Fix incorrect version bump for 7.5 branch #50484
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Summary Updates map styles as outlined by design in the below issue. Resolves elastic#47046 ##### New Styles Light Mode: <img width="1157" alt="Screen Shot 2019-10-15 at 14 01 20" src="https://user-images.githubusercontent.com/2946766/66866294-3a8c2600-ef56-11e9-8353-7e197f39a782.png"> ##### New Styles Dark Mode: <img width="1346" alt="Screen Shot 2019-10-15 at 14 12 31" src="https://user-images.githubusercontent.com/2946766/66866280-35c77200-ef56-11e9-816a-368ee2d7bd9b.png"> ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ * @benskelker - will we need to update the map screenshots as part of this release? - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] ~This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~ - [ ] ~This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)~
…astic#48366) * Add Search Bar components Integration of the Search Bar component in host and network page Fix state URL with new Search Bar * update unit test * Fix URL state to match Discover + Fix ML to match with new url state + fix cypress test * fix behavior when save as new query * savedQuery - do not try to update date picker when there is no timefilter * fix refresh * some merge issue + fix back to active page to zero * review I * hack to remove lag * fix type
…48368) * [ML] Fixing overview page max anomaly score * removing unnecessary copy of maxScore
…tic#48309) Backports the following commits to 7.x: - [Logs UI] Add ML job status callouts to results page (elastic#47642)
…#48238) (elastic#48372) This change augments the SIEM jobs and datafeeds that were added in elastic#47848 with the allow_lazy_open and max_empty_searches options that were added in elastic/elasticsearch#47726 and elastic/elasticsearch#47922 respectively.
…hentication), Process (elastic#48277) (elastic#48377) ## [SIEM] Endgame Row Renderers: DNS, File (FIM), Network, Security (Authentication), Process This PR renders Endgame events via _row renderers_ in the Timeline, per the following screenshot:  The following Endgame event types / subtypes will be rendered via row renderers in the Timeline: * DNS (`dns_event`) - [X] `request_event` * File (FIM) (`file_event`) - [X] `file_create_event` - [X] `file_delete_event` * Network (`network_event`) - [X] `ipv4_connection_accept_event` - [X] `ipv6_connection_accept_event` - [X] `ipv4_disconnect_received_event` - [X] `ipv6_disconnect_received_event` * Security (Authentication) (`security_event`) - [X] `user_logon` - [X] `admin_logon` - [X] `explicit_user_logon` - [X] `user_logoff` * Process (`process_event`) - [X] `creation_event` - [X] `termination_event` This PR also adds row rendering support for some non-Endgame events that conform to the [Elastic Common Schema](https://www.elastic.co/guide/en/ecs/current/index.html) (ECS): * DNS requests * FIM file creation events * FIM file deletion events RELEASE NOTE: To view Endgame events in existing SIEM deployments, you must manually add `endgame-*` to the SIEM index pattern in `Kibana Management > Advanced Settings > SIEM > Elasticsearch indices`. ## DNS Request events Endgame DNS events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: dns_event and endgame.event_subtype_full: request_event ``` _To view these Endgame DNS events in a timeline, add `endgame-*` to the `SIEM` > `Elasticsearch indices` setting in Kibana `Advanced Settings`, then paste the query above into a timeline to view events._ ### Runtime matching criteria All DNS events, including Endgame and non-Endgame DNS events matching the following criteria will be rendered: ``` dns.question.type: * and dns.question.name: * ``` _The query above can be executed in a timeline to view all data that will be rendered via the (new) DNS event row renderer._ ### Sample rendered DNS event  Each field with `this formatting` will be draggable (to pivot a search) in the row-rendered event: `Arun` \ `Anvi-Acer` @ `HD-obe-8bf77f54` asked for `clients4.google.com` with question type `A`, which resolved to `10.58.197.78` (response code: `NOERROR`) via `chrome.exe` `(11620)` [ `3008`] ### Fields in a DNS event The following fields will be used to render a DNS event: `user.name` \ `user.domain` @ `host.name` asked for `dns.question.name` with question type `dns.question.type`, which resolved to `dns.resolved_ip` (resp code: `dns.response_code`) via `process.name` `(process.pid)` [ `event.code | winlog.event_id`] Note: At the time of this writing, Endgame DNS events do not populate `dns.response_code`. Row renderers are designed to still render partial results when