Merge branch 'main' into adding-api-tests-for-modules-jobs-exists-end…

…point
elastic · Sep 30, 2022 · 351ff39 · 351ff39
2 parents 860c420 + e17ce2e
commit 351ff39
Show file tree

Hide file tree

Showing 40 changed files with 683 additions and 1,088 deletions.
diff --git a/docs/osquery/images/live-query-check-results.png b/docs/osquery/images/live-query-check-results.png
diff --git a/docs/osquery/osquery.asciidoc b/docs/osquery/osquery.asciidoc
@@ -61,12 +61,11 @@ TIP: To save a single query for future use, click *Save for later* and define th
 [[osquery-view-history]]
 == View or rerun previous live queries
 
-The *Live queries history* section on the *Live queries* tab shows a log of queries run over the last 30 days.
-Each query has the following options:
+The *Live queries history* section on the *Live queries* tab shows a log of queries run over the last 30 days. From the Live queries table, you can:
 
-* Click image:images/play-icon.png[Right-pointing triangle] to rerun a query.
+* Click the run icon (image:images/play-icon.png[Right-pointing triangle]) to rerun a single query or a query pack.
 
-* Click image:images/table-icon.png[Table icon] to view the query <<osquery-results,results>> and <<osquery-status,status>>.
+* Click the table icon (image:images/table-icon.png[Table icon]) to examine the <<osquery-results,results>> for a single query or a query pack. From the results table, you can also find the query <<osquery-status,status>>.
 +
 [role="screenshot"]
 image::images/live-query-check-results.png[Results of OSquery]

diff --git a/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx b/x-pack/plugins/lens/public/app_plugin/lens_top_nav.tsx
@@ -357,10 +357,14 @@ export const LensTopNavMenu = ({
   ]);
 
   useEffect(() => {
-    if (indexPatterns.length > 0) {
-      setCurrentIndexPattern(indexPatterns[0]);
+    if (activeDatasourceId && datasourceStates[activeDatasourceId].state) {
+      const dataViewId = datasourceMap[activeDatasourceId].getUsedDataView(
+        datasourceStates[activeDatasourceId].state
+      );
+      const dataView = dataViewsList.find((pattern) => pattern.id === dataViewId);
+      setCurrentIndexPattern(dataView ?? indexPatterns[0]);
     }
-  }, [indexPatterns]);
+  }, [activeDatasourceId, datasourceMap, datasourceStates, indexPatterns, dataViewsList]);
 
   useEffect(() => {
     const fetchDataViews = async () => {

diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.test.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.test.tsx
@@ -54,6 +54,11 @@ const mockedServices = {
       getRedirectUrl: jest.fn(() => 'discover_url'),
     },
   } as unknown as DiscoverStart,
+  application: {
+    capabilities: {
+      discover: { save: true, saveQuery: true, show: true },
+    },
+  },
 };
 
 const InnerFieldItemWrapper: React.FC<FieldItemProps> = (props) => {
@@ -460,4 +465,30 @@ describe('IndexPattern Field Item', () => {
     );
     expect(exploreInDiscoverBtn.length).toBe(0);
   });
+
+  it('should not display Explore in discover button if discover capabilities show is false', async () => {
+    const services = {
+      ...mockedServices,
+      application: {
+        capabilities: {
+          discover: { save: false, saveQuery: false, show: false },
+        },
+      },
+    };
+    const wrapper = await mountWithIntl(
+      <KibanaContextProvider services={services}>
+        <InnerFieldItem {...defaultProps} />
+      </KibanaContextProvider>
+    );
+
+    await clickField(wrapper, 'bytes');
+
+    await wrapper.update();
+
+    const exploreInDiscoverBtn = findTestSubject(
+      wrapper,
+      'lnsFieldListPanel-exploreInDiscover-bytes'
+    );
+    expect(exploreInDiscoverBtn.length).toBe(0);
+  });
 });
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/field_item.tsx
@@ -370,8 +370,7 @@ function FieldItemPopoverContents(props: FieldItemProps) {
       [indexPattern],
       getEsQueryConfig(services.uiSettings)
     );
-
-    if (!services.discover) {
+    if (!services.discover || !services.application.capabilities.discover.show) {
       return;
     }
     return services.discover.locator!.getRedirectUrl({

diff --git a/...s/public/indexpattern_datasource/operations/definitions/formula/editor/formula_editor.tsx b/...s/public/indexpattern_datasource/operations/definitions/formula/editor/formula_editor.tsx
@@ -845,7 +845,6 @@ export function FormulaEditor({
                         anchorPosition="leftCenter"
                         isOpen={isHelpOpen}
                         closePopover={() => setIsHelpOpen(false)}
-                        ownFocus={false}
                         button={
                           <EuiButtonIcon
                             className="lnsFormula__editorHelp lnsFormula__editorHelp--overlay"

