From 3ccf4993e04b1e528a96d396dfa45138a17eca84 Mon Sep 17 00:00:00 2001
From: Achyut Jhunjhunwala <achyut.jhunjhunwala@elastic.co>
Date: Tue, 2 May 2023 17:19:37 +0200
Subject: [PATCH 1/7] Add dev docs for other bucket generation (#156335)

## Summary

This PR adds dev docs for generating `_other` bucket running APM Server
locally
---
 .../apm/dev_docs/overflow_bucket_setup.md     | 103 ++++++++++++++++++
 1 file changed, 103 insertions(+)
 create mode 100644 x-pack/plugins/apm/dev_docs/overflow_bucket_setup.md

diff --git a/x-pack/plugins/apm/dev_docs/overflow_bucket_setup.md b/x-pack/plugins/apm/dev_docs/overflow_bucket_setup.md
new file mode 100644
index 0000000000000..46d9f4c6df72a
--- /dev/null
+++ b/x-pack/plugins/apm/dev_docs/overflow_bucket_setup.md
@@ -0,0 +1,103 @@
+## Summary
+
+8.7 introduced Overflow Buckets for Metrics. The below setup would enable generating the overflow buckets for the metrics indices.
+
+### Pre-requisites
+
+- Install golang and set go path properly
+
+- Run Elasticsearch locally
+  ```
+  yarn es snapshot
+  ```
+- Run Kibana locally
+  ```
+  yarn start
+  ```
+- Git Clone APM Server locally
+  ```
+  git clone git@github.com:[USER]/apm-server.git
+  ```
+- Modify `apm-server.yml` accordingly
+  ```
+  ## Add this to the bottom of the file
+  apm-server.aggregation:
+  service_transactions:
+    max_groups: 2
+  transactions:
+    max_groups: 2
+  
+  ## Uncomment the following lines under `output.elasticsearch:`
+  username: "elastic"
+  password: "changeme"
+  protocol: "http" // This is by default set to HTTPS, change it to http
+  ```
+- Run APM Server locally
+  ```
+  ./apm-server -c apm-server.yml -e -d "*"
+  ```
+  
+### Steps to generate data
+
+- Copy paste the below script in a file called `tx_max_group.go`
+  This file is responsible for generating 3 transactions per service.
+  ```
+  package main
+
+  import (
+    "fmt"
+    "time"
+    "go.elastic.co/apm/v2"
+  )
+  
+  func main() {
+    tracer := apm.DefaultTracer()
+    once(tracer, "test1")
+    once(tracer, "test2")
+    once(tracer, "test3")
+    tracer.Flush(nil)
+  }
+  
+  func once(tracer *apm.Tracer, name string) {
+    tx := tracer.StartTransaction(name, "type")
+    defer tx.End()
+  
+    span := tx.StartSpanOptions(name, "type", apm.SpanOptions{})
+    time.Sleep(time.Millisecond * 1)
+  
+    span.Outcome = "success"
+    span.Context.SetDestinationService(apm.DestinationServiceSpanContext{
+      Resource: fmt.Sprintf("dest_resource"),
+    })
+    span.End()
+  }
+  ```
+  
+- Now create a Bash Script file, name it anything - e.g., `service_max_group.sh`
+  This file will generate services and then transactions for each service using the go script above.
+  ```
+  #!/usr/bin/env bash
+
+  echo "Starting script"
+  
+  go build -o tx_max_group tx_max_group.go || exit 1
+  
+  for i in {1..10100}
+  do
+  export ELASTIC_APM_SERVICE_NAME="service-$i"
+  ./tx_max_group
+  done
+  
+  echo "Ending script"
+  ```
+
+- Run `sh service_max_group` to generate the data
+
+This would start generating events to APM Server. Now open Service Inventory Page on Kibana to observe the `_other` bucket.
+
+## Known Issues
+
+- APM Server is unable to use Fleet API to generate APM Indices. Due to this, when starting the APM Server, you will see errors like unable to find Metrics Indices. To fix this, run one of the Synthtrace Scenario files which would create the required indices.
+  ```
+  node scripts/synthtrace mobile.ts --clean
+  ```
\ No newline at end of file

From eba1001c64f1084293f6c18d8aa6e7aaff1c568d Mon Sep 17 00:00:00 2001
From: Jatin Kathuria <jatin.kathuria@elastic.co>
Date: Tue, 2 May 2023 17:22:26 +0200
Subject: [PATCH 2/7] [Security Solution] [Fix] Alert Table re-render + column
 width reset + TopN Not rendering (#155478)

## Summary

This PR handles :
-  Column width is reset when alert table re-renders #154796
- [Response Ops] Triggers Actions Alert table un-mounts / remounts
complete row when clicking on checkbox. #155229
- [Security Solution] TopN does not work on Alert Table in Event
Rendered View #155152


|Before | After |
|---|---|
| <video
src="https://user-images.githubusercontent.com/7485038/233974827-548c7e61-0737-436c-8384-0faa923ab5d7.mov"
/> | <video
src="https://user-images.githubusercontent.com/7485038/234316670-4cd318bd-8fde-45ed-999d-a6a78bbf0432.mov"
/>

 |
---
 ...use_data_grid_column_cell_actions.test.tsx |   28 +
 .../use_data_grid_column_cell_actions.tsx     |   16 +-
 .../common/components/cell_actions/mocks.ts   |   20 +
 .../components/alerts_table/index.tsx         |   38 +-
 .../trigger_actions_alert_table/mock/data.ts  | 1696 +++++++++++++++++
 .../use_cell_actions.test.tsx                 |  148 ++
 .../sections/alerts_table/alerts_table.tsx    |    8 +-
 .../alerts_table/alerts_table_state.tsx       |   16 +-
 .../hooks/use_columns/use_columns.ts          |    6 +-
 9 files changed, 1942 insertions(+), 34 deletions(-)
 create mode 100644 x-pack/plugins/security_solution/public/common/components/cell_actions/mocks.ts
 create mode 100644 x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/mock/data.ts
 create mode 100644 x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_cell_actions.test.tsx

diff --git a/packages/kbn-cell-actions/src/hooks/use_data_grid_column_cell_actions.test.tsx b/packages/kbn-cell-actions/src/hooks/use_data_grid_column_cell_actions.test.tsx
index 7cb321a6a3f67..0ffc68615c0b5 100644
--- a/packages/kbn-cell-actions/src/hooks/use_data_grid_column_cell_actions.test.tsx
+++ b/packages/kbn-cell-actions/src/hooks/use_data_grid_column_cell_actions.test.tsx
@@ -191,4 +191,32 @@ describe('useDataGridColumnsCellActions', () => {
       expect(mockCloseCellPopover).toHaveBeenCalled();
     });
   });
+
+  it('should return empty array of actions when list of fields is empty', async () => {
+    const { result, waitForNextUpdate } = renderHook(useDataGridColumnsCellActions, {
+      initialProps: {
+        ...useDataGridColumnsCellActionsProps,
+        fields: [],
+      },
+    });
+
+    await waitForNextUpdate();
+
+    expect(result.current).toBeInstanceOf(Array);
+    expect(result.current.length).toBe(0);
+  });
+
+  it('should return empty array of actions when list of fields is undefined', async () => {
+    const { result, waitForNextUpdate } = renderHook(useDataGridColumnsCellActions, {
+      initialProps: {
+        ...useDataGridColumnsCellActionsProps,
+        fields: undefined,
+      },
+    });
+
+    await waitForNextUpdate();
+
+    expect(result.current).toBeInstanceOf(Array);
+    expect(result.current.length).toBe(0);
+  });
 });
diff --git a/packages/kbn-cell-actions/src/hooks/use_data_grid_column_cell_actions.tsx b/packages/kbn-cell-actions/src/hooks/use_data_grid_column_cell_actions.tsx
index 344e4a058ad44..2913004218032 100644
--- a/packages/kbn-cell-actions/src/hooks/use_data_grid_column_cell_actions.tsx
+++ b/packages/kbn-cell-actions/src/hooks/use_data_grid_column_cell_actions.tsx
@@ -30,7 +30,7 @@ interface BulkField extends Pick<CellActionField, 'name' | 'type'> {
 
 export interface UseDataGridColumnsCellActionsProps
   extends Pick<CellActionsProps, 'triggerId' | 'metadata' | 'disabledActionTypes'> {
-  fields: BulkField[];
+  fields?: BulkField[];
   dataGridRef: MutableRefObject<EuiDataGridRefProps | null>;
 }
 export type UseDataGridColumnsCellActions<
@@ -46,11 +46,11 @@ export const useDataGridColumnsCellActions: UseDataGridColumnsCellActions = ({
 }) => {
   const bulkContexts: CellActionCompatibilityContext[] = useMemo(
     () =>
-      fields.map(({ values, ...field }) => ({
+      fields?.map(({ values, ...field }) => ({
         field, // we are getting the actions for the whole column field, so the compatibility check will be done without the value
         trigger: { id: triggerId },
         metadata,
-      })),
+      })) ?? [],
     [fields, triggerId, metadata]
   );
 
@@ -60,11 +60,13 @@ export const useDataGridColumnsCellActions: UseDataGridColumnsCellActions = ({
 
   const columnsCellActions = useMemo<EuiDataGridColumnCellAction[][]>(() => {
     if (loading) {
-      return fields.map(() => [
-        () => <EuiLoadingSpinner size="s" data-test-subj="dataGridColumnCellAction-loading" />,
-      ]);
+      return (
+        fields?.map(() => [
+          () => <EuiLoadingSpinner size="s" data-test-subj="dataGridColumnCellAction-loading" />,
+        ]) ?? []
+      );
     }
-    if (!columnsActions) {
+    if (!columnsActions || !fields || fields.length === 0) {
       return [];
     }
     return columnsActions.map((actions, columnIndex) =>
diff --git a/x-pack/plugins/security_solution/public/common/components/cell_actions/mocks.ts b/x-pack/plugins/security_solution/public/common/components/cell_actions/mocks.ts
new file mode 100644
index 0000000000000..bf9bd77e6b261
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/common/components/cell_actions/mocks.ts
@@ -0,0 +1,20 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const makeAction = (actionsName: string, icon: string = 'icon', order?: number) => ({
+  id: actionsName,
+  type: actionsName,
+  order,
+  getIconType: () => icon,
+  getDisplayName: () => actionsName,
+  getDisplayNameTooltip: () => actionsName,
+  isCompatible: () => Promise.resolve(true),
+  execute: () => {
+    alert(actionsName);
+    return Promise.resolve();
+  },
+});
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
index eb8435d7578be..aedb45acdf3ef 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx
@@ -15,12 +15,11 @@ import type { AlertsTableStateProps } from '@kbn/triggers-actions-ui-plugin/publ
 import type { Alert } from '@kbn/triggers-actions-ui-plugin/public/types';
 import { ALERT_BUILDING_BLOCK_TYPE } from '@kbn/rule-data-utils';
 import styled from 'styled-components';
-import { useDispatch, useSelector } from 'react-redux';
+import { useDispatch } from 'react-redux';
 import { getEsQueryConfig } from '@kbn/data-plugin/public';
 import {
   dataTableActions,
   dataTableSelectors,
-  getColumnHeaders,
   tableDefaults,
   TableId,
 } from '@kbn/securitysolution-data-table';
@@ -42,12 +41,13 @@ import { getDataTablesInStorageByIds } from '../../../timelines/containers/local
 import { useSourcererDataView } from '../../../common/containers/sourcerer';
 import { SourcererScopeName } from '../../../common/store/sourcerer/model';
 import { useKibana } from '../../../common/lib/kibana';
-import { useShallowEqualSelector } from '../../../common/hooks/use_selector';
+import { useDeepEqualSelector, useShallowEqualSelector } from '../../../common/hooks/use_selector';
 import { getColumns } from '../../configurations/security_solution_detections';
 import { buildTimeRangeFilter } from './helpers';
 import { eventsViewerSelector } from '../../../common/components/events_viewer/selectors';
 import type { State } from '../../../common/store';
 import * as i18n from './translations';
+import { eventRenderedViewColumns } from '../../configurations/security_solution_detections/columns';
 
 const { updateIsLoading, updateTotalCount } = dataTableActions;
 
@@ -96,6 +96,7 @@ interface DetectionEngineAlertTableProps {
   isLoading?: boolean;
   onRuleChange?: () => void;
 }
+
 export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
   configId,
   flyoutSize,
@@ -124,9 +125,13 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
   const { browserFields, indexPattern: indexPatterns } = useSourcererDataView(sourcererScope);
   const license = useLicense();
 
-  const getGlobalInputs = inputsSelectors.globalSelector();
-  const globalInputs = useSelector((state: State) => getGlobalInputs(state));
-  const { query: globalQuery, filters: globalFilters } = globalInputs;
+  const getGlobalFiltersQuerySelector = useMemo(
+    () => inputsSelectors.globalFiltersQuerySelector(),
+    []
+  );
+  const getGlobalQuerySelector = useMemo(() => inputsSelectors.globalQuerySelector(), []);
+  const globalQuery = useDeepEqualSelector(getGlobalQuerySelector);
+  const globalFilters = useDeepEqualSelector(getGlobalFiltersQuerySelector);
 
   const getTable = useMemo(() => dataTableSelectors.getTableByIdSelector(), []);
 
@@ -173,11 +178,11 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
   });
 
   const finalBoolQuery: AlertsTableStateProps['query'] = useMemo(() => {
-    if (!combinedQuery || combinedQuery.kqlError || !combinedQuery.filterQuery) {
+    if (combinedQuery?.kqlError || !combinedQuery?.filterQuery) {
       return { bool: {} };
     }
-    return { bool: { filter: JSON.parse(combinedQuery.filterQuery) } };
-  }, [combinedQuery]);
+    return { bool: { filter: JSON.parse(combinedQuery?.filterQuery) } };
+  }, [combinedQuery?.filterQuery, combinedQuery?.kqlError]);
 
   const isEventRenderedView = tableView === VIEW_SELECTION.eventRenderedView;
 
@@ -205,21 +210,16 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
   const columnsFormStorage = dataTableStorage?.[TableId.alertsOnAlertsPage]?.columns ?? [];
   const alertColumns = columnsFormStorage.length ? columnsFormStorage : getColumns(license);
 
-  const evenRenderedColumns = useMemo(
-    () => getColumnHeaders(alertColumns, browserFields, true),
-    [alertColumns, browserFields]
-  );
-
-  const finalColumns = useMemo(
-    () => (isEventRenderedView ? evenRenderedColumns : alertColumns),
-    [evenRenderedColumns, alertColumns, isEventRenderedView]
-  );
-
   const finalBrowserFields = useMemo(
     () => (isEventRenderedView ? {} : browserFields),
     [isEventRenderedView, browserFields]
   );
 
