diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 869160bfa0fd1..215514d58f601 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -415,6 +415,7 @@ /x-pack/plugins/security_solution/cypress/integration/urls @elastic/security-threat-hunting-investigations /x-pack/plugins/security_solution/public/common/components/alerts_viewer @elastic/security-threat-hunting-investigations +/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_action @elastic/security-threat-hunting-investigations /x-pack/plugins/security_solution/public/common/components/event_details @elastic/security-threat-hunting-investigations /x-pack/plugins/security_solution/public/common/components/events_viewer @elastic/security-threat-hunting-investigations /x-pack/plugins/security_solution/public/common/components/markdown_editor @elastic/security-threat-hunting-investigations diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/configuration_step/use_saved_search.ts b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/configuration_step/use_saved_search.ts index c4611a1740913..0a75c6467f9d0 100644 --- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/configuration_step/use_saved_search.ts +++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/configuration_step/use_saved_search.ts @@ -7,12 +7,12 @@ import { useState, useEffect } from 'react'; import { + buildEsQuery, + buildQueryFromFilters, decorateQuery, fromKueryExpression, - luceneStringToDsl, toElasticsearchQuery, } from '@kbn/es-query'; -import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import { useMlContext } from '../../../../../contexts/ml'; import { SEARCH_QUERY_LANGUAGE } from '../../../../../../../common/constants/search'; import { getQueryFromSavedSearchObject } from '../../../../../util/index_utils'; @@ -36,19 +36,42 @@ export function useSavedSearch() { const { currentSavedSearch, currentDataView, kibanaConfig } = mlContext; const getQueryData = () => { - let qry: estypes.QueryDslQueryContainer = {}; + let qry: any = {}; let qryString; if (currentSavedSearch !== null) { - const { query } = getQueryFromSavedSearchObject(currentSavedSearch); + const { query, filter } = getQueryFromSavedSearchObject(currentSavedSearch); const queryLanguage = query.language; qryString = query.query; if (queryLanguage === SEARCH_QUERY_LANGUAGE.KUERY) { const ast = fromKueryExpression(qryString); qry = toElasticsearchQuery(ast, currentDataView); + const filterQuery = buildQueryFromFilters(filter, currentDataView); + if (qry.bool === undefined) { + qry.bool = {}; + // toElasticsearchQuery may add a single match_all item to the + // root of its returned query, rather than putting it inside + // a bool.should + // in this case, move it to a bool.should + if (qry.match_all !== undefined) { + qry.bool.should = { + match_all: qry.match_all, + }; + delete qry.match_all; + } + } + + if (Array.isArray(qry.bool.filter) === false) { + qry.bool.filter = qry.bool.filter === undefined ? [] : [qry.bool.filter]; + } + if (Array.isArray(qry.bool.must_not) === false) { + qry.bool.must_not = qry.bool.must_not === undefined ? [] : [qry.bool.must_not]; + } + qry.bool.filter = [...qry.bool.filter, ...filterQuery.filter]; + qry.bool.must_not = [...qry.bool.must_not, ...filterQuery.must_not]; } else { - qry = luceneStringToDsl(qryString); + qry = buildEsQuery(currentDataView, [query], filter); decorateQuery(qry, kibanaConfig.get('query:queryString:options')); } diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/page.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/page.tsx index c35ad5bacf371..524556e12a9af 100644 --- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/page.tsx +++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_exploration/page.tsx @@ -108,7 +108,7 @@ export const Page: FC<{ /> ) : null} {jobIdToUse !== undefined && ( - + { <> {isIdSelectorFlyoutVisible ? ( { ) : null} {jobId !== undefined ? ( - + { - {mapJobId || mapModelId || analyticsId ? ( + {jobId ?? modelId ? ( ) : ( diff --git a/x-pack/plugins/monitoring/public/components/no_data/__snapshots__/no_data.test.js.snap b/x-pack/plugins/monitoring/public/components/no_data/__snapshots__/no_data.test.js.snap index 8852d104fe00a..e0068c8a150d8 100644 --- a/x-pack/plugins/monitoring/public/components/no_data/__snapshots__/no_data.test.js.snap +++ b/x-pack/plugins/monitoring/public/components/no_data/__snapshots__/no_data.test.js.snap @@ -38,6 +38,9 @@ exports[`NoData should show a default message if reason is unknown 1`] = `

Have you set up monitoring yet? If so, make sure that the selected time period in the upper right includes monitoring data.

+

+ If you have configured monitoring data to be sent to a dedicated monitoring cluster you should access that data with the Kibana instance attached to the monitoring cluster. +

Have you set up monitoring yet? If so, make sure that the selected time period in the upper right includes monitoring data.

