Merge branch 'main' into chore/ecs-form-refactor

.github/CODEOWNERS

@@ -415,6 +415,7 @@
 /x-pack/plugins/security_solution/cypress/integration/urls @elastic/security-threat-hunting-investigations
 
 /x-pack/plugins/security_solution/public/common/components/alerts_viewer @elastic/security-threat-hunting-investigations
+/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_action @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/common/components/event_details @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/common/components/events_viewer @elastic/security-threat-hunting-investigations
 /x-pack/plugins/security_solution/public/common/components/markdown_editor @elastic/security-threat-hunting-investigations

x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/configuration_step/use_saved_search.ts

@@ -7,12 +7,12 @@
 
 import { useState, useEffect } from 'react';
 import {
+  buildEsQuery,
+  buildQueryFromFilters,
   decorateQuery,
   fromKueryExpression,
-  luceneStringToDsl,
   toElasticsearchQuery,
 } from '@kbn/es-query';
-import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import { useMlContext } from '../../../../../contexts/ml';
 import { SEARCH_QUERY_LANGUAGE } from '../../../../../../../common/constants/search';
 import { getQueryFromSavedSearchObject } from '../../../../../util/index_utils';
@@ -36,19 +36,42 @@ export function useSavedSearch() {
   const { currentSavedSearch, currentDataView, kibanaConfig } = mlContext;
 
   const getQueryData = () => {
-    let qry: estypes.QueryDslQueryContainer = {};
+    let qry: any = {};
     let qryString;
 
     if (currentSavedSearch !== null) {
-      const { query } = getQueryFromSavedSearchObject(currentSavedSearch);
+      const { query, filter } = getQueryFromSavedSearchObject(currentSavedSearch);
       const queryLanguage = query.language;
       qryString = query.query;
 
       if (queryLanguage === SEARCH_QUERY_LANGUAGE.KUERY) {
         const ast = fromKueryExpression(qryString);
         qry = toElasticsearchQuery(ast, currentDataView);
+        const filterQuery = buildQueryFromFilters(filter, currentDataView);
+        if (qry.bool === undefined) {
+          qry.bool = {};
+          // toElasticsearchQuery may add a single match_all item to the
+          // root of its returned query, rather than putting it inside
+          // a bool.should
+          // in this case, move it to a bool.should
+          if (qry.match_all !== undefined) {
+            qry.bool.should = {
+              match_all: qry.match_all,
+            };
+            delete qry.match_all;
+          }
+        }
+
+        if (Array.isArray(qry.bool.filter) === false) {
+          qry.bool.filter = qry.bool.filter === undefined ? [] : [qry.bool.filter];
+        }
+        if (Array.isArray(qry.bool.must_not) === false) {
+          qry.bool.must_not = qry.bool.must_not === undefined ? [] : [qry.bool.must_not];
+        }
+        qry.bool.filter = [...qry.bool.filter, ...filterQuery.filter];
+        qry.bool.must_not = [...qry.bool.must_not, ...filterQuery.must_not];
       } else {
-        qry = luceneStringToDsl(qryString);
+        qry = buildEsQuery(currentDataView, [query], filter);
         decorateQuery(qry, kibanaConfig.get('query:queryString:options'));
       }
 

x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/page.tsx

@@ -108,7 +108,7 @@ export const Page: FC<{
         />
       ) : null}
       {jobIdToUse !== undefined && (
-        <MlPageHeader>
+        <MlPageHeader key={`${jobIdToUse}-id`}>
           <FormattedMessage
             id="xpack.ml.dataframe.analyticsExploration.titleWithId"
             defaultMessage="Explore results for job ID {id}"

x-pack/plugins/ml/public/application/data_frame_analytics/pages/job_map/page.tsx

@@ -102,7 +102,7 @@ export const Page: FC = () => {
     <>
       <AnalyticsIdSelectorControls
         setIsIdSelectorFlyoutVisible={setIsIdSelectorFlyoutVisible}
-        selectedId={jobId || modelId}
+        selectedId={jobId ?? modelId}
       />
       {isIdSelectorFlyoutVisible ? (
         <AnalyticsIdSelector
@@ -120,7 +120,7 @@ export const Page: FC = () => {
         </MlPageHeader>
       ) : null}
       {jobId !== undefined ? (
-        <MlPageHeader>
+        <MlPageHeader key={`${jobId}-id`}>
           <FormattedMessage
             data-test-subj="mlPageDataFrameAnalyticsMapTitle"
             id="xpack.ml.dataframe.analyticsMap.analyticsIdTitle"
@@ -145,10 +145,11 @@ export const Page: FC = () => {
       <SavedObjectsWarning onCloseFlyout={refresh} />
       <UpgradeWarning />
 