+  const finalColumns = useMemo(
+    () => (isEventRenderedView ? eventRenderedViewColumns : alertColumns),
+    [alertColumns, isEventRenderedView]
+  );
+
   const onAlertTableUpdate: AlertsTableStateProps['onUpdate'] = useCallback(
     ({ isLoading: isAlertTableLoading, totalCount, refresh }) => {
       dispatch(
diff --git a/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/mock/data.ts b/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/mock/data.ts
new file mode 100644
index 0000000000000..45637d28cd9ae
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/mock/data.ts
@@ -0,0 +1,1696 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const browserFields = {
+  host: {
+    fields: {
+      'host.name': {
+        category: 'host',
+        description:
+          'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.',
+        name: 'host.name',
+        type: 'string',
+        searchable: true,
+        aggregatable: true,
+        format: 'string',
+        indexes: [
+          'apm-*-transaction*',
+          'traces-apm*',
+          'auditbeat-*',
+          'endgame-*',
+          'filebeat-*',
+          'logs-*',
+          'packetbeat-*',
+          'winlogbeat-*',
+        ],
+      },
+    },
+  },
+};
+
+export const columns = [
+  {
+    columnHeaderType: 'not-filtered',
+    displayAsText: 'Host Name',
+    id: 'host.name',
+    initialWidth: 30,
+  },
+];
+
+export const data = [
+  [
+    {
+      field: 'kibana.alert.rule.updated_by',
+      value: ['elastic'],
+    },
+    {
+      field: 'host.os.name.text',
+      value: ['Debian GNU/Linux'],
+    },
+    {
+      field: 'host.hostname',
+      value: ['bastion00'],
+    },
+    {
+      field: 'host.mac',
+      value: ['42-01-0A-C8-00-2E'],
+    },
+    {
+      field: 'service.type',
+      value: ['system'],
+    },
+    {
+      field: 'signal.rule.enabled',
+      value: ['true'],
+    },
+    {
+      field: 'host.os.version',
+      value: ['10 (buster)'],
+    },
+    {
+      field: 'signal.rule.max_signals',
+      value: [100],
+    },
+    {
+      field: 'source.geo.region_name',
+      value: ['Iowa'],
+    },
+    {
+      field: 'signal.rule.updated_at',
+      value: ['2023-04-25T09:03:13.384Z'],
+    },
+    {
+      field: 'kibana.alert.risk_score',
+      value: [21],
+    },
+    {
+      field: 'source.geo.city_name',
+      value: ['Council Bluffs'],
+    },
+    {
+      field: 'host.os.type',
+      value: ['linux'],
+    },
+    {
+      field: 'signal.original_event.end',
+      value: ['2022-10-14T14:00:24.296Z'],
+    },
+    {
+      field: 'kibana.alert.original_event.module',
+      value: ['system'],
+    },
+    {
+      field: 'kibana.alert.rule.interval',
+      value: ['5m'],
+    },
+    {
+      field: 'kibana.alert.rule.type',
+      value: ['query'],
+    },
+    {
+      field: 'agent.hostname',
+      value: ['bastion00.siem.estc.dev'],
+    },
+    {
+      field: 'kibana.alert.original_event.end',
+      value: ['2022-10-14T14:00:24.296Z'],
+    },
+    {
+      field: 'kibana.alert.rule.immutable',
+      value: ['false'],
+    },
+    {
+      field: 'source.port',
+      value: [56296],
+    },
+    {
+      field: 'client.port',
+      value: [56296],
+    },
+    {
+      field: 'host.containerized',
+      value: [false],
+    },
+    {
+      field: 'destination.bytes',
+      value: [6564],
+    },
+    {
+      field: 'kibana.alert.rule.version',
+      value: ['1'],
+    },
+    {
+      field: 'source.as.number',
+      value: [396982],
+    },
+    {
+      field: 'event.end',
+      value: ['2022-10-14T14:00:24.296Z'],
+    },
+    {
+      field: 'process.entity_id',
+      value: ['rR78V6MnxUY7Go9O'],
+    },
+    {
+      field: 'host.ip',
+      value: ['10.200.0.46', 'fe80::4001:aff:fec8:2e'],
+    },
+    {
+      field: 'agent.type',
+      value: ['auditbeat'],
+    },
+    {
+      field: 'signal.original_event.category',
+      value: ['network'],
+    },
+    {
+      field: 'process.executable.text',
+      value: ['/usr/local/bin/traefik'],
+    },
+    {
+      field: 'related.ip',
+      value: ['10.200.0.46', '35.226.77.71'],
+    },
+    {
+      field: 'server.port',
+      value: [9200],
+    },
+    {
+      field: 'host.id',
+      value: ['a415f7ec8a9af33894317958f24e185f'],
+    },
+    {
+      field: 'timestamp',
+      value: [1666873459714],
+    },
+    {
+      field: 'signal.rule.building_block_type',
+      value: ['default'],
+    },
+    {
+      field: 'kibana.alert.rule.indices',
+      value: [
+        'apm-*-transaction*',
+        'auditbeat-*',
+        'endgame-*',
+        'filebeat-*',
+        'logs-*',
+        'packetbeat-*',
+        'traces-apm*',
+        'winlogbeat-*',
+        '-*elastic-cloud-logs-*',
+      ],
+    },
+    {
+      field: 'signal.rule.updated_by',
+      value: ['elastic'],
+    },
+    {
+      field: 'cloud.account.id',
+      value: ['elastic-siem'],
+    },
+    {
+      field: 'host.os.platform',
+      value: ['debian'],
+    },
+    {
+      field: 'kibana.alert.rule.severity',
+      value: ['low'],
+    },
+    {
+      field: 'signal.original_event.duration',
+      value: ['647874250'],
+    },
+    {
+      field: 'kibana.version',
+      value: ['8.8.0'],
+    },
+    {
+      field: 'signal.ancestors.type',
+      value: ['event', 'signal'],
+    },
+    {
+      field: 'cloud.instance.name',
+      value: ['bastion00'],
+    },
+    {
+      field: 'user.name.text',
+      value: ['traefik'],
+    },
+    {
+      field: 'kibana.alert.ancestors.id',
+      value: [
+        '4z_L1oMBiIcG4Y9J2nxd',
+        '75e2a3903daac549c05eb3aebe90b3ef6d1921b74c4870ee518643a46f778a31',
+      ],
+    },
+    {
+      field: 'kibana.alert.rule.building_block_type',
+      value: ['default'],
+    },
+    {
+      field: 'process.name.text',
+      value: ['traefik'],
+    },
+    {
+      field: 'kibana.alert.rule.description',
+      value: ['Custom Rule'],
+    },
+    {
+      field: 'kibana.alert.rule.producer',
+      value: ['siem'],
+    },
+    {
+      field: 'kibana.alert.rule.to',
+      value: ['now'],
+    },
+    {
+      field: 'signal.rule.id',
+      value: ['023a0260-e348-11ed-bd43-632e972150d6'],
+    },
+    {
+      field: 'system.audit.socket.uid',
+      value: [1018],
+    },
+    {
+      field: 'signal.rule.risk_score',
+      value: [21],
+    },
+    {
+      field: 'signal.reason',
+      value: [
+        'network event with process traefik, source 35.226.77.71:56296, destination 10.200.0.46:9200, by traefik on bastion00.siem.estc.dev created low alert Custom Rule.',
+      ],
+    },
+    {
+      field: 'process.created',
+      value: ['2022-01-31T13:14:05.210Z'],
+    },
+    {
+      field: 'user.risk.calculated_score_norm',
+      value: [31.238997],
+    },
+    {
+      field: 'host.os.name',
+      value: ['Debian GNU/Linux'],
+    },
+    {
+      field: 'signal.status',
+      value: ['open'],
+    },
+    {
+      field: 'client.as.organization.name.text',
+      value: ['GOOGLE-CLOUD-PLATFORM'],
+    },
+    {
+      field: 'flow.final',
+      value: [true],
+    },
+    {
+      field: 'kibana.alert.rule.uuid',
+      value: ['023a0260-e348-11ed-bd43-632e972150d6'],
+    },
+    {
+      field: 'kibana.alert.original_event.category',
+      value: ['network'],
+    },
+    {
+      field: 'client.ip',
+      value: ['35.226.77.71'],
+    },
+    {
+      field: 'process.name',
+      value: ['traefik'],
+    },
+    {
+      field: 'client.as.number',
+      value: [396982],
+    },
+    {
+      field: 'kibana.alert.ancestors.index',
+      value: ['.ds-auditbeat-8.5.0-2022.10.03-000001', 'auditbeat-bulk'],
+    },
+    {
+      field: 'agent.version',
+      value: ['8.5.0'],
+    },
+    {
+      field: 'host.os.family',
+      value: ['debian'],
+    },
+    {
+      field: 'kibana.alert.rule.from',
+      value: ['now-6000000300s'],
+    },
+    {
+      field: 'kibana.alert.rule.parameters',
+      value: [
+        {
+          description: 'Custom Rule',
+          risk_score: 21,
+          severity: 'low',
+          building_block_type: 'default',
+          license: '',
+          meta: {
+            from: '100000000m',
+            kibana_siem_app_url: 'http://localhost:5601/app/security',
+          },
+          author: [],
+          false_positives: [],
+          from: 'now-6000000300s',
+          rule_id: 'caf0db0c-c7e2-455e-89b8-6b0d73619ae5',
+          max_signals: 100,
+          risk_score_mapping: [],
+          severity_mapping: [],
+          threat: [],
+          to: 'now',
+          references: [],
+          version: 1,
+          exceptions_list: [],
+          immutable: false,
+          related_integrations: [],
+          required_fields: [],
+          setup: '',
+          type: 'query',
+          language: 'kuery',
+          index: [
+            'apm-*-transaction*',
+            'auditbeat-*',
+            'endgame-*',
+            'filebeat-*',
+            'logs-*',
+            'packetbeat-*',
+            'traces-apm*',
+            'winlogbeat-*',
+            '-*elastic-cloud-logs-*',
+          ],
+          query: '*',
+          filters: [],
+        },
+      ],
+    },
+    {
+      field: 'signal.original_event.kind',
+      value: ['signal'],
+    },
+    {
+      field: 'client.packets',
+      value: [10],
+    },
+    {
+      field: 'group.id',
+      value: ['1019'],
+    },
+    {
+      field: 'signal.depth',
+      value: [2],
+    },
+    {
+      field: 'kibana.alert.original_event.start',
+      value: ['2022-10-14T14:00:23.649Z'],
+    },
+    {
+      field: 'signal.rule.immutable',
+      value: ['false'],
+    },
+    {
+      field: 'signal.rule.name',
+      value: ['Custom Rule'],
+    },
+    {
+      field: 'event.module',
+      value: ['system'],
+    },
+    {
+      field: 'host.os.kernel',
+      value: ['4.19.0-17-cloud-amd64'],
+    },
+    {
+      field: 'kibana.alert.rule.license',
+      value: [''],
+    },
+    {
+      field: 'kibana.alert.original_event.kind',
+      value: ['signal'],
+    },
+    {
+      field: 'network.type',
+      value: ['ipv4'],
+    },
+    {
+      field: 'source.as.organization.name.text',
+      value: ['GOOGLE-CLOUD-PLATFORM'],
+    },
+    {
+      field: 'signal.rule.description',
+      value: ['Custom Rule'],
+    },
+    {
+      field: 'source.geo.continent_name',
+      value: ['North America'],
+    },
+    {
+      field: 'source.as.organization.name',
+      value: ['GOOGLE-CLOUD-PLATFORM'],
+    },
+    {
+      field: 'process.args',
+      value: ['/usr/local/bin/traefik', '--configfile=/etc/traefik/traefik.yml'],
+    },
+    {
+      field: 'client.bytes',
+      value: [1495],
+    },
+    {
+      field: 'kibana.space_ids',
+      value: ['default'],
+    },
+    {
+      field: 'flow.complete',
+      value: [true],
+    },
+    {
+      field: 'kibana.alert.severity',
+      value: ['low'],
+    },
+    {
+      field: 'signal.ancestors.depth',
+      value: [0, 1],
+    },
+    {
+      field: 'event.category',
+      value: ['network'],
+    },
+    {
+      field: 'host.risk.calculated_score_norm',
+      value: [17.08461],
+    },
+    {
+      field: 'client.geo.country_iso_code',
+      value: ['US'],
+    },
+    {
+      field: 'kibana.alert.ancestors.depth',
+      value: [0, 1],
+    },
+    {
+      field: 'source.ip',
+      value: ['35.226.77.71'],
+    },
+    {
+      field: 'agent.name',
+      value: ['bastion00.siem.estc.dev'],
+    },
+    {
+      field: 'network.community_id',
+      value: ['1:IjFQUo1K34NyjD8pxAitVL9mqdw='],
+    },
+    {
+      field: 'system.audit.socket.euid',
+      value: [1018],
+    },
+    {
+      field: 'group.name',
+      value: ['traefik'],
+    },
+    {
+      field: 'source.packets',
+      value: [10],
+    },
+    {
+      field: 'user.id',
+      value: ['1018'],
+    },
+    {
+      field: 'system.audit.socket.gid',
+      value: [1019],
+    },
+    {
+      field: 'related.user',
+      value: ['traefik'],
+    },
+    {
+      field: 'host.architecture',
+      value: ['x86_64'],
+    },
+    {
+      field: 'kibana.alert.start',
+      value: ['2023-04-25T09:03:15.535Z'],
+    },
+    {
+      field: 'cloud.provider',
+      value: ['gcp'],
+    },
+    {
+      field: 'cloud.machine.type',
+      value: ['e2-small'],
+    },
+    {
+      field: 'kibana.alert.original_event.type',
+      value: ['info', 'connection'],
+    },
+    {
+      field: 'signal.original_event.module',
+      value: ['system'],
+    },
+    {
+      field: 'agent.id',
+      value: ['bb1e5c8f-10ba-48b0-bee1-da60886ba59c'],
+    },
+    {
+      field: 'signal.rule.from',
+      value: ['now-6000000300s'],
+    },
+    {
+      field: 'kibana.alert.rule.enabled',
+      value: ['true'],
+    },
+    {
+      field: 'signal.original_event.start',
+      value: ['2022-10-14T14:00:23.649Z'],
+    },
+    {
+      field: 'event.start',
+      value: ['2022-10-14T14:00:23.649Z'],
+    },
+    {
+      field: 'kibana.alert.ancestors.type',
+      value: ['event', 'signal'],
+    },
+    {
+      field: 'destination.port',
+      value: [9200],
+    },
+    {
+      field: 'user.name',
+      value: ['traefik'],
+    },
+    {
+      field: 'signal.ancestors.index',
+      value: ['.ds-auditbeat-8.5.0-2022.10.03-000001', 'auditbeat-bulk'],
+    },
+    {
+      field: 'destination.packets',
+      value: [9],
+    },
+    {
+      field: 'kibana.alert.original_event.duration',
+      value: ['647874250'],
+    },
+    {
+      field: 'cloud.instance.id',
+      value: ['2730026390719231438'],
+    },
+    {
+      field: 'client.geo.region_name',
+      value: ['Iowa'],
+    },
+    {
+      field: 'signal.original_event.type',
+      value: ['info', 'connection'],
+    },
+    {
+      field: 'kibana.alert.rule.max_signals',
+      value: [100],
+    },
+    {
+      field: 'kibana.alert.rule.risk_score',
+      value: [21],
+    },
+    {
+      field: 'host.os.codename',
+      value: ['buster'],
+    },
+    {
+      field: 'signal.original_event.dataset',
+      value: ['socket'],
+    },
+    {
+      field: 'kibana.alert.rule.consumer',
+      value: ['siem'],
+    },
+    {
+      field: 'destination.ip',
+      value: ['10.200.0.46'],
+    },
+    {
+      field: 'kibana.alert.rule.category',
+      value: ['Custom Query Rule'],
+    },
+    {
+      field: 'event.duration',
+      value: [647874250],
+    },
+    {
+      field: 'event.action',
+      value: ['exec'],
+    },
+    {
+      field: '@timestamp',
+      value: ['2023-04-25T09:03:15.516Z'],
+    },
+    {
+      field: 'kibana.alert.original_event.action',
+      value: ['exec'],
+    },
+    {
+      field: 'host.risk.calculated_level',
+      value: ['Unknown'],
+    },
+    {
+      field: 'agent.ephemeral_id',
+      value: ['71eae441-3269-4828-9496-99a6fd42cb91'],
+    },
+    {
+      field: 'kibana.alert.rule.execution.uuid',
+      value: ['3e763264-9eab-4c6b-98e8-d51367491275'],
+    },
+    {
+      field: 'kibana.alert.uuid',
+      value: ['7d3194c7158fb9edb10541ccdd81f8c2b9c9d3c50b82c14457c959a2fcbcb22a'],
+    },
+    {
+      field: 'kibana.alert.rule.meta.kibana_siem_app_url',
+      value: ['http://localhost:5601/app/security'],
+    },
+    {
+      field: 'signal.rule.license',
+      value: [''],
+    },
+    {
+      field: 'kibana.alert.rule.rule_id',
+      value: ['caf0db0c-c7e2-455e-89b8-6b0d73619ae5'],
+    },
+    {
+      field: 'kibana.alert.ancestors.rule',
+      value: ['532e0020-4a0c-11ed-9aa3-574e520c127d'],
+    },
+    {
+      field: 'cloud.project.id',
+      value: ['elastic-siem'],
+    },
+    {
+      field: 'signal.rule.type',
+      value: ['query'],
+    },
+    {
+      field: 'server.ip',
+      value: ['10.200.0.46'],
+    },
+    {
+      field: 'user.risk.calculated_level',
+      value: ['Low'],
+    },
+    {
+      field: 'kibana.alert.url',
+      value: [
+        'http://localhost:5601/app/security/alerts/redirect/7d3194c7158fb9edb10541ccdd81f8c2b9c9d3c50b82c14457c959a2fcbcb22a?index=.alerts-security.alerts-default&timestamp=2023-04-25T09:03:15.516Z',
+      ],
+    },
+    {
+      field: 'kibana.alert.building_block_type',
+      value: ['default'],
+    },
+    {
+      field: 'process.pid',
+      value: [31349],
+    },
+    {
+      field: 'system.audit.socket.egid',
+      value: [1019],
+    },
+    {
+      field: 'signal.rule.interval',
+      value: ['5m'],
+    },
+    {
+      field: 'cloud.availability_zone',
+      value: ['us-central1-c'],
+    },
+    {
+      field: 'signal.rule.created_by',
+      value: ['elastic'],
+    },
+    {
+      field: 'kibana.alert.rule.created_by',
+      value: ['elastic'],
+    },
+    {
+      field: 'system.audit.socket.kernel_sock_address',
+      value: ['0xffff97d5d9608900'],
+    },
+    {
+      field: 'kibana.alert.rule.name',
+      value: ['Custom Rule'],
+    },
+    {
+      field: 'client.as.organization.name',
+      value: ['GOOGLE-CLOUD-PLATFORM'],
+    },
+    {
+      field: 'host.name',
+      value: ['bastion00.siem.estc.dev'],
+    },
+    {
+      field: 'client.geo.country_name',
+      value: ['United States'],
+    },
+    {
+      field: 'source.geo.region_iso_code',
+      value: ['US-IA'],
+    },
+    {
+      field: 'event.kind',
+      value: ['signal'],
+    },
+    {
+      field: 'signal.rule.created_at',
+      value: ['2023-04-25T09:03:13.384Z'],
+    },
+    {
+      field: 'kibana.alert.workflow_status',
+      value: ['open'],
+    },
+    {
+      field: 'network.packets',
+      value: [19],
+    },
+    {
+      field: 'kibana.alert.reason',
+      value: [
+        'network event with process traefik, source 35.226.77.71:56296, destination 10.200.0.46:9200, by traefik on bastion00.siem.estc.dev created low alert Custom Rule.',
+      ],
+    },
+    {
+      field: 'signal.ancestors.id',
+      value: [
+        '4z_L1oMBiIcG4Y9J2nxd',
+        '75e2a3903daac549c05eb3aebe90b3ef6d1921b74c4870ee518643a46f778a31',
+      ],
+    },
+    {
+      field: 'signal.original_time',
+      value: ['2022-10-27T12:24:19.714Z'],
+    },
+    {
+      field: 'cloud.service.name',
+      value: ['GCE'],
+    },
+    {
+      field: 'ecs.version',
+      value: ['8.0.0'],
+    },
+    {
+      field: 'signal.rule.severity',
+      value: ['low'],
+    },
+    {
+      field: 'kibana.alert.depth',
+      value: [2],
+    },
+    {
+      field: 'kibana.alert.rule.revision',
+      value: [0],
+    },
+    {
+      field: 'signal.rule.version',
+      value: ['1'],
+    },
+    {
+      field: 'client.geo.continent_name',
+      value: ['North America'],
+    },
+    {
+      field: 'server.bytes',
+      value: [6564],
+    },
+    {
+      field: 'kibana.alert.status',
+      value: ['active'],
+    },
+    {
+      field: 'kibana.alert.last_detected',
+      value: ['2023-04-25T09:03:15.535Z'],
+    },
+    {
+      field: 'kibana.alert.original_event.dataset',
+      value: ['socket'],
+    },
+    {
+      field: 'kibana.alert.rule.rule_type_id',
+      value: ['siem.queryRule'],
+    },
+    {
+      field: 'signal.rule.rule_id',
+      value: ['caf0db0c-c7e2-455e-89b8-6b0d73619ae5'],
+    },
+    {
+      field: 'source.geo.country_iso_code',
+      value: ['US'],
+    },
+    {
+      field: 'network.bytes',
+      value: [8059],
+    },
+    {
+      field: 'network.direction',
+      value: ['ingress'],
+    },
+    {
+      field: 'process.executable',
+      value: ['/usr/local/bin/traefik'],
+    },
+    {
+      field: 'source.bytes',
+      value: [1495],
+    },
+    {
+      field: 'client.geo.city_name',
+      value: ['Council Bluffs'],
+    },
+    {
+      field: 'client.geo.region_iso_code',
+      value: ['US-IA'],
+    },
+    {
+      field: 'kibana.alert.rule.updated_at',
+      value: ['2023-04-25T09:03:13.384Z'],
+    },
+    {
+      field: 'server.packets',
+      value: [9],
+    },
+    {
+      field: 'network.transport',
+      value: ['tcp'],
+    },
+    {
+      field: 'signal.original_event.action',
+      value: ['exec'],
+    },
+    {
+      field: 'kibana.alert.rule.created_at',
+      value: ['2023-04-25T09:03:13.384Z'],
+    },
+    {
+      field: 'signal.rule.to',
+      value: ['now'],
+    },
+    {
+      field: 'event.type',
+      value: ['info', 'connection'],
+    },
+    {
+      field: 'process.entry_leader.entity_id',
+      value: ['some99'],
+    },
+    {
+      field: 'source.geo.country_name',
+      value: ['United States'],
+    },
+    {
+      field: 'kibana.alert.rule.meta.from',
+      value: ['100000000m'],
+    },
+    {
+      field: 'event.dataset',
+      value: ['socket'],
+    },
+    {
+      field: 'kibana.alert.original_time',
+      value: ['2022-10-27T12:24:19.714Z'],
+    },
+    {
+      field: '_id',
+      value: '7d3194c7158fb9edb10541ccdd81f8c2b9c9d3c50b82c14457c959a2fcbcb22a',
+    },
+    {
+      field: '_index',
+      value: '.internal.alerts-security.alerts-default-000001',
+    },
+  ],
+  [
+    {
+      field: 'kibana.alert.severity',
+      value: ['low'],
+    },
+    {
+      field: 'host.os.full.text',
+      value: ['Windows Server 2019 Datacenter 1809 (10.0.17763.3406)'],
+    },
+    {
+      field: 'kibana.alert.rule.updated_by',
+      value: ['elastic'],
+    },
+    {
+      field: 'signal.ancestors.depth',
+      value: [0, 1],
+    },
+    {
+      field: 'event.category',
+      value: ['file'],
+    },
+    {
+      field: 'host.risk.calculated_score_norm',
+      value: [31.092354],
+    },
+    {
+      field: 'host.os.name.text',
+      value: ['Windows'],
+    },
+    {
+      field: 'process.parent.pid',
+      value: [652],
+    },
+    {
+      field: 'host.hostname',
+      value: ['siem-windows-endpoint'],
+    },
+    {
+      field: 'signal.original_event.created',
+      value: ['2022-10-14T14:00:27.258Z'],
+    },
+    {
+      field: 'host.mac',
+      value: ['42:01:0a:c8:00:df'],
+    },
+    {
+      field: 'process.code_signature.exists',
+      value: [true],
+    },
+    {
+      field: 'elastic.agent.id',
+      value: ['2ea4b363-6a3f-449e-9d4e-c73ccf28f693'],
+    },
+    {
+      field: 'kibana.alert.ancestors.depth',
+      value: [0, 1],
+    },
+    {
+      field: 'signal.rule.enabled',
+      value: ['true'],
+    },
+    {
+      field: 'host.os.version',
+      value: ['1809 (10.0.17763.3406)'],
+    },
+    {
+      field: 'signal.rule.max_signals',
+      value: [100],
+    },
+    {
+      field: 'signal.rule.updated_at',
+      value: ['2023-04-25T09:03:13.384Z'],
+    },
+    {
+      field: 'kibana.alert.risk_score',
+      value: [21],
+    },
+    {
+      field: 'event.agent_id_status',
+      value: ['verified'],
+    },
+    {
+      field: 'kibana.alert.original_event.id',
+      value: ['MnfiZLkz1DywMGBf++++9ApC'],
+    },
+    {
+      field: 'file.path.text',
+      value: ['C:\\ProgramData\\winlogbeat\\.winlogbeat.yml.new'],
+    },
+    {
+      field: 'host.os.type',
+      value: ['windows'],
+    },
+    {
+      field: 'user.id',
+      value: ['S-1-5-18'],
+    },
+    {
+      field: 'process.Ext.ancestry',
+      value: [
+        'MmVhNGIzNjMtNmEzZi00NDllLTlkNGUtYzczY2NmMjhmNjkzLTY1Mi0xNjY0ODA2NTI4Ljc4NTg5NTAw',
+        'MmVhNGIzNjMtNmEzZi00NDllLTlkNGUtYzczY2NmMjhmNjkzLTUzNi0xNjY0ODA2NTI3LjEwNDI2NTQwMA==',
+      ],
+    },
+    {
+      field: 'kibana.alert.original_event.module',
+      value: ['endpoint'],
+    },
+    {
+      field: 'kibana.alert.rule.interval',
+      value: ['5m'],
+    },
+    {
+      field: 'kibana.alert.rule.type',
+      value: ['query'],
+    },
+    {
+      field: 'signal.original_event.sequence',
+      value: [940441],
+    },
+    {
+      field: 'host.architecture',
+      value: ['x86_64'],
+    },
+    {
+      field: 'kibana.alert.start',
+      value: ['2023-04-25T09:03:15.535Z'],
+    },
+    {
+      field: 'kibana.alert.rule.immutable',
+      value: ['false'],
+    },
+    {
+      field: 'process.Ext.code_signature.status',
+      value: ['trusted'],
+    },
+    {
+      field: 'kibana.alert.original_event.type',
+      value: ['creation'],
+    },
+    {
+      field: 'signal.original_event.module',
+      value: ['endpoint'],
+    },
+    {
+      field: 'agent.id',
+      value: ['2ea4b363-6a3f-449e-9d4e-c73ccf28f693'],
+    },
+    {
+      field: 'signal.rule.from',
+      value: ['now-6000000300s'],
+    },
+    {
+      field: 'kibana.alert.rule.enabled',
+      value: ['true'],
+    },
+    {
+      field: 'kibana.alert.rule.version',
+      value: ['1'],
+    },
+    {
+      field: 'kibana.alert.ancestors.type',
+      value: ['event', 'signal'],
+    },
+    {
+      field: 'file.Ext.windows.zone_identifier',
+      value: [-1],
+    },
+    {
+      field: 'user.name',
+      value: ['SYSTEM'],
+    },
+    {
+      field: 'signal.ancestors.index',
+      value: ['.ds-logs-endpoint.events.file-default-2022.10.08-000003', 'auditbeat-bulk'],
+    },
+    {
+      field: 'process.entity_id',
+      value: [
+        'MmVhNGIzNjMtNmEzZi00NDllLTlkNGUtYzczY2NmMjhmNjkzLTE3MDQtMTY2NDgwNjcwNi4yODUzODk4MDA=',
+      ],
+    },
+    {
+      field: 'host.ip',
+      value: ['10.200.0.223', 'fe80::eda9:848c:24ae:431d', '127.0.0.1', '::1'],
+    },
+    {
+      field: 'agent.type',
+      value: ['endpoint'],
+    },
+    {
+      field: 'signal.original_event.category',
+      value: ['file'],
+    },
+    {
+      field: 'process.executable.text',
+      value: ['C:\\Program Files\\Winlogbeat\\winlogbeat.exe'],
+    },
+    {
+      field: 'signal.original_event.id',
+      value: ['MnfiZLkz1DywMGBf++++9ApC'],
+    },
+    {
+      field: 'user.domain',
+      value: ['NT AUTHORITY'],
+    },
+    {
+      field: 'host.id',
+      value: ['526e76a2-1c82-4245-a179-4fcde1e608fc'],
+    },
+    {
+      field: 'process.Ext.code_signature.subject_name',
+      value: ['Elasticsearch, Inc.'],
+    },
+    {
+      field: 'timestamp',
+      value: [1666873459714],
+    },
+    {
+      field: 'signal.original_event.type',
+      value: ['creation'],
+    },
+    {
+      field: 'kibana.alert.rule.max_signals',
+      value: [100],
+    },
+    {
+      field: 'kibana.alert.rule.risk_score',
+      value: [21],
+    },
+    {
+      field: 'file.name',
+      value: ['.winlogbeat.yml.new'],
+    },
+    {
+      field: 'signal.rule.building_block_type',
+      value: ['default'],
+    },
+    {
+      field: 'process.code_signature.status',
+      value: ['trusted'],
+    },
+    {
+      field: 'signal.original_event.dataset',
+      value: ['endpoint.events.file'],
+    },
+    {
+      field: 'kibana.alert.rule.consumer',
+      value: ['siem'],
+    },
+    {
+      field: 'kibana.alert.rule.indices',
+      value: [
+        'apm-*-transaction*',
+        'auditbeat-*',
+        'endgame-*',
+        'filebeat-*',
+        'logs-*',
+        'packetbeat-*',
+        'traces-apm*',
+        'winlogbeat-*',
+        '-*elastic-cloud-logs-*',
+      ],
+    },
+    {
+      field: 'kibana.alert.rule.category',
+      value: ['Custom Query Rule'],
+    },
+    {
+      field: 'host.os.Ext.variant',
+      value: ['Windows Server 2019 Datacenter'],
+    },
+    {
+      field: 'event.action',
+      value: ['exec'],
+    },
+    {
+      field: 'event.ingested',
+      value: ['2022-10-14T14:00:50.000Z'],
+    },
+    {
+      field: '@timestamp',
+      value: ['2023-04-25T09:03:15.515Z'],
+    },
+    {
+      field: 'kibana.alert.original_event.action',
+      value: ['exec'],
+    },
+    {
+      field: 'signal.rule.updated_by',
+      value: ['elastic'],
+    },
+    {
+      field: 'host.os.platform',
+      value: ['windows'],
+    },
+    {
+      field: 'kibana.alert.rule.severity',
+      value: ['low'],
+    },
+    {
+      field: 'kibana.alert.original_event.agent_id_status',
+      value: ['verified'],
+    },
+    {
+      field: 'data_stream.dataset',
+      value: ['endpoint.events.file'],
+    },
+    {
+      field: 'host.risk.calculated_level',
+      value: ['Low'],
+    },
+    {
+      field: 'kibana.alert.rule.execution.uuid',
+      value: ['3e763264-9eab-4c6b-98e8-d51367491275'],
+    },
+    {
+      field: 'kibana.alert.uuid',
+      value: ['1066d5c3675d7eef4b9e84af64e795be39d1896ec791049eb87a39eb9675a2aa'],
+    },
+    {
+      field: 'kibana.alert.rule.meta.kibana_siem_app_url',
+      value: ['http://localhost:5601/app/security'],
+    },
+    {
+      field: 'kibana.version',
+      value: ['8.8.0'],
+    },
+    {
+      field: 'event.id',
+      value: ['MnfiZLkz1DywMGBf++++9ApC'],
+    },
+    {
+      field: 'signal.rule.license',
+      value: [''],
+    },
+    {
+      field: 'signal.ancestors.type',
+      value: ['event', 'signal'],
+    },
+    {
+      field: 'kibana.alert.rule.rule_id',
+      value: ['caf0db0c-c7e2-455e-89b8-6b0d73619ae5'],
+    },
+    {
+      field: 'kibana.alert.ancestors.rule',
+      value: ['532e0020-4a0c-11ed-9aa3-574e520c127d'],
+    },
+    {
+      field: 'user.name.text',
+      value: ['SYSTEM'],
+    },
+    {
+      field: 'file.path',
+      value: ['C:\\ProgramData\\winlogbeat\\.winlogbeat.yml.new'],
+    },
+    {
+      field: 'signal.rule.type',
+      value: ['query'],
+    },
+    {
+      field: 'kibana.alert.ancestors.id',
+      value: [
+        'cyjM1oMBw7Pvz6uQMxM4',
+        'd46d9fecad3a03741575f552c994ec9c9e5d1089557d49d125255bcd8d863a99',
+      ],
+    },
+    {
+      field: 'kibana.alert.rule.building_block_type',
+      value: ['default'],
+    },
+    {
+      field: 'process.name.text',
+      value: ['winlogbeat.exe'],
+    },
+    {
+      field: 'host.os.full',
+      value: ['Windows Server 2019 Datacenter 1809 (10.0.17763.3406)'],
+    },
+    {
+      field: 'user.risk.calculated_level',
+      value: ['High'],
+    },
+    {
+      field: 'kibana.alert.url',
+      value: [
+        'http://localhost:5601/app/security/alerts/redirect/1066d5c3675d7eef4b9e84af64e795be39d1896ec791049eb87a39eb9675a2aa?index=.alerts-security.alerts-default&timestamp=2023-04-25T09:03:15.515Z',
+      ],
+    },
+    {
+      field: 'kibana.alert.rule.description',
+      value: ['Custom Rule'],
+    },
+    {
+      field: 'kibana.alert.building_block_type',
+      value: ['default'],
+    },
+    {
+      field: 'process.pid',
+      value: [1704],
+    },
+    {
+      field: 'kibana.alert.rule.producer',
+      value: ['siem'],
+    },
+    {
+      field: 'signal.rule.interval',
+      value: ['5m'],
+    },
+    {
+      field: 'signal.rule.created_by',
+      value: ['elastic'],
+    },
+    {
+      field: 'kibana.alert.rule.to',
+      value: ['now'],
+    },
+    {
+      field: 'kibana.alert.rule.created_by',
+      value: ['elastic'],
+    },
+    {
+      field: 'kibana.alert.original_event.ingested',
+      value: ['2022-10-14T14:00:50.000Z'],
+    },
+    {
+      field: 'signal.rule.id',
+      value: ['023a0260-e348-11ed-bd43-632e972150d6'],
+    },
+    {
+      field: 'process.code_signature.subject_name',
+      value: ['Elasticsearch, Inc.'],
+    },
+    {
+      field: 'signal.rule.risk_score',
+      value: [21],
+    },
+    {
+      field: 'signal.reason',
+      value: [
+        'file event with process winlogbeat.exe, file .winlogbeat.yml.new, by SYSTEM on siem-windows-endpoint created low alert Custom Rule.',
+      ],
+    },
+    {
+      field: 'user.risk.calculated_score_norm',
+      value: [75.22127],
+    },
+    {
+      field: 'host.os.name',
+      value: ['Windows'],
+    },
+    {
+      field: 'kibana.alert.rule.name',
+      value: ['Custom Rule'],
+    },
+    {
+      field: 'host.name',
+      value: ['siem-windows-endpoint'],
+    },
+    {
+      field: 'signal.status',
+      value: ['open'],
+    },
+    {
+      field: 'event.kind',
+      value: ['signal'],
+    },
+    {
+      field: 'process.code_signature.trusted',
+      value: [true],
+    },
+    {
+      field: 'signal.rule.created_at',
+      value: ['2023-04-25T09:03:13.384Z'],
+    },
+    {
+      field: 'kibana.alert.workflow_status',
+      value: ['open'],
+    },
+    {
+      field: 'kibana.alert.original_event.created',
+      value: ['2022-10-14T14:00:27.258Z'],
+    },
+    {
+      field: 'kibana.alert.rule.uuid',
+      value: ['023a0260-e348-11ed-bd43-632e972150d6'],
+    },
+    {
+      field: 'kibana.alert.original_event.category',
+      value: ['file'],
+    },
+    {
+      field: 'kibana.alert.reason',
+      value: [
+        'file event with process winlogbeat.exe, file .winlogbeat.yml.new, by SYSTEM on siem-windows-endpoint created low alert Custom Rule.',
+      ],
+    },
+    {
+      field: 'data_stream.type',
+      value: ['logs'],
+    },
+    {
+      field: 'signal.ancestors.id',
+      value: [
+        'cyjM1oMBw7Pvz6uQMxM4',
+        'd46d9fecad3a03741575f552c994ec9c9e5d1089557d49d125255bcd8d863a99',
+      ],
+    },
+    {
+      field: 'signal.original_time',
+      value: ['2022-10-27T12:24:19.714Z'],
+    },
+    {
+      field: 'process.name',
+      value: ['winlogbeat.exe'],
+    },
+    {
+      field: 'file.Ext.header_bytes',
+      value: ['7570646174655f74696d653a20323032'],
+    },
+    {
+      field: 'ecs.version',
+      value: ['1.11.0'],
+    },
+    {
+      field: 'signal.rule.severity',
+      value: ['low'],
+    },
+    {
+      field: 'kibana.alert.ancestors.index',
+      value: ['.ds-logs-endpoint.events.file-default-2022.10.08-000003', 'auditbeat-bulk'],
+    },
+    {
+      field: 'event.created',
+      value: ['2022-10-14T14:00:27.258Z'],
+    },
+    {
+      field: 'process.Ext.code_signature.trusted',
+      value: [true],
+    },
+    {
+      field: 'file.extension',
+      value: ['new'],
+    },
+    {
+      field: 'agent.version',
+      value: ['8.5.0-SNAPSHOT'],
+    },
+    {
+      field: 'kibana.alert.depth',
+      value: [2],
+    },
+    {
+      field: 'process.thread.id',
+      value: [4100],
+    },
+    {
+      field: 'host.os.family',
+      value: ['windows'],
+    },
+    {
+      field: 'kibana.alert.rule.from',
+      value: ['now-6000000300s'],
+    },
+    {
+      field: 'kibana.alert.rule.revision',
+      value: [0],
+    },
+    {
+      field: 'kibana.alert.rule.parameters',
+      value: [
+        {
+          description: 'Custom Rule',
+          risk_score: 21,
+          severity: 'low',
+          building_block_type: 'default',
+          license: '',
+          meta: {
+            from: '100000000m',
+            kibana_siem_app_url: 'http://localhost:5601/app/security',
+          },
+          author: [],
+          false_positives: [],
+          from: 'now-6000000300s',
+          rule_id: 'caf0db0c-c7e2-455e-89b8-6b0d73619ae5',
+          max_signals: 100,
+          risk_score_mapping: [],
+          severity_mapping: [],
+          threat: [],
+          to: 'now',
+          references: [],
+          version: 1,
+          exceptions_list: [],
+          immutable: false,
+          related_integrations: [],
+          required_fields: [],
+          setup: '',
+          type: 'query',
+          language: 'kuery',
+          index: [
+            'apm-*-transaction*',
+            'auditbeat-*',
+            'endgame-*',
+            'filebeat-*',
+            'logs-*',
+            'packetbeat-*',
+            'traces-apm*',
+            'winlogbeat-*',
+            '-*elastic-cloud-logs-*',
+          ],
+          query: '*',
+          filters: [],
+        },
+      ],
+    },
+    {
+      field: 'signal.rule.version',
+      value: ['1'],
+    },
+    {
+      field: 'signal.original_event.kind',
+      value: ['signal'],
+    },
+    {
+      field: 'file.Ext.monotonic_id',
+      value: [157727],
+    },
+    {
+      field: 'kibana.alert.status',
+      value: ['active'],
+    },
+    {
+      field: 'kibana.alert.last_detected',
+      value: ['2023-04-25T09:03:15.535Z'],
+    },
+    {
+      field: 'kibana.alert.original_event.dataset',
+      value: ['endpoint.events.file'],
+    },
+    {
+      field: 'signal.depth',
+      value: [2],
+    },
+    {
+      field: 'signal.rule.immutable',
+      value: ['false'],
+    },
+    {
+      field: 'event.sequence',
+      value: [940441],
+    },
+    {
+      field: 'kibana.alert.rule.rule_type_id',
+      value: ['siem.queryRule'],
+    },
+    {
+      field: 'signal.rule.name',
+      value: ['Custom Rule'],
+    },
+    {
+      field: 'signal.rule.rule_id',
+      value: ['caf0db0c-c7e2-455e-89b8-6b0d73619ae5'],
+    },
+    {
+      field: 'event.module',
+      value: ['endpoint'],
+    },
+    {
+      field: 'host.os.kernel',
+      value: ['1809 (10.0.17763.3406)'],
+    },
+    {
+      field: 'kibana.alert.rule.license',
+      value: [''],
+    },
+    {
+      field: 'kibana.alert.original_event.kind',
+      value: ['signal'],
+    },
+    {
+      field: 'process.executable',
+      value: ['C:\\Program Files\\Winlogbeat\\winlogbeat.exe'],
+    },
+    {
+      field: 'file.Ext.entropy',
+      value: [5.273971112252894],
+    },
+    {
+      field: 'signal.rule.description',
+      value: ['Custom Rule'],
+    },
+    {
+      field: 'kibana.alert.rule.updated_at',
+      value: ['2023-04-25T09:03:13.384Z'],
+    },
+    {
+      field: 'data_stream.namespace',
+      value: ['default'],
+    },
+    {
+      field: 'file.size',
+      value: [1408],
+    },
+    {
+      field: 'message',
+      value: ['Endpoint file event'],
+    },
+    {
+      field: 'process.Ext.code_signature.exists',
+      value: [true],
+    },
+    {
+      field: 'kibana.alert.original_event.sequence',
+      value: [940441],
+    },
+    {
+      field: 'signal.original_event.action',
+      value: ['exec'],
+    },
+    {
+      field: 'kibana.alert.rule.created_at',
+      value: ['2023-04-25T09:03:13.384Z'],
+    },
+    {
+      field: 'signal.rule.to',
+      value: ['now'],
+    },
+    {
+      field: 'event.type',
+      value: ['creation'],
+    },
+    {
+      field: 'process.entry_leader.entity_id',
+      value: ['some98'],
+    },
+    {
+      field: 'kibana.space_ids',
+      value: ['default'],
+    },
+    {
+      field: 'kibana.alert.rule.meta.from',
+      value: ['100000000m'],
+    },
+    {
+      field: 'event.dataset',
+      value: ['endpoint.events.file'],
+    },
+    {
+      field: 'kibana.alert.original_time',
+      value: ['2022-10-27T12:24:19.714Z'],
+    },
+    {
+      field: '_id',
+      value: '1066d5c3675d7eef4b9e84af64e795be39d1896ec791049eb87a39eb9675a2aa',
+    },
+    {
+      field: '_index',
+      value: '.internal.alerts-security.alerts-default-000001',
+    },
+  ],
+];
diff --git a/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_cell_actions.test.tsx b/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_cell_actions.test.tsx
new file mode 100644
index 0000000000000..16228ec498358
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/hooks/trigger_actions_alert_table/use_cell_actions.test.tsx
@@ -0,0 +1,148 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  createSecuritySolutionStorageMock,
+  mockGlobalState,
+  SUB_PLUGINS_REDUCER,
+  TestProviders,
+} from '../../../common/mock';
+import { TableId } from '@kbn/securitysolution-data-table';
+import { renderHook } from '@testing-library/react-hooks';
+import { getUseCellActionsHook } from './use_cell_actions';
+import { columns as mockColumns, data as mockData } from './mock/data';
+import type {
+  EuiDataGridColumn,
+  EuiDataGridColumnCellAction,
+  EuiDataGridColumnCellActionProps,
+  EuiDataGridRefProps,
+} from '@elastic/eui';
+import { EuiButtonEmpty } from '@elastic/eui';
+import { render, screen } from '@testing-library/react';
+import type { ComponentProps, JSXElementConstructor, PropsWithChildren } from 'react';
+import React from 'react';
+import { makeAction } from '../../../common/components/cell_actions/mocks';
+import { VIEW_SELECTION } from '../../../../common/constants';
+import { createStore } from '../../../common/store';
+import { createStartServicesMock } from '@kbn/timelines-plugin/public/mock';
+import { BehaviorSubject } from 'rxjs';
+
+const useCellActions = getUseCellActionsHook(TableId.test);
+
+const mockDataGridRef: {
+  current: EuiDataGridRefProps;
+} = {
+  current: {
+    closeCellPopover: jest.fn(),
+    setIsFullScreen: jest.fn(),
+    setFocusedCell: jest.fn(),
+    openCellPopover: jest.fn(),
+  },
+};
+
+const renderCellAction = (
+  columnCellAction: EuiDataGridColumnCellAction,
+  props: Partial<EuiDataGridColumnCellActionProps> = {}
+) => {
+  const CellActions = columnCellAction as JSXElementConstructor<EuiDataGridColumnCellActionProps>;
+  return render(
+    <CellActions
+      Component={EuiButtonEmpty}
+      colIndex={0}
+      rowIndex={0}
+      columnId={''}
+      isExpanded={false}
+      {...props}
+    />
+  );
+};
+
+const compatibleActions = [makeAction('action1')];
+
+const withCustomPropsAndCellActions = (props: ComponentProps<typeof TestProviders>) => {
+  const TestProviderWithCustomProps = (_props: PropsWithChildren<Record<string, unknown>>) => (
+    <TestProviders {...props}> {_props.children}</TestProviders>
+  );
+  TestProviderWithCustomProps.displayName = 'TestProviderWithCustomProps';
+  return TestProviderWithCustomProps;
+};
+
+const TestProviderWithActions = withCustomPropsAndCellActions({ cellActions: compatibleActions });
+
+const mockedStateWithEventRenderedView: typeof mockGlobalState = {
+  ...mockGlobalState,
+  dataTable: {
+    ...mockGlobalState.dataTable,
+    tableById: {
+      ...mockGlobalState.dataTable.tableById,
+      [TableId.test]: {
+        ...mockGlobalState.dataTable.tableById[TableId.test],
+        viewMode: VIEW_SELECTION.eventRenderedView,
+      },
+    },
+  },
+};
+export const kibanaObservable = new BehaviorSubject(createStartServicesMock());
+const { storage } = createSecuritySolutionStorageMock();
+
+const TestProviderWithCustomStateAndActions = withCustomPropsAndCellActions({
+  cellActions: compatibleActions,
+  store: createStore(
+    mockedStateWithEventRenderedView,
+    SUB_PLUGINS_REDUCER,
+    kibanaObservable,
+    storage
+  ),
+});
+
+describe('getUseCellActionsHook', () => {
+  it('should render cell actions correctly for gridView view', async () => {
+    const { result, waitForNextUpdate } = renderHook(
+      () =>
+        useCellActions({
+          columns: mockColumns as unknown as EuiDataGridColumn[],
+          data: mockData,
+          dataGridRef: mockDataGridRef,
+          ecsData: [],
+          pageSize: 10,
+        }),
+      {
+        wrapper: TestProviderWithActions,
+      }
+    );
+
+    await waitForNextUpdate();
+
+    const cellAction = result.current.getCellActions('host.name', 0)[0];
+
+    renderCellAction(cellAction);
+
+    expect(screen.getByTestId('dataGridColumnCellAction-action1')).toBeInTheDocument();
+  });
+
+  it('should not render cell actions correctly for eventRendered view', async () => {
+    const { result, waitForNextUpdate } = renderHook(
+      () =>
+        useCellActions({
+          columns: mockColumns as unknown as EuiDataGridColumn[],
+          data: mockData,
+          dataGridRef: mockDataGridRef,
+          ecsData: [],
+          pageSize: 10,
+        }),
+      {
+        wrapper: TestProviderWithCustomStateAndActions,
+      }
+    );
+
+    const cellAction = result.current.getCellActions('host.name', 0);
+
+    await waitForNextUpdate();
+
+    expect(cellAction).toHaveLength(0);
+  });
+});
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
index 3612beb93102c..0ccc05bac858a 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table.tsx
@@ -40,6 +40,12 @@ const DefaultGridStyle: EuiDataGridStyle = {
   fontSize: 's',
 };
 