+

+ If you have configured monitoring data to be sent to a dedicated monitoring cluster you should access that data with the Kibana instance attached to the monitoring cluster. +

+

+ +

diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_investigate_in_timeline.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_investigate_in_timeline.tsx index 58163029667e6..53a2dece1bd5c 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_investigate_in_timeline.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_investigate_in_timeline.tsx @@ -14,7 +14,7 @@ import { ALERT_RULE_EXCEPTIONS_LIST } from '@kbn/rule-data-utils'; import { ExceptionListIdentifiers, ExceptionListItemSchema, - ReadExceptionListSchema, + ExceptionListTypeEnum, } from '@kbn/securitysolution-io-ts-list-types'; import { useApi } from '@kbn/securitysolution-list-hooks'; @@ -51,48 +51,48 @@ export const useInvestigateInTimeline = ({ const getExceptions = useCallback( async (ecsData: Ecs): Promise => { - const exceptionsLists: ReadExceptionListSchema[] = ( - getField(ecsData, ALERT_RULE_EXCEPTIONS_LIST) ?? [] - ) - .map((list: string) => JSON.parse(list)) - .filter((list: ExceptionListIdentifiers) => list.type === 'detection'); + const exceptionsLists = (getField(ecsData, ALERT_RULE_EXCEPTIONS_LIST) ?? []).reduce( + (acc: ExceptionListIdentifiers[], next: string) => { + const parsedList = JSON.parse(next); + if (parsedList.type === 'detection') { + const formattedList = { + id: parsedList.id, + listId: parsedList.list_id, + type: ExceptionListTypeEnum.DETECTION, + namespaceType: parsedList.namespace_type, + }; + acc.push(formattedList); + } + return acc; + }, + [] + ); const allExceptions: ExceptionListItemSchema[] = []; if (exceptionsLists.length > 0) { - for (const list of exceptionsLists) { - if (list.id && list.list_id && list.namespace_type) { - await getExceptionListsItems({ - lists: [ - { - id: list.id, - listId: list.list_id, - type: 'detection', - namespaceType: list.namespace_type, - }, - ], - filterOptions: [], - pagination: { - page: 0, - perPage: 10000, - total: 10000, - }, - showDetectionsListsOnly: true, - showEndpointListsOnly: false, - onSuccess: ({ exceptions }) => { - allExceptions.push(...exceptions); - }, - onError: (err: string[]) => { - addError(err, { - title: i18n.translate( - 'xpack.securitySolution.detectionEngine.alerts.fetchExceptionsFailure', - { defaultMessage: 'Error fetching exceptions.' } - ), - }); - }, + await getExceptionListsItems({ + lists: exceptionsLists, + filterOptions: [], + pagination: { + page: 0, + perPage: 10000, + total: 10000, + }, + showDetectionsListsOnly: true, + showEndpointListsOnly: false, + onSuccess: ({ exceptions }) => { + allExceptions.push(...exceptions); + }, + onError: (err: string[]) => { + addError(err, { + title: i18n.translate( + 'xpack.securitySolution.detectionEngine.alerts.fetchExceptionsFailure', + { defaultMessage: 'Error fetching exceptions.' } + ), }); - } - } + }, + }); } return allExceptions; }, diff --git a/x-pack/plugins/session_view/public/components/detail_panel_alert_group_item/index.tsx b/x-pack/plugins/session_view/public/components/detail_panel_alert_group_item/index.tsx index a83e41d793e23..562bd013ebd60 100644 --- a/x-pack/plugins/session_view/public/components/detail_panel_alert_group_item/index.tsx +++ b/x-pack/plugins/session_view/public/components/detail_panel_alert_group_item/index.tsx @@ -66,6 +66,7 @@ export const DetailPanelAlertGroupItem = ({ data-test-subj={ALERT_GROUP_ITEM_COUNT_TEST_ID} className="eui-alignCenter" size="m" + css={styles.alertCountArrowPad} > {alertsCount} diff --git a/x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/index.tsx b/x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/index.tsx index 1c6dd0a57b7e7..26fd2af6b69d6 100644 --- a/x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/index.tsx +++ b/x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/index.tsx @@ -59,7 +59,7 @@ export const DetailPanelAlertListItem = ({ const forceState = !isInvestigated ? 'open' : undefined; return minimal ? ( -
+
diff --git a/x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/styles.ts b/x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/styles.ts index 403c6d3e2cacb..4cd77e48c2c4d 100644 --- a/x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/styles.ts +++ b/x-pack/plugins/session_view/public/components/detail_panel_alert_list_item/styles.ts @@ -79,6 +79,10 @@ export const useStyles = (minimal = false, isInvestigated = false) => { minWidth: 0, }; + const alertCountArrowPad: CSSObject = { + marginRight: size.xs, + }; + const processPanel: CSSObject = { border: `${borderThickness} solid ${colors.lightShade}`, fontFamily: font.familyCode, @@ -103,6 +107,12 @@ export const useStyles = (minimal = false, isInvestigated = false) => { float: 