Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Alerting] Documentation for how to pre-configure connectors. #63807

Merged

Conversation

YulNaumenko
Copy link
Contributor

@YulNaumenko YulNaumenko commented Apr 16, 2020

Resolve #63195

  • Documentation was added for features that require explanation or tutorials

img1

Preview
http://kibana_63807.docs-preview.app.elstc.co/guide/en/kibana/master/pre-configured-connectors.html

@YulNaumenko YulNaumenko added Feature:Alerting v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.8.0 labels Apr 16, 2020
@YulNaumenko YulNaumenko self-assigned this Apr 16, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@YulNaumenko YulNaumenko requested a review from gchaps April 16, 2020 23:14
Copy link
Member

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like a good start, seems like there's some missing pieces which we can add in another issue/PR:

  • how do you use the Kibana keystore? I think I saw a similar reference to using the keystore somewhere else, but it's not clear how you would actually do that. A pointer to existing documentation is probably good enough - there's this - https://www.elastic.co/guide/en/kibana/current/secure-settings.html - but it still doesn't explain how I'd use it. Seems like for the slack example, you would set this key in the keystore: xpack.actions.preconfigured.my-slack1.config.webhookUrl, and then leave off the config property in the kibana.yml for that preconfigured action.

  • we're going to have to list the names/types/descriptions of all the config and secrets properties for all the action types somewhere. I guess we'd do that in the action type pages? And probably want to include the params as well, even though they're not used to create the preconfigured actions.

@YulNaumenko YulNaumenko requested a review from a team as a code owner April 17, 2020 19:33
Copy link
Contributor

@mikecote mikecote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Outside of @pmuellr 's feedback (👍 for follow up issues), LGTM. I'll let @gchaps review the content of the docs but they render and show properly 👍

…configure-connectors

# Please enter a commit message to explain why this merge is necessary,
# especially if it merges an updated upstream into a topic branch.
#
# Lines starting with '#' will be ignored, and an empty message aborts
# the commit.
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky


Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/find_statuses·ts.detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 12 times on tracked branches: https://github.com/elastic/kibana/issues/63747

