Merge branch 'main' into th-qgs

.buildkite/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_defend_workflows.yml

@@ -1,6 +1,6 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/edr_workflows/mki_security_solution_defend_workflows.sh cypress:dw:qa:serverless:run
-    label: "Serverless MKI QA Defend Workflows Cypress Tests on Serverless"
+    label: "Cypress MKI - Defend Workflows "
     key: test_defend_workflows
     agents:
       image: family/kibana-ubuntu-2004

.buildkite/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_detection_engine.yml

@@ -1,9 +1,9 @@
 steps:
-  - group: "Serverless MKI QA Detection Engine - Cypress Tests"
+  - group: "Cypress MKI - Detection Engine"
     key: cypress_test_detections_engine
     steps:
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:detection_engine
-        label: "Serverless MKI QA Detection Engine - Security Solution Cypress Tests"
+        label: "Cypress MKI - Detection Engine"
         key: test_detection_engine
         env:
           BK_TEST_SUITE_KEY: "serverless-cypress-detection-engine"
@@ -22,7 +22,7 @@ steps:
               limit: 1
 
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:detection_engine:exceptions
-        label: "Serverless MKI QA Detection Engine - Exceptions - Security Solution Cypress Tests"
+        label: "Cypress MKI - Detection Engine - Exceptions"
         key: test_detection_engine_exceptions
         env:
           BK_TEST_SUITE_KEY: "serverless-cypress-detection-engine"
@@ -40,7 +40,7 @@ steps:
             - exit_status: "-1"
               limit: 1
 
-  - group: "Serverless MKI QA Detection Engine - API Integration"
+  - group: "API MKI - Detection Engine - "
     key: api_test_detections_engine
     steps:
       - label: Running exception_lists_items:qa:serverless

.buildkite/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_entity_analytics.yml

@@ -1,6 +1,6 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:entity_analytics
-    label: 'Serverless MKI QA Entity Analytics - Security Solution Cypress Tests'
+    label: 'Cypress MKI - Entity Analytics'
     key: test_entity_analytics
     env:
       BK_TEST_SUITE_KEY: "serverless-cypress-entity-analytics"
@@ -18,7 +18,7 @@ steps:
           - exit_status: '-1'
             limit: 1
 
-  - group: "Serverless MKI QA Entity Analytics - API Integration"
+  - group: "API MKI - Entity Analytics"
     key: api_test_entity_analytics
     steps:
       - label: Running entity_analytics:qa:serverless

.buildkite/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_explore.yml

@@ -1,7 +1,7 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:explore
     key: test_explore
-    label: 'Serverless MKI QA Explore - Security Solution Cypress Tests'
+    label: 'Cypress MKI - Explore'
     env:
       BK_TEST_SUITE_KEY: "serverless-cypress-explore"
     agents:

.buildkite/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_gen_ai.yml

@@ -1,6 +1,6 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:ai_assistant
-    label: "Serverless MKI QA AI Assistant - Security Solution Cypress Tests"
+    label: "Cypress MKI - GenAI
     key: test_ai_assistant
     env:
       BK_TEST_SUITE_KEY: "serverless-cypress-gen-ai"
@@ -18,7 +18,7 @@ steps:
         - exit_status: "-1"
           limit: 1
 
-  - group: "Serverless MKI QA AI Assistant - API Integration"
+  - group: "API MKI - GenAI"
     key: api_test_ai_assistant
     steps:
       - label: Running genai:qa:serverless

.buildkite/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_investigations.yml

@@ -1,7 +1,7 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:investigations
     key: test_investigations
-    label: 'Serverless MKI QA Investigations - Security Solution Cypress Tests'
+    label: 'Cypress MKI - Investigations'
     env:
       BK_TEST_SUITE_KEY: "serverless-cypress-investigations"
     agents:

.buildkite/pipelines/security_solution_quality_gate/mki_periodic/mki_periodic_rule_management.yml

