Diff field component #171520
Assignees
Labels
8.16 candidate
enhancement
New value added to drive a business result
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.16.0
Comments
jpdjere
added
triage_needed
needs design
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
This is a great writeup @jpdjere, very comprehensive and accurate 👍 Thank you! I made a few small adjustments in the text (description is already updated): -Selecting any of the first two fields will populate the **merge proposal** column
+Selecting any of the first two options will populate the **merge proposal** column
with either the Current or Target version, respectively.+When the user finished editing the field (prefilled, or edited manually, or just want to
+keep the proposed merged value), they should explicitly accept the change for this field.
-Once the user selects a version, and accepts it via an **"Accept" button**
+Once the user clicks an **"Accept" button**
located somewhere in the component (preferably near the third column?),
a **checkbox** gets automatically ticked located on the top right, to confirm
-that the change for the field was successfully selected.
+that the change for the field was approved by the user and validated by the app.@jpdjere @ARWNightingale @approksiu I have a few other thoughts:
|
jpdjere
changed the title
jpdjere
changed the title
This was referenced Jun 12, 2024
banderror
added
enhancement
This was referenced Jul 5, 2024
|
Opened the "Add |
nikitaindik
added a commit
that referenced
this issue
Jul 20, 2024
**Partially addresses: #171520 ## Summary This PR adds the `VersionPicker` component ThreeWayDiff UI. This component is a part of the `ComparisonSide` component ([see it on the Miro diagram](https://miro.com/app/board/uXjVK0gqjjQ=/?moveToWidget=3458764594147853908&cot=14)). `ComparisonSide` will display the read-only diff between two selected field versions. These component is not yet connected to the Upgrade flyout. You can view and test it in Storybook by running `yarn storybook security_solution` in the root Kibana dir. Go to `http://localhost:9001` once the Storybook is up and running. <img width="939" alt="Schermafbeelding 2024-07-19 om 11 21 55" src="https://github.com/user-attachments/assets/f0c5de6c-a1dc-4efc-9466-53033b45a300">
nikitaindik
added a commit
that referenced
this issue
Aug 8, 2024
**Partially addresses: #171520 ## Summary This PR adds the `ComparisonSide` component for the ThreeWayDiff UI ([see it on the Miro diagram](https://miro.com/app/board/uXjVK0gqjjQ=/?moveToWidget=3458764594147853908&cot=14)). `ComparisonSide` lets the user compare field values from the two selected rule versions. It will be displayed on the left side of the upgrade flyout. You can view and test it in Storybook by running `yarn storybook security_solution` in the root Kibana dir. Go to `http://localhost:9001` once the Storybook is up and running. https://github.com/user-attachments/assets/e71ae626-d0f7-43ae-8324-f3d4ea540b02 Also updated `react-diff-view` to the latest version (`3.2.0` -> `3.2.1`)
|
Just merged the "Add |
nikitaindik
added a commit
that referenced
this issue
Sep 9, 2024
…191499) **Partially addresses: #171520 **Follow-up PR: #192342 This is the 1st of the 2 PRs for `FieldReadOnly`. The second PR will add more field components. I split the work into two PRs to keep the number of changed files reasonable. ## Summary This PR adds the `FieldReadOnly` component along with some field components. Field components display a read-only view of a particular `DiffableRule` field, similar to how fields are shown on the Rule Details page. `FieldReadOnly` and field components will be displayed in the right side of the new Diff tab of the Upgrade flyout (see it on the [Miro board](https://miro.com/app/board/uXjVK0gqjjQ=/?moveToWidget=3458764594148126123&cot=14)). They will let the user see how an upgraded version of a rule will look like in a user-friendly way. ### Running `FinalReadOnly` and its field components are not yet integrated into the flyout, but you can view components in Storybook. 1. Run Storybook: `yarn storybook security_solution` 2. Go to `http://localhost:9001` in browser. <img width="1062" alt="Schermafbeelding 2024-09-03 om 13 05 11" src="https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15"> ## Changes - `FieldReadOnly` component itself was added. It shows a field component based on a `fieldName` prop. - Field components (like `DataSourceReadOnly`) were added. These components mostly import and reuse components from the Rule Details page. - Each field component has a Storybook story. I had to mock dependencies for some field components to make them work in Storybook. - Rule Details page and Overview tab of the flyout now display query language for Custom Query, Saved Query and Indicator Match rules. Language can be either KQL or Lucene. Since language will be displayed in the new Diff tab, it makes sense to show it in other places as well to keep it consistent.
maximpn
added a commit
that referenced
this issue
Sep 10, 2024
…ct resolution functionality (#191721) **Addresses:** #171520 ## Summary This PR implements necessary `UpgradePrebuiltRulesTableContext` changes to provide uses a way to resolve conflicts manually by providing field's resolved value. ## Details During prebuilt rules upgrading users may encounter solvable and non-solvable conflicts between customized and target rule versions. Three-Way-Diff field component allow to specify a desired resolve value user expects to be in the rule after upgrading. It's also possible to customize rules during the upgrading process. Current functionality is informational only without an ability to customize prebuilt rules. As the core part of that process it's required to manage the upgrading state and provide necessary data for downstream components rendering field diffs and accepting user input. **This PR extends** `UpgradePrebuiltRulesTableContext` with rule upgrade state and provides it to `ThreeWayDiffTab` stub component. It's planned to add implementation to `ThreeWayDiffTab` in follow up PRs. **On top of that** `UpgradePrebuiltRulesTableContext` and `AddPrebuiltRulesTableContext` were symmetrically refactored from architecture point of view to improve encapsulation by separation of concerns which leads to slight complexity reduction. ### Feature flag `prebuiltRulesCustomizationEnabled` `ThreeWayDiffTab` is hidden under a feature flag `prebuiltRulesCustomizationEnabled`. It accepts a `finalDiffableRule` which represents rule fields the user expects to see in the upgraded rule. `finalDiffableRule` is a combination of field resolved values and target rule fields where resolved values have precedence.
crespocarlos
pushed a commit
to crespocarlos/kibana
that referenced
this issue
Sep 11, 2024
…lastic#191499) **Partially addresses: elastic#171520 **Follow-up PR: elastic#192342 This is the 1st of the 2 PRs for `FieldReadOnly`. The second PR will add more field components. I split the work into two PRs to keep the number of changed files reasonable. ## Summary This PR adds the `FieldReadOnly` component along with some field components. Field components display a read-only view of a particular `DiffableRule` field, similar to how fields are shown on the Rule Details page. `FieldReadOnly` and field components will be displayed in the right side of the new Diff tab of the Upgrade flyout (see it on the [Miro board](https://miro.com/app/board/uXjVK0gqjjQ=/?moveToWidget=3458764594148126123&cot=14)). They will let the user see how an upgraded version of a rule will look like in a user-friendly way. ### Running `FinalReadOnly` and its field components are not yet integrated into the flyout, but you can view components in Storybook. 1. Run Storybook: `yarn storybook security_solution` 2. Go to `http://localhost:9001` in browser. <img width="1062" alt="Schermafbeelding 2024-09-03 om 13 05 11" src="https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15"> ## Changes - `FieldReadOnly` component itself was added. It shows a field component based on a `fieldName` prop. - Field components (like `DataSourceReadOnly`) were added. These components mostly import and reuse components from the Rule Details page. - Each field component has a Storybook story. I had to mock dependencies for some field components to make them work in Storybook. - Rule Details page and Overview tab of the flyout now display query language for Custom Query, Saved Query and Indicator Match rules. Language can be either KQL or Lucene. Since language will be displayed in the new Diff tab, it makes sense to show it in other places as well to keep it consistent.