+const getCellActionsStub = {
+  getCellActions: () => null,
+  visibleCellActions: undefined,
+  disabledCellActions: [],
+};
+
 const basicRenderCellValue = ({
   data,
   columnId,
@@ -379,7 +385,7 @@ const AlertsTable: React.FunctionComponent<AlertsTableProps> = (props: AlertsTab
         dataGridRef,
         pageSize: pagination.pageSize,
       })
-    : { getCellActions: () => null, visibleCellActions: undefined, disabledCellActions: [] };
+    : getCellActionsStub;
 
   const columnsWithCellActions = useMemo(() => {
     if (getCellActions) {
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
index e9123776a2144..44c560a732b7a 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/alerts_table_state.tsx
@@ -323,13 +323,18 @@ const AlertsTableStateWithQueryProvider = ({
   const CasesContext = casesService?.ui.getCasesContext();
   const isCasesContextAvailable = casesService && CasesContext;
 
+  const memoizedCases = useMemo(
+    () => ({
+      data: cases ?? new Map(),
+      isLoading: isLoadingCases,
+    }),
+    [cases, isLoadingCases]
+  );
+
   const tableProps: AlertsTableProps = useMemo(
     () => ({
       alertsTableConfiguration,
-      cases: {
-        data: cases ?? new Map(),
-        isLoading: isLoadingCases,
-      },
+      cases: memoizedCases,
       columns,
       bulkActions: [],
       deletedEventIds: [],
@@ -362,8 +367,7 @@ const AlertsTableStateWithQueryProvider = ({
     }),
     [
       alertsTableConfiguration,
-      cases,
-      isLoadingCases,
+      memoizedCases,
       columns,
       flyoutSize,
       pagination.pageSize,
diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/hooks/use_columns/use_columns.ts b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/hooks/use_columns/use_columns.ts
index 9caea0dfd26b0..1699a86b78cb6 100644
--- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/hooks/use_columns/use_columns.ts
+++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_table/hooks/use_columns/use_columns.ts
@@ -233,9 +233,13 @@ export const useColumns = ({
     [columns]
   );
 
+  const visibleColumns = useMemo(() => {
+    return getColumnIds(columns);
+  }, [columns]);
+
   return {
     columns,
-    visibleColumns: getColumnIds(columns),
+    visibleColumns,
     isBrowserFieldDataLoading,
     browserFields,
     onColumnsChange: setColumnsAndSave,

From d41da8245e122176912341a274ebe77bc8b60ebf Mon Sep 17 00:00:00 2001
From: Nicolas Chaulet <nicolas.chaulet@elastic.co>
Date: Tue, 2 May 2023 11:23:55 -0400
Subject: [PATCH 3/7] [Fleet] Use react testing libray instead of TestBed
 (#156301)

---
 .../fleet/public/applications/fleet/app.tsx   |   6 +-
 .../components/datastream_pipelines.test.tsx  |   4 -
 .../experimental_datastream_settings.test.tsx |  13 --
 .../components/action_menu.test.tsx           |   6 -
 .../components/search_and_filter_bar.test.tsx |  60 ++----
 .../components/search_and_filter_bar.tsx      |   6 +-
 .../components/table_row_actions.test.tsx     |   6 -
 .../agent_upgrade_modal/hooks.test.tsx        |   7 -
 .../agent_upgrade_modal/index.test.tsx        |   7 -
 .../fleet/sections/agents/index.test.tsx      |   4 +-
 .../download_source_flyout/index.test.tsx     |   7 -
 .../public/applications/integrations/app.tsx  |   5 +-
 ...=> agent_enrollment_flyout.test.mocks.tsx} |  22 ++-
 .../agent_enrollment_flyout.test.tsx          | 174 +++++++-----------
 .../agent_enrollment_flyout/instructions.tsx  |  17 +-
 .../steps/install_managed_agent_step.tsx      |  23 ++-
 .../installation_mode_selection_step.tsx      |   4 +-
 .../components/link_and_revision.test.tsx     |   7 -
 .../fleet/public/hooks/use_fleet_status.tsx   |  26 ++-
 .../public/mock/create_test_renderer.tsx      |  10 +
 x-pack/plugins/fleet/tsconfig.json            |   1 -
 21 files changed, 163 insertions(+), 252 deletions(-)
 rename x-pack/plugins/fleet/public/components/agent_enrollment_flyout/{agent_enrollment_flyout.test.mocks.ts => agent_enrollment_flyout.test.mocks.tsx} (83%)

diff --git a/x-pack/plugins/fleet/public/applications/fleet/app.tsx b/x-pack/plugins/fleet/public/applications/fleet/app.tsx
index d947115861af9..99cf83aee7816 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/app.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/app.tsx
@@ -30,7 +30,7 @@ import type { FleetConfigType, FleetStartServices } from '../../plugin';
 
 import { PackageInstallProvider } from '../integrations/hooks';
 
-import { useAuthz, useFleetStatus, useFlyoutContext } from './hooks';
+import { type FleetStatusProviderProps, useAuthz, useFleetStatus, useFlyoutContext } from './hooks';
 
 import {
   ConfigContext,
@@ -240,6 +240,7 @@ export const FleetAppContext: React.FC<{
   theme$: AppMountParameters['theme$'];
   /** For testing purposes only */
   routerHistory?: History<any>;
+  fleetStatus?: FleetStatusProviderProps;
 }> = memo(
   ({
     children,
@@ -250,6 +251,7 @@ export const FleetAppContext: React.FC<{
     extensions,
     routerHistory,
     theme$,
+    fleetStatus,
   }) => {
     const isDarkMode = useObservable<boolean>(startServices.uiSettings.get$('theme:darkMode'));
 
@@ -265,7 +267,7 @@ export const FleetAppContext: React.FC<{
                       <QueryClientProvider client={queryClient}>
                         <ReactQueryDevtools initialIsOpen={false} />
                         <UIExtensionsContext.Provider value={extensions}>
-                          <FleetStatusProvider>
+                          <FleetStatusProvider defaultFleetStatus={fleetStatus}>
                             <Router history={history}>
                               <PackageInstallProvider
                                 notifications={startServices.notifications}
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/datastream_pipelines.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/datastream_pipelines.test.tsx
index 9caea777a479d..0209c1ad9f2ed 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/datastream_pipelines.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/datastream_pipelines.test.tsx
@@ -17,10 +17,6 @@ const mockedUseGetPipeline = useGetPipeline as jest.MockedFunction<typeof useGet
 jest.mock('../../../../hooks', () => {
   return {
     ...jest.requireActual('../../../../hooks'),
-    FleetStatusProvider: (props: any) => {
-      return props.children;
-    },
-    useFleetStatus: jest.fn().mockReturnValue({ isReady: true } as any),
     useGetPipeline: jest.fn(),
   };
 });
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/components/experimental_datastream_settings.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/components/experimental_datastream_settings.test.tsx
index 2981e3cbca901..0b5cdc0f6ad91 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/components/experimental_datastream_settings.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/steps/components/experimental_datastream_settings.test.tsx
@@ -14,19 +14,6 @@ import type { RegistryDataStream } from '../../../../../../../../../common/types
 
 import { ExperimentDatastreamSettings } from './experimental_datastream_settings';
 