@@ -3,7 +3,7 @@ steps:
     key: cypress_test_rule_management
     steps:
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:rule_management
-        label: "Serverless MKI QA Rule Management - Security Solution Cypress Tests"
+        label: "Cypress MKI - Rule Management"
         key: test_rule_management
         env:
           BK_TEST_SUITE_KEY: "serverless-cypress-rule-management"
@@ -22,7 +22,7 @@ steps:
               limit: 1
 
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:rule_management:prebuilt_rules
-        label: "Serverless MKI QA Rule Management - Prebuilt Rules - Security Solution Cypress Tests"
+        label: "Cypress MKI - Rule Management - Prebuilt Rules"
         key: test_rule_management_prebuilt_rules
         env:
           BK_TEST_SUITE_KEY: "serverless-cypress-rule-management"
@@ -40,7 +40,7 @@ steps:
             - exit_status: "-1"
               limit: 1
 
-  - group: "Serverless MKI QA Rule Management - API Integration"
+  - group: "API MKI - Rule Management"
     key: api_test_rule_management
     steps:
       - label: Running rule_creation:qa:serverless

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_defend_workflows.yml

@@ -1,6 +1,6 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/edr_workflows/mki_security_solution_defend_workflows.sh cypress:dw:qa:serverless:run
-    label: 'Serverless MKI QA Defend Workflows Cypress Tests on Serverless'
+    label: 'Cypress MKI - Defend Workflows'
     key: test_defend_workflows
     agents:
       image: family/kibana-ubuntu-2004

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_detection_engine.yml

@@ -1,9 +1,9 @@
 steps:
-  - group: "Serverless MKI QA Detection Engine - Cypress Tests"
+  - group: "Cypress MKI - Detection Engine"
     key: cypress_test_detections_engine
     steps:
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:detection_engine
-        label: "Serverless MKI QA Detection Engine - Security Solution Cypress Tests"
+        label: "Cypress MKI - Detection Engine"
         key: test_detection_engine
         env:
           BK_TEST_SUITE_KEY: "serverless-cypress-detection-engine"
@@ -22,7 +22,7 @@ steps:
               limit: 1
 
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:detection_engine:exceptions
-        label: "Serverless MKI QA Detection Engine - Exceptions - Security Solution Cypress Tests"
+        label: "Cypress MKI - Detection Engine - Exceptions"
         key: test_detection_engine_exceptions
         env:
           BK_TEST_SUITE_KEY: "serverless-cypress-detection-engine"
@@ -40,7 +40,7 @@ steps:
             - exit_status: "-1"
               limit: 1
 
-  - group: "Serverless MKI QA Detection Engine - API Integration"
+  - group: "API MKI - Detection Engine"
     key: api_test_detections_engine
     steps:
       - label: Running exception_lists_items:qa:serverless:release

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_entity_analytics.yml

@@ -1,6 +1,6 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:entity_analytics
-    label: 'Serverless MKI QA Entity Analytics - Security Solution Cypress Tests'
+    label: 'Cypress MKI - Entity Analytics'
     key: test_entity_analytics
     env:
       BK_TEST_SUITE_KEY: "serverless-cypress-entity-analytics"
@@ -18,7 +18,7 @@ steps:
           - exit_status: '-1'
             limit: 1
 
-  - group: "Serverless MKI QA Entity Analytics - API Integration"
+  - group: "API MKI - Entity Analytics"
     key: api_test_entity_analytics
     steps:
       - label: Running entity_analytics:qa:serverless:release

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_explore.yml

@@ -1,7 +1,7 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:explore
     key: test_explore
-    label: 'Serverless MKI QA Explore - Security Solution Cypress Tests'
+    label: 'Cypress MKI - Explore'
     env:
       BK_TEST_SUITE_KEY: "serverless-cypress-explore"
     agents:

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_gen_ai.yml

@@ -1,6 +1,6 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:ai_assistant
-    label: "Serverless MKI QA AI Assistant - Security Solution Cypress Tests"
+    label: "Cypress MKI - GenAI"
     key: test_ai_assistant
     env:
       BK_TEST_SUITE_KEY: "serverless-cypress-gen-ai"
@@ -18,7 +18,7 @@ steps:
         - exit_status: "-1"
           limit: 1
 