diff --git a/x-pack/plugins/lens/public/types.ts b/x-pack/plugins/lens/public/types.ts
@@ -494,7 +494,10 @@ export interface DatasourceDataPanelProps<T = unknown> {
   dragDropContext: DragContextState;
   setState: StateSetter<T, { applyImmediately?: boolean }>;
   showNoDataPopover: () => void;
-  core: Pick<CoreStart, 'http' | 'notifications' | 'uiSettings' | 'overlays' | 'theme'>;
+  core: Pick<
+    CoreStart,
+    'http' | 'notifications' | 'uiSettings' | 'overlays' | 'theme' | 'application'
+  >;
   query: Query;
   dateRange: DateRange;
   filters: Filter[];

diff --git a/...ty_solution/public/common/components/event_details/cti_details/host_risk_summary.test.tsx b/...ty_solution/public/common/components/event_details/cti_details/host_risk_summary.test.tsx
diff --git a/...ecurity_solution/public/common/components/event_details/cti_details/risk_summary.test.tsx b/...ecurity_solution/public/common/components/event_details/cti_details/risk_summary.test.tsx
@@ -0,0 +1,96 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { render } from '@testing-library/react';
+import { TestProviders } from '../../../mock';
+import type { RiskEntity } from './risk_summary';
+import * as i18n from './translations';
+import { RiskSummary } from './risk_summary';
+import { RiskScoreEntity, RiskSeverity } from '../../../../../common/search_strategy';
+import { getEmptyValue } from '../../empty_value';
+
+describe.each([RiskScoreEntity.host, RiskScoreEntity.user])(
+  'RiskSummary entityType: %s',
+  (riskEntity) => {
+    it(`renders ${riskEntity} risk data`, () => {
+      const riskSeverity = RiskSeverity.low;
+      const risk = {
+        loading: false,
+        isModuleEnabled: true,
+        result: [
+          {
+            '@timestamp': '1641902481',
+            [riskEntity === RiskScoreEntity.host ? 'host' : 'user']: {
+              name: 'test-host-name',
+              risk: {
+                multipliers: [],
+                calculated_score_norm: 9999,
+                calculated_level: riskSeverity,
+                rule_risks: [],
+              },
+            },
+          },
+        ], // as unknown as HostRiskScore[] | UserRiskScore[],
+      } as unknown as RiskEntity['risk'];
+
+      const props = {
+        riskEntity,
+        risk,
+      } as RiskEntity;
+
+      const { getByText } = render(
+        <TestProviders>
+          <RiskSummary {...props} />
+        </TestProviders>
+      );
+
+      expect(getByText(riskSeverity)).toBeInTheDocument();
+      expect(getByText(i18n.RISK_DATA_TITLE(riskEntity))).toBeInTheDocument();
+    });
+
+    it('renders spinner when loading', () => {
+      const risk = {
+        loading: true,
+        isModuleEnabled: true,
+        result: [],
+      };
+
+      const props = {
+        riskEntity,
+        risk,
+      } as RiskEntity;
+      const { getByTestId } = render(
+        <TestProviders>
+          <RiskSummary {...props} />
+        </TestProviders>
+      );
+
+      expect(getByTestId('loading')).toBeInTheDocument();
+    });
+
+    it(`renders empty value when there is no ${riskEntity} data`, () => {
+      const risk = {
+        loading: false,
+        isModuleEnabled: true,
+        result: [],
+      };
+      const props = {
+        riskEntity,
+        risk,
+      } as RiskEntity;
+      const { getByText } = render(
+        <TestProviders>
+          <RiskSummary {...props} />
+        </TestProviders>
+      );
+
+      expect(getByText(getEmptyValue())).toBeInTheDocument();
+    });
+  }
+);
diff --git a/...details/cti_details/host_risk_summary.tsx → ...vent_details/cti_details/risk_summary.tsx b/...details/cti_details/host_risk_summary.tsx → ...vent_details/cti_details/risk_summary.tsx
@@ -12,68 +12,79 @@ import * as i18n from './translations';
 import { EnrichedDataRow, ThreatSummaryPanelHeader } from './threat_summary_view';
 import { RiskScore } from '../../severity/common';
 import type { RiskSeverity } from '../../../../../common/search_strategy';
-import type { HostRisk } from '../../../../risk_score/containers';
+import { RiskScoreEntity } from '../../../../../common/search_strategy';
+import type { HostRisk, UserRisk } from '../../../../risk_score/containers';
 import { getEmptyValue } from '../../empty_value';
 import { RiskScoreDocLink } from '../../risk_score/risk_score_onboarding/risk_score_doc_link';
-import { RiskScoreEntity } from '../../../../../common/search_strategy';
 import { RiskScoreHeaderTitle } from '../../risk_score/risk_score_onboarding/risk_score_header_title';
 