fields are missing. In this case the following text: > (resp code: `dns.response_code`) will NOT be rendered, but the other (populated) fields in the DNS event will be rendered. ### Additional Rendering of DNS events by the Netflow row renderer In addition to being rendered by the new DNS renderer described above, DNS events will also be rendered by the Netflow row renderer. The Neflow row renderer shows the directionality, protocol, and flow of data between a source and destination ### Non-Endgame DNS events The following screenshot shows a DNS event from `packetbeat` rendered by the new DNS row renderer:  _A non-Endgame DNS event that conforms to ECS_ ## File (FIM) Creation events Endgame File (FIM) Creation events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: file_event and endgame.event_subtype_full: file_create_event ``` ### Runtime matching criteria All file creation events, including Endgame and non-Endgame events matching the following criteria will be rendered: ``` (event.category: file and event.action: file_create_event) or (event.dataset: file and event.action: created) ``` ### Sample rendered File (FIM) Creation event  `Arun` \ `Anvi-Acer` @ `HD-obe-8bf77f54` created file `the-real-index~RFa99cd75.TMP` in `C:\Users\Arun\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\579544fd7d0441717f082c9eb123588966aa57ac\d81a98b1-59b9-43b2-a228-b3daf7da56df\index-dir\the-real-index~RFa99cd75.TMP` via `chrome.exe` `(11620)` ### Fields in a File (FIM) Creation event `user.name` \ `user.domain` @ `host.name` created file `file.name | endgame.file_name` in `file.path | endgame.file_path` via `process.name | endgame.process_name` `(process.pid | endgame.pid)` ## File (FIM) Deletion events Endgame File (FIM) Deletion events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: file_event and endgame.event_subtype_full: file_delete_event ``` ### Runtime matching criteria All file deletion events, including Endgame and non-Endgame events matching the following criteria will be rendered: ``` (event.category: file and event.action: file_delete_event) or (event.dataset: file and event.action: deleted) ``` ### Sample rendered File (FIM) Deletion event  `SYSTEM` \ `NT AUTHORITY` @ `HD-v1s-d2118419` deleted file `tmp0000031a` in `C:\Windows\TEMP\tmp00000404\tmp0000031a` via `AmSvc.exe` `(1084)` ### Fields in a File (FIM) Deletion event `user.name` \ `user.domain` @ `host.name` deleted file `file.name | endgame.file_name` in `file.path | endgame.file_path` via `process.name | endgame.process_name` `(process.pid | endgame.pid)` ## Network Connection Accepted events Endgame Network Connection Accepted events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` (endgame.event_type_full: network_event and endgame.event_subtype_full: ipv4_connection_accept_event) or (endgame.event_type_full: network_event and endgame.event_subtype_full: ipv6_connection_accept_event) ```` ### Runtime matching criteria All Endgame Connection Accepted events, and existing "socket opened" events matching the following criteria will be rendered: ``` event.action: ipv4_connection_accept_event or event.action: ipv6_connection_accept_event or event.action: socket_opened ``` ### Sample rendered Network Connection Accepted event  `SYSTEM` \ `NT AUTHORITY` @ `HD-gqf-0af7b4fe` accepted a connection via `AmSvc.exe` `(1084)` Network Connection Accepted events are also be rendered with the Netflow row renderer, like the `event.action: socket_opened` events are rendered today. The Network Connection Accepted row renderer displays information about the principal actors in the event (i.e. `user.name`, `host.name`, `process.name`), and the Netflow row renderer displays information about the directionality, source / destination, protocol, etc. ### Fields in a Network Connection Accepted event `user.name` \ `user.domain` @ `host.name` accepted a connection via `process.name` `(process.pid)` ## Network Disconnect Received events Endgame Network Disconnect Received events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` (endgame.event_type_full: network_event and endgame.event_subtype_full: ipv4_disconnect_received_event) or (endgame.event_type_full: network_event and endgame.event_subtype_full: ipv6_disconnect_received_event) ```` ### Runtime matching criteria All Endgame Network Disconnect Received events, and existing "socket closed" events matching the following criteria will be rendered: ``` event.action: ipv4_disconnect_received_event or event.action: ipv6_disconnect_received_event or event.action: socket_closed ``` ### Sample rendered Network Disconnect Received event  `SYSTEM` \ `NT AUTHORITY` @ `HD-gqf-0af7b4fe` disconnected via `AmSvc.exe` `(1084)` The existing row renderer for `event.action: socket_closed` will be enhanced to display additional fields: - `user.domain` - `process.pid` Network Disconnect Received events will also be rendered with the Netflow row renderer, like the `event.action: socket_closed` events are rendered today. The Network Connection Accepted row renderer displays information about the principal actors in the event (i.e. `user.name`, `host.name`, `process.name`), and the Netflow row renderer displays information about the directionality, source / destination, protocol, etc. ### Fields in a Network Disconnect Received event `user.name` \ `user.domain` @ `host.name` disconnected via `process.name` `(process.pid)` ## Security (Authentication) User Logon events Endgame Security (Authentication) User Logon events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: security_event and endgame.event_subtype_full: user_logon ``` ### Runtime matching criteria Security (Authentication) User Logon events matching the following criteria will be rendered: ``` event.category: authentication and event.action: user_logon ``` ### Sample rendered Security (Authentication) User Logon event  `SYSTEM` \ `NT AUTHORITY` @ `HD-v1s-d2118419` successfully logged in using logon type `5 - Service` (target logon ID `0x3e7`) via `C:\Windows\System32\services.exe` (`432`) as requested by subject `WIN-Q3DOP1UKA81$` \ `WORKGROUP` (source logon ID `0x3e7`) [ `4624`] ### Fields in an Security (Authentication) User Logon event `user.name` \ `user.domain` @ `host.name` successfully logged in using logon type `endgame.logon_type` (target logon ID `endgame.target_logon_id`) via `process.name | process.executable` (`process.pid`) as requested by subject `endgame.subject_user_name` \ `endgame.subject_domain_name` (subject logon ID `endgame.subject_logon_id`) [ `event.code | winlog.event_id`] ### Reference: LogonType Enumerations The following enumerated values will humanize the numeric `endgame.logon_type` field: ``` 2 - Interactive 3 - Network 4 - Batch 5 - Service 7 - Unlock 8 - Network Cleartext 9 - New Credentials 10 - Remote Interactive 11 - Cached Interactive ``` ## Security (Authentication) Admin Logon events Endgame Security (Authentication) Admin Logon events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: security_event and endgame.event_subtype_full: admin_logon ``` ### Runtime matching criteria Security (Authentication) Admin Logon events matching the following criteria will be rendered: ``` event.category: authentication and event.action: admin_logon ``` ### Sample rendered Security (Authentication) Admin Logon event  With special privileges, `SYSTEM` \ `NT AUTHORITY` @ `HD-v1s-d2118419` successfully logged in via `C:\Windows\System32\services.exe` (`964`) as requested by subject `SYSTEM` \ `NT AUTHORITY` (subject logon ID `0x3e7`) [ `4672`] ### Fields in a Security (Authentication) Admin Logon event With special privileges, `user.name` \ `user.domain` @ `host.name` successfully logged in via `process.name | process.executable` (`process.pid`) as requested by subject `endgame.subject_user_name` \ `endgame.subject_domain_name` (subject logon ID `endgame.subject_logon_id`) [ `event.code | winlog.event_id`] ## Security (Authentication) Explicit User Logon events Endgame Security (Authentication) Explicit User Logon events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: security_event and endgame.event_subtype_full: explicit_user_logon ``` ### Runtime matching criteria Security (Authentication) Explicit User Logon events matching the following criteria will be rendered: ``` event.category: authentication and event.action: explicit_user_logon ``` ### Sample rendered Security (Authentication) Explicit User Logon event  A login was attempted using explicit credentials `Arun` \ `Anvi-Acer` to `HD-v1s-d2118419` via `C:\Windows\System32\services.exe` (`1736`) as requested by subject `ANVI-ACER$` \ `WORKGROUP` (subject logon ID `0x3e7`) [ `4648`] ### Fields in an Security (Authentication) Explicit User Logon event A login was attempted using explicit credentials `endgame.target_user_name` \ `endgame.target_domain_name` to `host.name` via `process.name | process.executable` (`process.pid`) as requested by subject `endgame.subject_user_name` \ `endgame.subject_domain_name` (subject logon ID `endgame.subject_logon_id`) [ `event.code | winlog.event_id`] ## Security (Authentication) User Logoff events Endgame Security (Authentication) User Logoff events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: security_event and endgame.event_subtype_full: user_logoff ``` ### Runtime matching criteria Security (Authentication) User Logoff events matching the following criteria will be rendered: ``` event.category: authentication and event.action: user_logoff ``` ### Sample rendered Security (Authentication) User Logoff event  `Arun` \ `Anvi-Acer` @ `HD-55b-3ec87f66` logged off using logon type `2 - Interactive` (target logon ID `0x16db41e`) via `C:\Windows\System32\services.exe` (`964`) [ `4634` ] ### Fields in Security (Authentication) User Logoff event `endgame.target_user_name` \ `endgame.target_domain_name` @ `host.name` logged off using logon type `endgame.logon_type` (target logon ID `endgame.target_logon_id`) via `process.name | process.executable` (`process.pid`) [ `event.code | winlog.event_id`] ## Process Creation events Endgame Process Creation events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: process_event and endgame.event_subtype_full: creation_event ``` ### Runtime matching criteria Process Creation events matching the following criteria will be rendered: ``` event.category: process and event.action: creation_event ``` ### Sample rendered Process Creation event  `Arun` \ `Anvi-Acer` @ `HD-obe-8bf77f54` started process `Microsoft.Photos.exe` (`441684`) `-ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca` via parent process `svchost.exe` (`8`) `sha256 d4c97ed46046893141652e2ec0056a698f6445109949d7fcabbce331146889ee` `sha1 12563599116157778a22600d2a163d8112aed845` `md5 62d06d7235b37895b68de56687895743` ### Fields in a Process Creation event The following fields will be used to render a Process Creation event: `user.name` \ `user.domain` @ `host.name` started process `process.name` (`process.pid`) `process.args` via parent process `endgame.parent_process_name` (`process.ppid`) `process.hash.sha256` `process.hash.sha1` `process.hash.md5` ## Process Termination events Endgame Process Termination events with the following event type and subtype will be rendered in the Timeline via row renderers: ``` endgame.event_type_full: process_event and endgame.event_subtype_full: termination_event ``` ### Runtime matching criteria Process Termination events matching the following criteria will be rendered: ``` event.category: process and event.action: termination_event ``` ### Sample rendered Process Termination event  `Arun` \ `Anvi-Acer` @ `HD-obe-8bf77f54` terminated process `RuntimeBroker.exe` (`442384`) with exit code `0` `sha256 87976f3430cc99bc939e0694247c0759961a49832b87218f4313d6fc0bc3a776` `sha1 797255e72d5ed5c058d4785950eba7abaa057653` `md5 bd4401441a21bf1abce6404f4231db4d` ### Fields in a Process Termination event The following fields will be used to render a Process Termination event: `user.name` \ `user.domain` @ `host.name` terminated process `process.name` (`process.pid`) with exit code `endgame.exit_code` `process.hash.sha256` `process.hash.sha1` `process.hash.md5` ## Testing Desk tested in: * Dark / light mode * Chrome `77.0.3865.90` * Firefox `69.0.3` * Safari `13.0.1` * NOT tested in IE11 (due to current blocker) elastic/ecs-dev#178
…lastic#48378) * Expose Saved Objects client in request context * API Integration test for savedobjects in req context * SavedObjectsClient docs * SavedObjectsClient#find remove dependency on indexPatterns And use the saved objects mappings instead * Review comments * Review comments, fixes and tests * Use correct type for KQL syntax check
…tic#48363) * [Lens] Make operation nesting more clear to users * Improve date wording * Update per comments
* add TLS table to network overview page * isolate TLS parser * add unit test * add integration test * fix types * revert not necessary change * remove variables for domains table * fix for review * fix tlsSelector * update tls selector * apply updateTlsLimit * update selected property for tls selector * add networkType as the 2nd param of updateTlsSort * correcting pagetype * check the page type for updateTableActivePage * hard coded the targeting table name * remove tls table param as property * fix types
…astic#48388) * add saved object export details in ndjson response Signed-off-by: pgayvallet <[email protected]> * update core doc Signed-off-by: pgayvallet <[email protected]> * exclude export details for space copy Signed-off-by: pgayvallet <[email protected]> * fixing tests Signed-off-by: pgayvallet <[email protected]> * display warning instead of success if export contains missing refs Signed-off-by: pgayvallet <[email protected]> * nits/typo Signed-off-by: pgayvallet <[email protected]> * properly updates api integration tests Signed-off-by: pgayvallet <[email protected]> * fix typings Signed-off-by: pgayvallet <[email protected]> * add test on objects_table component Signed-off-by: pgayvallet <[email protected]> * remove added translations from jp/cn bundles Signed-off-by: pgayvallet <[email protected]> * restoring line feeds Signed-off-by: pgayvallet <[email protected]> * improve doc and user alert message Signed-off-by: pgayvallet <[email protected]> * restoring line feeds on server.api.md Signed-off-by: pgayvallet <[email protected]> * warning test label Signed-off-by: pgayvallet <[email protected]>