gergoabraham
pushed a commit
to gergoabraham/kibana
that referenced
this issue
Sep 13, 2024
…ct resolution functionality (elastic#191721) **Addresses:** elastic#171520 ## Summary This PR implements necessary `UpgradePrebuiltRulesTableContext` changes to provide uses a way to resolve conflicts manually by providing field's resolved value. ## Details During prebuilt rules upgrading users may encounter solvable and non-solvable conflicts between customized and target rule versions. Three-Way-Diff field component allow to specify a desired resolve value user expects to be in the rule after upgrading. It's also possible to customize rules during the upgrading process. Current functionality is informational only without an ability to customize prebuilt rules. As the core part of that process it's required to manage the upgrading state and provide necessary data for downstream components rendering field diffs and accepting user input. **This PR extends** `UpgradePrebuiltRulesTableContext` with rule upgrade state and provides it to `ThreeWayDiffTab` stub component. It's planned to add implementation to `ThreeWayDiffTab` in follow up PRs. **On top of that** `UpgradePrebuiltRulesTableContext` and `AddPrebuiltRulesTableContext` were symmetrically refactored from architecture point of view to improve encapsulation by separation of concerns which leads to slight complexity reduction. ### Feature flag `prebuiltRulesCustomizationEnabled` `ThreeWayDiffTab` is hidden under a feature flag `prebuiltRulesCustomizationEnabled`. It accepts a `finalDiffableRule` which represents rule fields the user expects to see in the upgraded rule. `finalDiffableRule` is a combination of field resolved values and target rule fields where resolved values have precedence.
nikitaindik
added a commit
that referenced
this issue
Sep 18, 2024
…TS type in `FieldReadOnly` component (#192342) **Partially addresses: #171520 **Is a follow-up PR to: #191499 This is the 2nd of the 3 PRs for `FieldReadOnly`. - The 1st [PR](#191499) added the `FieldReadOnly` and a bunch of field components. - This (2nd) PR moves away from using `DiffableAllFields` type in favour of `DiffableRule` and splits the large `FieldReadOnly` component into smaller ones for readability. - Next (3rd) PR will add the remaining field components. ## Summary This PR changes the TS type (`DiffableAllFields` -> `DiffableRule`) used by the `FieldReadOnly` component. This component displays a read-only view of a particular rule field, similar to how fields are shown on the Rule Details page. Using `DiffableRule` type makes the component compatible with the flyout context and is safer to use than `DiffableAllFields`. ### Changes - TS type used in the `FieldReadOnly` component and Storybook stories changed to `DiffableRule`. - `FieldReadOnly` field rendering was split into multiple files by rule type to make it more readable. - Added rule-mocking functions to Storybook to allow creation of `DiffableRule` mocks. - Added field components for `name`, `description` and `tags` fields. - Rewrote type narrowing for `Filters` component to a type guard (`isFilters`). - Fixed a couple of outdated code comments. ### Running `FinalReadOnly` and its field components are not yet integrated into the flyout, but you can view components in Storybook. 1. Run Storybook: `yarn storybook security_solution` 2. Go to `http://localhost:9001` in browser. <img width="1062" alt="Schermafbeelding 2024-09-03 om 13 05 11" src="https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15">
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Sep 18, 2024
…TS type in `FieldReadOnly` component (elastic#192342) **Partially addresses: elastic#171520 **Is a follow-up PR to: elastic#191499 This is the 2nd of the 3 PRs for `FieldReadOnly`. - The 1st [PR](elastic#191499) added the `FieldReadOnly` and a bunch of field components. - This (2nd) PR moves away from using `DiffableAllFields` type in favour of `DiffableRule` and splits the large `FieldReadOnly` component into smaller ones for readability. - Next (3rd) PR will add the remaining field components. ## Summary This PR changes the TS type (`DiffableAllFields` -> `DiffableRule`) used by the `FieldReadOnly` component. This component displays a read-only view of a particular rule field, similar to how fields are shown on the Rule Details page. Using `DiffableRule` type makes the component compatible with the flyout context and is safer to use than `DiffableAllFields`. ### Changes - TS type used in the `FieldReadOnly` component and Storybook stories changed to `DiffableRule`. - `FieldReadOnly` field rendering was split into multiple files by rule type to make it more readable. - Added rule-mocking functions to Storybook to allow creation of `DiffableRule` mocks. - Added field components for `name`, `description` and `tags` fields. - Rewrote type narrowing for `Filters` component to a type guard (`isFilters`). - Fixed a couple of outdated code comments. ### Running `FinalReadOnly` and its field components are not yet integrated into the flyout, but you can view components in Storybook. 1. Run Storybook: `yarn storybook security_solution` 2. Go to `http://localhost:9001` in browser. <img width="1062" alt="Schermafbeelding 2024-09-03 om 13 05 11" src="https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15"> (cherry picked from commit 70b7d26)
markov00
pushed a commit
to markov00/kibana
that referenced
this issue
Sep 18, 2024
…ct resolution functionality (elastic#191721) **Addresses:** elastic#171520 ## Summary This PR implements necessary `UpgradePrebuiltRulesTableContext` changes to provide uses a way to resolve conflicts manually by providing field's resolved value. ## Details During prebuilt rules upgrading users may encounter solvable and non-solvable conflicts between customized and target rule versions. Three-Way-Diff field component allow to specify a desired resolve value user expects to be in the rule after upgrading. It's also possible to customize rules during the upgrading process. Current functionality is informational only without an ability to customize prebuilt rules. As the core part of that process it's required to manage the upgrading state and provide necessary data for downstream components rendering field diffs and accepting user input. **This PR extends** `UpgradePrebuiltRulesTableContext` with rule upgrade state and provides it to `ThreeWayDiffTab` stub component. It's planned to add implementation to `ThreeWayDiffTab` in follow up PRs. **On top of that** `UpgradePrebuiltRulesTableContext` and `AddPrebuiltRulesTableContext` were symmetrically refactored from architecture point of view to improve encapsulation by separation of concerns which leads to slight complexity reduction. ### Feature flag `prebuiltRulesCustomizationEnabled` `ThreeWayDiffTab` is hidden under a feature flag `prebuiltRulesCustomizationEnabled`. It accepts a `finalDiffableRule` which represents rule fields the user expects to see in the upgraded rule. `finalDiffableRule` is a combination of field resolved values and target rule fields where resolved values have precedence.