-const HostRiskSummaryComponent: React.FC<{
-  hostRisk: HostRisk;
-  originalHostRisk?: RiskSeverity | undefined;
-}> = ({ hostRisk, originalHostRisk }) => {
-  const currentHostRiskScore = hostRisk?.result?.[0]?.host?.risk?.calculated_level;
+interface HostRiskEntity {
+  originalRisk?: RiskSeverity | undefined;
+  risk: HostRisk;
+  riskEntity: RiskScoreEntity.host;
+}
+
+interface UserRiskEntity {
+  originalRisk?: RiskSeverity | undefined;
+  risk: UserRisk;
+  riskEntity: RiskScoreEntity.user;
+}
+
+export type RiskEntity = HostRiskEntity | UserRiskEntity;
+
+const RiskSummaryComponent: React.FC<RiskEntity> = ({ risk, riskEntity, originalRisk }) => {
+  const currentRiskScore =
+    riskEntity === RiskScoreEntity.host
+      ? risk?.result?.[0]?.host?.risk?.calculated_level
+      : risk?.result?.[0]?.user?.risk?.calculated_level;
+
   return (
     <>
       <EuiPanel hasBorder paddingSize="s" grow={false}>
         <ThreatSummaryPanelHeader
           title={
             <RiskScoreHeaderTitle
-              title={i18n.HOST_RISK_DATA_TITLE}
-              riskScoreEntity={RiskScoreEntity.host}
+              title={i18n.RISK_DATA_TITLE(riskEntity)}
+              riskScoreEntity={riskEntity}
             />
           }
           toolTipContent={
             <FormattedMessage
-              id="xpack.securitySolution.alertDetails.overview.hostDataTooltipContent"
-              defaultMessage="Risk classification is displayed only when available for a host. Ensure {hostRiskScoreDocumentationLink} is enabled within your environment."
+              id="xpack.securitySolution.alertDetails.overview.riskDataTooltipContent"
+              defaultMessage="Risk classification is displayed only when available for a {riskEntity}. Ensure {riskScoreDocumentationLink} is enabled within your environment."
               values={{
-                hostRiskScoreDocumentationLink: (
+                riskEntity,
+                riskScoreDocumentationLink: (
                   <RiskScoreDocLink
-                    riskScoreEntity={RiskScoreEntity.host}
-                    title={
-                      <FormattedMessage
-                        id="xpack.securitySolution.alertDetails.overview.hostRiskScoreLink"
-                        defaultMessage="Host Risk Score"
-                      />
-                    }
+                    riskScoreEntity={riskEntity}
+                    title={i18n.RISK_SCORE_TITLE(riskEntity)}
                   />
                 ),
               }}
             />
           }
         />
 
-        {hostRisk.loading && <EuiLoadingSpinner data-test-subj="loading" />}
+        {risk.loading && <EuiLoadingSpinner data-test-subj="loading" />}
 
-        {!hostRisk.loading && (
+        {!risk.loading && (
           <>
             <EnrichedDataRow
-              field={i18n.CURRENT_HOST_RISK_CLASSIFICATION}
+              field={i18n.CURRENT_RISK_CLASSIFICATION(riskEntity)}
               value={
-                currentHostRiskScore ? (
-                  <RiskScore severity={currentHostRiskScore} hideBackgroundColor />
+                currentRiskScore ? (
+                  <RiskScore severity={currentRiskScore} hideBackgroundColor />
                 ) : (
                   getEmptyValue()
                 )
               }
             />
 
-            {originalHostRisk && currentHostRiskScore !== originalHostRisk && (
+            {originalRisk && currentRiskScore !== originalRisk && (
               <>
                 <EnrichedDataRow
-                  field={i18n.ORIGINAL_HOST_RISK_CLASSIFICATION}
-                  value={<RiskScore severity={originalHostRisk} hideBackgroundColor />}
+                  field={i18n.ORIGINAL_RISK_CLASSIFICATION(riskEntity)}
+                  value={<RiskScore severity={originalRisk} hideBackgroundColor />}
                 />
               </>
             )}
@@ -83,4 +94,4 @@ const HostRiskSummaryComponent: React.FC<{
     </>
   );
 };
-export const HostRiskSummary = React.memo(HostRiskSummaryComponent);
+export const RiskSummary = React.memo(RiskSummaryComponent);