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:02:13]           └-: find_statuses
[00:02:13]             └-> "before all" hook
[00:02:13]             └-> should return an empty find statuses body correctly if no statuses are loaded
[00:02:13]               └-> "before each" hook: global before each
[00:02:13]               └-> "before each" hook
[00:02:14]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] adding index lifecycle policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:14]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] applying create index request using v1 templates [{".siem-signals-default":{"order":0,"index_patterns":[".siem-signals-default-*"],"settings":{"index":{"lifecycle":{"name":".siem-signals-default","rollover_alias":".siem-signals-default"}}},"mappings":{"_doc":{"dynamic":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"tag":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"runtime":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"server":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"agent":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"log":{"properties":{"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"level":{"ignore_above":1024,"type":"keyword"},"logger":{"ignore_above":1024,"type":"keyword"},"origin":{"properties":{"file":{"properties":{"line":{"type":"integer"},"name":{"ignore_above":1024,"type":"keyword"}}},"function":{"ignore_above":1024,"type":"keyword"}}},"syslog":{"type":"object","properties":{"severity":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}},"priority":{"type":"long"},"facility":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}}}}}},"destination":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"rule":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"ruleset":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"uuid":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"error":{"properties":{"code":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"stack_trace":{"ignore_above":1024,"index":false,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword","doc_values":false},"message":{"norms":false,"type":"text"},"type":{"ignore_above":1024,"type":"keyword"}}},"network":{"properties":{"community_id":{"ignore_above":1024,"type":"keyword"},"forwarded_ip":{"type":"ip"},"protocol":{"ignore_above":1024,"type":"keyword"},"application":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"transport":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"iana_number":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"direction":{"ignore_above":1024,"type":"keyword"}}},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"observer":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"product":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"vendor":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"serial_number":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"}}},"trace":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"file":{"properties":{"owner":{"ignore_above":1024,"type":"keyword"},"extension":{"ignore_above":1024,"type":"keyword"},"gid":{"ignore_above":1024,"type":"keyword"},"drive_letter":{"ignore_above":1,"type":"keyword"},"created":{"type":"date"},"accessed":{"type":"date"},"mtime":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"directory":{"ignore_above":1024,"type":"keyword"},"target_path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"inode":{"ignore_above":1024,"type":"keyword"},"mode":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"uid":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"ctime":{"type":"date"},"attributes":{"ignore_above":1024,"type":"keyword"},"device":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"group":{"ignore_above":1024,"type":"keyword"}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"related":{"properties":{"ip":{"type":"ip"},"user":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"},"uptime":{"type":"long"}}},"client":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"event":{"properties":{"severity":{"type":"long"},"code":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"ignore_above":1024,"type":"keyword"},"start":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"ingested":{"type":"date"},"provider":{"ignore_above":1024,"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"ignore_above":1024,"type":"keyword"},"end":{"type":"date"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"signal":{"properties":{"parent":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"index":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"rule":{"properties":{"note":{"type":"text"},"references":{"type":"keyword"},"description":{"type":"keyword"},"created_at":{"type":"date"},"language":{"type":"keyword"},"output_index":{"type":"keyword"},"type":{"type":"keyword"},"enabled":{"type":"keyword"},"updated_at":{"type":"date"},"from":{"type":"keyword"},"id":{"type":"keyword"},"timeline_id":{"type":"keyword"},"max_signals":{"type":"keyword"},"severity":{"type":"keyword"},"risk_score":{"type":"keyword"},"query":{"type":"keyword"},"index":{"type":"keyword"},"filters":{"type":"object"},"c