-jest.mock('../../../../../../../../hooks', () => {
-  return {
-    ...jest.requireActual('../../../../../../../../hooks'),
-    FleetStatusProvider: (props: any) => {
-      return props.children;
-    },
-    useFleetStatus: jest.fn().mockReturnValue({ isReady: true } as any),
-    sendGetStatus: jest
-      .fn()
-      .mockResolvedValue({ data: { isReady: true, missing_requirements: [] } }),
-  };
-});
-
 describe('ExperimentDatastreamSettings', () => {
   describe('Synthetic source', () => {
     it('should be enabled an not checked by default', () => {
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/action_menu.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/action_menu.test.tsx
index c88b2c0aedcad..094e3b820ab9b 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/action_menu.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_details_page/components/action_menu.test.tsx
@@ -15,12 +15,6 @@ import { useAuthz } from '../../../../../../hooks/use_authz';
 
 import { AgentDetailsActionMenu } from './actions_menu';
 
-jest.mock('../../../../../../hooks/use_fleet_status', () => ({
-  FleetStatusProvider: (props: any) => {
-    return props.children;
-  },
-}));
-
 jest.mock('../../../../../../services/experimental_features');
 jest.mock('../../../../../../hooks/use_authz');
 
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.test.tsx
index 9af04b04761a6..5e1e8f773dedb 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.test.tsx
@@ -7,29 +7,12 @@
 
 import React from 'react';
 
-import { ThemeProvider } from 'styled-components';
-
-import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
-
-import { coreMock } from '@kbn/core/public/mocks';
-import { registerTestBed } from '@kbn/test-jest-helpers';
-
 import type { Agent } from '../../../../types';
-
-import { FleetStatusProvider, ConfigContext, KibanaVersionContext } from '../../../../../../hooks';
-
-import { getMockTheme } from '../../../../../../mocks';
-
+import { createFleetTestRendererMock } from '../../../../../../mock';
 import { ExperimentalFeaturesService } from '../../../../services';
 
 import { SearchAndFilterBar } from './search_and_filter_bar';
 
-const mockTheme = getMockTheme({
-  eui: {
-    euiSize: '10px',
-  },
-});
-
 jest.mock('../../../../components', () => {
   return {
     SearchBar: () => <div />,
@@ -41,31 +24,24 @@ jest.mock('../../../../../../hooks/use_locator', () => {
     useDashboardLocator: jest.fn().mockImplementation(() => {
       return {
         id: 'DASHBOARD_APP_LOCATOR',
-        getRedirectUrl: jest.fn().mockResolvedValue('app/dashboards#/view/elastic_agent-a0002'),
+        getRedirectUrl: jest.fn().mockReturnValue('app/dashboards#/view/elastic_agent-a0002'),
       };
     }),
   };
 });
 
-const TestComponent = (props: any) => (
-  <KibanaContextProvider services={coreMock.createStart()}>
-    <ConfigContext.Provider value={{ agents: { enabled: true, elasticsearch: {} }, enabled: true }}>
-      <KibanaVersionContext.Provider value={'8.2.0'}>
-        <ThemeProvider theme={mockTheme}>
-          <FleetStatusProvider>
-            <SearchAndFilterBar {...props} />
-          </FleetStatusProvider>
-        </ThemeProvider>
-      </KibanaVersionContext.Provider>
-    </ConfigContext.Provider>
-  </KibanaContextProvider>
-);
-
 describe('SearchAndFilterBar', () => {
   beforeAll(() => {
     // @ts-ignore - prevents us needing to mock the entire service
     ExperimentalFeaturesService.init({});
   });
+
+  function render(props: any) {
+    const renderer = createFleetTestRendererMock();
+
+    return renderer.render(<SearchAndFilterBar {...props} />);
+  }
+
   it('should show no Actions button when no agent is selected', async () => {
     const selectedAgents: Agent[] = [];
     const props: any = {
@@ -83,10 +59,8 @@ describe('SearchAndFilterBar', () => {
       selectedAgentPolicies: [],
       showAgentActivityTour: {},
     };
-    const testBed = registerTestBed(TestComponent)(props);
-    const { exists } = testBed;
-
-    expect(exists('agentBulkActionsButton')).toBe(false);
+    const results = render(props);
+    expect(results.queryByTestId('agentBulkActionsButton')).toBeNull();
   });
 
   it('should show an Actions button when at least an agent is selected', async () => {
@@ -117,10 +91,8 @@ describe('SearchAndFilterBar', () => {
       selectedAgentPolicies: [],
       showAgentActivityTour: {},
     };
-    const testBed = registerTestBed(TestComponent)(props);
-    const { exists } = testBed;
-
-    expect(exists('agentBulkActionsButton')).not.toBeNull();
+    const results = render(props);
+    expect(results.queryByTestId('agentBulkActionsButton')).not.toBeNull();
   });
 
   it('should show an Actions button when agents selected in query mode', async () => {
@@ -139,9 +111,7 @@ describe('SearchAndFilterBar', () => {
       selectedAgentPolicies: [],
       showAgentActivityTour: {},
     };
-    const testBed = registerTestBed(TestComponent)(props);
-    const { exists } = testBed;
-
-    expect(exists('agentBulkActionsButton')).not.toBeNull();
+    const results = render(props);
+    expect(results.queryByTestId('agentBulkActionsButton')).not.toBeNull();
   });
 });
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx
index c9c527ba36e0a..e66a579fdab7a 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx
@@ -37,7 +37,7 @@ const ClearAllTagsFilterItem = styled(EuiFilterSelectItem)`
   padding: ${(props) => props.theme.eui.euiSizeS};
 `;
 
-export const SearchAndFilterBar: React.FunctionComponent<{
+export interface SearchAndFilterBarProps {
   agentPolicies: AgentPolicy[];
   draftKuery: string;
   onDraftKueryChange: (kuery: string) => void;
@@ -62,7 +62,9 @@ export const SearchAndFilterBar: React.FunctionComponent<{
   visibleAgents: Agent[];
   onClickAgentActivity: () => void;
   showAgentActivityTour: { isOpen: boolean };
-}> = ({
+}
+
+export const SearchAndFilterBar: React.FunctionComponent<SearchAndFilterBarProps> = ({
   agentPolicies,
   draftKuery,
   onDraftKueryChange,
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/table_row_actions.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/table_row_actions.test.tsx
index 810fe0f9617db..529bd41e4897e 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/table_row_actions.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/table_row_actions.test.tsx
@@ -15,12 +15,6 @@ import { useAuthz } from '../../../../../../hooks/use_authz';
 
 import { TableRowActions } from './table_row_actions';
 
-jest.mock('../../../../../../hooks/use_fleet_status', () => ({
-  FleetStatusProvider: (props: any) => {
-    return props.children;
-  },
-}));
-
 jest.mock('../../../../../../services/experimental_features');
 jest.mock('../../../../../../hooks/use_authz');
 
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/agent_upgrade_modal/hooks.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/agent_upgrade_modal/hooks.test.tsx
index 3f4fcea3ca5f7..8aea16559058a 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/agent_upgrade_modal/hooks.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/agent_upgrade_modal/hooks.test.tsx
@@ -12,13 +12,6 @@ import { createFleetTestRendererMock } from '../../../../../../mock';
 
 import { useScheduleDateTime } from './hooks';
 
-jest.mock('../../../../../../hooks/use_fleet_status', () => ({
-  FleetStatusProvider: (props: any) => {
-    return props.children;
-  },
-  useFleetStatus: jest.fn().mockReturnValue({}),
-}));
-
 describe('useScheduleDateTime', () => {
   it('do not allow to set a date before the current time', async () => {
     const renderer = createFleetTestRendererMock();
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/agent_upgrade_modal/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/agent_upgrade_modal/index.test.tsx
index 393b6519fc6c1..78619b976c49f 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/agent_upgrade_modal/index.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/components/agent_upgrade_modal/index.test.tsx
@@ -14,13 +14,6 @@ import { createFleetTestRendererMock } from '../../../../../../mock';
 import { AgentUpgradeAgentModal } from '.';
 import type { AgentUpgradeAgentModalProps } from '.';
 
-jest.mock('../../../../../../hooks/use_fleet_status', () => ({
-  FleetStatusProvider: (props: any) => {
-    return props.children;
-  },
-  useFleetStatus: jest.fn().mockReturnValue({}),
-}));
-
 jest.mock('@elastic/eui', () => {
   return {
     ...jest.requireActual('@elastic/eui'),
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/index.test.tsx
index 20db1fc804d11..30ac08e0981a7 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/index.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/index.test.tsx
@@ -14,9 +14,7 @@ import { useAuthz } from '../../../../hooks/use_authz';
 import { AgentsApp } from '.';
 
 jest.mock('../../../../hooks/use_fleet_status', () => ({
-  FleetStatusProvider: (props: any) => {
-    return props.children;
-  },
+  ...jest.requireActual('../../../../hooks/use_fleet_status'),
   useFleetStatus: jest.fn().mockReturnValue({}),
 }));
 jest.mock('../../../../hooks/use_request/settings');
diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/download_source_flyout/index.test.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/download_source_flyout/index.test.tsx
index 464d0601ced2b..1c7b1a28d560f 100644
--- a/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/download_source_flyout/index.test.tsx
+++ b/x-pack/plugins/fleet/public/applications/fleet/sections/settings/components/download_source_flyout/index.test.tsx
@@ -12,13 +12,6 @@ import { createFleetTestRendererMock } from '../../../../../../mock';
 
 import { EditDownloadSourceFlyout } from '.';
 
-jest.mock('../../../../../../hooks/use_fleet_status', () => ({
-  FleetStatusProvider: (props: any) => {
-    return props.children;
-  },
-  useFleetStatus: jest.fn().mockReturnValue({}),
-}));
-
 function renderFlyout(downloadSource?: DownloadSource) {
   const renderer = createFleetTestRendererMock();
 
diff --git a/x-pack/plugins/fleet/public/applications/integrations/app.tsx b/x-pack/plugins/fleet/public/applications/integrations/app.tsx
index 68b40589d0b8e..bac899a06a9e6 100644
--- a/x-pack/plugins/fleet/public/applications/integrations/app.tsx
+++ b/x-pack/plugins/fleet/public/applications/integrations/app.tsx
@@ -26,6 +26,7 @@ import type { FleetConfigType, FleetStartServices } from '../../plugin';
 import {
   ConfigContext,
   FleetStatusProvider,
+  type FleetStatusProviderProps,
   KibanaVersionContext,
   useFleetStatus,
 } from '../../hooks';
@@ -61,6 +62,7 @@ export const IntegrationsAppContext: React.FC<{
   theme$: AppMountParameters['theme$'];
   /** For testing purposes only */
   routerHistory?: History<any>; // TODO remove
+  fleetStatus?: FleetStatusProviderProps;
 }> = memo(
   ({
     children,
@@ -71,6 +73,7 @@ export const IntegrationsAppContext: React.FC<{
     extensions,
     setHeaderActionMenu,
     theme$,
+    fleetStatus,
   }) => {
     const isDarkMode = useObservable<boolean>(startServices.uiSettings.get$('theme:darkMode'));
     const CloudContext = startServices.cloud?.CloudContextProvider || EmptyContext;
@@ -87,7 +90,7 @@ export const IntegrationsAppContext: React.FC<{
                       <QueryClientProvider client={queryClient}>
                         <ReactQueryDevtools initialIsOpen={false} />
                         <UIExtensionsContext.Provider value={extensions}>
-                          <FleetStatusProvider>
+                          <FleetStatusProvider defaultFleetStatus={fleetStatus}>
                             <startServices.customIntegrations.ContextProvider>
                               <CloudContext>
                                 <Router history={history}>
diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.ts b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.tsx
similarity index 83%
rename from x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.ts
rename to x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.tsx
index 661c72fbc5118..8f9b13671ce65 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.ts
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.tsx
@@ -5,6 +5,7 @@
  * 2.0.
  */
 
+import React from 'react';
 // TODO(jbudz): should be removed when upgrading to TS@4.8
 // this is a skip for the errors created when typechecking with isolatedModules
 export {};
@@ -12,7 +13,6 @@ export {};
 jest.mock('../../hooks', () => {
   return {
     ...jest.requireActual('../../hooks'),
-    useFleetStatus: jest.fn(),
     useFleetServerStandalone: jest.fn(),
     useAgentEnrollmentFlyoutData: jest.fn(),
   };
@@ -96,14 +96,28 @@ jest.mock('./steps', () => {
     AgentPolicySelectionStep: jest.fn().mockReturnValue({
       'data-test-subj': 'agent-policy-selection-step',
       title: 'agent-policy-selection-step',
+      children: <>TEST</>,
     }),
     AgentEnrollmentKeySelectionStep: jest.fn().mockReturnValue({
       'data-test-subj': 'agent-enrollment-key-selection-step',
       title: 'agent-enrollment-key-selection-step',
+      children: <>TEST</>,
+    }),
+    ConfigureStandaloneAgentStep: jest.fn().mockReturnValue({
+      'data-test-subj': 'configure-standalone-step',
+      title: 'configure-standalone-step',
+      children: <>TEST</>,
+    }),
+    DownloadStep: jest.fn().mockReturnValue({
+      'data-test-subj': 'download-step',
+      title: 'download-step',
+      children: <>TEST</>,
+    }),
+    IncomingDataConfirmationStep: jest.fn().mockReturnValue({
+      'data-test-subj': 'incoming-data-confirmation-step',
+      title: 'incoming-data-confirmation-step',
+      children: <>TEST</>,
     }),
-    DownloadStep: jest
-      .fn()
-      .mockReturnValue({ 'data-test-subj': 'download-step', title: 'download-step' }),
   };
 });
 
diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx
index b2a070ac93c55..5f6d46e5e2573 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.tsx
@@ -8,27 +8,17 @@
 import './agent_enrollment_flyout.test.mocks';
 
 import React from 'react';
-import { registerTestBed } from '@kbn/test-jest-helpers';
-import { act } from '@testing-library/react';
-
-import { coreMock } from '@kbn/core/public/mocks';
-
-import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public';
+import { act, cleanup, fireEvent, waitFor } from '@testing-library/react';
+import type { RenderResult } from '@testing-library/react';
 
+import { createFleetTestRendererMock } from '../../mock';
 import type { AgentPolicy } from '../../../common';
 import {
   useGetFleetServerHosts,
   sendGetOneAgentPolicy,
   useGetAgents,
 } from '../../hooks/use_request';
-import {
-  FleetStatusProvider,
-  ConfigContext,
-  useAgentEnrollmentFlyoutData,
-  KibanaVersionContext,
-  useFleetStatus,
-  useFleetServerStandalone,
-} from '../../hooks';
+import { useAgentEnrollmentFlyoutData, useFleetServerStandalone } from '../../hooks';
 
 import { useAdvancedForm } from '../../applications/fleet/components/fleet_server_instructions/hooks';
 import { useFleetServerUnhealthy } from '../../applications/fleet/sections/agents/hooks/use_fleet_server_unhealthy';
@@ -36,36 +26,13 @@ import { useFleetServerUnhealthy } from '../../applications/fleet/sections/agent
 import type { FlyOutProps } from './types';
 import { AgentEnrollmentFlyout } from '.';
 
-const TestComponent = (props: FlyOutProps) => (
-  <KibanaContextProvider services={coreMock.createStart()}>
-    <ConfigContext.Provider value={{ agents: { enabled: true, elasticsearch: {} }, enabled: true }}>
-      <KibanaVersionContext.Provider value={'8.1.0'}>
-        <FleetStatusProvider>
-          <AgentEnrollmentFlyout {...props} />
-        </FleetStatusProvider>
-      </KibanaVersionContext.Provider>
-    </ConfigContext.Provider>
-  </KibanaContextProvider>
-);
-
-const setup = (props?: FlyOutProps) => {
-  const testBed = registerTestBed(TestComponent)(props);
-  const { find, component } = testBed;
-
-  return {
-    ...testBed,
-    actions: {
-      goToStandaloneTab: () =>
-        act(() => {
-          find('agentEnrollmentFlyout.standaloneTab').simulate('click');
-          component.update();
-        }),
-    },
-  };
-};
+const render = (props?: Partial<FlyOutProps>) => {
+  cleanup();
+  const renderer = createFleetTestRendererMock();
+  const results = renderer.render(<AgentEnrollmentFlyout onClose={jest.fn()} {...props} />);
 
-type SetupReturn = ReturnType<typeof setup>;
-type TestBed = SetupReturn extends Promise<infer U> ? U : SetupReturn;
+  return results;
+};
 
 const testAgentPolicy: AgentPolicy = {
   id: 'test',
@@ -80,9 +47,9 @@ const testAgentPolicy: AgentPolicy = {
 };
 
 describe('<AgentEnrollmentFlyout />', () => {
-  let testBed: TestBed;
+  let results: RenderResult;
 
-  beforeEach(() => {
+  beforeEach(async () => {
     (useGetFleetServerHosts as jest.Mock).mockReturnValue({
       data: {
         items: [
@@ -95,7 +62,6 @@ describe('<AgentEnrollmentFlyout />', () => {
     });
     jest.mocked(useFleetServerStandalone).mockReturnValue({ isFleetServerStandalone: false });
 
-    (useFleetStatus as jest.Mock).mockReturnValue({ isReady: true });
     (useFleetServerUnhealthy as jest.Mock).mockReturnValue({
       isLoading: false,
       isUnhealthy: false,
@@ -135,10 +101,7 @@ describe('<AgentEnrollmentFlyout />', () => {
     });
 
     act(() => {
-      testBed = setup({
-        onClose: jest.fn(),
-      });
-      testBed.component.update();
+      results = render();
     });
   });
 
@@ -153,98 +116,93 @@ describe('<AgentEnrollmentFlyout />', () => {
       isLoadingInitialAgentPolicies: true,
     });
 
-    act(() => {
-      testBed = setup({
-        onClose: jest.fn(),
-      });
-      testBed.component.update();
-    });
+    results = render();
 
-    const { exists } = testBed;
-    expect(exists('agentEnrollmentFlyout')).toBe(true);
-    expect(exists('loadingSpinner')).toBe(true);
+    expect(results.queryByTestId('agentEnrollmentFlyout')).not.toBeNull();
+    expect(results.queryByTestId('loadingSpinner')).not.toBeNull();
   });
 
   describe('managed instructions', () => {
     it('uses the agent policy selection step', () => {
-      const { exists } = testBed;
-      expect(exists('agentEnrollmentFlyout')).toBe(true);
-      expect(exists('agent-policy-selection-step')).toBe(true);
-      expect(exists('agent-enrollment-key-selection-step')).toBe(false);
+      expect(results.queryByTestId('agentEnrollmentFlyout')).not.toBeNull();
+      expect(results.queryByTestId('agent-policy-selection-step')).not.toBeNull();
+      expect(results.queryByTestId('agent-enrollment-key-selection-step')).toBeNull();
     });
 
     describe('with a specific policy', () => {
-      beforeEach(() => {
-        jest.clearAllMocks();
-        act(() => {
-          testBed = setup({
-            agentPolicy: testAgentPolicy,
-            onClose: jest.fn(),
-          });
-          testBed.component.update();
+      beforeEach(async () => {
+        results = render({
+          agentPolicy: testAgentPolicy,
+        });
+        await waitFor(() => {
+          expect(sendGetOneAgentPolicy).toBeCalled();
         });
       });
 
       it('uses the configure enrollment step, not the agent policy selection step', () => {
-        const { exists } = testBed;
-        expect(exists('agentEnrollmentFlyout')).toBe(true);
-        expect(exists('agent-policy-selection-step')).toBe(false);
-        expect(exists('agent-enrollment-key-selection-step')).toBe(true);
+        expect(results.queryByTestId('agentEnrollmentFlyout')).not.toBeNull();
+        expect(results.queryByTestId('agent-policy-selection-step')).toBeNull();
+        expect(results.queryByTestId('agent-enrollment-key-selection-step')).not.toBeNull();
       });
     });
 
     describe('with a specific policy when no agentPolicies set', () => {
-      beforeEach(() => {
+      beforeEach(async () => {
         jest.clearAllMocks();
-        act(() => {
-          testBed = setup({
-            agentPolicy: testAgentPolicy,
-            onClose: jest.fn(),
-          });
-          testBed.component.update();
+        results = render({
+          agentPolicy: testAgentPolicy,
+        });
+        await waitFor(() => {
+          expect(sendGetOneAgentPolicy).toBeCalled();
         });
       });
 
       it('should not show fleet server instructions', () => {
-        const { exists } = testBed;
-        expect(exists('agentEnrollmentFlyout')).toBe(true);
-        expect(exists('agent-enrollment-key-selection-step')).toBe(true);
+        expect(results.queryByTestId('agentEnrollmentFlyout')).not.toBeNull();
+        expect(results.queryByTestId('agent-enrollment-key-selection-step')).not.toBeNull();
       });
     });
 
-    // Skipped due to UI changing in https://github.com/elastic/kibana/issues/125534. These tests should be rethought overall
-    // to provide value around the new flyout structure
-    describe.skip('standalone instructions', () => {
+    describe('standalone instructions', () => {
+      function goToStandaloneTab() {
+        act(() => {
+          fireEvent.click(results.getByTestId('standaloneTab'));
+        });
+      }
+
+      beforeEach(() => {
+        results = render({
+          isIntegrationFlow: true,
+        });
+      });
+
       it('uses the agent policy selection step', async () => {
-        const { exists, actions } = testBed;
-        actions.goToStandaloneTab();
+        goToStandaloneTab();
 
-        expect(exists('agentEnrollmentFlyout')).toBe(true);
-        expect(exists('agent-policy-selection-step')).toBe(true);
-        expect(exists('agent-enrollment-key-selection-step')).toBe(false);
+        expect(results.queryByTestId('agentEnrollmentFlyout')).not.toBeNull();
+        expect(results.queryByTestId('agent-policy-selection-step')).not.toBeNull();
+        expect(results.queryByTestId('agent-enrollment-key-selection-step')).toBeNull();
+        expect(results.queryByTestId('configure-standalone-step')).not.toBeNull();
       });
 
       describe('with a specific policy', () => {
-        beforeEach(() => {
-          jest.clearAllMocks();
-          act(() => {
-            testBed = setup({
-              agentPolicy: testAgentPolicy,
-              onClose: jest.fn(),
-            });
-            testBed.component.update();
+        beforeEach(async () => {
+          results = render({
+            isIntegrationFlow: true,
+            agentPolicy: testAgentPolicy,
+          });
+          await waitFor(() => {
+            expect(sendGetOneAgentPolicy).toBeCalled();
           });
         });
 
         it('does not use either of the agent policy selection or enrollment key steps', () => {
-          const { exists, actions } = testBed;
-          jest.clearAllMocks();
-
-          actions.goToStandaloneTab();
+          goToStandaloneTab();
 
-          expect(exists('agentEnrollmentFlyout')).toBe(true);
-          expect(exists('agent-policy-selection-step')).toBe(false);
-          expect(exists('agent-enrollment-key-selection-step')).toBe(false);
+          expect(results.queryByTestId('agentEnrollmentFlyout')).not.toBeNull();
+          expect(results.queryByTestId('agent-policy-selection-step')).toBeNull();
+          expect(results.queryByTestId('agent-enrollment-key-selection-step')).toBeNull();
+          expect(results.queryByTestId('configure-standalone-step')).not.toBeNull();
         });
       });
     });
diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/instructions.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/instructions.tsx
index ad2a5339aeea1..3a965d9f4e81f 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/instructions.tsx
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/instructions.tsx
@@ -62,9 +62,6 @@ export const Instructions = (props: InstructionProps) => {
 
   const fleetServers = agents?.items || [];
 