-  - group: "Serverless MKI QA AI Assistant - API Integration"
+  - group: "API MKI - GenAI"
     key: api_test_ai_assistant
     steps:
       - label: Running genai:qa:serverless:release

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_investigations.yml

@@ -1,7 +1,7 @@
 steps:
   - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:investigations
     key: test_investigations
-    label: 'Serverless MKI QA Investigations - Security Solution Cypress Tests'
+    label: 'Cypress MKI - Investigations'
     env:
       BK_TEST_SUITE_KEY: "serverless-cypress-investigations"
     agents:

.buildkite/pipelines/security_solution_quality_gate/mki_quality_gate/mki_quality_gate_rule_management.yml

@@ -1,9 +1,9 @@
 steps:
-  - group: "Serverless MKI QA Rule Management - Cypress Test"
+  - group: "Cypress MKI - Rule Management"
     key: cypress_test_rule_management
     steps:
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:rule_management
-        label: "Serverless MKI QA Rule Management - Security Solution Cypress Tests"
+        label: "Cypress MKI - Rule Management"
         key: test_rule_management
         env:
           BK_TEST_SUITE_KEY: "serverless-cypress-rule-management"
@@ -22,7 +22,7 @@ steps:
               limit: 1
 
       - command: .buildkite/scripts/pipelines/security_solution_quality_gate/security_solution_cypress/mki_security_solution_cypress.sh cypress:run:qa:serverless:rule_management:prebuilt_rules
-        label: "Serverless MKI QA Rule Management - Prebuilt Rules - Security Solution Cypress Tests"
+        label: "Cypress MKI - Rule Management - Prebuilt Rules
         key: test_rule_management_prebuilt_rules
         env:
           BK_TEST_SUITE_KEY: "serverless-cypress-rule-management"
@@ -40,7 +40,7 @@ steps:
             - exit_status: "-1"
               limit: 1
 
-  - group: "Serverless MKI QA Rule Management - API Integration"
+  - group: "API MKI - Rule Management"
     key: api_test_rule_management
     steps:
       - label: Running rule_creation:qa:serverless:release

packages/core/security/core-security-browser-mocks/src/security_service.mock.ts

@@ -11,6 +11,7 @@ import type {
   InternalSecurityServiceSetup,
   InternalSecurityServiceStart,
 } from '@kbn/core-security-browser-internal';
+import { mockAuthenticatedUser, MockAuthenticatedUserProps } from '@kbn/core-security-common/mocks';
 
 const createSetupMock = () => {
   const mock: jest.Mocked<SecurityServiceSetup> = {
@@ -64,4 +65,6 @@ export const securityServiceMock = {
   createStart: createStartMock,
   createInternalSetup: createInternalSetupMock,
   createInternalStart: createInternalStartMock,
+  createMockAuthenticatedUser: (props: MockAuthenticatedUserProps = {}) =>
+    mockAuthenticatedUser(props),
 };

packages/core/security/core-security-browser-mocks/tsconfig.json

@@ -18,5 +18,6 @@
   "kbn_references": [
     "@kbn/core-security-browser",
     "@kbn/core-security-browser-internal",
+    "@kbn/core-security-common",
   ]
 }

packages/core/security/core-security-server-mocks/src/security_service.mock.ts

@@ -16,6 +16,7 @@ import type {
   InternalSecurityServiceStart,
 } from '@kbn/core-security-server-internal';
 import { auditServiceMock, type MockedAuditService } from './audit.mock';
+import { mockAuthenticatedUser, MockAuthenticatedUserProps } from '@kbn/core-security-common/mocks';
 
 const createSetupMock = () => {
   const mock: jest.Mocked<SecurityServiceSetup> = {
@@ -99,4 +100,6 @@ export const securityServiceMock = {
   createInternalSetup: createInternalSetupMock,
   createInternalStart: createInternalStartMock,
   createRequestHandlerContext: createRequestHandlerContextMock,
+  createMockAuthenticatedUser: (props: MockAuthenticatedUserProps = {}) =>
+    mockAuthenticatedUser(props),
 };