[00:02:14]                 │ info reated_by":{"type":"keyword"},"version":{"type":"keyword"},"saved_id":{"type":"keyword"},"tags":{"type":"keyword"},"rule_id":{"type":"keyword"},"immutable":{"type":"keyword"},"size":{"type":"keyword"},"timeline_title":{"type":"keyword"},"name":{"type":"keyword"},"updated_by":{"type":"keyword"},"interval":{"type":"keyword"},"false_positives":{"type":"keyword"},"threat":{"properties":{"framework":{"type":"keyword"},"technique":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"tactic":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"to":{"type":"keyword"}}},"original_time":{"type":"date"},"ancestors":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"original_event":{"properties":{"severity":{"type":"long"},"code":{"type":"keyword"},"original":{"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"type":"keyword"},"timezone":{"type":"keyword"},"module":{"type":"keyword"},"start":{"type":"date"},"type":{"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"provider":{"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"type":"keyword"},"end":{"type":"date"},"id":{"type":"keyword"},"category":{"type":"keyword"},"dataset":{"type":"keyword"},"hash":{"type":"keyword"},"outcome":{"type":"keyword"}}},"status":{"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"registry":{"properties":{"hive":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"data":{"properties":{"strings":{"ignore_above":1024,"type":"keyword"},"bytes":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"value":{"ignore_above":1024,"type":"keyword"},"key":{"ignore_above":1024,"type":"keyword"}}},"process":{"properties":{"parent":{"properties":{"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}}}},"package":{"properties":{"installed":{"type":"date"},"build_version":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"reference":{"ignore_above":1024,"type":"keyword"},"license":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"install_scope":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"checksum":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"dns":{"properties":{"op_code":{"ignore_above":1024,"type":"keyword"},"resolved_ip":{"type":"ip"},"response_code":{"ignore_above":1024,"type":"keyword"},"question":{"properties":{"registered_domain":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"subdomain":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"}}},"answers":{"type":"object","properties":{"data":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"},"ttl":{"type":"long"}}},"header_flags":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"vulnerability":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"severity":{"ignore_above":1024,"type":"keyword"},"score":{"properties":{"environmental":{"type":"float"},"version":{"ignore_above":1024,"type":"keyword"},"temporal":{"type":"float"},"base":{"type":"float"}}},"report_id":{"ignore_above":1024,"type":"keyword"},"scanner":{"properties":{"vendor":{"ignore_above":1024,"type":"keyword"}}},"description":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"classification":{"ignore_above":1024,"type":"keyword"},"enumeration":{"ignore_above":1024,"type":"keyword"}}},"message":{"norms":false,"type":"text"},"url":{"properties":{"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"scheme":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"fragment":{"ignore_above":1024,"type":"keyword"},"password":{"ignore_above":1024,"type":"keyword"},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"username":{"ignore_above":1024,"type":"keyword"}}},"labels":{"type":"object"},"tags":{"ignore_above":1024,"type":"keyword"},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"@timestamp":{"type":"date"},"service":{"properties":{"node":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"state":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"response":{"properties":{"status_code":{"type":"long"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"established":{"type":"boolean"},"server":{"properties":{"not_after":{"type":"date"},"ja3s":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"curve":{"ignore_above":1024,"type":"keyword"},"client":{"properties":{"not_after":{"type":"date"},"server_name":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"supported_ciphers":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"ja3":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"next_protocol":{"ignore_above":1024,"type":"keyword"},"resumed":{"type":"boolean"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"threat":{"properties":{"framework":{"ignore_above":1024,"type":"keyword"},"technique":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"tactic":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"transaction":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}}},"aliases":{}}}]
[00:02:14]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:14]               └- ✓ pass  (56ms) "detection engine api security and spaces enabled find_statuses should return an empty find statuses body correctly if no statuses are loaded"
[00:02:14]             └-> "after each" hook
[00:02:14]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] [.siem-signals-default-000001/D6PwYzhXT0Kz4XOfRzvRkA] deleting index