-  if (isLoadingAgents || isLoadingAgentPolicies || isLoadingFleetServerHealth)
-    return <Loading size="l" />;
-
   const hasNoFleetServerHost = fleetStatus.isReady && (fleetServerHosts?.length ?? 0) === 0;
 
   const showAgentEnrollment =
@@ -81,12 +78,16 @@ export const Instructions = (props: InstructionProps) => {
     (fleetServers.length === 0 ||
       isFleetServerUnhealthy ||
       (fleetStatus.missingRequirements ?? []).some((r) => r === FLEET_SERVER_PACKAGE));
+  useEffect(() => {
+    if (!isIntegrationFlow && showAgentEnrollment) {
+      setSelectionType('radio');
+    } else {
+      setSelectionType('tabs');
+    }
+  }, [isIntegrationFlow, showAgentEnrollment, setSelectionType]);
 
-  if (!isIntegrationFlow && showAgentEnrollment) {
-    setSelectionType('radio');
-  } else {
-    setSelectionType('tabs');
-  }
+  if (isLoadingAgents || isLoadingAgentPolicies || isLoadingFleetServerHealth)
+    return <Loading size="l" />;
 
   if (hasNoFleetServerHost) {
     return null;
diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/install_managed_agent_step.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/install_managed_agent_step.tsx
index 997efe59c8fe6..8274939da374f 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/install_managed_agent_step.tsx
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/install_managed_agent_step.tsx
@@ -46,15 +46,18 @@ export const InstallManagedAgentStep = ({
     title: i18n.translate('xpack.fleet.agentEnrollment.stepEnrollAndRunAgentTitle', {
       defaultMessage: 'Install Elastic Agent on your host',
     }),
-    children: selectedApiKeyId && apiKeyData && (
-      <InstallSection
-        installCommand={installCommand}
-        isK8s={isK8s}
-        enrollToken={enrollToken}
-        onCopy={onCopy}
-        fullCopyButton={fullCopyButton}
-        cloudFormationTemplateUrl={cloudFormationTemplateUrl}
-      />
-    ),
+    children:
+      selectedApiKeyId && apiKeyData ? (
+        <InstallSection
+          installCommand={installCommand}
+          isK8s={isK8s}
+          enrollToken={enrollToken}
+          onCopy={onCopy}
+          fullCopyButton={fullCopyButton}
+          cloudFormationTemplateUrl={cloudFormationTemplateUrl}
+        />
+      ) : (
+        <React.Fragment />
+      ),
   };
 };
diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/installation_mode_selection_step.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/installation_mode_selection_step.tsx
index c5213f061bceb..17dc6df6926ba 100644
--- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/installation_mode_selection_step.tsx
+++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/steps/installation_mode_selection_step.tsx
@@ -86,6 +86,8 @@ export const InstallationModeSelectionStep = ({
         onChange={onChangeCallback}
         name={`radio group ${radioSuffix}`}
       />
-    ) : null,
+    ) : (
+      <React.Fragment />
+    ),
   };
 };
diff --git a/x-pack/plugins/fleet/public/components/link_and_revision.test.tsx b/x-pack/plugins/fleet/public/components/link_and_revision.test.tsx
index f2d0a8970cfa3..46fdfe69c63bd 100644
--- a/x-pack/plugins/fleet/public/components/link_and_revision.test.tsx
+++ b/x-pack/plugins/fleet/public/components/link_and_revision.test.tsx
@@ -14,13 +14,6 @@ import type { AgentPolicy, Agent } from '../types';
 
 import { AgentPolicySummaryLine } from './link_and_revision';
 
-jest.mock('../hooks/use_fleet_status', () => ({
-  FleetStatusProvider: (props: any) => {
-    return props.children;
-  },
-  useFleetStatus: jest.fn().mockReturnValue({}),
-}));
-
 describe('AgentPolicySummaryLine', () => {
   let testRenderer: TestRenderer;
 
diff --git a/x-pack/plugins/fleet/public/hooks/use_fleet_status.tsx b/x-pack/plugins/fleet/public/hooks/use_fleet_status.tsx
index d0f3414a4d016..62c1a8f814f2a 100644
--- a/x-pack/plugins/fleet/public/hooks/use_fleet_status.tsx
+++ b/x-pack/plugins/fleet/public/hooks/use_fleet_status.tsx
@@ -12,7 +12,7 @@ import type { GetFleetStatusResponse } from '../types';
 import { useConfig } from './use_config';
 import { sendGetFleetStatus } from './use_request';
 
-interface FleetStatusState {
+export interface FleetStatusProviderProps {
   enabled: boolean;
   isLoading: boolean;
   isReady: boolean;
@@ -21,7 +21,7 @@ interface FleetStatusState {
   missingOptionalFeatures?: GetFleetStatusResponse['missing_optional_features'];
 }
 
-interface FleetStatus extends FleetStatusState {
+interface FleetStatus extends FleetStatusProviderProps {
   refresh: () => Promise<void>;
 
   // This flag allows us to opt into displaying the Fleet Server enrollment instructions even if
@@ -33,15 +33,19 @@ interface FleetStatus extends FleetStatusState {
 
 const FleetStatusContext = React.createContext<FleetStatus | undefined>(undefined);
 
-export const FleetStatusProvider: React.FC = ({ children }) => {
+export const FleetStatusProvider: React.FC<{
+  defaultFleetStatus?: FleetStatusProviderProps;
+}> = ({ defaultFleetStatus, children }) => {
   const config = useConfig();
   const [forceDisplayInstructions, setForceDisplayInstructions] = useState(false);
 
-  const [state, setState] = useState<FleetStatusState>({
-    enabled: config.agents.enabled,
-    isLoading: false,
-    isReady: false,
-  });
+  const [state, setState] = useState<FleetStatusProviderProps>(
+    defaultFleetStatus ?? {
+      enabled: config.agents.enabled,
+      isLoading: false,
+      isReady: false,
+    }
+  );
 
   // TODO: Refactor to use react-query
   const sendGetStatus = useCallback(
@@ -68,8 +72,10 @@ export const FleetStatusProvider: React.FC = ({ children }) => {
   );
 
   useEffect(() => {
-    sendGetStatus();
-  }, [sendGetStatus]);
+    if (!defaultFleetStatus) {
+      sendGetStatus();
+    }
+  }, [sendGetStatus, defaultFleetStatus]);
 
   const refresh = useCallback(() => sendGetStatus(), [sendGetStatus]);
 
diff --git a/x-pack/plugins/fleet/public/mock/create_test_renderer.tsx b/x-pack/plugins/fleet/public/mock/create_test_renderer.tsx
index 778dcdb32bc47..f0861582fd65f 100644
--- a/x-pack/plugins/fleet/public/mock/create_test_renderer.tsx
+++ b/x-pack/plugins/fleet/public/mock/create_test_renderer.tsx
@@ -96,6 +96,11 @@ export const createFleetTestRendererMock = (): TestRenderer => {
           extensions={extensions}
           routerHistory={testRendererMocks.history}
           theme$={themeServiceMock.createTheme$()}
+          fleetStatus={{
+            enabled: true,
+            isLoading: false,
+            isReady: true,
+          }}
         >
           {children}
         </FleetAppContext>
@@ -156,6 +161,11 @@ export const createIntegrationsTestRendererMock = (): TestRenderer => {
           routerHistory={testRendererMocks.history}
           theme$={themeServiceMock.createTheme$()}
           setHeaderActionMenu={() => {}}
+          fleetStatus={{
+            enabled: true,
+            isLoading: false,
+            isReady: true,
+          }}
         >
           {children}
         </IntegrationsAppContext>
diff --git a/x-pack/plugins/fleet/tsconfig.json b/x-pack/plugins/fleet/tsconfig.json
index f80d7d51686d8..0aafb8faacc28 100644
--- a/x-pack/plugins/fleet/tsconfig.json
+++ b/x-pack/plugins/fleet/tsconfig.json
@@ -63,7 +63,6 @@
     "@kbn/global-search-plugin",
     "@kbn/utility-types",
     "@kbn/utility-types-jest",
-    "@kbn/test-jest-helpers",
     "@kbn/es-query",
     "@kbn/ui-theme",
     "@kbn/rison",

From 17487b825c991739e670f8fca13700e6c1cc029f Mon Sep 17 00:00:00 2001
From: Ying Mao <ying.mao@elastic.co>
Date: Tue, 2 May 2023 11:31:48 -0400
Subject: [PATCH 4/7] [Response Ops][Alerting] Exposing background worker
 utilization load metric (#153600)

Resolves https://github.com/elastic/kibana/issues/155762,
https://github.com/elastic/kibana/issues/155761
## Summary

This PR exposes a metric that represents the background task worker
utilization load at the end of each polling cycle. This is calculated as
`(# of workers already busy + claimed tasks) / max workers`, which comes
out to the number of workers in use at the end of each claim cycle. This
metric is then averaged over the previous 15 seconds (or 5 polling
cycles). This window size is configurable using
`xpack.task_manager.worker_utilization_running_average_window`

This PR exposes this metric in the existing
`/internal/task_manager/_background_task_utilization` API but also adds
a public version of this API
(`/api/task_manager/_background_task_utilization`) that only exposes
this metric. We need the public API for serverless but I thought we
could keep the private route as well to expose experimental metrics
without the overhead of supporting them long term.

## To Verify

1. Run ES and Kibana with this branch
2. Navigate to `/internal/task_manager/_background_task_utilization` and
see the new metric exposed as `stats.value.load` along with the existing
`adhoc` and `recurring` metrics
3. Navigate to `/api/task_manager/_background_task_utilization` and see
only the load metric returned from the public API
4. You can also create some rules to see the load metric increase.

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../resources/base/bin/kibana-docker          |   1 +
 .../task_manager/server/config.test.ts        |   3 +
 x-pack/plugins/task_manager/server/config.ts  |  12 +-
 .../server/ephemeral_task_lifecycle.test.ts   |   1 +
 .../managed_configuration.test.ts             |   1 +
 ...ground_task_utilization_statistics.test.ts | 923 +++++++++++-------
 .../background_task_utilization_statistics.ts | 113 ++-
 .../configuration_statistics.test.ts          |   1 +
 .../monitoring_stats_stream.test.ts           |   1 +
 .../monitoring/monitoring_stats_stream.ts     |   4 +-
 .../task_manager/server/plugin.test.ts        |   1 +
 .../server/polling_lifecycle.test.ts          |   1 +
 .../task_manager/server/polling_lifecycle.ts  |  18 +-
 .../background_task_utilization.test.ts       |  10 +-
 .../routes/background_task_utilization.ts     | 113 ++-
 .../task_manager/server/task_events.ts        |   8 +-
 .../task_manager_usage_collector.test.ts      |  13 +-
 .../usage/task_manager_usage_collector.ts     |  15 +-
 .../background_task_utilization_route.ts      |  78 +-
 19 files changed, 812 insertions(+), 505 deletions(-)

diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
index 3123aa7f391df..7eaae8b09629f 100755
--- a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
+++ b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
@@ -413,6 +413,7 @@ kibana_vars=(
     xpack.task_manager.version_conflict_threshold
     xpack.task_manager.event_loop_delay.monitor
     xpack.task_manager.event_loop_delay.warn_threshold
+    xpack.task_manager.worker_utilization_running_average_window
     xpack.uptime.index
     serverless
 )
diff --git a/x-pack/plugins/task_manager/server/config.test.ts b/x-pack/plugins/task_manager/server/config.test.ts
index 54e9562ec62fb..9e1e89e68624b 100644
--- a/x-pack/plugins/task_manager/server/config.test.ts
+++ b/x-pack/plugins/task_manager/server/config.test.ts
@@ -44,6 +44,7 @@ describe('config validation', () => {
           "exclude_task_types": Array [],
         },
         "version_conflict_threshold": 80,
+        "worker_utilization_running_average_window": 5,
       }
     `);
   });
@@ -95,6 +96,7 @@ describe('config validation', () => {
           "exclude_task_types": Array [],
         },
         "version_conflict_threshold": 80,
+        "worker_utilization_running_average_window": 5,
       }
     `);
   });
@@ -149,6 +151,7 @@ describe('config validation', () => {
           "exclude_task_types": Array [],
         },
         "version_conflict_threshold": 80,
+        "worker_utilization_running_average_window": 5,
       }
     `);
   });
diff --git a/x-pack/plugins/task_manager/server/config.ts b/x-pack/plugins/task_manager/server/config.ts
index 40b915e8979a2..ae6c7a9fb41eb 100644
--- a/x-pack/plugins/task_manager/server/config.ts
+++ b/x-pack/plugins/task_manager/server/config.ts
@@ -18,9 +18,12 @@ export const DEFAULT_MAX_EPHEMERAL_REQUEST_CAPACITY = MAX_WORKERS_LIMIT;
 // ===================
 // Refresh aggregated monitored stats at a default rate of once a minute
 export const DEFAULT_MONITORING_REFRESH_RATE = 60 * 1000;
-export const DEFAULT_MONITORING_STATS_RUNNING_AVERGAE_WINDOW = 50;
+export const DEFAULT_MONITORING_STATS_RUNNING_AVERAGE_WINDOW = 50;
 export const DEFAULT_MONITORING_STATS_WARN_DELAYED_TASK_START_IN_SECONDS = 60;
 
+// At the default poll interval of 3sec, this averages over the last 15sec.
+export const DEFAULT_WORKER_UTILIZATION_RUNNING_AVERAGE_WINDOW = 5;
+
 export const taskExecutionFailureThresholdSchema = schema.object(
   {
     error_threshold: schema.number({
@@ -98,7 +101,7 @@ export const configSchema = schema.object(
     }),
     /* The size of the running average window for monitored stats. */
     monitored_stats_running_average_window: schema.number({
-      defaultValue: DEFAULT_MONITORING_STATS_RUNNING_AVERGAE_WINDOW,
+      defaultValue: DEFAULT_MONITORING_STATS_RUNNING_AVERAGE_WINDOW,
       max: 100,
       min: 10,
     }),
@@ -130,6 +133,11 @@ export const configSchema = schema.object(
       }),
     }),
     event_loop_delay: eventLoopDelaySchema,
+    worker_utilization_running_average_window: schema.number({
+      defaultValue: DEFAULT_WORKER_UTILIZATION_RUNNING_AVERAGE_WINDOW,
+      max: 100,
+      min: 1,
+    }),
     /* These are not designed to be used by most users. Please use caution when changing these */
     unsafe: schema.object({
       exclude_task_types: schema.arrayOf(schema.string(), { defaultValue: [] }),
diff --git a/x-pack/plugins/task_manager/server/ephemeral_task_lifecycle.test.ts b/x-pack/plugins/task_manager/server/ephemeral_task_lifecycle.test.ts
index 374a52ea84b2f..c2c0f6e3aceed 100644
--- a/x-pack/plugins/task_manager/server/ephemeral_task_lifecycle.test.ts
+++ b/x-pack/plugins/task_manager/server/ephemeral_task_lifecycle.test.ts
@@ -77,6 +77,7 @@ describe('EphemeralTaskLifecycle', () => {
           monitor: true,
           warn_threshold: 5000,
         },
+        worker_utilization_running_average_window: 5,
         ...config,
       },
       elasticsearchAndSOAvailability$,
diff --git a/x-pack/plugins/task_manager/server/integration_tests/managed_configuration.test.ts b/x-pack/plugins/task_manager/server/integration_tests/managed_configuration.test.ts
index 308aa9f556797..db8981a186ab4 100644
--- a/x-pack/plugins/task_manager/server/integration_tests/managed_configuration.test.ts
+++ b/x-pack/plugins/task_manager/server/integration_tests/managed_configuration.test.ts
@@ -71,6 +71,7 @@ describe('managed configuration', () => {
         monitor: true,
         warn_threshold: 5000,
       },
+      worker_utilization_running_average_window: 5,
     });
     logger = context.logger.get('taskManager');
 
diff --git a/x-pack/plugins/task_manager/server/monitoring/background_task_utilization_statistics.test.ts b/x-pack/plugins/task_manager/server/monitoring/background_task_utilization_statistics.test.ts
index 45b29c44b1a4b..cdd67a07ff9e7 100644
--- a/x-pack/plugins/task_manager/server/monitoring/background_task_utilization_statistics.test.ts
+++ b/x-pack/plugins/task_manager/server/monitoring/background_task_utilization_statistics.test.ts
@@ -9,7 +9,13 @@ import { v4 as uuidv4 } from 'uuid';
 import { Subject, Observable } from 'rxjs';
 import { take, bufferCount, skip, map } from 'rxjs/operators';
 import { ConcreteTaskInstance, TaskStatus } from '../task';
-import { asTaskRunEvent, TaskTiming, TaskPersistence } from '../task_events';
+import {
+  asTaskRunEvent,
+  TaskTiming,
+  TaskPersistence,
+  asTaskManagerStatEvent,
+  TaskManagerStats,
+} from '../task_events';
 import { asOk } from '../lib/result_type';
 import { TaskLifecycleEvent } from '../polling_lifecycle';
 import { TaskRunResult } from '../task_running';
@@ -18,9 +24,10 @@ import { taskPollingLifecycleMock } from '../polling_lifecycle.mock';
 import {
   BackgroundTaskUtilizationStat,
   createBackgroundTaskUtilizationAggregator,
+  summarizeUtilizationStats,
 } from './background_task_utilization_statistics';
 import { AdHocTaskCounter } from '../lib/adhoc_task_counter';
-import { sum } from 'lodash';
+import { sum, mean } from 'lodash';
 
 describe('Task Run Statistics', () => {
   const pollInterval = 3000;
@@ -29,404 +36,586 @@ describe('Task Run Statistics', () => {
     jest.resetAllMocks();
   });
 
-  test('returns a running count of adhoc actual service_time', async () => {
-    const serviceTimes = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
-    const events$ = new Subject<TaskLifecycleEvent>();
-    const taskPollingLifecycle = taskPollingLifecycleMock.create({
-      events$: events$ as Observable<TaskLifecycleEvent>,
-    });
-    const adHocTaskCounter = new AdHocTaskCounter();
-
-    const runningAverageWindowSize = 5;
-    const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
-      taskPollingLifecycle,
-      runningAverageWindowSize,
-      adHocTaskCounter,
-      pollInterval
-    );
-
-    function expectWindowEqualsUpdate(
-      taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
-      window: number[]
-    ) {
-      expect(taskStat.value.adhoc.ran.service_time.actual).toEqual(sum(window));
-    }
-
-    return new Promise<void>((resolve) => {
-      const events = [];
-      const now = Date.now();
-      for (const time of serviceTimes) {
-        events.push({ start: runAtMillisecondsAgo(now, time).getTime(), stop: now });
+  describe('createBackgroundTaskUtilizationAggregator', () => {
+    test('returns a running count of adhoc actual service_time', async () => {
+      const serviceTimes = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
+      });
+      const adHocTaskCounter = new AdHocTaskCounter();
+
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        adHocTaskCounter,
+        pollInterval
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.adhoc.ran.service_time.actual).toEqual(sum(window));
       }
-      BackgroundTaskUtilizationAggregator.pipe(
-        // skip initial stat which is just initialized data which
-        // ensures we don't stall on combineLatest
-        skip(1),
-        // Use 'summarizeUtilizationStat' to receive summarize stats
-        map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
-          key,
-          value,
-        })),
-        take(serviceTimes.length),
-        bufferCount(serviceTimes.length)
-      ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
-        expectWindowEqualsUpdate(taskStats[0], serviceTimes.slice(0, 1));
-        expectWindowEqualsUpdate(taskStats[1], serviceTimes.slice(0, 2));
-        expectWindowEqualsUpdate(taskStats[2], serviceTimes.slice(0, 3));
-        expectWindowEqualsUpdate(taskStats[3], serviceTimes.slice(0, 4));
-        expectWindowEqualsUpdate(taskStats[4], serviceTimes.slice(0, 5));
-        // from the 6th value, begin to drop old values as out window is 5
-        expectWindowEqualsUpdate(taskStats[5], serviceTimes.slice(0, 6));
-        expectWindowEqualsUpdate(taskStats[6], serviceTimes.slice(0, 7));
-        expectWindowEqualsUpdate(taskStats[7], serviceTimes.slice(0, 8));
-        resolve();
+
+      return new Promise<void>((resolve) => {
+        const events = [];
+        const now = Date.now();
+        for (const time of serviceTimes) {
+          events.push({ start: runAtMillisecondsAgo(now, time).getTime(), stop: now });
+        }
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          // Use 'summarizeUtilizationStat' to receive summarize stats
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(serviceTimes.length),
+          bufferCount(serviceTimes.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], serviceTimes.slice(0, 1));
+          expectWindowEqualsUpdate(taskStats[1], serviceTimes.slice(0, 2));
+          expectWindowEqualsUpdate(taskStats[2], serviceTimes.slice(0, 3));
+          expectWindowEqualsUpdate(taskStats[3], serviceTimes.slice(0, 4));
+          expectWindowEqualsUpdate(taskStats[4], serviceTimes.slice(0, 5));
+          // from the 6th value, begin to drop old values as out window is 5
+          expectWindowEqualsUpdate(taskStats[5], serviceTimes.slice(0, 6));
+          expectWindowEqualsUpdate(taskStats[6], serviceTimes.slice(0, 7));
+          expectWindowEqualsUpdate(taskStats[7], serviceTimes.slice(0, 8));
+          resolve();
+        });
+
+        for (const event of events) {
+          events$.next(mockTaskRunEvent({}, event));
+        }
       });
+    });
 
-      for (const event of events) {
-        events$.next(mockTaskRunEvent({}, event));
+    test('returns a running count of adhoc adjusted service_time', async () => {
+      const serviceTimes = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
+      });
+      const adHocTaskCounter = new AdHocTaskCounter();
+
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        adHocTaskCounter,
+        pollInterval
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.adhoc.ran.service_time.adjusted).toEqual(sum(window));
       }
-    });
-  });
 