markov00
pushed a commit
to markov00/kibana
that referenced
this issue
Sep 18, 2024
…TS type in `FieldReadOnly` component (elastic#192342) **Partially addresses: elastic#171520 **Is a follow-up PR to: elastic#191499 This is the 2nd of the 3 PRs for `FieldReadOnly`. - The 1st [PR](elastic#191499) added the `FieldReadOnly` and a bunch of field components. - This (2nd) PR moves away from using `DiffableAllFields` type in favour of `DiffableRule` and splits the large `FieldReadOnly` component into smaller ones for readability. - Next (3rd) PR will add the remaining field components. ## Summary This PR changes the TS type (`DiffableAllFields` -> `DiffableRule`) used by the `FieldReadOnly` component. This component displays a read-only view of a particular rule field, similar to how fields are shown on the Rule Details page. Using `DiffableRule` type makes the component compatible with the flyout context and is safer to use than `DiffableAllFields`. ### Changes - TS type used in the `FieldReadOnly` component and Storybook stories changed to `DiffableRule`. - `FieldReadOnly` field rendering was split into multiple files by rule type to make it more readable. - Added rule-mocking functions to Storybook to allow creation of `DiffableRule` mocks. - Added field components for `name`, `description` and `tags` fields. - Rewrote type narrowing for `Filters` component to a type guard (`isFilters`). - Fixed a couple of outdated code comments. ### Running `FinalReadOnly` and its field components are not yet integrated into the flyout, but you can view components in Storybook. 1. Run Storybook: `yarn storybook security_solution` 2. Go to `http://localhost:9001` in browser. <img width="1062" alt="Schermafbeelding 2024-09-03 om 13 05 11" src="https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15">
kibanamachine
added a commit
that referenced
this issue
Sep 18, 2024
…fableRule` TS type in `FieldReadOnly` component (#192342) (#193333) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] ThreeWayDiff UI: Migrate to using `DiffableRule` TS type in `FieldReadOnly` component (#192342)](#192342) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-18T16:21:00Z","message":"[Security Solution] ThreeWayDiff UI: Migrate to using `DiffableRule` TS type in `FieldReadOnly` component (#192342)\n\n**Partially addresses: #171520 a follow-up PR to: #191499 is the 2nd of the 3 PRs for `FieldReadOnly`.\r\n- The 1st [PR](#191499) added the\r\n`FieldReadOnly` and a bunch of field components.\r\n- This (2nd) PR moves away from using `DiffableAllFields` type in favour\r\nof `DiffableRule` and splits the large `FieldReadOnly` component into\r\nsmaller ones for readability.\r\n - Next (3rd) PR will add the remaining field components.\r\n\r\n## Summary\r\nThis PR changes the TS type (`DiffableAllFields` -> `DiffableRule`) used\r\nby the `FieldReadOnly` component. This component displays a read-only\r\nview of a particular rule field, similar to how fields are shown on the\r\nRule Details page. Using `DiffableRule` type makes the component\r\ncompatible with the flyout context and is safer to use than\r\n`DiffableAllFields`.\r\n\r\n### Changes\r\n- TS type used in the `FieldReadOnly` component and Storybook stories\r\nchanged to `DiffableRule`.\r\n- `FieldReadOnly` field rendering was split into multiple files by rule\r\ntype to make it more readable.\r\n- Added rule-mocking functions to Storybook to allow creation of\r\n`DiffableRule` mocks.\r\n - Added field components for `name`, `description` and `tags` fields.\r\n- Rewrote type narrowing for `Filters` component to a type guard\r\n(`isFilters`).\r\n - Fixed a couple of outdated code comments.\r\n\r\n\r\n### Running\r\n`FinalReadOnly` and its field components are not yet integrated into the\r\nflyout, but you can view components in Storybook.\r\n1. Run Storybook: `yarn storybook security_solution`\r\n2. Go to `http://localhost:9001` in browser.\r\n\r\n<img width=\"1062\" alt=\"Schermafbeelding 2024-09-03 om 13 05 11\"\r\nsrc=\"https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15\">","sha":"70b7d263352a73569f2809bb0b4d1e2624b43b28","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:prev-minor"],"title":"[Security Solution] ThreeWayDiff UI: Migrate to using `DiffableRule` TS type in `FieldReadOnly` component","number":192342,"url":"#192342 Solution] ThreeWayDiff UI: Migrate to using `DiffableRule` TS type in `FieldReadOnly` component (#192342)\n\n**Partially addresses: #171520 a follow-up PR to: #191499 is the 2nd of the 3 PRs for `FieldReadOnly`.\r\n- The 1st [PR](#191499) added the\r\n`FieldReadOnly` and a bunch of field components.\r\n- This (2nd) PR moves away from using `DiffableAllFields` type in favour\r\nof `DiffableRule` and splits the large `FieldReadOnly` component into\r\nsmaller ones for readability.\r\n - Next (3rd) PR will add the remaining field components.\r\n\r\n## Summary\r\nThis PR changes the TS type (`DiffableAllFields` -> `DiffableRule`) used\r\nby the `FieldReadOnly` component. This component displays a read-only\r\nview of a particular rule field, similar to how fields are shown on the\r\nRule Details page. Using `DiffableRule` type makes the component\r\ncompatible with the flyout context and is safer to use than\r\n`DiffableAllFields`.\r\n\r\n### Changes\r\n- TS type used in the `FieldReadOnly` component and Storybook stories\r\nchanged to `DiffableRule`.\r\n- `FieldReadOnly` field rendering was split into multiple files by rule\r\ntype to make it more readable.\r\n- Added rule-mocking functions to Storybook to allow creation of\r\n`DiffableRule` mocks.\r\n - Added field components for `name`, `description` and `tags` fields.\r\n- Rewrote type narrowing for `Filters` component to a type guard\r\n(`isFilters`).\r\n - Fixed a couple of outdated code comments.\r\n\r\n\r\n### Running\r\n`FinalReadOnly` and its field components are not yet integrated into the\r\nflyout, but you can view components in Storybook.\r\n1. Run Storybook: `yarn storybook security_solution`\r\n2. Go to `http://localhost:9001` in browser.\r\n\r\n<img width=\"1062\" alt=\"Schermafbeelding 2024-09-03 om 13 05 11\"\r\nsrc=\"https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15\">","sha":"70b7d263352a73569f2809bb0b4d1e2624b43b28"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192342","number":192342,"mergeCommit":{"message":"[Security Solution] ThreeWayDiff UI: Migrate to using `DiffableRule` TS type in `FieldReadOnly` component (#192342)\n\n**Partially addresses: #171520 a follow-up PR to: #191499 is the 2nd of the 3 PRs for `FieldReadOnly`.\r\n- The 1st [PR](#191499) added the\r\n`FieldReadOnly` and a bunch of field components.