packages/core/security/core-security-server-mocks/tsconfig.json

@@ -17,5 +17,6 @@
     "@kbn/core-security-server",
     "@kbn/core-security-server-internal",
     "@kbn/core-http-server",
+    "@kbn/core-security-common",
   ]
 }

packages/kbn-esql-utils/src/utils/append_to_query.test.ts

@@ -31,15 +31,15 @@ describe('appendToQuery', () => {
         appendWhereClauseToESQLQuery('from logstash-* // meow', 'dest', 'tada!', '+', 'string')
       ).toBe(
         `from logstash-* // meow
-| where \`dest\`=="tada!"`
+| WHERE \`dest\`=="tada!"`
       );
     });
     it('appends a filter out where clause in an existing query', () => {
       expect(
         appendWhereClauseToESQLQuery('from logstash-* // meow', 'dest', 'tada!', '-', 'string')
       ).toBe(
         `from logstash-* // meow
-| where \`dest\`!="tada!"`
+| WHERE \`dest\`!="tada!"`
       );
     });
 
@@ -48,14 +48,14 @@ describe('appendToQuery', () => {
         appendWhereClauseToESQLQuery('from logstash-* // meow', 'dest', 'tada!', '-', 'ip')
       ).toBe(
         `from logstash-* // meow
-| where \`dest\`::string!="tada!"`
+| WHERE \`dest\`::string!="tada!"`
       );
     });
 
     it('appends a where clause in an existing query with casting to string when the type is not given', () => {
       expect(appendWhereClauseToESQLQuery('from logstash-* // meow', 'dest', 'tada!', '-')).toBe(
         `from logstash-* // meow
-| where \`dest\`::string!="tada!"`
+| WHERE \`dest\`::string!="tada!"`
       );
     });
 
@@ -70,7 +70,7 @@ describe('appendToQuery', () => {
         )
       ).toBe(
         `from logstash-* // meow
-| where \`dest\` is not null`
+| WHERE \`dest\` is not null`
       );
     });
 
@@ -85,7 +85,7 @@ describe('appendToQuery', () => {
         )
       ).toBe(
         `from logstash-* // meow
-| where \`dest\` is null`
+| WHERE \`dest\` is null`
       );
     });
 
@@ -100,7 +100,7 @@ describe('appendToQuery', () => {
         )
       ).toBe(
         `from logstash-* | where country == "GR"
-and \`dest\`=="Crete"`
+AND \`dest\`=="Crete"`
       );
     });
 

packages/kbn-esql-utils/src/utils/append_to_query.ts

@@ -85,9 +85,9 @@ export function appendWhereClauseToESQLQuery(
       }
     }
     // filter does not exist in the where clause
-    const whereClause = `and ${fieldName}${operator}${filterValue}`;
+    const whereClause = `AND ${fieldName}${operator}${filterValue}`;
     return appendToESQLQuery(baseESQLQuery, whereClause);
   }
-  const whereClause = `| where ${fieldName}${operator}${filterValue}`;
+  const whereClause = `| WHERE ${fieldName}${operator}${filterValue}`;
   return appendToESQLQuery(baseESQLQuery, whereClause);
 }

packages/kbn-esql-utils/src/utils/get_initial_esql_query.test.ts

@@ -10,6 +10,6 @@ import { getInitialESQLQuery } from './get_initial_esql_query';
 
 describe('getInitialESQLQuery', () => {
   it('should work correctly', () => {
-    expect(getInitialESQLQuery('logs*')).toBe('from logs* | limit 10');
+    expect(getInitialESQLQuery('logs*')).toBe('FROM logs* | LIMIT 10');
   });
 });

packages/kbn-esql-utils/src/utils/get_initial_esql_query.ts

@@ -11,5 +11,5 @@
  * @param indexOrIndexPattern
  */
 export function getInitialESQLQuery(indexOrIndexPattern: string): string {
-  return `from ${indexOrIndexPattern} | limit 10`;
+  return `FROM ${indexOrIndexPattern} | LIMIT 10`;
 }