-  test('returns a running count of adhoc adjusted service_time', async () => {
-    const serviceTimes = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
-    const events$ = new Subject<TaskLifecycleEvent>();
-    const taskPollingLifecycle = taskPollingLifecycleMock.create({
-      events$: events$ as Observable<TaskLifecycleEvent>,
+      return new Promise<void>((resolve) => {
+        const events = [];
+        const now = Date.now();
+        for (const time of serviceTimes) {
+          events.push({ start: runAtMillisecondsAgo(now, time).getTime(), stop: now });
+        }
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          // Use 'summarizeUtilizationStat' to receive summarize stats
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(serviceTimes.length),
+          bufferCount(serviceTimes.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], roundUpToNearestSec(serviceTimes.slice(0, 1), 3));
+          expectWindowEqualsUpdate(taskStats[1], roundUpToNearestSec(serviceTimes.slice(0, 2), 3));
+          expectWindowEqualsUpdate(taskStats[2], roundUpToNearestSec(serviceTimes.slice(0, 3), 3));
+          expectWindowEqualsUpdate(taskStats[3], roundUpToNearestSec(serviceTimes.slice(0, 4), 3));
+          expectWindowEqualsUpdate(taskStats[4], roundUpToNearestSec(serviceTimes.slice(0, 5), 3));
+          // from the 6th value, begin to drop old values as out window is 5
+          expectWindowEqualsUpdate(taskStats[5], roundUpToNearestSec(serviceTimes.slice(0, 6), 3));
+          expectWindowEqualsUpdate(taskStats[6], roundUpToNearestSec(serviceTimes.slice(0, 7), 3));
+          expectWindowEqualsUpdate(taskStats[7], roundUpToNearestSec(serviceTimes.slice(0, 8), 3));
+          resolve();
+        });
+
+        for (const event of events) {
+          events$.next(mockTaskRunEvent({}, event));
+        }
+      });
     });
-    const adHocTaskCounter = new AdHocTaskCounter();
-
-    const runningAverageWindowSize = 5;
-    const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
-      taskPollingLifecycle,
-      runningAverageWindowSize,
-      adHocTaskCounter,
-      pollInterval
-    );
-
-    function expectWindowEqualsUpdate(
-      taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
-      window: number[]
-    ) {
-      expect(taskStat.value.adhoc.ran.service_time.adjusted).toEqual(sum(window));
-    }
-
-    return new Promise<void>((resolve) => {
-      const events = [];
-      const now = Date.now();
-      for (const time of serviceTimes) {
-        events.push({ start: runAtMillisecondsAgo(now, time).getTime(), stop: now });
+
+    test('returns a running count of adhoc task_counter', async () => {
+      const tasks = [0, 0, 0, 0, 0, 0, 0, 0];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
+      });
+      const adHocTaskCounter = new AdHocTaskCounter();
+
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        adHocTaskCounter,
+        pollInterval
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.adhoc.ran.service_time.task_counter).toEqual(window.length);
       }
-      BackgroundTaskUtilizationAggregator.pipe(
-        // skip initial stat which is just initialized data which
-        // ensures we don't stall on combineLatest
-        skip(1),
-        // Use 'summarizeUtilizationStat' to receive summarize stats
-        map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
-          key,
-          value,
-        })),
-        take(serviceTimes.length),
-        bufferCount(serviceTimes.length)
-      ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
-        expectWindowEqualsUpdate(taskStats[0], roundUpToNearestSec(serviceTimes.slice(0, 1), 3));
-        expectWindowEqualsUpdate(taskStats[1], roundUpToNearestSec(serviceTimes.slice(0, 2), 3));
-        expectWindowEqualsUpdate(taskStats[2], roundUpToNearestSec(serviceTimes.slice(0, 3), 3));
-        expectWindowEqualsUpdate(taskStats[3], roundUpToNearestSec(serviceTimes.slice(0, 4), 3));
-        expectWindowEqualsUpdate(taskStats[4], roundUpToNearestSec(serviceTimes.slice(0, 5), 3));
-        // from the 6th value, begin to drop old values as out window is 5
-        expectWindowEqualsUpdate(taskStats[5], roundUpToNearestSec(serviceTimes.slice(0, 6), 3));
-        expectWindowEqualsUpdate(taskStats[6], roundUpToNearestSec(serviceTimes.slice(0, 7), 3));
-        expectWindowEqualsUpdate(taskStats[7], roundUpToNearestSec(serviceTimes.slice(0, 8), 3));
-        resolve();
+
+      return new Promise<void>((resolve) => {
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          // Use 'summarizeUtilizationStat' to receive summarize stats
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(tasks.length),
+          bufferCount(tasks.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], tasks.slice(0, 1));
+          expectWindowEqualsUpdate(taskStats[1], tasks.slice(0, 2));
+          expectWindowEqualsUpdate(taskStats[2], tasks.slice(0, 3));
+          expectWindowEqualsUpdate(taskStats[3], tasks.slice(0, 4));
+          expectWindowEqualsUpdate(taskStats[4], tasks.slice(0, 5));
+          // from the 6th value, begin to drop old values as out window is 5
+          expectWindowEqualsUpdate(taskStats[5], tasks.slice(0, 6));
+          expectWindowEqualsUpdate(taskStats[6], tasks.slice(0, 7));
+          expectWindowEqualsUpdate(taskStats[7], tasks.slice(0, 8));
+          resolve();
+        });
+
+        for (const task of tasks) {
+          events$.next(mockTaskRunEvent({}, { start: task, stop: task }));
+        }
       });
+    });
 
-      for (const event of events) {
-        events$.next(mockTaskRunEvent({}, event));
+    test('returns a running count of adhoc created counter', async () => {
+      const tasks = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
+      });
+      const adHocTaskCounter = new AdHocTaskCounter();
+
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        adHocTaskCounter,
+        pollInterval
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.adhoc.created.counter).toEqual(sum(window));
       }
-    });
-  });
 
-  test('returns a running count of adhoc task_counter', async () => {
-    const tasks = [0, 0, 0, 0, 0, 0, 0, 0];
-    const events$ = new Subject<TaskLifecycleEvent>();
-    const taskPollingLifecycle = taskPollingLifecycleMock.create({
-      events$: events$ as Observable<TaskLifecycleEvent>,
-    });
-    const adHocTaskCounter = new AdHocTaskCounter();
-
-    const runningAverageWindowSize = 5;
-    const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
-      taskPollingLifecycle,
-      runningAverageWindowSize,
-      adHocTaskCounter,
-      pollInterval
-    );
-
-    function expectWindowEqualsUpdate(
-      taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
-      window: number[]
-    ) {
-      expect(taskStat.value.adhoc.ran.service_time.task_counter).toEqual(window.length);
-    }
-
-    return new Promise<void>((resolve) => {
-      BackgroundTaskUtilizationAggregator.pipe(
-        // skip initial stat which is just initialized data which
-        // ensures we don't stall on combineLatest
-        skip(1),
-        // Use 'summarizeUtilizationStat' to receive summarize stats
-        map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
-          key,
-          value,
-        })),
-        take(tasks.length),
-        bufferCount(tasks.length)
-      ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
-        expectWindowEqualsUpdate(taskStats[0], tasks.slice(0, 1));
-        expectWindowEqualsUpdate(taskStats[1], tasks.slice(0, 2));
-        expectWindowEqualsUpdate(taskStats[2], tasks.slice(0, 3));
-        expectWindowEqualsUpdate(taskStats[3], tasks.slice(0, 4));
-        expectWindowEqualsUpdate(taskStats[4], tasks.slice(0, 5));
-        // from the 6th value, begin to drop old values as out window is 5
-        expectWindowEqualsUpdate(taskStats[5], tasks.slice(0, 6));
-        expectWindowEqualsUpdate(taskStats[6], tasks.slice(0, 7));
-        expectWindowEqualsUpdate(taskStats[7], tasks.slice(0, 8));
-        resolve();
+      return new Promise<void>((resolve) => {
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          // Use 'summarizeUtilizationStat' to receive summarize stats
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(tasks.length),
+          bufferCount(tasks.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], tasks.slice(0, 1));
+          expectWindowEqualsUpdate(taskStats[1], tasks.slice(0, 2));
+          expectWindowEqualsUpdate(taskStats[2], tasks.slice(0, 3));
+          expectWindowEqualsUpdate(taskStats[3], tasks.slice(0, 4));
+          expectWindowEqualsUpdate(taskStats[4], tasks.slice(0, 5));
+          // from the 6th value, begin to drop old values as out window is 5
+          expectWindowEqualsUpdate(taskStats[5], tasks.slice(0, 6));
+          expectWindowEqualsUpdate(taskStats[6], tasks.slice(0, 7));
+          expectWindowEqualsUpdate(taskStats[7], tasks.slice(0, 8));
+          resolve();
+        });
+
+        for (const task of tasks) {
+          adHocTaskCounter.increment(task);
+          events$.next(mockTaskRunEvent({}, { start: 0, stop: 0 }));
+        }
       });
+    });
 
-      for (const task of tasks) {
-        events$.next(mockTaskRunEvent({}, { start: task, stop: task }));
+    test('returns a running count of recurring actual service_time', async () => {
+      const serviceTimes = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
+      });
+      const adHocTaskCounter = new AdHocTaskCounter();
+
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        adHocTaskCounter,
+        pollInterval
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.recurring.ran.service_time.actual).toEqual(sum(window));
       }
-    });
-  });
 
-  test('returns a running count of adhoc created counter', async () => {
-    const tasks = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
-    const events$ = new Subject<TaskLifecycleEvent>();
-    const taskPollingLifecycle = taskPollingLifecycleMock.create({
-      events$: events$ as Observable<TaskLifecycleEvent>,
-    });
-    const adHocTaskCounter = new AdHocTaskCounter();
-
-    const runningAverageWindowSize = 5;
-    const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
-      taskPollingLifecycle,
-      runningAverageWindowSize,
-      adHocTaskCounter,
-      pollInterval
-    );
-
-    function expectWindowEqualsUpdate(
-      taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
-      window: number[]
-    ) {
-      expect(taskStat.value.adhoc.created.counter).toEqual(sum(window));
-    }
-
-    return new Promise<void>((resolve) => {
-      BackgroundTaskUtilizationAggregator.pipe(
-        // skip initial stat which is just initialized data which
-        // ensures we don't stall on combineLatest
-        skip(1),
-        // Use 'summarizeUtilizationStat' to receive summarize stats
-        map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
-          key,
-          value,
-        })),
-        take(tasks.length),
-        bufferCount(tasks.length)
-      ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
-        expectWindowEqualsUpdate(taskStats[0], tasks.slice(0, 1));
-        expectWindowEqualsUpdate(taskStats[1], tasks.slice(0, 2));
-        expectWindowEqualsUpdate(taskStats[2], tasks.slice(0, 3));
-        expectWindowEqualsUpdate(taskStats[3], tasks.slice(0, 4));
-        expectWindowEqualsUpdate(taskStats[4], tasks.slice(0, 5));
-        // from the 6th value, begin to drop old values as out window is 5
-        expectWindowEqualsUpdate(taskStats[5], tasks.slice(0, 6));
-        expectWindowEqualsUpdate(taskStats[6], tasks.slice(0, 7));
-        expectWindowEqualsUpdate(taskStats[7], tasks.slice(0, 8));
-        resolve();
+      return new Promise<void>((resolve) => {
+        const events = [];
+        const now = Date.now();
+        for (const time of serviceTimes) {
+          events.push({ start: runAtMillisecondsAgo(now, time).getTime(), stop: now });
+        }
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          // Use 'summarizeUtilizationStat' to receive summarize stats
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(serviceTimes.length),
+          bufferCount(serviceTimes.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], serviceTimes.slice(0, 1));
+          expectWindowEqualsUpdate(taskStats[1], serviceTimes.slice(0, 2));
+          expectWindowEqualsUpdate(taskStats[2], serviceTimes.slice(0, 3));
+          expectWindowEqualsUpdate(taskStats[3], serviceTimes.slice(0, 4));
+          expectWindowEqualsUpdate(taskStats[4], serviceTimes.slice(0, 5));
+          // from the 6th value, begin to drop old values as out window is 5
+          expectWindowEqualsUpdate(taskStats[5], serviceTimes.slice(0, 6));
+          expectWindowEqualsUpdate(taskStats[6], serviceTimes.slice(0, 7));
+          expectWindowEqualsUpdate(taskStats[7], serviceTimes.slice(0, 8));
+          resolve();
+        });
+
+        for (const event of events) {
+          events$.next(mockTaskRunEvent({ schedule: { interval: '1h' } }, event));
+        }
       });
+    });
 
-      for (const task of tasks) {
-        adHocTaskCounter.increment(task);
-        events$.next(mockTaskRunEvent({}, { start: 0, stop: 0 }));
+    test('returns a running count of recurring adjusted service_time', async () => {
+      const serviceTimes = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
+      });
+      const adHocTaskCounter = new AdHocTaskCounter();
+
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        adHocTaskCounter,
+        pollInterval
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.recurring.ran.service_time.adjusted).toEqual(sum(window));
       }
-    });
-  });
 
-  test('returns a running count of recurring actual service_time', async () => {
-    const serviceTimes = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
-    const events$ = new Subject<TaskLifecycleEvent>();
-    const taskPollingLifecycle = taskPollingLifecycleMock.create({
-      events$: events$ as Observable<TaskLifecycleEvent>,
+      return new Promise<void>((resolve) => {
+        const events = [];
+        const now = Date.now();
+        for (const time of serviceTimes) {
+          events.push({ start: runAtMillisecondsAgo(now, time).getTime(), stop: now });
+        }
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          // Use 'summarizeUtilizationStat' to receive summarize stats
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(serviceTimes.length),
+          bufferCount(serviceTimes.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], roundUpToNearestSec(serviceTimes.slice(0, 1), 3));
+          expectWindowEqualsUpdate(taskStats[1], roundUpToNearestSec(serviceTimes.slice(0, 2), 3));
+          expectWindowEqualsUpdate(taskStats[2], roundUpToNearestSec(serviceTimes.slice(0, 3), 3));
+          expectWindowEqualsUpdate(taskStats[3], roundUpToNearestSec(serviceTimes.slice(0, 4), 3));
+          expectWindowEqualsUpdate(taskStats[4], roundUpToNearestSec(serviceTimes.slice(0, 5), 3));
+          // from the 6th value, begin to drop old values as out window is 5
+          expectWindowEqualsUpdate(taskStats[5], roundUpToNearestSec(serviceTimes.slice(0, 6), 3));
+          expectWindowEqualsUpdate(taskStats[6], roundUpToNearestSec(serviceTimes.slice(0, 7), 3));
+          expectWindowEqualsUpdate(taskStats[7], roundUpToNearestSec(serviceTimes.slice(0, 8), 3));
+          resolve();
+        });
+
+        for (const event of events) {
+          events$.next(mockTaskRunEvent({ schedule: { interval: '1h' } }, event));
+        }
+      });
     });
-    const adHocTaskCounter = new AdHocTaskCounter();
-
-    const runningAverageWindowSize = 5;
-    const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
-      taskPollingLifecycle,
-      runningAverageWindowSize,
-      adHocTaskCounter,
-      pollInterval
-    );
-
-    function expectWindowEqualsUpdate(
-      taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
-      window: number[]
-    ) {
-      expect(taskStat.value.recurring.ran.service_time.actual).toEqual(sum(window));
-    }
-
-    return new Promise<void>((resolve) => {
-      const events = [];
-      const now = Date.now();
-      for (const time of serviceTimes) {
-        events.push({ start: runAtMillisecondsAgo(now, time).getTime(), stop: now });
+
+    test('returns a running count of recurring task_counter', async () => {
+      const tasks = [0, 0, 0, 0, 0, 0, 0, 0];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
+      });
+      const adHocTaskCounter = new AdHocTaskCounter();
+
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        adHocTaskCounter,
+        pollInterval
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.recurring.ran.service_time.task_counter).toEqual(window.length);
       }
-      BackgroundTaskUtilizationAggregator.pipe(
-        // skip initial stat which is just initialized data which
-        // ensures we don't stall on combineLatest
-        skip(1),
-        // Use 'summarizeUtilizationStat' to receive summarize stats
-        map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
-          key,
-          value,
-        })),
-        take(serviceTimes.length),
-        bufferCount(serviceTimes.length)
-      ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
-        expectWindowEqualsUpdate(taskStats[0], serviceTimes.slice(0, 1));
-        expectWindowEqualsUpdate(taskStats[1], serviceTimes.slice(0, 2));
-        expectWindowEqualsUpdate(taskStats[2], serviceTimes.slice(0, 3));
-        expectWindowEqualsUpdate(taskStats[3], serviceTimes.slice(0, 4));
-        expectWindowEqualsUpdate(taskStats[4], serviceTimes.slice(0, 5));
-        // from the 6th value, begin to drop old values as out window is 5
-        expectWindowEqualsUpdate(taskStats[5], serviceTimes.slice(0, 6));
-        expectWindowEqualsUpdate(taskStats[6], serviceTimes.slice(0, 7));
-        expectWindowEqualsUpdate(taskStats[7], serviceTimes.slice(0, 8));
-        resolve();
+
+      return new Promise<void>((resolve) => {
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          // Use 'summarizeUtilizationStat' to receive summarize stats
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(tasks.length),
+          bufferCount(tasks.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], tasks.slice(0, 1));
+          expectWindowEqualsUpdate(taskStats[1], tasks.slice(0, 2));
+          expectWindowEqualsUpdate(taskStats[2], tasks.slice(0, 3));
+          expectWindowEqualsUpdate(taskStats[3], tasks.slice(0, 4));
+          expectWindowEqualsUpdate(taskStats[4], tasks.slice(0, 5));
+          // from the 6th value, begin to drop old values as out window is 5
+          expectWindowEqualsUpdate(taskStats[5], tasks.slice(0, 6));
+          expectWindowEqualsUpdate(taskStats[6], tasks.slice(0, 7));
+          expectWindowEqualsUpdate(taskStats[7], tasks.slice(0, 8));
+          resolve();
+        });
+
+        for (const task of tasks) {
+          events$.next(
+            mockTaskRunEvent({ schedule: { interval: '1h' } }, { start: task, stop: task })
+          );
+        }
       });
+    });
 
-      for (const event of events) {
-        events$.next(mockTaskRunEvent({ schedule: { interval: '1h' } }, event));
+    test('returns a running count of load', async () => {
+      const loads = [40, 80, 100, 100, 10, 10, 60, 40];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
+      });
+
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        new AdHocTaskCounter(),
+        pollInterval
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.load).toEqual(mean(window));
       }
-    });
-  });
 
-  test('returns a running count of recurring adjusted service_time', async () => {
-    const serviceTimes = [1000, 2000, 500, 300, 400, 15000, 20000, 200];
-    const events$ = new Subject<TaskLifecycleEvent>();
-    const taskPollingLifecycle = taskPollingLifecycleMock.create({
-      events$: events$ as Observable<TaskLifecycleEvent>,
+      return new Promise<void>((resolve) => {
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(loads.length),
+          bufferCount(loads.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], loads.slice(0, 1));
+          expectWindowEqualsUpdate(taskStats[1], loads.slice(0, 2));
+          expectWindowEqualsUpdate(taskStats[2], loads.slice(0, 3));
+          expectWindowEqualsUpdate(taskStats[3], loads.slice(0, 4));
+          expectWindowEqualsUpdate(taskStats[4], loads.slice(0, 5));
+          // from the 6th value, begin to drop old values as our window is 5
+          expectWindowEqualsUpdate(taskStats[5], loads.slice(1, 6));
+          expectWindowEqualsUpdate(taskStats[6], loads.slice(2, 7));
+          expectWindowEqualsUpdate(taskStats[7], loads.slice(3, 8));
+          resolve();
+        });
+
+        for (const load of loads) {
+          events$.next(mockTaskStatEvent('workerUtilization', load));
+        }
+      });
     });
-    const adHocTaskCounter = new AdHocTaskCounter();
-
-    const runningAverageWindowSize = 5;
-    const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
-      taskPollingLifecycle,
-      runningAverageWindowSize,
-      adHocTaskCounter,
-      pollInterval
-    );
-
-    function expectWindowEqualsUpdate(
-      taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
-      window: number[]
-    ) {
-      expect(taskStat.value.recurring.ran.service_time.adjusted).toEqual(sum(window));
-    }
-
-    return new Promise<void>((resolve) => {
-      const events = [];
-      const now = Date.now();
-      for (const time of serviceTimes) {
-        events.push({ start: runAtMillisecondsAgo(now, time).getTime(), stop: now });
-      }
-      BackgroundTaskUtilizationAggregator.pipe(
-        // skip initial stat which is just initialized data which
-        // ensures we don't stall on combineLatest
-        skip(1),
-        // Use 'summarizeUtilizationStat' to receive summarize stats
-        map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
-          key,
-          value,
-        })),
-        take(serviceTimes.length),
-        bufferCount(serviceTimes.length)
-      ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
-        expectWindowEqualsUpdate(taskStats[0], roundUpToNearestSec(serviceTimes.slice(0, 1), 3));
-        expectWindowEqualsUpdate(taskStats[1], roundUpToNearestSec(serviceTimes.slice(0, 2), 3));
-        expectWindowEqualsUpdate(taskStats[2], roundUpToNearestSec(serviceTimes.slice(0, 3), 3));
-        expectWindowEqualsUpdate(taskStats[3], roundUpToNearestSec(serviceTimes.slice(0, 4), 3));
-        expectWindowEqualsUpdate(taskStats[4], roundUpToNearestSec(serviceTimes.slice(0, 5), 3));
-        // from the 6th value, begin to drop old values as out window is 5
-        expectWindowEqualsUpdate(taskStats[5], roundUpToNearestSec(serviceTimes.slice(0, 6), 3));
-        expectWindowEqualsUpdate(taskStats[6], roundUpToNearestSec(serviceTimes.slice(0, 7), 3));
-        expectWindowEqualsUpdate(taskStats[7], roundUpToNearestSec(serviceTimes.slice(0, 8), 3));
-        resolve();
+
+    test('returns a running count of load with custom window size', async () => {
+      const loads = [40, 80, 100, 100, 10, 10, 60, 40];
+      const events$ = new Subject<TaskLifecycleEvent>();
+      const taskPollingLifecycle = taskPollingLifecycleMock.create({
+        events$: events$ as Observable<TaskLifecycleEvent>,
       });
 
-      for (const event of events) {
-        events$.next(mockTaskRunEvent({ schedule: { interval: '1h' } }, event));
+      const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
+        taskPollingLifecycle,
+        new AdHocTaskCounter(),
+        pollInterval,
+        3
+      );
+
+      function expectWindowEqualsUpdate(
+        taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
+        window: number[]
+      ) {
+        expect(taskStat.value.load).toEqual(mean(window));
       }
+
+      return new Promise<void>((resolve) => {
+        BackgroundTaskUtilizationAggregator.pipe(
+          // skip initial stat which is just initialized data which
+          // ensures we don't stall on combineLatest
+          skip(1),
+          map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
+            key,
+            value,
+          })),
+          take(loads.length),
+          bufferCount(loads.length)
+        ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
+          expectWindowEqualsUpdate(taskStats[0], loads.slice(0, 1));
+          expectWindowEqualsUpdate(taskStats[1], loads.slice(0, 2));
+          expectWindowEqualsUpdate(taskStats[2], loads.slice(0, 3));
+          // from the 4th value, begin to drop old values as our window is 3
+          expectWindowEqualsUpdate(taskStats[3], loads.slice(1, 4));
+          expectWindowEqualsUpdate(taskStats[4], loads.slice(2, 5));
+          expectWindowEqualsUpdate(taskStats[5], loads.slice(3, 6));
+          expectWindowEqualsUpdate(taskStats[6], loads.slice(4, 7));
+          expectWindowEqualsUpdate(taskStats[7], loads.slice(5, 8));
+          resolve();
+        });
+
+        for (const load of loads) {
+          events$.next(mockTaskStatEvent('workerUtilization', load));
+        }
+      });
     });
   });
 