[00:02:14]               │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] removing template [.siem-signals-default]
[00:02:14]             └-> should return a single rule status when a single rule is loaded from a find status with defaults added
[00:02:14]               └-> "before each" hook: global before each
[00:02:14]               └-> "before each" hook
[00:02:14]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] adding index lifecycle policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:14]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] applying create index request using v1 templates [{".siem-signals-default":{"order":0,"index_patterns":[".siem-signals-default-*"],"settings":{"index":{"lifecycle":{"name":".siem-signals-default","rollover_alias":".siem-signals-default"}}},"mappings":{"_doc":{"dynamic":false,"properties":{"container":{"properties":{"image":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"tag":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"runtime":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"labels":{"type":"object"}}},"server":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"agent":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"log":{"properties":{"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"level":{"ignore_above":1024,"type":"keyword"},"logger":{"ignore_above":1024,"type":"keyword"},"origin":{"properties":{"file":{"properties":{"line":{"type":"integer"},"name":{"ignore_above":1024,"type":"keyword"}}},"function":{"ignore_above":1024,"type":"keyword"}}},"syslog":{"type":"object","properties":{"severity":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}},"priority":{"type":"long"},"facility":{"properties":{"code":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"}}}}}}},"destination":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"rule":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"ruleset":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"uuid":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"source":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"error":{"properties":{"code":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"stack_trace":{"ignore_above":1024,"index":false,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword","doc_values":false},"message":{"norms":false,"type":"text"},"type":{"ignore_above":1024,"type":"keyword"}}},"network":{"properties":{"community_id":{"ignore_above":1024,"type":"keyword"},"forwarded_ip":{"type":"ip"},"protocol":{"ignore_above":1024,"type":"keyword"},"application":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"transport":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"iana_number":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"direction":{"ignore_above":1024,"type":"keyword"}}},"cloud":{"properties":{"availability_zone":{"ignore_above":1024,"type":"keyword"},"instance":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"provider":{"ignore_above":1024,"type":"keyword"},"machine":{"properties":{"type":{"ignore_above":1024,"type":"keyword"}}},"region":{"ignore_above":1024,"type":"keyword"},"account":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"observer":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"product":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"vendor":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"serial_number":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"mac":{"ignore_above":1024,"type":"keyword"}}},"trace":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}},"file":{"properties":{"owner":{"ignore_above":1024,"type":"keyword"},"extension":{"ignore_above":1024,"type":"keyword"},"gid":{"ignore_above":1024,"type":"keyword"},"drive_letter":{"ignore_above":1,"type":"keyword"},"created":{"type":"date"},"accessed":{"type":"date"},"mtime":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"directory":{"ignore_above":1024,"type":"keyword"},"target_path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"inode":{"ignore_above":1024,"type":"keyword"},"mode":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"uid":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"name":{"ignore_above":1024,"type":"keyword"},"ctime":{"type":"date"},"attributes":{"ignore_above":1024,"type":"keyword"},"device":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"group":{"ignore_above":1024,"type":"keyword"}}},"ecs":{"properties":{"version":{"ignore_above":1024,"type":"keyword"}}},"related":{"properties":{"ip":{"type":"ip"},"user":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"}}},"host":{"properties":{"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"hostname":{"ignore_above":1024,"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"mac":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"},"uptime":{"type":"long"}}},"client":{"properties":{"nat":{"properties":{"port":{"type":"long"},"ip":{"type":"ip"}}},"address":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"ip":{"type":"ip"},"mac":{"ignore_above":1024,"type":"keyword"},"packets":{"type":"long"},"geo":{"properties":{"continent_name":{"ignore_above":1024,"type":"keyword"},"region_iso_code":{"ignore_above":1024,"type":"keyword"},"city_name":{"ignore_above":1024,"type":"keyword"},"country_iso_code":{"ignore_above":1024,"type":"keyword"},"country_name":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"location":{"type":"geo_point"},"region_name":{"ignore_above":1024,"type":"keyword"}}},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"bytes":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}}}},"event":{"properties":{"severity":{"type":"long"},"code":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"ignore_above":1024,"type":"keyword"},"timezone":{"ignore_above":1024,"type":"keyword"},"module":{"ignore_above":1024,"type":"keyword"},"start":{"type":"date"},"type":{"ignore_above":1024,"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"ingested":{"type":"date"},"provider":{"ignore_above":1024,"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"ignore_above":1024,"type":"keyword"},"end":{"type":"date"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"dataset":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"outcome":{"ignore_above":1024,"type":"keyword"}}},"signal":{"properties":{"parent":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"index":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"rule":{"properties":{"note":{"type":"text"},"references":{"type":"keyword"},"description":{"type":"keyword"},"created_at":{"type":"date"},"language":{"type":"keyword"},"output_index":{"type":"keyword"},"type":{"type":"keyword"},"enabled":{"type":"keyword"},"updated_at":{"type":"date"},"from":{"type":"keyword"},"id":{"type":"keyword"},"timeline_id":{"type":"keyword"},"max_signals":{"type":"keyword"},"severity":{"type":"keyword"},"risk_score":{"type":"keyword"},"query":{"type":"keyword"},"index":{"type":"keyword"},"filters":{"type":"object"},"c
[00:02:14]                 │ info reated_by":{"type":"keyword"},"version":{"type":"keyword"},"saved_id":{"type":"keyword"},"tags":{"type":"keyword"},"rule_id":{"type":"keyword"},"immutable":{"type":"keyword"},"size":{"type":"keyword"},"timeline_title":{"type":"keyword"},"name":{"type":"keyword"},"updated_by":{"type":"keyword"},"interval":{"type":"keyword"},"false_positives":{"type":"keyword"},"threat":{"properties":{"framework":{"type":"keyword"},"technique":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}},"tactic":{"properties":{"reference":{"type":"keyword"},"name":{"type":"keyword"},"id":{"type":"keyword"}}}}},"to":{"type":"keyword"}}},"original_time":{"type":"date"},"ancestors":{"properties":{"depth":{"type":"long"},"rule":{"type":"keyword"},"id":{"type":"keyword"},"type":{"type":"keyword"}}},"original_event":{"properties":{"severity":{"type":"long"},"code":{"type":"keyword"},"original":{"index":false,"type":"keyword","doc_values":false},"risk_score":{"type":"float"},"created":{"type":"date"},"kind":{"type":"keyword"},"timezone":{"type":"keyword"},"module":{"type":"keyword"},"start":{"type":"date"},"type":{"type":"keyword"},"duration":{"type":"long"},"sequence":{"type":"long"},"provider":{"type":"keyword"},"risk_score_norm":{"type":"float"},"action":{"type":"keyword"},"end":{"type":"date"},"id":{"type":"keyword"},"category":{"type":"keyword"},"dataset":{"type":"keyword"},"hash":{"type":"keyword"},"outcome":{"type":"keyword"}}},"status":{"type":"keyword"}}},"user_agent":{"properties":{"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"device":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"version":{"ignore_above":1024,"type":"keyword"}}},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"registry":{"properties":{"hive":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"data":{"properties":{"strings":{"ignore_above":1024,"type":"keyword"},"bytes":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"value":{"ignore_above":1024,"type":"keyword"},"key":{"ignore_above":1024,"type":"keyword"}}},"process":{"properties":{"parent":{"properties":{"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"pgid":{"type":"long"},"start":{"type":"date"},"pid":{"type":"long"},"working_directory":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"thread":{"properties":{"name":{"ignore_above":1024,"type":"keyword"},"id":{"type":"long"}}},"title":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"executable":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"ppid":{"type":"long"},"uptime":{"type":"long"},"args":{"ignore_above":1024,"type":"keyword"},"exit_code":{"type":"long"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"args_count":{"type":"long"},"command_line":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}}}},"package":{"properties":{"installed":{"type":"date"},"build_version":{"ignore_above":1024,"type":"keyword"},"description":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"reference":{"ignore_above":1024,"type":"keyword"},"license":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"install_scope":{"ignore_above":1024,"type":"keyword"},"size":{"type":"long"},"checksum":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"architecture":{"ignore_above":1024,"type":"keyword"}}},"os":{"properties":{"kernel":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"family":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"},"platform":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}},"dns":{"properties":{"op_code":{"ignore_above":1024,"type":"keyword"},"resolved_ip":{"type":"ip"},"response_code":{"ignore_above":1024,"type":"keyword"},"question":{"properties":{"registered_domain":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"subdomain":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"}}},"answers":{"type":"object","properties":{"data":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"class":{"ignore_above":1024,"type":"keyword"},"ttl":{"type":"long"}}},"header_flags":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"}}},"vulnerability":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"severity":{"ignore_above":1024,"type":"keyword"},"score":{"properties":{"environmental":{"type":"float"},"version":{"ignore_above":1024,"type":"keyword"},"temporal":{"type":"float"},"base":{"type":"float"}}},"report_id":{"ignore_above":1024,"type":"keyword"},"scanner":{"properties":{"vendor":{"ignore_above":1024,"type":"keyword"}}},"description":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"category":{"ignore_above":1024,"type":"keyword"},"classification":{"ignore_above":1024,"type":"keyword"},"enumeration":{"ignore_above":1024,"type":"keyword"}}},"message":{"norms":false,"type":"text"},"url":{"properties":{"extension":{"ignore_above":1024,"type":"keyword"},"original":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"scheme":{"ignore_above":1024,"type":"keyword"},"top_level_domain":{"ignore_above":1024,"type":"keyword"},"query":{"ignore_above":1024,"type":"keyword"},"path":{"ignore_above":1024,"type":"keyword"},"fragment":{"ignore_above":1024,"type":"keyword"},"password":{"ignore_above":1024,"type":"keyword"},"registered_domain":{"ignore_above":1024,"type":"keyword"},"port":{"type":"long"},"domain":{"ignore_above":1024,"type":"keyword"},"full":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"username":{"ignore_above":1024,"type":"keyword"}}},"labels":{"type":"object"},"tags":{"ignore_above":1024,"type":"keyword"},"as":{"properties":{"number":{"type":"long"},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"@timestamp":{"type":"date"},"service":{"properties":{"node":{"properties":{"name":{"ignore_above":1024,"type":"keyword"}}},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"state":{"ignore_above":1024,"type":"keyword"},"ephemeral_id":{"ignore_above":1024,"type":"keyword"},"type":{"ignore_above":1024,"type":"keyword"},"version":{"ignore_above":1024,"type":"keyword"}}},"organization":{"properties":{"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"http":{"properties":{"request":{"properties":{"referrer":{"ignore_above":1024,"type":"keyword"},"method":{"ignore_above":1024,"type":"keyword"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"response":{"properties":{"status_code":{"type":"long"},"bytes":{"type":"long"},"body":{"properties":{"bytes":{"type":"long"},"content":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"}}}}},"version":{"ignore_above":1024,"type":"keyword"}}},"tls":{"properties":{"cipher":{"ignore_above":1024,"type":"keyword"},"established":{"type":"boolean"},"server":{"properties":{"not_after":{"type":"date"},"ja3s":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"curve":{"ignore_above":1024,"type":"keyword"},"client":{"properties":{"not_after":{"type":"date"},"server_name":{"ignore_above":1024,"type":"keyword"},"not_before":{"type":"date"},"subject":{"ignore_above":1024,"type":"keyword"},"supported_ciphers":{"ignore_above":1024,"type":"keyword"},"certificate":{"ignore_above":1024,"type":"keyword"},"ja3":{"ignore_above":1024,"type":"keyword"},"certificate_chain":{"ignore_above":1024,"type":"keyword"},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"issuer":{"ignore_above":1024,"type":"keyword"}}},"next_protocol":{"ignore_above":1024,"type":"keyword"},"resumed":{"type":"boolean"},"version":{"ignore_above":1024,"type":"keyword"},"version_protocol":{"ignore_above":1024,"type":"keyword"}}},"threat":{"properties":{"framework":{"ignore_above":1024,"type":"keyword"},"technique":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}},"tactic":{"properties":{"reference":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"user":{"properties":{"full_name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"fields":{"text":{"norms":false,"type":"text"}},"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"},"email":{"ignore_above":1024,"type":"keyword"},"hash":{"ignore_above":1024,"type":"keyword"},"group":{"properties":{"domain":{"ignore_above":1024,"type":"keyword"},"name":{"ignore_above":1024,"type":"keyword"},"id":{"ignore_above":1024,"type":"keyword"}}}}},"hash":{"properties":{"sha1":{"ignore_above":1024,"type":"keyword"},"sha256":{"ignore_above":1024,"type":"keyword"},"sha512":{"ignore_above":1024,"type":"keyword"},"md5":{"ignore_above":1024,"type":"keyword"}}},"transaction":{"properties":{"id":{"ignore_above":1024,"type":"keyword"}}}}}},"aliases":{}}}]
[00:02:14]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:14]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xl-1587159472245638900] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:18]               └- ✖ fail: "detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added"
[00:02:18]               │

Stack Trace

TypeError: Cannot read property 'status' of null
    at Promise.then (test/detection_engine_api_integration/security_and_spaces/tests/find_statuses.ts:62:90)

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@YulNaumenko YulNaumenko merged commit 055d1fb into elastic:master Apr 18, 2020
YulNaumenko added a commit to YulNaumenko/kibana that referenced this pull request Apr 18, 2020
…c#63807)

* [Alerting] Documentation for how to pre-configure connectors.

* small fix

* Adjusted titles

* Fixed wrong link

* fixed warning

* Fixed ci issues

* [DOCS] Edits preconfigured connector docs

* Replaced words 'pre-configured' with 'preconfigured'

Co-authored-by: gchaps <chappell_5@yahoo.com>
YulNaumenko added a commit that referenced this pull request Apr 18, 2020
#63918)

* [Alerting] Documentation for how to pre-configure connectors.

* small fix

* Adjusted titles

* Fixed wrong link

* fixed warning

* Fixed ci issues

* [DOCS] Edits preconfigured connector docs

* Replaced words 'pre-configured' with 'preconfigured'

Co-authored-by: gchaps <chappell_5@yahoo.com>

Co-authored-by: gchaps <chappell_5@yahoo.com>
jloleysens added a commit to jloleysens/kibana that referenced this pull request Apr 20, 2020
…bana into ingest-node-pipelines/privileges

* 'feature/ingest-node-pipelines' of github.com:elastic/kibana: (126 commits)
  [SEARCH] Cleanup fetch soon (elastic#63320)
  skip flaky suite (elastic#58692)
  [Uptime] Refresh index and also show more info to user regardi… (elastic#62606)
  [Drilldowns] Fix back button by removing panels from url in dashboard in view mode (elastic#62415)
  [platform] serve plugins from /bundles/plugin:${id}
  [Alerting] Documentation for how to pre-configure connectors. (elastic#63807)
  skip flaky suite (elastic#63621)
  Revert "skip flaky suite (elastic#63747)"
  skip flaky suite (elastic#63747)
  [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (elastic#63717)
  [SIEM] Flaky test fix: Bump find_statuses timeout (elastic#63900)
  [Uptime] Add cert API request and runtime type checking (elastic#63062)
  [Lens] Allow table to scroll horizontally (elastic#63805)
  [Metrics UI] Allow users to create alerts from the central Alerts UI (elastic#63803)
  Migrate legacy maps licensing (x-pack/tilemap) to NP (elastic#63539)
  [Alerting] "Create alert" and alert list design improvements (elastic#63515)
  [Lens] Fix existence for dotted paths in _source (elastic#63752)
  Example plugins in X-Pack (elastic#63823)
  [ML] Migrate Mocha unit tests to Jest: migrate job utils and query utils tests (elastic#63775)
  Endpoint: middleware receive immutable versions of state and actions (elastic#63802)
  ...
jloleysens added a commit to jloleysens/kibana that referenced this pull request Apr 20, 2020
…bana into pipeline-editor-part-mvp-2

* 'feature/ingest-node-pipelines' of github.com:elastic/kibana: (127 commits)
  [Ingest pipelines] Polish details panel and empty list (elastic#63926)
  [SEARCH] Cleanup fetch soon (elastic#63320)
  skip flaky suite (elastic#58692)
  [Uptime] Refresh index and also show more info to user regardi… (elastic#62606)
  [Drilldowns] Fix back button by removing panels from url in dashboard in view mode (elastic#62415)
  [platform] serve plugins from /bundles/plugin:${id}
  [Alerting] Documentation for how to pre-configure connectors. (elastic#63807)
  skip flaky suite (elastic#63621)
  Revert "skip flaky suite (elastic#63747)"
  skip flaky suite (elastic#63747)
  [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (elastic#63717)
  [SIEM] Flaky test fix: Bump find_statuses timeout (elastic#63900)
  [Uptime] Add cert API request and runtime type checking (elastic#63062)
  [Lens] Allow table to scroll horizontally (elastic#63805)
  [Metrics UI] Allow users to create alerts from the central Alerts UI (elastic#63803)
  Migrate legacy maps licensing (x-pack/tilemap) to NP (elastic#63539)
  [Alerting] "Create alert" and alert list design improvements (elastic#63515)
  [Lens] Fix existence for dotted paths in _source (elastic#63752)
  Example plugins in X-Pack (elastic#63823)
  [ML] Migrate Mocha unit tests to Jest: migrate job utils and query utils tests (elastic#63775)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Alerting release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.8.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Alerting] Documentation for how to pre-configure connectors
6 participants