\r\n- This (2nd) PR moves away from using `DiffableAllFields` type in favour\r\nof `DiffableRule` and splits the large `FieldReadOnly` component into\r\nsmaller ones for readability.\r\n - Next (3rd) PR will add the remaining field components.\r\n\r\n## Summary\r\nThis PR changes the TS type (`DiffableAllFields` -> `DiffableRule`) used\r\nby the `FieldReadOnly` component. This component displays a read-only\r\nview of a particular rule field, similar to how fields are shown on the\r\nRule Details page. Using `DiffableRule` type makes the component\r\ncompatible with the flyout context and is safer to use than\r\n`DiffableAllFields`.\r\n\r\n### Changes\r\n- TS type used in the `FieldReadOnly` component and Storybook stories\r\nchanged to `DiffableRule`.\r\n- `FieldReadOnly` field rendering was split into multiple files by rule\r\ntype to make it more readable.\r\n- Added rule-mocking functions to Storybook to allow creation of\r\n`DiffableRule` mocks.\r\n - Added field components for `name`, `description` and `tags` fields.\r\n- Rewrote type narrowing for `Filters` component to a type guard\r\n(`isFilters`).\r\n - Fixed a couple of outdated code comments.\r\n\r\n\r\n### Running\r\n`FinalReadOnly` and its field components are not yet integrated into the\r\nflyout, but you can view components in Storybook.\r\n1. Run Storybook: `yarn storybook security_solution`\r\n2. Go to `http://localhost:9001` in browser.\r\n\r\n<img width=\"1062\" alt=\"Schermafbeelding 2024-09-03 om 13 05 11\"\r\nsrc=\"https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15\">","sha":"70b7d263352a73569f2809bb0b4d1e2624b43b28"}}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]>
hop-dev
added a commit
to hop-dev/kibana
that referenced
this issue
Sep 20, 2024
commit 6d568b0 Merge: 1b0aa69 eabb102 Author: Elastic Machine <[email protected]> Date: Thu Sep 19 12:01:52 2024 +0200 Merge branch 'main' into siem-ea-9180-api commit eabb102 Author: Julia <[email protected]> Date: Thu Sep 19 10:28:48 2024 +0200 [ResponseOps][MW] Add telemetry for the maintenance window (elastic#192483) Resolve: elastic#184088 In this PR add telemetry collection of these metrics: - total number of MW in deployments - number of active MW with "repeat" toggle on (time based) - number of active MW with "filter alerts" toggle on (KQL based) ## Testing Create several MW with different settings (toggles on and off) To test changes reflected in telemetry object, modify this file: `x-pack/plugins/alerting/server/usage/task.ts` With: ``` async function scheduleTasks(logger: Logger, taskManager: TaskManagerStartContract) { try { await taskManager.ensureScheduled({ id: TASK_ID, taskType: TELEMETRY_TASK_TYPE, state: emptyState, params: {}, schedule: SCHEDULE, }); } catch (e) { logger.error(`Error scheduling ${TASK_ID}, received ${e.message}`); } await taskManager.runSoon(TASK_ID); } ``` This will cause the telemetry to be sent as soon as the server is restarted. **Run Telemetry usage payload API in your browser console to verify telemetry object:** https://docs.elastic.dev/telemetry/collection/snapshot-telemetry#telemetry-usage-payload-api P.S.: Add space at the beginning of URL ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine <[email protected]> commit 210f552 Author: Yulia Čech <[email protected]> Date: Thu Sep 19 10:25:33 2024 +0200 [Ingest Pipelines] Fixes processors description (elastic#193183) ## Summary Fixes elastic#191530 This PR adds a stringify helper that is safe to use with objects, arrays, text and numbers. `set` and `append` processors are using this new helper to display `value` in the processor description. Other type of processors don't seem to need it. This PR fixes the pipeline page so that other processors in the pipeline still can be edited via UI. This PR however doesn't fix the processors forms: both processors currently can't handle json objects when editing. This should be fix in a [separate issue](elastic#193186). ### Screenshots <img width="586" alt="Screenshot 2024-09-17 at 16 54 18" src="https://github.com/user-attachments/assets/e1eb64a3-975c-4db7-98a5-b872ec1b016d"> <img width="586" alt="Screenshot 2024-09-17 at 16 54 34" src="https://github.com/user-attachments/assets/ac57406f-ff22-461e-b788-6bdb2d18d7e9"> ### How to test Use this commands in Console to create processors with a json in `value`. ``` PUT _ingest/pipeline/test2 { "processors": [ { "set" : { "field" : "payload", "value" : "test", "if" : "ctx.payload == \"-\"" } } ] } PUT _ingest/pipeline/test1 { "processors": [ { "append": { "field": "test", "value": { "redacted": true } } } ] } ``` ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) commit c676d2b Author: natasha-moore-elastic <[email protected]> Date: Thu Sep 19 09:13:14 2024 +0100 Improves Exceptions API docs content (elastic#193040) ## Summary Resolves elastic/security-docs-internal#33 by improving the Exceptions API docs content. Adds missing and improves existing operation summaries and operation descriptions to adhere to our [OAS standards](https://elasticco.atlassian.net/wiki/spaces/DOC/pages/450494532/API+reference+docs). --------- Co-authored-by: kibanamachine <[email protected]> commit 9765f73 Author: natasha-moore-elastic <[email protected]> Date: Thu Sep 19 09:03:59 2024 +0100 Improves Timeline API docs content (elastic#192744) ## Summary Resolves elastic/security-docs-internal#35 by improving the Timeline API docs content. Adds missing and improves existing operation summaries and operation descriptions to adhere to our [OAS standards](https://elasticco.atlassian.net/wiki/spaces/DOC/pages/450494532/API+reference+docs). --------- Co-authored-by: Jatin Kathuria <[email protected]> Co-authored-by: kibanamachine <[email protected]> commit f47987f Author: Alex Szabo <[email protected]> Date: Thu Sep 19 09:53:15 2024 +0200 [ci] skip FTRs that fail on chrome 129 (elastic#193293) ## Summary `google-chrome-stable` is now on version 129. Another set of tests started to fail when running against a VM with unpinned chrome version: https://buildkite.com/elastic/kibana-pull-request/builds/235162 This PR skips another 3 tests and adjusts all messages to point to the central issue. Relates to: elastic/kibana-operations#199 commit 854cb15 Author: Walter Rafelsberger <[email protected]> Date: Thu Sep 19 08:10:38 2024 +0200 [ML] Anomaly Detection: Adds popover links menu to anomaly explorer charts. (elastic#186587) ## Summary Adds support for clicking on Anomaly Explorer charts to trigger the actions popover menu. - [x] ExplorerChartSingleMetric - [x] ExplorerChartDistribution - [x] Support for embedded charts Anomaly Explorer [ml-anomaly-charts-actions-0001.webm](https://github.com/elastic/kibana/assets/230104/9502b234-7df8-4290-9914-163936487af8) Embedding [ml-anomaly-charts-actions-embedding-0001.webm](https://github.com/elastic/kibana/assets/230104/ee519b47-e924-4947-b127-4f3ecf62616e) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) commit 32d751f Author: Kibana Machine <[email protected]> Date: Thu Sep 19 15:07:39 2024 +1000 [api-docs] 2024-09-19 Daily api_docs build (elastic#193382) Generated by https://buildkite.com/elastic/kibana-api-docs-daily/builds/835 commit 2efd0f0 Author: Vadim Kibana <[email protected]> Date: Thu Sep 19 05:53:05 2024 +0200 [ES|QL] Implement `OrderExpression` for `SORT` command arguments (elastic#189959) ## Summary Closes elastic#189491 - Adds *order expression* AST nodes, which are minted from `SORT` command. - Improves SORT command autocomplete suggestions. Shows fields on first space: <img width="791" alt="image" src="https://github.com/user-attachments/assets/3fec96b4-4e61-4212-a856-ace7a33d9755"> It now shows `NULLS FIRST` and `NULLS LAST`, even before `ASC` or `DESC` was entered, as `ASC` and `DESC` are optional: <img width="871" alt="image" src="https://github.com/user-attachments/assets/4b6d6c28-a7b0-4ac0-bafc-133df1207d54"> Once `ASC` or `DESC` is entered, shows only nulls options: <img width="911" alt="image" src="https://github.com/user-attachments/assets/5b27bd3d-ccdc-4bd0-b09f-fe65e5975e28"> It also now suggests partial modifier, if the in-progress text that user is typing matches it: <img width="504" alt="image" src="https://github.com/user-attachments/assets/9a047c40-b49b-4694-8477-7270cb9c0886"> (However, we are not triggering autocomplete in those cases in UI, so no way to see it in UI right now.) ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: kibanamachine <[email protected]> commit 6f4be61 Author: Dominique Clarke <[email protected]> Date: Wed Sep 18 21:32:45 2024 -0400 [Synthetics] waterfall chart - handle cached resources (elastic#193089) ## Summary Resolves elastic#184794 Ensures that the cached resources display accurate timing information on the waterfall chart tooltips. The information displayed should match the information displayed in the flyout when the request url is clicked. Tooltip <img width="555" alt="Screenshot 2024-09-16 at 8 49 55 PM" src="https://github.com/user-attachments/assets/516653bc-dcec-4681-965b-08711417ab67"> Flyout <img width="424" alt="Screenshot 2024-09-16 at 2 07 56 PM" src="https://github.com/user-attachments/assets/5fb0bf1c-c65d-4ce3-8a6a-5e95700209dd"> ### Release note Synthetics - resolves an issue for multi step browser journeys where timings for cached resources within the same step were inaccurate within the waterfall chart. ### Testing 1. Create a browser monitor with duplicate requests. For example: ``` step("multi resource step", async () => { await page.goto('https://github.com'); await page.goto('https://github.com'); await page.goto('https://github.com'); }) ``` 2. Navigate to the monitor details page 3. Find the last test run panel, click the view test details button, then click the view performance breakdown button   4. Scroll down to the waterfall chart. If you use github, requests after about 115 should be cached. Note: some request may have been aborted and their waterfall tooltip won't show. Find a request that was not aborted, hover to see the tooltip, then click the request to view the flyout and confirm the information. commit f810bb5 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Sep 18 18:40:34 2024 -0500 Update docker.elastic.co/wolfi/chainguard-base:latest Docker digest to 6fbf078 (main) (elastic#193356) This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.elastic.co/wolfi/chainguard-base | digest | `d4def25` -> `6fbf078` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit 10f86c6 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Sep 18 18:38:57 2024 -0500 Update dependency msw to ^2.4.5 (main) (elastic#193363) This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [msw](https://mswjs.io) ([source](https://github.com/mswjs/msw)) | devDependencies | patch | [`^2.4.4` -> `^2.4.5`](https://renovatebot.com/diffs/npm/msw/2.4.6/2.4.5) | `2.4.8` (+2) | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNsb3VkIFNlY3VyaXR5IiwiYmFja3BvcnQ6c2tpcCIsInJlbGVhc2Vfbm90ZTpza2lwIl19--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit bcc42d5 Author: Philippe Oberti <[email protected]> Date: Thu Sep 19 01:02:36 2024 +0200 [kbn-expandable-flyout] - add support for resizable flyout (elastic#192906) commit 3bea483 Author: Davis Plumlee <[email protected]> Date: Wed Sep 18 17:56:10 2024 -0400 [Security Solution] Adds enable on install UI workflow to prebuilt rules page (elastic#191529) ## Summary Adds overflow button UI to all prebuilt rules install buttons in order to enable the rule when it is successfully installed. Previously, a user would have to navigate back to the rules page and find the rule(s) they just installed to enable, this combines those two workflows into a single button action - speeding up the out of the box rule implementation. ### Screenshots **Prebuilt rules table columns** <img width="530" alt="Screenshot 2024-09-04 at 10 38 05 AM" src="https://github.com/user-attachments/assets/4a009afa-a8f0-4eaa-a76b-8f4e509f35a3"> **Prebuilt rules table bulk install** <img width="1478" alt="Screenshot 2024-09-04 at 10 38 16 AM" src="https://github.com/user-attachments/assets/eb6deb9b-9b4e-4be3-a4ac-0da06d6f1e8e"> **Prebuilt rule details flyout** <img width="1489" alt="Screenshot 2024-09-04 at 10 38 44 AM" src="https://github.com/user-attachments/assets/a4bce22d-7e90-42e4-8522-cf411a297659"> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) commit 4c51c00 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Sep 18 16:10:45 2024 -0500 Update dependency msw to ^2.4.4 (main) (elastic#192955) This PR contains the following updates: | Package | Type | Update | Change | Pending | |---|---|---|---|---| | [msw](https://mswjs.io) ([source](https://github.com/mswjs/msw)) | devDependencies | patch | [`^2.4.2` -> `^2.4.4`](https://renovatebot.com/diffs/npm/msw/2.4.2/2.4.4) | `2.4.8` (+3) | --- ### Release Notes <details> <summary>mswjs/msw (msw)</summary> ### [`v2.4.4`](https://github.com/mswjs/msw/releases/tag/v2.4.4) [Compare Source](https://github.com/mswjs/msw/compare/v2.4.3...v2.4.4) #### v2.4.4 (2024-09-08) ##### Bug Fixes - **fetch:** follow mocked redirect responses ([#&elastic#8203;2268](https://github.com/mswjs/msw/issues/2268)) ([`f5785bf`](https://github.com/mswjs/msw/commit/f5785bfba1a026075feca4f74cadfcb636ffc257)) [@&elastic#8203;kettanaito](https://github.com/kettanaito) - Adopts a new, Socket-based request interception algorithm. ### [`v2.4.3`](https://github.com/mswjs/msw/releases/tag/v2.4.3) [Compare Source](https://github.com/mswjs/msw/compare/v2.4.2...v2.4.3) #### v2.4.3 (2024-09-07) ##### Bug Fixes - revert "graphql" as optional peer dependency ([#&elastic#8203;2267](https://github.com/mswjs/msw/issues/2267)) ([`7cd39e7`](https://github.com/mswjs/msw/commit/7cd39e787aa9766eef914bce3d65daec1ce16635)) [@&elastic#8203;kettanaito](https://github.com/kettanaito) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkNsb3VkIFNlY3VyaXR5IiwiYmFja3BvcnQ6c2tpcCIsInJlbGVhc2Vfbm90ZTpza2lwIl19--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit 798a26f Author: Steph Milovic <[email protected]> Date: Wed Sep 18 15:05:41 2024 -0600 [Security solution] `naturalLanguageToEsql` Tool added to default assistant graph (elastic#192042) commit d4ee1ca Author: Justin Kambic <[email protected]> Date: Wed Sep 18 16:51:52 2024 -0400 [Synthetics] Remove dead code (elastic#193335) ## Summary Gets rid of unused files and some types, constants, etc. that are no longer referenced in production code. commit 91ca8ab Author: Eyo O. Eyo <[email protected]> Date: Wed Sep 18 22:26:44 2024 +0200 [Reporting] update puppeteer to version 23.3.1 (elastic#192345) ## Summary Update for puppeteer, the following changeset updates puppeteer to version `23.3.1`. The chromium version required for this version of puppeteer is `128.0.6613.137` from revision `1331488`, as such the chromium binary included for windows and darwin platforms either match or were the closest revision to the expectation. The linux headless binary was built from commit `fe621c5aa2d6b987e964fb1b5066833da5fb613d` of the same revision. _**N.B.**_ Puppeteer 23.0.0 is earmarked as containing breaking changes see [here](https://github.com/puppeteer/puppeteer/blob/abda5dcc9912f4fa2c5a566403108db783f48538/packages/puppeteer-core/CHANGELOG.md#2300-2024-08-07), this PR considers the outlined changes and makes relevant adjustments so reporting continues working as is. <!-- ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --> ### How to verify linux headless build - clone the following repo https://github.com/tsullivan/kibana-dev-docker - pull this particular PR - follow the steps outlined in the repo, replacing any occurrence of `kibana-<version>-SNAPSHOT-linux-aarch64.tar.gz` from the repo above's step with the output of running build on this changeset. - before running step 4, modify the `kibana.yml` file from the `kibana-dev-docker` repo and include the following so we might be able to verify the version of chromium running; ```yaml logging.loggers: - name: plugins.reporting level: debug ``` - complete the steps outlined in the README, you'll have a linux distro of kibana running on port `5601` - Attempt creating exports of PDF and PNG reports, in dashboard, canvas, and visualizations, on report creation attempt we would see a log output that prints out the chromium version exactly matching this; <img width="1326" alt="Screenshot 2024-09-18 at 14 50 19" src="https://github.com/user-attachments/assets/7206781a-e8f9-469c-ad65-fd13749766b2"> --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> commit d84eda1 Author: Justin Kambic <[email protected]> Date: Wed Sep 18 16:07:29 2024 -0400 [Uptime] Delete dead code (elastic#193339) ## Summary Removes code that is unused from the Uptime plugin. commit 3c01b13 Author: Alexi Doak <[email protected]> Date: Wed Sep 18 11:53:36 2024 -0700 [ResponseOps] Connector OAS for framework fields (elastic#192767) Resolves elastic#192778 ## Summary This PR updates the following `response` schemas as well as the legacy route schemas for connector APIs to generate OAS documentation: - `POST /api/actions/connector/{id?}` - `GET /api/actions/connector/{id}` - `POST /api/actions/connector/{id}/_execute` - `PUT /api/actions/connector/{id}` The `request` schemas were updated in this [PR](elastic#191678). ### To verify 1. Start ES 2. Add `server.oas.enabled: true` to `kibana.dev.yml` 3. Start Kibana `yarn start --no-base-path` 4. `curl -s -uelastic:changeme http://localhost:5601/api/oas\?pathStartsWith\=/api/actions/ | jq` --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Lisa Cawley <[email protected]> commit e1db296 Author: Marta Bondyra <[email protected]> Date: Wed Sep 18 20:39:25 2024 +0200 [Lens] Corrects incorrect copy for line chart & fix flaky test (elastic#192734) ## Summary Corrects incorrect copy for line chart. Rewrites some of the tests to rtl. Unskips flaky or failing tests. Fixes elastic#192476 Removes some errors from the console that appear during unit test running. --------- Co-authored-by: Elastic Machine <[email protected]> commit 4d4afa5 Author: Rickyanto Ang <[email protected]> Date: Wed Sep 18 10:55:00 2024 -0700 [Cloud Security] User Name Misconfiguration Table and Preview Contextual Flyout (elastic#192946) ## Summary This PR is the implementation of Misconfiguration Preview and Data table on user.name flyout in Alerts Page. <img width="1717" alt="Screenshot 2024-09-14 at 12 54 37 AM" src="https://github.com/user-attachments/assets/ad405a4a-9820-4bb1-87f0-7e915eeb003b"> How to test: Pre req: In order to test this, you need to generate some fake alerts. This [repo](https://github.com/elastic/security-documents-generator) will help you do that 1. Generate Some Alerts 2. Use the Reindex API to get some Findings data in (change the host.name field to match the host.name from alerts generated if you want to test Findings table in the left panel flyout) 3. Turn on Risky Entity Score if you want to test if both Risk Contribution and Insights tabs shows up, follow this [guide](https://www.elastic.co/guide/en/security/current/turn-on-risk-engine.html) to turn on Risk Entity Score commit b9d7de6 Author: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Date: Wed Sep 18 12:53:01 2024 -0500 Update OpenFeature (main) (elastic#193332) Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> commit be2d641 Author: Katerina <[email protected]> Date: Wed Sep 18 20:50:22 2024 +0300 [Inventory] Remove inventory dependency from observability plugin (elastic#193251) ## Summary closes elastic#193200 - Remove inventory dependency from observability plugin - Register inventory in different section in classic stateful sidenav https://github.com/user-attachments/assets/6c9c28bc-7483-4deb-b95a-67585a92f89f commit f40bf52 Author: Melissa Alvarez <[email protected]> Date: Wed Sep 18 11:04:17 2024 -0600 [ML] Serverless Security: Adds ES|QL visualizer menu item in nav (elastic#192314) ## Summary Related issue: elastic#192307 This PR add sthe ES|QL visualizer menu item to the Security solution's nav in serverless. <img width="546" alt="image" src="https://github.com/user-attachments/assets/239c25c8-63af-4009-8e37-78a99d7b6719"> <img width="1189" alt="image" src="https://github.com/user-attachments/assets/e0ac66d4-4066-4c15-8cac-ff5a5e0ae716"> ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Elastic Machine <[email protected]> commit de51a1a Author: Sid <[email protected]> Date: Wed Sep 18 19:01:45 2024 +0200 Add debug logging for flaky session tests (elastic#193279) ## Summary Add settings to the ES Test cluster to enable debug logs so that if this test fails in the future, we will have more logs to investigate the issue. __Related:__ elastic#152260 commit 004631b Author: Tomasz Ciecierski <[email protected]> Date: Wed Sep 18 18:56:06 2024 +0200 [EDR Workflows] Automated Actions in more rule types (elastic#191874) commit 70b7d26 Author: Nikita Indik <[email protected]> Date: Wed Sep 18 18:21:00 2024 +0200 [Security Solution] ThreeWayDiff UI: Migrate to using `DiffableRule` TS type in `FieldReadOnly` component (elastic#192342) **Partially addresses: elastic#171520 **Is a follow-up PR to: elastic#191499 This is the 2nd of the 3 PRs for `FieldReadOnly`. - The 1st [PR](elastic#191499) added the `FieldReadOnly` and a bunch of field components. - This (2nd) PR moves away from using `DiffableAllFields` type in favour of `DiffableRule` and splits the large `FieldReadOnly` component into smaller ones for readability. - Next (3rd) PR will add the remaining field components. ## Summary This PR changes the TS type (`DiffableAllFields` -> `DiffableRule`) used by the `FieldReadOnly` component. This component displays a read-only view of a particular rule field, similar to how fields are shown on the Rule Details page. Using `DiffableRule` type makes the component compatible with the flyout context and is safer to use than `DiffableAllFields`. ### Changes - TS type used in the `FieldReadOnly` component and Storybook stories changed to `DiffableRule`. - `FieldReadOnly` field rendering was split into multiple files by rule type to make it more readable. - Added rule-mocking functions to Storybook to allow creation of `DiffableRule` mocks. - Added field components for `name`, `description` and `tags` fields. - Rewrote type narrowing for `Filters` component to a type guard (`isFilters`). - Fixed a couple of outdated code comments. ### Running `FinalReadOnly` and its field components are not yet integrated into the flyout, but you can view components in Storybook. 1. Run Storybook: `yarn storybook security_solution` 2. Go to `http://localhost:9001` in browser. <img width="1062" alt="Schermafbeelding 2024-09-03 om 13 05 11" src="https://github.com/user-attachments/assets/13b227d4-1321-47d9-a0a7-93868c9f4a15"> commit 02ce1b9 Author: Alejandro Fernández Haro <[email protected]> Date: Wed Sep 18 18:02:55 2024 +0200 [Feature Flags Service] Hello world 👋 (elastic#188562) Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Jean-Louis Leysens <[email protected]> commit 38d6143 Author: Elena Stoeva <[email protected]> Date: Wed Sep 18 16:45:59 2024 +0100 [Index Management] Restrict dot-prefixed index patterns in template form (elastic#193196) Closes elastic#190251 ## Summary This PR adds validation that restricts creating a template with a dot-prefixed index pattern. <img width="1194" alt="Screenshot 2024-09-18 at 10 49 47" src="https://github.com/user-attachments/assets/f24c3e29-7db0-46fc-97de-52d4654073de"> Note: I tried adding tests for this validation [here](https://github.com/elastic/kibana/blob/6a3adf73dacaeda073674ac4a10e8a2597e67739/x-pack/plugins/index_management/__jest__/client_integration/index_template_wizard/template_create.test.tsx#L163), but it didn't work because the index pattern field is mocked in the tests and errors are not triggered from invalid values. commit 78b21cd Author: Tre <[email protected]> Date: Wed Sep 18 16:31:11 2024 +0100 [Unskip] x-pack/.../summary_actions.ts (elastic#193120) ## Summary Use retryForTime instead. Test against local (fake mki) and mki; both were security projects. Tested against `x-pack/test_serverless/api_integration/test_suites/security/common_configs/config.group1.ts` Resolves: elastic#193061 --------- Co-authored-by: Elastic Machine <[email protected]> commit bfbcf62 Author: Kevin Delemme <[email protected]> Date: Wed Sep 18 11:25:42 2024 -0400 chore(rca): show full name in notes and store profile id in model (elastic#193211) commit 5bf4501 Author: Tim Sullivan <[email protected]> Date: Wed Sep 18 08:19:05 2024 -0700 [Spaces Management] Ensure current badge can only appear for single entry (elastic#193195) ## Summary Closes elastic#192811 ### Checklist Delete any items that are not applicable to this PR. - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or commit e3f3c68 Author: Cauê Marcondes <[email protected]> Date: Wed Sep 18 16:06:13 2024 +0100 [Inventory][ECO] Entities table (elastic#193272) Real data: <img width="1237" alt="Screenshot 2024-09-18 at 14 23 17" src="https://github.com/user-attachments/assets/ecc496aa-1c43-4c3c-9ac8-d6e4e6cb8aad"> Storybook: <img width="1256" alt="Screenshot 2024-09-18 at 14 23 22" src="https://github.com/user-attachments/assets/03d9f940-7b3f-4aea-9221-42b1c07119d1"> Tooltips: <img width="1250" alt="Screenshot 2024-09-18 at 13 49 19" src="https://github.com/user-attachments/assets/dc99b4cc-4eba-4815-8892-8e3fe7a041bb"> - Use ESQL to fetch the top 500 entities sorted by last seen property. - Display 20 entities per page. - Sorting is handles by the server and saved on the URL - Current page is saved on the URL - Filter entities types `service`, `host` or `container` - Filter only entities from the built in definition - LIMITATION: The EuiGrid doesn't have an embedded loading state, for now, I'm switching the entire view to display a loading spinner while data is being fetched. - PLUS: Storybook created with mock data. --------- Co-authored-by: kibanamachine <[email protected]> commit 5040e35 Author: Sébastien Loix <[email protected]> Date: Wed Sep 18 15:54:13 2024 +0100 [Chrome service] Expose handler to toggle the sidenav (elastic#193192) commit 1b0aa69 Merge: 1310ae1 26a50f7 Author: Pablo Machado <[email protected]> Date: Wed Sep 18 16:06:10 2024 +0200 Merge branch 'main' into siem-ea-9180-api commit 1310ae1 Author: machadoum <[email protected]> Date: Wed Sep 18 14:54:27 2024 +0200 Fix CI commit 7eb1118 Merge: c2b1724 61d0b7f Author: Elastic Machine <[email protected]> Date: Wed Sep 18 10:33:28 2024 +0200 Merge branch 'main' into siem-ea-9180-api commit c2b1724 Author: machadoum <[email protected]> Date: Tue Sep 17 17:06:14 2024 +0200 Improve get entity index function commit a8b96d8 Author: machadoum <[email protected]> Date: Tue Sep 17 16:40:48 2024 +0200 Fix build commit 1b94ce7 Author: machadoum <[email protected]> Date: Tue Sep 17 14:47:35 2024 +0200 Add code review suggestions commit 7064282 Author: kibanamachine <[email protected]> Date: Tue Sep 17 12:38:17 2024 +0000 [CI] Auto-commit changed files from 'yarn openapi:bundle' commit ab6e773 Author: machadoum <[email protected]> Date: Tue Sep 17 13:49:10 2024 +0200 Rename User and Host records commit 4216ff3 Author: machadoum <[email protected]> Date: Tue Sep 17 13:45:24 2024 +0200 Fix API tests commit 500b631 Author: kibanamachine <[email protected]> Date: Tue Sep 17 10:17:06 2024 +0000 [CI] Auto-commit changed files from 'yarn openapi:bundle' commit 98250e9 Author: machadoum <[email protected]> Date: Tue Sep 17 11:22:28 2024 +0200 Code review improvements commit fbb7479 Author: machadoum <[email protected]> Date: Tue Sep 10 13:58:47 2024 +0200 Create list entities API add API test Add data client test