-  test('returns a running count of recurring task_counter', async () => {
-    const tasks = [0, 0, 0, 0, 0, 0, 0, 0];
-    const events$ = new Subject<TaskLifecycleEvent>();
-    const taskPollingLifecycle = taskPollingLifecycleMock.create({
-      events$: events$ as Observable<TaskLifecycleEvent>,
+  describe('summarizeUtilizationStats', () => {
+    const lastUpdate = '2023-04-02T17:34:41.371Z';
+    const monitoredStats = {
+      timestamp: '2023-04-01T17:34:41.371Z',
+      value: {
+        adhoc: {
+          created: {
+            counter: 1,
+          },
+          ran: {
+            service_time: {
+              actual: 10,
+              adjusted: 7,
+              task_counter: 3,
+            },
+          },
+        },
+        recurring: {
+          ran: {
+            service_time: {
+              actual: 79,
+              adjusted: 66,
+              task_counter: 10,
+            },
+          },
+        },
+        load: 63,
+      },
+    };
+
+    test('should return null if monitoredStats is null', () => {
+      expect(
+        summarizeUtilizationStats({
+          lastUpdate,
+          // @ts-expect-error
+          monitoredStats: null,
+          isInternal: false,
+        })
+      ).toEqual({
+        last_update: lastUpdate,
+        stats: null,
+      });
     });
-    const adHocTaskCounter = new AdHocTaskCounter();
-
-    const runningAverageWindowSize = 5;
-    const BackgroundTaskUtilizationAggregator = createBackgroundTaskUtilizationAggregator(
-      taskPollingLifecycle,
-      runningAverageWindowSize,
-      adHocTaskCounter,
-      pollInterval
-    );
-
-    function expectWindowEqualsUpdate(
-      taskStat: AggregatedStat<BackgroundTaskUtilizationStat>,
-      window: number[]
-    ) {
-      expect(taskStat.value.recurring.ran.service_time.task_counter).toEqual(window.length);
-    }
-
-    return new Promise<void>((resolve) => {
-      BackgroundTaskUtilizationAggregator.pipe(
-        // skip initial stat which is just initialized data which
-        // ensures we don't stall on combineLatest
-        skip(1),
-        // Use 'summarizeUtilizationStat' to receive summarize stats
-        map(({ key, value }: AggregatedStat<BackgroundTaskUtilizationStat>) => ({
-          key,
-          value,
-        })),
-        take(tasks.length),
-        bufferCount(tasks.length)
-      ).subscribe((taskStats: Array<AggregatedStat<BackgroundTaskUtilizationStat>>) => {
-        expectWindowEqualsUpdate(taskStats[0], tasks.slice(0, 1));
-        expectWindowEqualsUpdate(taskStats[1], tasks.slice(0, 2));
-        expectWindowEqualsUpdate(taskStats[2], tasks.slice(0, 3));
-        expectWindowEqualsUpdate(taskStats[3], tasks.slice(0, 4));
-        expectWindowEqualsUpdate(taskStats[4], tasks.slice(0, 5));
-        // from the 6th value, begin to drop old values as out window is 5
-        expectWindowEqualsUpdate(taskStats[5], tasks.slice(0, 6));
-        expectWindowEqualsUpdate(taskStats[6], tasks.slice(0, 7));
-        expectWindowEqualsUpdate(taskStats[7], tasks.slice(0, 8));
-        resolve();
+
+    test('should return null if monitoredStats value is not defined', () => {
+      expect(
+        summarizeUtilizationStats({
+          lastUpdate,
+          // @ts-expect-error
+          monitoredStats: {},
+          isInternal: false,
+        })
+      ).toEqual({
+        last_update: lastUpdate,
+        stats: null,
       });
+    });
 
-      for (const task of tasks) {
-        events$.next(
-          mockTaskRunEvent({ schedule: { interval: '1h' } }, { start: task, stop: task })
-        );
-      }
+    test('should return summary with all stats when isInternal is true', () => {
+      expect(
+        summarizeUtilizationStats({
+          lastUpdate,
+          monitoredStats,
+          isInternal: true,
+        })
+      ).toEqual({
+        last_update: lastUpdate,
+        stats: {
+          timestamp: monitoredStats.timestamp,
+          value: monitoredStats.value,
+        },
+      });
+    });
+
+    test('should return summary with only public stats when isInternal is false', () => {
+      expect(
+        summarizeUtilizationStats({
+          lastUpdate,
+          monitoredStats,
+          isInternal: false,
+        })
+      ).toEqual({
+        last_update: lastUpdate,
+        stats: {
+          timestamp: monitoredStats.timestamp,
+          value: {
+            load: 63,
+          },
+        },
+      });
     });
   });
 });
@@ -440,6 +629,10 @@ function roundUpToNearestSec(duration: number[], s: number): number[] {
   return duration.map((d) => Math.ceil(d / pollInterval) * pollInterval);
 }
 
+const mockTaskStatEvent = (type: TaskManagerStats, value: number) => {
+  return asTaskManagerStatEvent(type, asOk(value));
+};
+
 const mockTaskRunEvent = (
   overrides: Partial<ConcreteTaskInstance> = {},
   timing: TaskTiming,
diff --git a/x-pack/plugins/task_manager/server/monitoring/background_task_utilization_statistics.ts b/x-pack/plugins/task_manager/server/monitoring/background_task_utilization_statistics.ts
index 761ad4252ac83..fd116cbdd71d8 100644
--- a/x-pack/plugins/task_manager/server/monitoring/background_task_utilization_statistics.ts
+++ b/x-pack/plugins/task_manager/server/monitoring/background_task_utilization_statistics.ts
@@ -6,17 +6,29 @@
  */
 
 import { JsonObject } from '@kbn/utility-types';
-import { get } from 'lodash';
+import { get, pick } from 'lodash';
+import stats from 'stats-lite';
 import { combineLatest, filter, map, Observable, startWith } from 'rxjs';
 import { AdHocTaskCounter } from '../lib/adhoc_task_counter';
-import { unwrap } from '../lib/result_type';
+import { mapOk, unwrap } from '../lib/result_type';
 import { TaskLifecycleEvent, TaskPollingLifecycle } from '../polling_lifecycle';
 import { ConcreteTaskInstance } from '../task';
-import { isTaskRunEvent, TaskRun, TaskTiming } from '../task_events';
+import {
+  isTaskManagerWorkerUtilizationStatEvent,
+  isTaskRunEvent,
+  TaskRun,
+  TaskTiming,
+} from '../task_events';
 import { MonitoredStat } from './monitoring_stats_stream';
 import { AggregatedStat, AggregatedStatProvider } from './runtime_statistics_aggregator';
+import { createRunningAveragedStat } from './task_run_calcultors';
+import { DEFAULT_WORKER_UTILIZATION_RUNNING_AVERAGE_WINDOW } from '../config';
 
-export interface BackgroundTaskUtilizationStat extends JsonObject {
+export interface PublicBackgroundTaskUtilizationStat extends JsonObject {
+  load: number;
+}
+
+export interface BackgroundTaskUtilizationStat extends PublicBackgroundTaskUtilizationStat {
   adhoc: AdhocTaskStat;
   recurring: TaskStat;
 }
@@ -39,11 +51,11 @@ interface AdhocTaskStat extends TaskStat {
 
 export function createBackgroundTaskUtilizationAggregator(
   taskPollingLifecycle: TaskPollingLifecycle,
-  runningAverageWindowSize: number,
   adHocTaskCounter: AdHocTaskCounter,
-  pollInterval: number
+  pollInterval: number,
+  workerUtilizationRunningAverageWindowSize: number = DEFAULT_WORKER_UTILIZATION_RUNNING_AVERAGE_WINDOW
 ): AggregatedStatProvider<BackgroundTaskUtilizationStat> {
-  const taskRunEventToAdhocStat = createTaskRunEventToAdhocStat(runningAverageWindowSize);
+  const taskRunEventToAdhocStat = createTaskRunEventToAdhocStat();
   const taskRunAdhocEvents$: Observable<Pick<BackgroundTaskUtilizationStat, 'adhoc'>> =
     taskPollingLifecycle.events.pipe(
       filter((taskEvent: TaskLifecycleEvent) => isTaskRunEvent(taskEvent) && hasTiming(taskEvent)),
@@ -57,7 +69,7 @@ export function createBackgroundTaskUtilizationAggregator(
       })
     );
 
-  const taskRunEventToRecurringStat = createTaskRunEventToRecurringStat(runningAverageWindowSize);
+  const taskRunEventToRecurringStat = createTaskRunEventToRecurringStat();
   const taskRunRecurringEvents$: Observable<Pick<BackgroundTaskUtilizationStat, 'recurring'>> =
     taskPollingLifecycle.events.pipe(
       filter((taskEvent: TaskLifecycleEvent) => isTaskRunEvent(taskEvent) && hasTiming(taskEvent)),
@@ -71,6 +83,18 @@ export function createBackgroundTaskUtilizationAggregator(
       })
     );
 
+  const taskManagerUtilizationEventToLoadStat = createTaskRunEventToLoadStat(
+    workerUtilizationRunningAverageWindowSize
+  );
+
+  const taskManagerWorkerUtilizationEvent$: Observable<
+    Pick<BackgroundTaskUtilizationStat, 'load'>
+  > = taskPollingLifecycle.events.pipe(
+    filter(isTaskManagerWorkerUtilizationStatEvent),
+    map((taskEvent: TaskLifecycleEvent) => taskEvent.event),
+    map(mapOk((num: number) => taskManagerUtilizationEventToLoadStat(num)))
+  );
+
   return combineLatest([
     taskRunAdhocEvents$.pipe(
       startWith({
@@ -101,17 +125,24 @@ export function createBackgroundTaskUtilizationAggregator(
         },
       })
     ),
+    taskManagerWorkerUtilizationEvent$.pipe(
+      startWith({
+        load: 0,
+      })
+    ),
   ]).pipe(
     map(
-      ([adhoc, recurring]: [
+      ([adhoc, recurring, load]: [
         Pick<BackgroundTaskUtilizationStat, 'adhoc'>,
-        Pick<BackgroundTaskUtilizationStat, 'recurring'>
+        Pick<BackgroundTaskUtilizationStat, 'recurring'>,
+        Pick<BackgroundTaskUtilizationStat, 'load'>
       ]) => {
         return {
           key: 'utilization',
           value: {
             ...adhoc,
             ...recurring,
+            ...load,
           },
         } as AggregatedStat<BackgroundTaskUtilizationStat>;
       }
@@ -123,31 +154,41 @@ function hasTiming(taskEvent: TaskLifecycleEvent) {
   return !!taskEvent?.timing;
 }
 
-export function summarizeUtilizationStats({
-  // eslint-disable-next-line @typescript-eslint/naming-convention
-  last_update,
-  stats,
-}: {
-  last_update: string;
-  stats: MonitoredStat<BackgroundTaskUtilizationStat> | undefined;
-}): {
+interface SummarizeUtilizationStatsOpts {
+  lastUpdate: string;
+  monitoredStats: MonitoredStat<BackgroundTaskUtilizationStat> | undefined;
+  isInternal: boolean;
+}
+
+interface SummarizeUtilizationStatsResult {
   last_update: string;
-  stats: MonitoredStat<BackgroundTaskUtilizationStat> | null;
-} {
-  const utilizationStats = stats?.value;
+  stats:
+    | MonitoredStat<BackgroundTaskUtilizationStat>
+    | MonitoredStat<PublicBackgroundTaskUtilizationStat>
+    | null;
+}
+
+export function summarizeUtilizationStats({
+  lastUpdate,
+  monitoredStats,
+  isInternal,
+}: SummarizeUtilizationStatsOpts): SummarizeUtilizationStatsResult {
+  const utilizationStats = monitoredStats?.value;
+
+  if (!monitoredStats || !utilizationStats) {
+    return { last_update: lastUpdate, stats: null };
+  }
+
   return {
-    last_update,
-    stats:
-      stats && utilizationStats
-        ? {
-            timestamp: stats.timestamp,
-            value: utilizationStats,
-          }
-        : null,
+    last_update: lastUpdate,
+    stats: {
+      timestamp: monitoredStats.timestamp,
+      value: isInternal ? utilizationStats : pick(utilizationStats, 'load'),
+    },
   };
 }
 
-function createTaskRunEventToAdhocStat(runningAverageWindowSize: number) {
+function createTaskRunEventToAdhocStat() {
   let createdCounter = 0;
   let actualCounter = 0;
   let adjustedCounter = 0;
@@ -177,7 +218,7 @@ function createTaskRunEventToAdhocStat(runningAverageWindowSize: number) {
   };
 }
 
-function createTaskRunEventToRecurringStat(runningAverageWindowSize: number) {
+function createTaskRunEventToRecurringStat() {
   let actualCounter = 0;
   let adjustedCounter = 0;
   let taskCounter = 0;
@@ -201,6 +242,16 @@ function createTaskRunEventToRecurringStat(runningAverageWindowSize: number) {
   };
 }
 
+function createTaskRunEventToLoadStat(workerUtilizationRunningAverageWindowSize: number) {
+  const loadQueue = createRunningAveragedStat<number>(workerUtilizationRunningAverageWindowSize);
+  return (load: number): Pick<BackgroundTaskUtilizationStat, 'load'> => {
+    const historicalLoad = loadQueue(load);
+    return {
+      load: stats.mean(historicalLoad),
+    };
+  };
+}
+
 function getServiceTimeStats(timing: TaskTiming, pollInterval: number) {
   const duration = timing!.stop - timing!.start;
   const adjusted = Math.ceil(duration / pollInterval) * pollInterval;
diff --git a/x-pack/plugins/task_manager/server/monitoring/configuration_statistics.test.ts b/x-pack/plugins/task_manager/server/monitoring/configuration_statistics.test.ts
index 764b7aa15335b..b63c52893c5d8 100644
--- a/x-pack/plugins/task_manager/server/monitoring/configuration_statistics.test.ts
+++ b/x-pack/plugins/task_manager/server/monitoring/configuration_statistics.test.ts
@@ -45,6 +45,7 @@ describe('Configuration Statistics Aggregator', () => {
         monitor: true,
         warn_threshold: 5000,
       },
+      worker_utilization_running_average_window: 5,
     };
 
     const managedConfig = {
diff --git a/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.test.ts b/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.test.ts
index 610e0bf080b05..8d6df288e702d 100644
--- a/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.test.ts
+++ b/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.test.ts
@@ -49,6 +49,7 @@ describe('createMonitoringStatsStream', () => {
       monitor: true,
       warn_threshold: 5000,
     },
+    worker_utilization_running_average_window: 5,
   };
 
   it('returns the initial config used to configure Task Manager', async () => {
diff --git a/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.ts b/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.ts
index e192a72f7092d..e1ff38d1c9607 100644
--- a/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.ts
+++ b/x-pack/plugins/task_manager/server/monitoring/monitoring_stats_stream.ts
@@ -108,9 +108,9 @@ export function createAggregators(
       createTaskRunAggregator(taskPollingLifecycle, config.monitored_stats_running_average_window),
       createBackgroundTaskUtilizationAggregator(
         taskPollingLifecycle,
-        config.monitored_stats_running_average_window,
         adHocTaskCounter,
-        config.poll_interval
+        config.poll_interval,
+        config.worker_utilization_running_average_window
       )
     );
   }
diff --git a/x-pack/plugins/task_manager/server/plugin.test.ts b/x-pack/plugins/task_manager/server/plugin.test.ts
index ad02e6d7490f5..fce648c87f6e9 100644
--- a/x-pack/plugins/task_manager/server/plugin.test.ts
+++ b/x-pack/plugins/task_manager/server/plugin.test.ts
@@ -70,6 +70,7 @@ const pluginInitializerContextParams = {
     monitor: true,
     warn_threshold: 5000,
   },
+  worker_utilization_running_average_window: 5,
 };
 
 describe('TaskManagerPlugin', () => {
diff --git a/x-pack/plugins/task_manager/server/polling_lifecycle.test.ts b/x-pack/plugins/task_manager/server/polling_lifecycle.test.ts
index 51cac494d3a67..9e62eec402b2d 100644
--- a/x-pack/plugins/task_manager/server/polling_lifecycle.test.ts
+++ b/x-pack/plugins/task_manager/server/polling_lifecycle.test.ts
@@ -75,6 +75,7 @@ describe('TaskPollingLifecycle', () => {
         monitor: true,
         warn_threshold: 5000,
       },
+      worker_utilization_running_average_window: 5,
     },
     taskStore: mockTaskStore,
     logger: taskManagerLogger,
diff --git a/x-pack/plugins/task_manager/server/polling_lifecycle.ts b/x-pack/plugins/task_manager/server/polling_lifecycle.ts
index ce5a142dc433e..e9b9eaca1e5d3 100644
--- a/x-pack/plugins/task_manager/server/polling_lifecycle.ts
+++ b/x-pack/plugins/task_manager/server/polling_lifecycle.ts
@@ -176,8 +176,13 @@ export class TaskPollingLifecycle {
               const capacity = this.pool.availableWorkers;
               if (!capacity) {
                 // if there isn't capacity, emit a load event so that we can expose how often
-                // high load causes the poller to skip work (work isn'tcalled when there is no capacity)
+                // high load causes the poller to skip work (work isn't called when there is no capacity)
                 this.emitEvent(asTaskManagerStatEvent('load', asOk(this.pool.workerLoad)));
+
+                // Emit event indicating task manager utilization
+                this.emitEvent(
+                  asTaskManagerStatEvent('workerUtilization', asOk(this.pool.workerLoad))
+                );
               }
               return capacity;
             },
@@ -187,7 +192,16 @@ export class TaskPollingLifecycle {
             // (such as polling for new work, marking tasks as running etc.) but does not
             // include the time of actually running the task
             workTimeout: pollInterval * maxPollInactivityCycles,
-          }),
+          }).pipe(
+            tap(
+              mapOk(() => {
+                // Emit event indicating task manager utilization % at the end of a polling cycle
+                this.emitEvent(
+                  asTaskManagerStatEvent('workerUtilization', asOk(this.pool.workerLoad))
+                );
+              })
+            )
+          ),
         {
           heartbeatInterval: pollInterval,
           // Time out the poller itself if it has failed to complete the entire stream for a certain amount of time.
diff --git a/x-pack/plugins/task_manager/server/routes/background_task_utilization.test.ts b/x-pack/plugins/task_manager/server/routes/background_task_utilization.test.ts
index 66052b095a258..1ccc0d89f804a 100644
--- a/x-pack/plugins/task_manager/server/routes/background_task_utilization.test.ts
+++ b/x-pack/plugins/task_manager/server/routes/background_task_utilization.test.ts
@@ -37,7 +37,7 @@ describe('backgroundTaskUtilizationRoute', () => {
     jest.resetAllMocks();
   });
 
-  it('registers the route', async () => {
+  it('registers internal and public route', async () => {
     const router = httpServiceMock.createRouter();
     backgroundTaskUtilizationRoute({
       router,
@@ -51,11 +51,15 @@ describe('backgroundTaskUtilizationRoute', () => {
       usageCounter: mockUsageCounter,
     });
 
-    const [config] = router.get.mock.calls[0];
+    const [config1] = router.get.mock.calls[0];
 
-    expect(config.path).toMatchInlineSnapshot(
+    expect(config1.path).toMatchInlineSnapshot(
       `"/internal/task_manager/_background_task_utilization"`
     );
+
+    const [config2] = router.get.mock.calls[1];
+
+    expect(config2.path).toMatchInlineSnapshot(`"/api/task_manager/_background_task_utilization"`);
   });
 
   it('checks user privileges and increments usage counter when API is accessed', async () => {
diff --git a/x-pack/plugins/task_manager/server/routes/background_task_utilization.ts b/x-pack/plugins/task_manager/server/routes/background_task_utilization.ts
index a1e0f5c4281f9..0d7eabee2a7ce 100644
--- a/x-pack/plugins/task_manager/server/routes/background_task_utilization.ts
+++ b/x-pack/plugins/task_manager/server/routes/background_task_utilization.ts
@@ -21,6 +21,7 @@ import { MonitoringStats } from '../monitoring';
 import { TaskManagerConfig } from '../config';
 import {
   BackgroundTaskUtilizationStat,
+  PublicBackgroundTaskUtilizationStat,
   summarizeUtilizationStats,
 } from '../monitoring/background_task_utilization_statistics';
 import { MonitoredStat } from '../monitoring/monitoring_stats_stream';
@@ -29,7 +30,10 @@ export interface MonitoredUtilization {
   process_uuid: string;
   timestamp: string;
   last_update: string;
-  stats: MonitoredStat<BackgroundTaskUtilizationStat> | null;
+  stats:
+    | MonitoredStat<BackgroundTaskUtilizationStat>
+    | MonitoredStat<PublicBackgroundTaskUtilizationStat>
+    | null;
 }
 
 export interface BackgroundTaskUtilRouteParams {
@@ -44,6 +48,12 @@ export interface BackgroundTaskUtilRouteParams {
   usageCounter?: UsageCounter;
 }
 
+// Create an internal and public route so we can test out experimental metrics
+const routeOptions = [
+  { basePath: 'internal', isInternal: true },
+  { basePath: 'api', isInternal: false },
+];
+
 export function backgroundTaskUtilizationRoute(
   params: BackgroundTaskUtilRouteParams
 ): Observable<MonitoredUtilization> {
@@ -61,10 +71,11 @@ export function backgroundTaskUtilizationRoute(
 
   const requiredHotStatsFreshness: number = config.monitored_stats_required_freshness;
 
-  function getBackgroundTaskUtilization(monitoredStats: MonitoringStats) {
+  function getBackgroundTaskUtilization(monitoredStats: MonitoringStats, isInternal: boolean) {
     const summarizedStats = summarizeUtilizationStats({
-      last_update: monitoredStats.last_update,
-      stats: monitoredStats.stats.utilization,
+      lastUpdate: monitoredStats.last_update,
+      monitoredStats: monitoredStats.stats.utilization,
+      isInternal,
     });
     const now = Date.now();
     const timestamp = new Date(now).toISOString();
@@ -83,7 +94,7 @@ export function backgroundTaskUtilizationRoute(
       }),
       // Only calculate the summarized stats (calculates all running averages and evaluates state)
       // when needed by throttling down to the requiredHotStatsFreshness
-      map((stats) => getBackgroundTaskUtilization(stats))
+      map((stats) => getBackgroundTaskUtilization(stats, true))
     )
     .subscribe((utilizationStats) => {
       monitoredUtilization$.next(utilizationStats);
@@ -92,58 +103,60 @@ export function backgroundTaskUtilizationRoute(
       }
     });
 
-  router.get(
-    {
-      path: '/internal/task_manager/_background_task_utilization',
-      // Uncomment when we determine that we can restrict API usage to Global admins based on telemetry
-      // options: { tags: ['access:taskManager'] },
-      validate: false,
-    },
-    async function (
-      context: RequestHandlerContext,
-      req: KibanaRequest<unknown, unknown, unknown>,
-      res: KibanaResponseFactory
-    ): Promise<IKibanaResponse> {
-      // If we are able to count usage, we want to check whether the user has access to
-      // the `taskManager` feature, which is only available as part of the Global All privilege.
-      if (usageCounter) {
-        const clusterClient = await getClusterClient();
-        const hasPrivilegesResponse = await clusterClient
-          .asScoped(req)
-          .asCurrentUser.security.hasPrivileges({
-            body: {
-              application: [
-                {
-                  application: `kibana-${kibanaIndexName}`,
-                  resources: ['*'],
-                  privileges: [`api:${kibanaVersion}:taskManager`],
-                },
-              ],
-            },
-          });
+  routeOptions.forEach((routeOption) => {
+    router.get(
+      {
+        path: `/${routeOption.basePath}/task_manager/_background_task_utilization`,
+        // Uncomment when we determine that we can restrict API usage to Global admins based on telemetry
+        // options: { tags: ['access:taskManager'] },
+        validate: false,
+      },
+      async function (
+        _: RequestHandlerContext,
+        req: KibanaRequest<unknown, unknown, unknown>,
+        res: KibanaResponseFactory
+      ): Promise<IKibanaResponse> {
+        // If we are able to count usage, we want to check whether the user has access to
+        // the `taskManager` feature, which is only available as part of the Global All privilege.
+        if (usageCounter) {
+          const clusterClient = await getClusterClient();
+          const hasPrivilegesResponse = await clusterClient
+            .asScoped(req)
+            .asCurrentUser.security.hasPrivileges({
+              body: {
+                application: [
+                  {
+                    application: `kibana-${kibanaIndexName}`,
+                    resources: ['*'],
+                    privileges: [`api:${kibanaVersion}:taskManager`],
+                  },
+                ],
+              },
+            });
 