-      {mapJobId || mapModelId || analyticsId ? (
+      {jobId ?? modelId ? (
         <JobMap
-          analyticsId={mapJobId || analyticsId?.job_id}
-          modelId={mapModelId || analyticsId?.model_id}
+          key={`${jobId ?? modelId}-id`}
+          analyticsId={jobId}
+          modelId={modelId}
           forceRefresh={isLoading}
         />
       ) : (

x-pack/plugins/monitoring/public/components/no_data/no_data.js

@@ -183,6 +183,13 @@ export function NoData(props) {
                 the upper right includes monitoring data."
               />
             </p>
+            <p>
+              <FormattedMessage
+                id="xpack.monitoring.noData.remoteCollectionNotice"
+                defaultMessage="If you have configured monitoring data to be sent to a dedicated monitoring 
+                cluster you should access that data with the Kibana instance attached to the monitoring cluster."
+              />
+            </p>
           </EuiText>
           <EuiSpacer />
           <EuiFlexGroup alignItems="center" justifyContent="spaceAround" gutterSize="s">

x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_investigate_in_timeline.tsx

@@ -14,7 +14,7 @@ import { ALERT_RULE_EXCEPTIONS_LIST } from '@kbn/rule-data-utils';
 import {
   ExceptionListIdentifiers,
   ExceptionListItemSchema,
-  ReadExceptionListSchema,
+  ExceptionListTypeEnum,
 } from '@kbn/securitysolution-io-ts-list-types';
 import { useApi } from '@kbn/securitysolution-list-hooks';
 
@@ -51,48 +51,48 @@ export const useInvestigateInTimeline = ({
 
   const getExceptions = useCallback(
     async (ecsData: Ecs): Promise<ExceptionListItemSchema[]> => {
-      const exceptionsLists: ReadExceptionListSchema[] = (
-        getField(ecsData, ALERT_RULE_EXCEPTIONS_LIST) ?? []
-      )
-        .map((list: string) => JSON.parse(list))
-        .filter((list: ExceptionListIdentifiers) => list.type === 'detection');
+      const exceptionsLists = (getField(ecsData, ALERT_RULE_EXCEPTIONS_LIST) ?? []).reduce(
+        (acc: ExceptionListIdentifiers[], next: string) => {
+          const parsedList = JSON.parse(next);
+          if (parsedList.type === 'detection') {
+            const formattedList = {
+              id: parsedList.id,
+              listId: parsedList.list_id,
+              type: ExceptionListTypeEnum.DETECTION,
+              namespaceType: parsedList.namespace_type,
+            };
+            acc.push(formattedList);
+          }
+          return acc;
+        },
+        []
+      );
 
       const allExceptions: ExceptionListItemSchema[] = [];
 
       if (exceptionsLists.length > 0) {
-        for (const list of exceptionsLists) {
-          if (list.id && list.list_id && list.namespace_type) {
-            await getExceptionListsItems({
-              lists: [
-                {
-                  id: list.id,
-                  listId: list.list_id,
-                  type: 'detection',
-                  namespaceType: list.namespace_type,
-                },
-              ],
-              filterOptions: [],
-              pagination: {
-                page: 0,
-                perPage: 10000,
-                total: 10000,
-              },
-              showDetectionsListsOnly: true,
-              showEndpointListsOnly: false,
-              onSuccess: ({ exceptions }) => {
-                allExceptions.push(...exceptions);
-              },
-              onError: (err: string[]) => {
-                addError(err, {
-                  title: i18n.translate(
-                    'xpack.securitySolution.detectionEngine.alerts.fetchExceptionsFailure',
-                    { defaultMessage: 'Error fetching exceptions.' }
-                  ),
-                });
-              },
+        await getExceptionListsItems({
+          lists: exceptionsLists,
+          filterOptions: [],
+          pagination: {
+            page: 0,
+            perPage: 10000,
+            total: 10000,
+          },
+          showDetectionsListsOnly: true,
+          showEndpointListsOnly: false,
+          onSuccess: ({ exceptions }) => {
+            allExceptions.push(...exceptions);
+          },
+          onError: (err: string[]) => {
+            addError(err, {
+              title: i18n.translate(
+                'xpack.securitySolution.detectionEngine.alerts.fetchExceptionsFailure',
+                { defaultMessage: 'Error fetching exceptions.' }
+              ),
             });
-          }
-        }
+          },
+        });
       }
       return allExceptions;
     },

x-pack/plugins/session_view/public/components/detail_panel_alert_group_item/index.tsx

@@ -66,6 +66,7 @@ export const DetailPanelAlertGroupItem = ({
           data-test-subj={ALERT_GROUP_ITEM_COUNT_TEST_ID}
           className="eui-alignCenter"
           size="m"
+          css={styles.alertCountArrowPad}
         >
           {alertsCount}
         </EuiNotificationBadge>

x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/index.tsx

@@ -59,7 +59,7 @@ export const DetailPanelAlertListItem = ({
   const forceState = !isInvestigated ? 'open' : undefined;
 
   return minimal ? (
-    <div data-test-subj={ALERT_LIST_ITEM_TEST_ID}>
+    <div data-test-subj={ALERT_LIST_ITEM_TEST_ID} css={styles.firstAlertPad}>
       <EuiSpacer size="xs" />
       <EuiFlexGroup alignItems="center">
         <EuiFlexItem>

x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/styles.ts

@@ -79,6 +79,10 @@ export const useStyles = (minimal = false, isInvestigated = false) => {
       minWidth: 0,
     };
 