* add tests for logWithMetadata in LP * allow passing metadata to log in NP & LP * move ui_settings_client to NP * add ui_settings config * add ui_settings_service * switch to NP logging * export types * bootstrap uiSettings service in NP * pass NP uiSettings to LP * move ui_settings mock to NP * add test for mixin and switch to NP logger * make UiSettingsClient.getDefaults sync as it is * ui_settings_client uses private fields * ui_settings_client uses private methods * keep uiSettings config validation in NP only * update mocks * core context should know it is mocked * add tests for ui_settings_service * remove unused code from ui_settings_mixin test * improve types in ui_settings_mixin test * gen docs * test moved to NP * set pkg version in tests explicitly * update mocks in tests * UiSettingsServiceSetup --> InternalUiSettingsServiceSetup * add links to types * address eli comment * regen docs * remove unused types
…lastic#48384) (elastic#48399) Fixes an issue where we would try and claim new tasks even when there are no available workers
* [ML] Removing old angular directives * reverts small change * typescriptifying access denied page * changing access denied text * updating translations
… regression jobs (elastic#48390) (elastic#48424) * Only show MSE and rSquared in expanded row for regression jobs * use isRegressionAnalysis check
* [DOCS] API intro * Logstash configuration management * Reformatting * Comments from Josh * Commets from Gail * Fixed broken things
* remove GraphIql in production * fix api intergation on CI
- Fixes the missing starting state for analytics jobs. - Fixes checks if a analytics job is running, for example fixes an issue where the Delete-button was available for a running job in the analytics job list.
* [Code] makes Code space aware. For APIs related to repository, file, and search, user should only see contents from repositories belongs to his/her space. When the same repository is added in different spaces, they should point to the same underlying repository. We use references from spaces to repositories to represent this relationship. This patch implements the 1:1 model, which means a repository can only be imported in on space.
…" (elastic#49987) (elastic#50065) This reverts commit 85e5885.
…stic#50078) (cherry picked from commit 78e9d93)
) * Initial work * WIP changes * Turn off banner when allowChangingOptInStatus is true * Fix bugs * Fix broken jest tests * Add jest tests for TelemetryForm * Add TelemetryOptIn jest tests * Make some adjustments to allow always being opted in * Disallow turning telemetry completely off * Fix bug in Joi config * Keep route there
…Maps (elastic#50167) (elastic#50226) * [Maps] replace coordinate map with Elastic Maps in Kibana getting started docs * update dashboard getting started page * update screen shot * Update docs/getting-started/tutorial-visualizing.asciidoc Co-Authored-By: gchaps <[email protected]> * review feedback * update dashboard instructions to include step to set time fitler * clean up more instances for vector style * review feedback
…0282) * [ML] Adding cloud specific ML node warning * fixing include * adding callout and cloud checks * fixing translations * removing positive look behind in regex
…ic#49797) (elastic#50234) * Initial work * Move links to constants * Update UI based on design and copy * Apply PR feedback * Remove unused translations * Apply requested changes * Remove some icons
* deprecate include_type_name * include_type_name * remove doc from mappings * Updated timelion mapping * Updated spaces and uptime mapping * monitoring apm mapping * Updated more mappings * 2 more mappings * Updated reporting mappings after syncing with @gammon * Revert "update chromedriver dependency to v78 (elastic#49737)" This reverts commit 4a696b9.
elastic#50290 Signed-off-by: Tyler Smalley <[email protected]>
mistic
added
bug
Contributor
Author
|
That was opened by mistake against master. Moved the correct PR to #50485 |
Contributor
💔 Build Failed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
That can be causing CI problems for
7.5.Thanks @pheyos for found this