'right', }; + const firstAlertPad: CSSObject = { + '&:first-child': { + paddingTop: size.base, + }, + }; + const minimalHR: CSSObject = { marginBottom: 0, }; @@ -114,9 +124,11 @@ export const useStyles = (minimal = false, isInvestigated = false) => { alertTitle, alertIcon, alertAccordionButton, + alertCountArrowPad, processPanel, investigatedLabel, minimalContextMenu, + firstAlertPad, minimalHR, }; }, [euiTheme, isInvestigated, minimal]); diff --git a/x-pack/plugins/session_view/public/components/detail_panel_description_list/styles.ts b/x-pack/plugins/session_view/public/components/detail_panel_description_list/styles.ts index d1f3198a10c85..be847e52562b5 100644 --- a/x-pack/plugins/session_view/public/components/detail_panel_description_list/styles.ts +++ b/x-pack/plugins/session_view/public/components/detail_panel_description_list/styles.ts @@ -20,14 +20,14 @@ export const useStyles = () => { const tabListTitle = { width: '40%', display: 'flex', - alignItems: 'center', + alignItems: 'baseline', marginTop: '0px', }; const tabListDescription = { width: '60%', display: 'flex', - alignItems: 'center', + alignItems: 'baseline', marginTop: '0px', }; diff --git a/x-pack/plugins/session_view/public/components/detail_panel_list_item/styles.ts b/x-pack/plugins/session_view/public/components/detail_panel_list_item/styles.ts index 4e15221638f91..48a8dba781ee4 100644 --- a/x-pack/plugins/session_view/public/components/detail_panel_list_item/styles.ts +++ b/x-pack/plugins/session_view/public/components/detail_panel_list_item/styles.ts @@ -20,11 +20,11 @@ export const useStyles = ({ display }: StylesDeps) => { const item: CSSObject = { display, alignContent: 'center', - padding: `0px ${euiTheme.size.s} `, + padding: `${euiTheme.size.xs} ${euiTheme.size.s} `, width: '100%', fontWeight: 'inherit', - height: euiTheme.size.xl, - lineHeight: euiTheme.size.l, + height: 'max-content', + minHeight: euiTheme.size.l, letterSpacing: '0px', textAlign: 'left', @@ -43,7 +43,7 @@ export const useStyles = ({ display }: StylesDeps) => { '&:hover': { background: transparentize(euiTheme.colors.primary, 0.1), }, - height: '100%', + height: 'fit-content', }; return { diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/trial/index.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/trial/index.ts index 985393eafe719..3c1ee84296270 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/trial/index.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/trial/index.ts @@ -11,8 +11,6 @@ import { createSpacesAndUsers, deleteSpacesAndUsers } from '../../../common/lib/ // eslint-disable-next-line import/no-default-export export default ({ loadTestFile, getService }: FtrProviderContext): void => { describe('cases security and spaces enabled: trial', function () { - this.tags('ciGroup25'); - before(async () => { await createSpacesAndUsers(getService); }); @@ -21,15 +19,23 @@ export default ({ loadTestFile, getService }: FtrProviderContext): void => { await deleteSpacesAndUsers(getService); }); - // Trial - loadTestFile(require.resolve('./cases/push_case')); - loadTestFile(require.resolve('./cases/user_actions/get_all_user_actions')); - loadTestFile(require.resolve('./configure')); + describe('', function () { + this.tags('ciGroup13'); + + // Trial + loadTestFile(require.resolve('./cases/push_case')); + loadTestFile(require.resolve('./cases/user_actions/get_all_user_actions')); + loadTestFile(require.resolve('./configure')); + }); - // Common - loadTestFile(require.resolve('../common')); + describe('', function () { + this.tags('ciGroup25'); - // NOTE: These need to be at the end because they could delete the .kibana index and inadvertently remove the users and spaces - loadTestFile(require.resolve('../common/migrations')); + // Common + loadTestFile(require.resolve('../common')); + + // NOTE: These need to be at the end because they could delete the .kibana index and inadvertently remove the users and spaces + loadTestFile(require.resolve('../common/migrations')); + }); }); }; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts index a6d052a22bee6..a3c4dd8ed3be1 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts @@ -14,7 +14,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => { this.tags('ciGroup11'); loadTestFile(require.resolve('./aliases')); - loadTestFile(require.resolve('./create_endpoint_exceptions')); loadTestFile(require.resolve('./add_actions')); loadTestFile(require.resolve('./update_actions')); loadTestFile(require.resolve('./add_prepackaged_rules')); @@ -54,6 +53,12 @@ export default ({ loadTestFile }: FtrProviderContext): void => { loadTestFile(require.resolve('./migrations')); }); + describe('', function () { + this.tags('ciGroup26'); + + loadTestFile(require.resolve('./create_endpoint_exceptions')); + }); + describe('', function () { this.tags('ciGroup14');