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Design Discussion context: #178211
Design: Figma (internal)
Miro board with UI components breakdown: https://miro.com/app/board/uXjVK0gqjjQ=/?share_link_id=554028328760
Screenshot of the Miro board (click to expand)
TODO (click to expand)
This is roughly the order I plan to implement these.
State management (React Context to manage the state for components required for this task)
Components: ComparisonSide (left side, please refer to the Miro board to see where it is)
VersionPickercomponent that displays a dropdown component to select which 2 versions to compare.InlineDiffViewcomponent that uses the existingDiffViewcomponent, but in inline diff mode.ComparisonSidecomponent that combinesVersionPickerandInlineDiffViewresovedValue ?? merged_versionlogicComponents: FinalSide (right side)
EditButtoncomponent that switches the edit mode onFieldReadOnlycomponent that renders a suitable component / components from the Rule Details page based on the passed field name.FinalReadOnlycomponent that combinesEditButtonandFieldReadOnlySaveButtoncomponent that saves user changes when they are valid and ready.Prefillcomponent that displays a dropdown with versions available for prefill.Components: FieldEdit
FieldEdit components are components that render one or more UI elements from the Rule Editing page for every field.
FinalEditcomponent that combinesSaveButton,Prefilland FieldEdit components.FinalSidecomponent that displays either aFinalReadOnlyor aFinalEditcomponent depending on the state.Components: Basic layout
prebuiltRulesCustomizationEnabledfeature flagRuleDetailsFlyoutHeadercomponent that displays a badge for Customized Elastic rules (needs isCustomized)PerformUpgradeButtoncomponent that will trigger the upgrade.UpdateInfoBarcomponent that will display the number of updatable fields and a number of fields that have conflicts. (needs conflict)RuleDiffSectioncomponent that will display a collapsible section with a label like "Definition", "About" or "Schedule".RuleFieldDiffcollapsible component that is expanded by default if conflict is SOLVABLE or NON_SOLVABLE.RuleDiffFieldHeadercomponent that displays the conflict bagde and Accepted/Auto-accepted label. (needs conflict)Testing
Summary
As part of the Prebuilt Rules customization epic, we need to:
1. Update tab
The Updates tab currently displays a list of fields to be updated, in side-by-side view of the current and target version of each. This basic structure will be maintained, but for each field, the side-by-side diff component will be replaced by the Three-Way-Diff field component described in step 2.
The tab needs other changes:
2. Build a Three-Way-Diff field update component
The Three-Way-Diff field update component allows users to:
The initial designs for the current component look like so:
Figure 1:
Figure 2:
Notice that this is only an initial iteration and does not include the specs written in this ticket.
Component description
We are thinking about a component that, by default, shows two columns:
Left column
The Left column will display, by default, an inline diff between the current and the target version of the field.
This column will additionally display two dropdowns that enable the user to select the two versions being compared. Alternatively, it could be just one, offering the combinations:
Selecting one of the options above will update the content of the Left column to display the diff between those two version.
Right column
The Right Column (Final Version) will contain:
A component displaying the Final Version of the field that will be saved when the upgrade is confirmed. This component can be switched between a read-only view (as seen on the first image above, at the top) and an editable component (as seen on Figure 1, above).
The Read-Only view can be switched to the editable component by clicking on the "Edit" button, and vice-versa by clicking on the "Save button".
The Final version will be displayed differently depending on the value of the
conflictfield from API response for that field:NO:SOLVABLE:NON_SOLVABLE:currentversion). The "Save" button can be clicked to accept the change.Prefill version dropdown
The Right column will have a button located on top of the component that displays the Final Version that allows the user to fill in (prepopulate) the editable field, by offering the options:
Selecting any of the first two options will populate the merge proposal column with either the Current or Target version, respectively.
"Accepted" label
When the user has finished editing the field (prefilled, or edited manually, or just want to keep the proposed merged value), they should click on the "Save" button to "Accept" the changes.
Once the user clicks on the "Save" button, the field updates to display an "Accepted" label with a green tick to confirm that the change for the field was approved by the user and validated by the app.
(If the API response has the value of the
conflictfield set toNOorSOLVABLE, the field will appear from start as auto-accepted)When the user clicks on "Save", if the change is validated, the accordion container of the field will collapse. If the accordion is reopened, the component should be in read-only view.
The user can "Un-Accept" a change by manually opening the accordion and clicking on the "Edit" button. That action will "Un-Accept" the field and will "block" the the update of the rule until the field is saved again, by clicking on the "Save" button (all fields to needs to be accepted in order to update the rule).
**EXPAND:** This is a UX similar to the file per file review in Github PR's and the feature to mark a file as "Reviewed":
Before marking file as reviewed
After marking file as reviewed
ONLY once all fields have been confirmed (all have green ticks) the user can make the request to update the rule. (This however is not part of the spec for this component, but important context to understand its role)
Other considerations:
versionrevisionauthorlicenseThe text was updated successfully, but these errors were encountered: