Merge branch 'main' of https://github.com/elastic/kibana into synth-s…

…paces

.github/CODEOWNERS

@@ -1842,6 +1842,7 @@ x-pack/plugins/osquery @elastic/security-defend-workflows
 /x-pack/plugins/fleet/public/components/cloud_security_posture @elastic/fleet @elastic/kibana-cloud-security-posture
 /x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/cloud_security_posture @elastic/fleet @elastic/kibana-cloud-security-posture
 /x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.* @elastic/fleet @elastic/kibana-cloud-security-posture
+/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/components/cloud_posture_third_party_support_callout.* @elastic/fleet @elastic/kibana-cloud-security-posture
 /x-pack/plugins/security_solution/public/cloud_security_posture @elastic/kibana-cloud-security-posture
 /x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/vulnerabilities_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
 

docs/landing-page.asciidoc

@@ -248,11 +248,11 @@
 
 <div class="row my-4">
   <div class="col-md-4 col-12 mb-2">
-    <a class="no-text-decoration" href="https://www.elastic.co/guide/en/enterprise-search/current/start.html">
+    <a class="no-text-decoration" href="search-space.html">
       <div class="card h-100">
         <h4 class="mt-3">
           <span class="inline-block float-left icon mr-2" style="background-image: url('https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blt11200907c1c033aa/634d9da119d8652169cf9b2b/enterprise-search-logo-color-32px.png');"></span>
-          Enterprise Search
+          Search
         </h4>
         <p>Create search experiences for your content, wherever it lives.</p>
       </div>

docs/search/index.asciidoc

@@ -2,7 +2,7 @@
 [[search-space]]
 = Search
 
-The *Search* space in {kib} comprises the following features:
+The *Search* space in the {kib} UI contains the following GUI features:
 
 * https://www.elastic.co/guide/en/enterprise-search/current/connectors.html[Connectors]
 * https://www.elastic.co/guide/en/enterprise-search/current/crawler.html[Web crawler]
@@ -11,7 +11,7 @@ The *Search* space in {kib} comprises the following features:
 * https://www.elastic.co/guide/en/elasticsearch/reference/current/behavioral-analytics-overview.html[Behavioral Analytics]
 * <<inference-endpoints,Inference Endpoints UI>>
 * <<search-assistant,AI Assistant for Search>>
-* Persistent Dev Tools <<console-kibana, Console>>
+* Dev Tools <<console-kibana, Console>>
 
 [float]
 [[search-release-notes]]

docs/user/security/audit-logging.asciidoc

@@ -17,20 +17,20 @@ by cluster-wide privileges. For more information on enabling audit logging in
 Audit logs are **disabled** by default. To enable this functionality, you must
 set `xpack.security.audit.enabled` to `true` in `kibana.yml`.
 
-You can optionally configure audit logs location, file/rolling file appenders and 
+You can optionally configure audit logs location, file/rolling file appenders and
 ignore filters using <<audit-logging-settings>>.
 ============================================================================
 
 [[xpack-security-ecs-audit-logging]]
 ==== Audit events
 
-Refer to the table of events that can be logged for auditing purposes. 
+Refer to the table of events that can be logged for auditing purposes.
 
 Each event is broken down into <<field-event-category, category>>, <<field-event-type, type>>, <<field-event-action, action>> and
 <<field-event-outcome, outcome>> fields to make it easy to filter, query and aggregate the resulting logs. The <<field-trace-id, trace.id>>
 field can be used to correlate multiple events that originate from the same request.
 
-Refer to <<xpack-security-ecs-audit-schema>> for a table of fields that get logged with audit event. 
+Refer to <<xpack-security-ecs-audit-schema>> for a table of fields that get logged with audit event.
 
 [NOTE]
 ============================================================================
@@ -116,6 +116,38 @@ Refer to the corresponding {es} logs for potential write errors.
 .1+| `case_user_action_create_case`
 | `success` | User has created a case.
 
+.2+| `ml_put_ad_job`
+| `success` | Creating anomaly detection job.
+| `failure` | Failed to create anomaly detection job.
+
+.2+| `ml_put_ad_datafeed`
+| `success` | Creating anomaly detection datafeed.
+| `failure` | Failed to create anomaly detection datafeed.
+
+.2+| `ml_put_calendar`
+| `success` | Creating calendar.
+| `failure` | Failed to create calendar.
+
+.2+| `ml_post_calendar_events`
+| `success` | Adding events to calendar.
+| `failure` | Failed to add events to calendar.
+
+.2+| `ml_forecast`
+| `success` | Creating anomaly detection forecast.
+| `failure` | Failed to create anomaly detection forecast.
+
+.2+| `ml_put_filter`
+| `success` | Creating filter.
+| `failure` | Failed to create filter.
+
+.2+| `ml_put_dfa_job`
+| `success` | Creating data frame analytics job.
+| `failure` | Failed to create data frame analytics job.
+
+.2+| `ml_put_trained_model`
+| `success` | Creating trained model.
+| `failure` | Failed to create trained model.
+
 3+a|
 ====== Type: change
 
@@ -234,6 +266,74 @@ Refer to the corresponding {es} logs for potential write errors.
 .1+| `case_user_action_update_case_title`
 | `success` | User has updated the case title.
 
+.2+| `ml_open_ad_job`
+| `success` | Opening anomaly detection job.
+| `failure` | Failed to open anomaly detection job.
+
+.2+| `ml_close_ad_job`
+| `success` | Closing anomaly detection job.
+| `failure` | Failed to close anomaly detection job.
+
+.2+| `ml_start_ad_datafeed`
+| `success` | Starting anomaly detection datafeed.
+| `failure` | Failed to start anomaly detection datafeed.
+
+.2+| `ml_stop_ad_datafeed`
+| `success` | Stopping anomaly detection datafeed.
+| `failure` | Failed to stop anomaly detection datafeed.
+
+.2+| `ml_update_ad_job`
+| `success` | Updating anomaly detection job.
+| `failure` | Failed to update anomaly detection job.
+
+.2+| `ml_reset_ad_job`
+| `success` | Resetting anomaly detection job.
+| `failure` | Failed to reset anomaly detection job.
+
+.2+| `ml_revert_ad_snapshot`
+| `success` | Reverting anomaly detection snapshot.
+| `failure` | Failed to revert anomaly detection snapshot.
+
+.2+| `ml_update_ad_datafeed`
+| `success` | Updating anomaly detection datafeed.
+| `failure` | Failed to update anomaly detection datafeed.
+
+.2+| `ml_put_calendar_job`
+| `success` | Adding job to calendar.
+| `failure` | Failed to add job to calendar.
+
+.2+| `ml_delete_calendar_job`
+| `success` | Removing job from calendar.
+| `failure` | Failed to remove job from calendar.
+
+.2+| `ml_update_filter`
+| `success` | Updating filter.
+| `failure` | Failed to update filter.
+
+.2+| `ml_start_dfa_job`
+| `success` | Starting data frame analytics job.
+| `failure` | Failed to start data frame analytics job.
+
+.2+| `ml_stop_dfa_job`
+| `success` | Stopping data frame analytics job.
+| `failure` | Failed to stop data frame analytics job.
+
+.2+| `ml_update_dfa_job`
+| `success` | Updating data frame analytics job.
+| `failure` | Failed to update data frame analytics job.
+
+.2+| `ml_start_trained_model_deployment`
+| `success` | Starting trained model deployment.
+| `failure` | Failed to start trained model deployment.
+
+.2+| `ml_stop_trained_model_deployment`
+| `success` | Stopping trained model deployment.
+| `failure` | Failed to stop trained model deployment.
+
+.2+| `ml_update_trained_model_deployment`
+| `success` | Updating trained model deployment.
+| `failure` | Failed to update trained model deployment.
+
 3+a|
 ====== Type: deletion
 
@@ -289,6 +389,42 @@ Refer to the corresponding {es} logs for potential write errors.
 .1+| `case_user_action_delete_case_tags`
 | `success` | User has removed tags from a case.
 
+.2+| `ml_delete_ad_job`
+| `success` | Deleting anomaly detection job.
+| `failure` | Failed to delete anomaly detection job.
+
+.2+| `ml_delete_model_snapshot`
+| `success` | Deleting model snapshot.
+| `failure` | Failed to delete model snapshot.
+
+.2+| `ml_delete_ad_datafeed`
+| `success` | Deleting anomaly detection datafeed.
+| `failure` | Failed to delete anomaly detection datafeed.
+
+.2+| `ml_delete_calendar`
+| `success` | Deleting calendar.
+| `failure` | Failed to delete calendar.
+
+.2+| `ml_delete_calendar_event`
+| `success` | Deleting calendar event.
+| `failure` | Failed to delete calendar event.
+
+.2+| `ml_delete_filter`
+| `success` | Deleting filter.
+| `failure` | Failed to delete filter.
+
+.2+| `ml_delete_forecast`
+| `success` | Deleting forecast.
+| `failure` | Failed to delete forecast.
+
+.2+| `ml_delete_dfa_job`
+| `success` | Deleting data frame analytics job.
+| `failure` | Failed to delete data frame analytics job.
+
+.2+| `ml_delete_trained_model`
+| `success` | Deleting trained model.
+| `failure` | Failed to delete trained model.
+
 3+a|
 ====== Type: access
 
@@ -448,6 +584,10 @@ Refer to the corresponding {es} logs for potential write errors.
 | `success` | User has accessed the connectors of a case.
 | `failure` | User is not authorized to access the connectors of a case.
 
+.2+| `ml_infer_trained_model`
+| `success` | Inferring using trained model.
+| `failure` | Failed to infer using trained model.
+
 3+a|
 ===== Category: web
 
@@ -474,12 +614,12 @@ Audit logs are written in JSON using https://www.elastic.co/guide/en/ecs/1.6/ind
 | *Description*
 
 | `@timestamp`
-| Time when the event was generated. 
+| Time when the event was generated.
 
 Example: `2016-05-23T08:05:34.853Z`
 
 | `message`
-| Human readable description of the event. 
+| Human readable description of the event.
 
 2+a| ===== Event Fields
 
@@ -489,7 +629,7 @@ Example: `2016-05-23T08:05:34.853Z`
 | [[field-event-action]] `event.action`
 | The action captured by the event.
 
-Refer to <<xpack-security-ecs-audit-logging>> for a table of possible actions. 
+Refer to <<xpack-security-ecs-audit-logging>> for a table of possible actions.
 
 | [[field-event-category]] `event.category`
 | High level category associated with the event.
@@ -513,7 +653,7 @@ Possible values:
 `deletion`
 
 | [[field-event-outcome]] `event.outcome`
-a| Denotes whether the event represents a success or failure: 
+a| Denotes whether the event represents a success or failure:
 
 * Any actions that the user is not authorized to perform are logged with outcome:  `failure`
 * Authorized read operations are only logged after successfully fetching the data from {es} with outcome: `success`
@@ -553,7 +693,7 @@ Example: `[kibana_admin, reporting_user]`
 Example: `default`
 
 | `kibana.session_id`
-| ID of the user session associated with the event. 
+| ID of the user session associated with the event.
 
 Each login attempt results in a unique session id.
 
@@ -604,7 +744,7 @@ Example: `[marketing]`
 | Error code describing the error.
 
 | `error.message`
-| Error message. 
+| Error message.
 
 2+a| ===== HTTP and URL Fields
 

package.json

@@ -119,7 +119,7 @@
     "@elastic/ecs": "^8.11.1",
     "@elastic/elasticsearch": "^8.15.0",
     "@elastic/ems-client": "8.5.3",
-    "@elastic/eui": "96.1.0",
+    "@elastic/eui": "97.0.0",
     "@elastic/filesaver": "1.1.2",
     "@elastic/node-crypto": "1.2.1",
     "@elastic/numeral": "^2.5.1",
@@ -1240,7 +1240,7 @@
     "redux-saga-testing": "^2.0.2",
     "redux-thunk": "^2.4.2",
     "redux-thunks": "^1.0.0",
-    "reflect-metadata": "^0.2.1",
+    "reflect-metadata": "^0.2.2",
     "remark-gfm": "1.0.0",
     "remark-parse-no-trim": "^8.0.4",
     "remark-stringify": "^8.0.3",

packages/core/i18n/core-i18n-browser-internal/src/i18n_eui_mapping.tsx

@@ -860,13 +860,16 @@ export const getEuiContextMapping = (): EuiTokensObject => {
       'core.euiInlineEditForm.saveButtonAriaLabel',
       { defaultMessage: 'Save edit' }
     ),
-    'euiExternalLinkIcon.ariaLabel': i18n.translate('core.euiExternalLinkIcon.ariaLabel', {
-      defaultMessage: 'External link',
-    }),
+    'euiExternalLinkIcon.externalTarget.screenReaderOnlyText': i18n.translate(
+      'core.euiExternalLinkIcon.externalTarget.screenReaderOnlyText',
+      {
+        defaultMessage: '(external)',
+      }
+    ),
     'euiExternalLinkIcon.newTarget.screenReaderOnlyText': i18n.translate(
       'core.euiExternalLinkIcon.newTarget.screenReaderOnlyText',
       {
-        defaultMessage: '(opens in a new tab or window)',
+        defaultMessage: '(external, opens in a new tab or window)',
       }
     ),
     'euiLoadingStrings.ariaLabel': i18n.translate('core.euiLoadingStrings.ariaLabel', {

packages/kbn-alerts-as-data-utils/src/field_maps/alert_field_map.ts

@@ -23,6 +23,7 @@ import {
   ALERT_RULE_CATEGORY,
   ALERT_RULE_CONSUMER,
   ALERT_RULE_EXECUTION_TIMESTAMP,
+  ALERT_RULE_EXECUTION_TYPE,
   ALERT_RULE_EXECUTION_UUID,
   ALERT_RULE_NAME,
   ALERT_RULE_PARAMETERS,
@@ -134,6 +135,11 @@ export const alertFieldMap = {
     array: false,
     required: false,
   },
+  [ALERT_RULE_EXECUTION_TYPE]: {
+    type: 'keyword',
+    array: false,
+    required: false,
+  },
   [ALERT_INTENDED_TIMESTAMP]: {
     type: 'date',
     array: false,

packages/kbn-alerts-as-data-utils/src/schemas/generated/alert_schema.ts

@@ -99,6 +99,7 @@ const AlertOptional = rt.partial({
   'kibana.alert.previous_action_group': schemaString,
   'kibana.alert.reason': schemaString,
   'kibana.alert.rule.execution.timestamp': schemaDate,
+  'kibana.alert.rule.execution.type': schemaString,
   'kibana.alert.rule.execution.uuid': schemaString,
   'kibana.alert.rule.parameters': schemaUnknown,
   'kibana.alert.rule.tags': schemaStringArray,

packages/kbn-alerts-as-data-utils/src/schemas/generated/security_schema.ts

@@ -164,6 +164,7 @@ const SecurityAlertOptional = rt.partial({
   'kibana.alert.rule.description': schemaString,
   'kibana.alert.rule.enabled': schemaString,
   'kibana.alert.rule.execution.timestamp': schemaDate,
+  'kibana.alert.rule.execution.type': schemaString,
   'kibana.alert.rule.execution.uuid': schemaString,
   'kibana.alert.rule.from': schemaString,
   'kibana.alert.rule.immutable': schemaStringArray,

packages/kbn-apm-synthtrace-client/index.ts

@@ -37,3 +37,4 @@ export type { ESDocumentWithOperation, SynthtraceESAction, SynthtraceGenerator }
 export { log, type LogDocument, LONG_FIELD_NAME } from './src/lib/logs';
 export { type AssetDocument } from './src/lib/assets';
 export { syntheticsMonitor, type SyntheticsMonitorDocument } from './src/lib/synthetics';
+export { otel, type OtelDocument } from './src/lib/otel';