+    const alertCountArrowPad: CSSObject = {
+      marginRight: size.xs,
+    };
+
     const processPanel: CSSObject = {
       border: `${borderThickness} solid ${colors.lightShade}`,
       fontFamily: font.familyCode,
@@ -103,6 +107,12 @@ export const useStyles = (minimal = false, isInvestigated = false) => {
       float: 'right',
     };
 
+    const firstAlertPad: CSSObject = {
+      '&:first-child': {
+        paddingTop: size.base,
+      },
+    };
+
     const minimalHR: CSSObject = {
       marginBottom: 0,
     };
@@ -114,9 +124,11 @@ export const useStyles = (minimal = false, isInvestigated = false) => {
       alertTitle,
       alertIcon,
       alertAccordionButton,
+      alertCountArrowPad,
       processPanel,
       investigatedLabel,
       minimalContextMenu,
+      firstAlertPad,
       minimalHR,
     };
   }, [euiTheme, isInvestigated, minimal]);

x-pack/plugins/session_view/public/components/detail_panel_description_list/styles.ts

@@ -20,14 +20,14 @@ export const useStyles = () => {
     const tabListTitle = {
       width: '40%',
       display: 'flex',
-      alignItems: 'center',
+      alignItems: 'baseline',
       marginTop: '0px',
     };
 
     const tabListDescription = {
       width: '60%',
       display: 'flex',
-      alignItems: 'center',
+      alignItems: 'baseline',
       marginTop: '0px',
     };
 

x-pack/plugins/session_view/public/components/detail_panel_list_item/styles.ts

@@ -20,11 +20,11 @@ export const useStyles = ({ display }: StylesDeps) => {
     const item: CSSObject = {
       display,
       alignContent: 'center',
-      padding: `0px ${euiTheme.size.s} `,
+      padding: `${euiTheme.size.xs} ${euiTheme.size.s} `,
       width: '100%',
       fontWeight: 'inherit',
-      height: euiTheme.size.xl,
-      lineHeight: euiTheme.size.l,
+      height: 'max-content',
+      minHeight: euiTheme.size.l,
       letterSpacing: '0px',
       textAlign: 'left',
 
@@ -43,7 +43,7 @@ export const useStyles = ({ display }: StylesDeps) => {
       '&:hover': {
         background: transparentize(euiTheme.colors.primary, 0.1),
       },
-      height: '100%',
+      height: 'fit-content',
     };
 
     return {

x-pack/test/cases_api_integration/security_and_spaces/tests/trial/index.ts

@@ -11,8 +11,6 @@ import { createSpacesAndUsers, deleteSpacesAndUsers } from '../../../common/lib/
 // eslint-disable-next-line import/no-default-export
 export default ({ loadTestFile, getService }: FtrProviderContext): void => {
   describe('cases security and spaces enabled: trial', function () {
-    this.tags('ciGroup25');
-
     before(async () => {
       await createSpacesAndUsers(getService);
     });
@@ -21,15 +19,23 @@ export default ({ loadTestFile, getService }: FtrProviderContext): void => {
       await deleteSpacesAndUsers(getService);
     });
 
-    // Trial
-    loadTestFile(require.resolve('./cases/push_case'));
-    loadTestFile(require.resolve('./cases/user_actions/get_all_user_actions'));
-    loadTestFile(require.resolve('./configure'));
+    describe('', function () {
+      this.tags('ciGroup13');
+
+      // Trial
+      loadTestFile(require.resolve('./cases/push_case'));
+      loadTestFile(require.resolve('./cases/user_actions/get_all_user_actions'));
+      loadTestFile(require.resolve('./configure'));
+    });
 
-    // Common
-    loadTestFile(require.resolve('../common'));
+    describe('', function () {
+      this.tags('ciGroup25');
 
-    // NOTE: These need to be at the end because they could delete the .kibana index and inadvertently remove the users and spaces
-    loadTestFile(require.resolve('../common/migrations'));
+      // Common
+      loadTestFile(require.resolve('../common'));
+
+      // NOTE: These need to be at the end because they could delete the .kibana index and inadvertently remove the users and spaces
+      loadTestFile(require.resolve('../common/migrations'));
+    });
   });
 };

x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts

@@ -14,7 +14,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
       this.tags('ciGroup11');
 
       loadTestFile(require.resolve('./aliases'));
-      loadTestFile(require.resolve('./create_endpoint_exceptions'));
       loadTestFile(require.resolve('./add_actions'));
       loadTestFile(require.resolve('./update_actions'));
       loadTestFile(require.resolve('./add_prepackaged_rules'));
@@ -54,6 +53,12 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
       loadTestFile(require.resolve('./migrations'));
     });
 
+    describe('', function () {
+      this.tags('ciGroup26');
+
+      loadTestFile(require.resolve('./create_endpoint_exceptions'));
+    });
+
     describe('', function () {
       this.tags('ciGroup14');