-        // Keep track of total access vs admin access
-        usageCounter.incrementCounter({
-          counterName: `taskManagerBackgroundTaskUtilApiAccess`,
-          counterType: 'taskManagerBackgroundTaskUtilApi',
-          incrementBy: 1,
-        });
-        if (hasPrivilegesResponse.has_all_requested) {
+          // Keep track of total access vs admin access
           usageCounter.incrementCounter({
-            counterName: `taskManagerBackgroundTaskUtilApiAdminAccess`,
+            counterName: `taskManagerBackgroundTaskUtilApiAccess`,
             counterType: 'taskManagerBackgroundTaskUtilApi',
             incrementBy: 1,
           });
+          if (hasPrivilegesResponse.has_all_requested) {
+            usageCounter.incrementCounter({
+              counterName: `taskManagerBackgroundTaskUtilApiAdminAccess`,
+              counterType: 'taskManagerBackgroundTaskUtilApi',
+              incrementBy: 1,
+            });
+          }
         }
-      }
 
-      return res.ok({
-        body: lastMonitoredStats
-          ? getBackgroundTaskUtilization(lastMonitoredStats)
-          : { process_uuid: taskManagerId, timestamp: new Date().toISOString(), stats: {} },
-      });
-    }
-  );
+        return res.ok({
+          body: lastMonitoredStats
+            ? getBackgroundTaskUtilization(lastMonitoredStats, routeOption.isInternal)
+            : { process_uuid: taskManagerId, timestamp: new Date().toISOString(), stats: {} },
+        });
+      }
+    );
+  });
 
   return monitoredUtilization$;
 }
diff --git a/x-pack/plugins/task_manager/server/task_events.ts b/x-pack/plugins/task_manager/server/task_events.ts
index d0bcaf2724188..e8808322b397a 100644
--- a/x-pack/plugins/task_manager/server/task_events.ts
+++ b/x-pack/plugins/task_manager/server/task_events.ts
@@ -87,7 +87,8 @@ export type TaskManagerStats =
   | 'pollingDelay'
   | 'claimDuration'
   | 'queuedEphemeralTasks'
-  | 'ephemeralTaskDelay';
+  | 'ephemeralTaskDelay'
+  | 'workerUtilization';
 export type TaskManagerStat = TaskEvent<number, never, TaskManagerStats>;
 
 export type OkResultOf<EventType> = EventType extends TaskEvent<infer OkResult, infer ErrorResult>
@@ -211,6 +212,11 @@ export function isTaskManagerStatEvent(
 ): taskEvent is TaskManagerStat {
   return taskEvent.type === TaskEventType.TASK_MANAGER_STAT;
 }
+export function isTaskManagerWorkerUtilizationStatEvent(
+  taskEvent: TaskEvent<unknown, unknown>
+): taskEvent is TaskManagerStat {
+  return taskEvent.type === TaskEventType.TASK_MANAGER_STAT && taskEvent.id === 'workerUtilization';
+}
 export function isEphemeralTaskRejectedDueToCapacityEvent(
   taskEvent: TaskEvent<unknown, unknown>
 ): taskEvent is EphemeralTaskRejectedDueToCapacity {
diff --git a/x-pack/plugins/task_manager/server/usage/task_manager_usage_collector.test.ts b/x-pack/plugins/task_manager/server/usage/task_manager_usage_collector.test.ts
index f41a0598ff50c..c8cb2787a90fb 100644
--- a/x-pack/plugins/task_manager/server/usage/task_manager_usage_collector.test.ts
+++ b/x-pack/plugins/task_manager/server/usage/task_manager_usage_collector.test.ts
@@ -19,6 +19,8 @@ import { registerTaskManagerUsageCollector } from './task_manager_usage_collecto
 import { sleep } from '../test_utils';
 import { TaskManagerUsage } from './types';
 import { MonitoredUtilization } from '../routes/background_task_utilization';
+import { MonitoredStat } from '../monitoring/monitoring_stats_stream';
+import { BackgroundTaskUtilizationStat } from '../monitoring/background_task_utilization_statistics';
 
 describe('registerTaskManagerUsageCollector', () => {
   let collector: Collector<unknown>;
@@ -113,18 +115,20 @@ describe('registerTaskManagerUsageCollector', () => {
     const mockHealth = getMockMonitoredHealth();
     monitoringStats$.next(mockHealth);
     const mockUtilization = getMockMonitoredUtilization();
+    const mockUtilizationStats =
+      mockUtilization.stats as MonitoredStat<BackgroundTaskUtilizationStat>;
     monitoringUtilization$.next(mockUtilization);
     await sleep(1001);
 
     expect(usageCollectionMock.makeUsageCollector).toBeCalled();
     const telemetry: TaskManagerUsage = (await collector.fetch(fetchContext)) as TaskManagerUsage;
     expect(telemetry.recurring_tasks).toEqual({
-      actual_service_time: mockUtilization.stats?.value.recurring.ran.service_time.actual,
-      adjusted_service_time: mockUtilization.stats?.value.recurring.ran.service_time.adjusted,
+      actual_service_time: mockUtilizationStats?.value.recurring.ran.service_time.actual,
+      adjusted_service_time: mockUtilizationStats?.value.recurring.ran.service_time.adjusted,
     });
     expect(telemetry.adhoc_tasks).toEqual({
-      actual_service_time: mockUtilization.stats?.value.adhoc.ran.service_time.actual,
-      adjusted_service_time: mockUtilization.stats?.value.adhoc.ran.service_time.adjusted,
+      actual_service_time: mockUtilizationStats?.value.adhoc.ran.service_time.actual,
+      adjusted_service_time: mockUtilizationStats?.value.adhoc.ran.service_time.adjusted,
     });
   });
 
@@ -308,6 +312,7 @@ function getMockMonitoredUtilization(overrides = {}): MonitoredUtilization {
     stats: {
       timestamp: new Date().toISOString(),
       value: {
+        load: 6,
         adhoc: {
           created: {
             counter: 5,
diff --git a/x-pack/plugins/task_manager/server/usage/task_manager_usage_collector.ts b/x-pack/plugins/task_manager/server/usage/task_manager_usage_collector.ts
index a4bd3049a0b49..6c8809c5c3d98 100644
--- a/x-pack/plugins/task_manager/server/usage/task_manager_usage_collector.ts
+++ b/x-pack/plugins/task_manager/server/usage/task_manager_usage_collector.ts
@@ -9,6 +9,8 @@ import { UsageCollectionSetup } from '@kbn/usage-collection-plugin/server';
 import { MonitoredHealth } from '../routes/health';
 import { TaskManagerUsage } from './types';
 import { MonitoredUtilization } from '../routes/background_task_utilization';
+import { BackgroundTaskUtilizationStat } from '../monitoring/background_task_utilization_statistics';
+import { MonitoredStat } from '../monitoring/monitoring_stats_stream';
 
 export function createTaskManagerUsageCollector(
   usageCollection: UsageCollectionSetup,
@@ -19,12 +21,13 @@ export function createTaskManagerUsageCollector(
   excludeTaskTypes: string[]
 ) {
   let lastMonitoredHealth: MonitoredHealth | null = null;
-  let lastMonitoredUtilization: MonitoredUtilization | null = null;
+  let lastMonitoredUtilizationStats: MonitoredStat<BackgroundTaskUtilizationStat> | null = null;
   combineLatest([monitoringStats$, monitoredUtilization$])
     .pipe()
     .subscribe(([health, utilization]) => {
       lastMonitoredHealth = health;
-      lastMonitoredUtilization = utilization;
+      lastMonitoredUtilizationStats =
+        (utilization?.stats as MonitoredStat<BackgroundTaskUtilizationStat>) ?? null;
     });
 
   return usageCollection.makeUsageCollector<TaskManagerUsage>({
@@ -69,15 +72,15 @@ export function createTaskManagerUsageCollector(
         ),
         recurring_tasks: {
           actual_service_time:
-            lastMonitoredUtilization?.stats?.value.recurring.ran.service_time.actual ?? 0,
+            lastMonitoredUtilizationStats?.value.recurring.ran.service_time.actual ?? 0,
           adjusted_service_time:
-            lastMonitoredUtilization?.stats?.value.recurring.ran.service_time.adjusted ?? 0,
+            lastMonitoredUtilizationStats?.value.recurring.ran.service_time.adjusted ?? 0,
         },
         adhoc_tasks: {
           actual_service_time:
-            lastMonitoredUtilization?.stats?.value.adhoc.ran.service_time.actual ?? 0,
+            lastMonitoredUtilizationStats?.value.adhoc.ran.service_time.actual ?? 0,
           adjusted_service_time:
-            lastMonitoredUtilization?.stats?.value.adhoc.ran.service_time.adjusted ?? 0,
+            lastMonitoredUtilizationStats?.value.adhoc.ran.service_time.adjusted ?? 0,
         },
         capacity:
           lastMonitoredHealth?.stats.capacity_estimation?.value.observed
diff --git a/x-pack/test/plugin_api_integration/test_suites/task_manager/background_task_utilization_route.ts b/x-pack/test/plugin_api_integration/test_suites/task_manager/background_task_utilization_route.ts
index f58a5d473ca79..9c9dcbbe15126 100644
--- a/x-pack/test/plugin_api_integration/test_suites/task_manager/background_task_utilization_route.ts
+++ b/x-pack/test/plugin_api_integration/test_suites/task_manager/background_task_utilization_route.ts
@@ -8,39 +8,11 @@
 import expect from '@kbn/expect';
 import url from 'url';
 import supertest from 'supertest';
+import { MonitoredUtilization } from '@kbn/task-manager-plugin/server/routes/background_task_utilization';
+import { MonitoredStat } from '@kbn/task-manager-plugin/server/monitoring/monitoring_stats_stream';
+import { BackgroundTaskUtilizationStat } from '@kbn/task-manager-plugin/server/monitoring/background_task_utilization_statistics';
 import { FtrProviderContext } from '../../ftr_provider_context';
 
-interface MonitoringStats {
-  last_update: string;
-  status: string;
-  stats: {
-    timestamp: string;
-    value: {
-      adhoc: {
-        created: {
-          counter: number;
-        };
-        ran: {
-          service_time: {
-            actual: number;
-            adjusted: number;
-            task_counter: number;
-          };
-        };
-      };
-      recurring: {
-        ran: {
-          service_time: {
-            actual: number;
-            adjusted: number;
-            task_counter: number;
-          };
-        };
-      };
-    };
-  };
-}
-
 export default function ({ getService }: FtrProviderContext) {
   const config = getService('config');
   const retry = getService('retry');
@@ -48,21 +20,21 @@ export default function ({ getService }: FtrProviderContext) {
 
   const delay = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
 
-  function getUtilizationRequest() {
+  function getUtilizationRequest(isInternal: boolean = true) {
     return request
-      .get('/internal/task_manager/_background_task_utilization')
+      .get(`/${isInternal ? 'internal' : 'api'}/task_manager/_background_task_utilization`)
       .set('kbn-xsrf', 'foo');
   }
 
-  function getUtilization(): Promise<MonitoringStats> {
-    return getUtilizationRequest()
+  function getUtilization(isInternal: boolean = true): Promise<MonitoredUtilization> {
+    return getUtilizationRequest(isInternal)
       .expect(200)
       .then((response) => response.body);
   }
 
-  function getBackgroundTaskUtilization(): Promise<MonitoringStats> {
+  function getBackgroundTaskUtilization(isInternal: boolean = true): Promise<MonitoredUtilization> {
     return retry.try(async () => {
-      const utilization = await getUtilization();
+      const utilization = await getUtilization(isInternal);
 
       if (utilization.stats) {
         return utilization;
@@ -79,7 +51,8 @@ export default function ({ getService }: FtrProviderContext) {
         value: {
           recurring: { ran },
         },
-      } = (await getBackgroundTaskUtilization()).stats;
+      } = (await getBackgroundTaskUtilization(true))
+        .stats as MonitoredStat<BackgroundTaskUtilizationStat>;
       const serviceTime = ran.service_time;
       expect(typeof serviceTime.actual).to.eql('number');
       expect(typeof serviceTime.adjusted).to.eql('number');
@@ -91,7 +64,8 @@ export default function ({ getService }: FtrProviderContext) {
         value: {
           adhoc: { created, ran },
         },
-      } = (await getBackgroundTaskUtilization()).stats;
+      } = (await getBackgroundTaskUtilization(true))
+        .stats as MonitoredStat<BackgroundTaskUtilizationStat>;
       const serviceTime = ran.service_time;
       expect(typeof created.counter).to.eql('number');
 
@@ -99,5 +73,31 @@ export default function ({ getService }: FtrProviderContext) {
       expect(typeof serviceTime.adjusted).to.eql('number');
       expect(typeof serviceTime.task_counter).to.eql('number');
     });
+
+    it('should include load stat', async () => {
+      const {
+        value: { load },
+      } = (await getBackgroundTaskUtilization(true))
+        .stats as MonitoredStat<BackgroundTaskUtilizationStat>;
+      expect(typeof load).to.eql('number');
+    });
+
+    it('should return expected fields for internal route', async () => {
+      const monitoredStat = (await getBackgroundTaskUtilization(true)).stats;
+      expect(monitoredStat?.timestamp).not.to.be(undefined);
+      expect(monitoredStat?.value).not.to.be(undefined);
+      expect(monitoredStat?.value?.adhoc).not.to.be(undefined);
+      expect(monitoredStat?.value?.recurring).not.to.be(undefined);
+      expect(monitoredStat?.value?.load).not.to.be(undefined);
+    });
+
+    it('should return expected fields for public route', async () => {
+      const monitoredStat = (await getBackgroundTaskUtilization(false)).stats;
+      expect(monitoredStat?.timestamp).not.to.be(undefined);
+      expect(monitoredStat?.value).not.to.be(undefined);
+      expect(monitoredStat?.value?.adhoc).to.be(undefined);
+      expect(monitoredStat?.value?.recurring).to.be(undefined);
+      expect(monitoredStat?.value?.load).not.to.be(undefined);
+    });
   });
 }

From 0324cdcd65b76b9819952ef9395f87c07468ec77 Mon Sep 17 00:00:00 2001
From: Liam Thompson <32779855+leemthompo@users.noreply.github.com>
Date: Tue, 2 May 2023 17:40:53 +0200
Subject: [PATCH 5/7] [Enterprise Search] Copyedit: remove redundant link,
 simplify wording (#156391)

---
 .../connector/connector_configuration.tsx     | 22 ++-----------------
 .../translations/translations/fr-FR.json      |  2 --
 .../translations/translations/ja-JP.json      |  2 --
 .../translations/translations/zh-CN.json      |  2 --
 4 files changed, 2 insertions(+), 26 deletions(-)

diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/connector_configuration.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/connector_configuration.tsx
index 35624797f0488..7c2815eab946e 100644
--- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/connector_configuration.tsx
+++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/connector_configuration.tsx
@@ -99,28 +99,10 @@ export const ConnectorConfiguration: React.FC = () => {
                 {
                   children: (
                     <>
-                      <EuiText size="s">
-                        {i18n.translate(
-                          'xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.description.firstParagraph',
-                          {
-                            defaultMessage:
-                              'The connectors repository contains several connector client examples to help you utilize our framework for accelerated development against custom data sources.',
-                          }
-                        )}
-                      </EuiText>
-                      <EuiLink href="https://github.com/elastic/connectors" target="_blank">
-                        {i18n.translate(
-                          'xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.button.label',
-                          {
-                            defaultMessage: 'Explore the connectors repository',
-                          }
-                        )}
-                      </EuiLink>
-                      <EuiSpacer />
                       <EuiText size="s">
                         <FormattedMessage
                           id="xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.description.secondParagraph"
-                          defaultMessage="The connectors repository contains several {link} to help you utilize our framework for accelerated development against custom data sources."
+                          defaultMessage="The connectors repository contains several {link}. Use our framework for accelerated development against custom data sources."
                           values={{
                             link: (
                               <EuiLink
@@ -266,7 +248,7 @@ export const ConnectorConfiguration: React.FC = () => {
                             'xpack.enterpriseSearch.content.indices.configurationConnector.scheduleSync.description',
                             {
                               defaultMessage:
-                                'Once your connectors are configured to your liking, don’t forget to set a recurring sync schedule to make sure your documents are indexed and relevant. You can also trigger a one-time sync without enabling a sync schedule.',
+                                'Once configured, set a recurring sync schedule to keep your documents in sync over time. You can also simply trigger a one-time sync.',
                             }
                           )}
                         </EuiText>
diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json
index a82ea33392517..001ff56a7c3b1 100644
--- a/x-pack/plugins/translations/translations/fr-FR.json
+++ b/x-pack/plugins/translations/translations/fr-FR.json
@@ -12159,11 +12159,9 @@
     "xpack.enterpriseSearch.content.indices.configurationConnector.config.submitButton.title": "Enregistrer la configuration",
     "xpack.enterpriseSearch.content.indices.configurationConnector.config.warning.title": "Ce connecteur est lié à votre index Elastic",
     "xpack.enterpriseSearch.content.indices.configurationConnector.configuration.successToast.title": "Configuration mise à jour",
-    "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.button.label": "Explorer le référentiel de connecteurs",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.clientExamplesLink": "exemples de clients connecteurs",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.configurationFileLink": "fichier de configuration",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.connectorDeployedText": "Une fois que vous avez configuré le connecteur, déployez-le sur votre infrastructure autogérée.",
-    "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.description.firstParagraph": "Le référentiel de connecteurs contient plusieurs exemples de clients connecteurs pour vous aider à utiliser notre cadre de développement accéléré avec des sources de données personnalisées.",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnector.button.label": "Revérifier maintenant",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnectorText": "Votre connecteur ne s'est pas connecté à Enterprise Search. Résolvez vos problèmes de configuration et actualisez la page.",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnectorTitle": "En attente de votre connecteur",
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 3c793b60772bc..65b2c00933970 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -12158,11 +12158,9 @@
     "xpack.enterpriseSearch.content.indices.configurationConnector.config.submitButton.title": "構成を保存",
     "xpack.enterpriseSearch.content.indices.configurationConnector.config.warning.title": "このコネクターは、Elasticインデックスに関連付けられています",
     "xpack.enterpriseSearch.content.indices.configurationConnector.configuration.successToast.title": "構成が更新されました",
-    "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.button.label": "コネクターリポジトリを探索",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.clientExamplesLink": "コネクタークライアントの例",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.configurationFileLink": "構成ファイル",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.connectorDeployedText": "コネクターを構成したら、コネクターをセルフマネージドインフラストラクチャーにデプロイします。",
-    "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.description.firstParagraph": "コネクターリポジトリには、複数のコネクタークライアントの例があり、当社のフレームワークを利用して、カスタムデータソースに対する高速デプロイを実施できるようになっています。",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnector.button.label": "今すぐ再確認",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnectorText": "コネクターエンタープライズ サーチに接続されていません。構成のトラブルシューティングを行い、ページを更新してください。",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnectorTitle": "コネクターを待機しています",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index d20ad056909de..9bc9283638256 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -12160,11 +12160,9 @@
     "xpack.enterpriseSearch.content.indices.configurationConnector.config.submitButton.title": "保存配置",
     "xpack.enterpriseSearch.content.indices.configurationConnector.config.warning.title": "此连接器将绑定到您的 Elastic 索引",
     "xpack.enterpriseSearch.content.indices.configurationConnector.configuration.successToast.title": "已更新配置",
-    "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.button.label": "浏览连接器存储库",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.clientExamplesLink": "连接器客户端示例",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.configurationFileLink": "配置文件",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.connectorDeployedText": "配置连接器后，请将其部署到您的自管型基础架构。",
-    "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.description.firstParagraph": "连接器存储库包含几个连接器客户端示例，有助于您利用我们的框架针对定制数据源进行加速开发。",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnector.button.label": "立即重新检查",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnectorText": "您的连接器尚未连接到 Enterprise Search。排除配置故障并刷新页面。",
     "xpack.enterpriseSearch.content.indices.configurationConnector.connectorPackage.waitingForConnectorTitle": "等候您的连接器",

From ee9d782793971cb8812c6cad3e2051c23836fb6c Mon Sep 17 00:00:00 2001
From: Gloria Hornero <gloria.hornero@elastic.co>
Date: Tue, 2 May 2023 17:57:16 +0200
Subject: [PATCH 6/7] [Security Solution] Fixes typo in edit rules step
 (#156397)

---
 .../components/rules/step_rule_actions/translations.tsx         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx
index 06368eadc30df..938d8a8a6411f 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_rule_actions/translations.tsx
@@ -40,6 +40,6 @@ export const RULE_SNOOZE_DESCRIPTION = i18n.translate(
 export const SNOOZED_ACTIONS_WARNING = i18n.translate(
   'xpack.securitySolution.detectionEngine.createRule.stepRuleActions.snoozedActionsWarning',
   {
-    defaultMessage: 'Actions will not be preformed until it is unsnoozed.',
+    defaultMessage: 'Actions will not be performed until it is unsnoozed.',
   }
 );

From 3cd35494aba67aaae6c3021d6a140ee7feb18b4e Mon Sep 17 00:00:00 2001
From: Dima Arnautov <dmitrii.arnautov@elastic.co>
Date: Tue, 2 May 2023 18:09:46 +0200
Subject: [PATCH 7/7] [ML] Rename ELSER model id (#156382)

---
 .../src/constants/trained_models.ts                   |  4 ++--
 .../technical_preview_badge.tsx                       |  4 ++--
 .../application/model_management/models_list.tsx      | 11 +++++++++++
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/x-pack/packages/ml/trained_models_utils/src/constants/trained_models.ts b/x-pack/packages/ml/trained_models_utils/src/constants/trained_models.ts
index 3376af46daa2b..e1a5d35afdc2e 100644
--- a/x-pack/packages/ml/trained_models_utils/src/constants/trained_models.ts
+++ b/x-pack/packages/ml/trained_models_utils/src/constants/trained_models.ts
@@ -50,14 +50,14 @@ export const BUILT_IN_MODEL_TAG = 'prepackaged';
 export const CURATED_MODEL_TAG = 'curated';
 
 export const CURATED_MODEL_DEFINITIONS = {
-  '.elser_model_1_SNAPSHOT': {
+  '.elser_model_1': {
     config: {
       input: {
         field_names: ['text_field'],
       },
     },
     description: i18n.translate('xpack.ml.trainedModels.modelsList.elserDescription', {
-      defaultMessage: 'Elastic Learned Sparse EncodeR',
+      defaultMessage: 'Elastic Learned Sparse EncodeR v1 (Tech Preview)',
     }),
   },
 } as const;
diff --git a/x-pack/plugins/ml/public/application/components/technical_preview_badge/technical_preview_badge.tsx b/x-pack/plugins/ml/public/application/components/technical_preview_badge/technical_preview_badge.tsx
index a216a7ce7fc75..95f1a0d54b10a 100644
--- a/x-pack/plugins/ml/public/application/components/technical_preview_badge/technical_preview_badge.tsx
+++ b/x-pack/plugins/ml/public/application/components/technical_preview_badge/technical_preview_badge.tsx
@@ -11,13 +11,13 @@ import { EuiBetaBadge } from '@elastic/eui';
 
 import { i18n } from '@kbn/i18n';
 
-export const TechnicalPreviewBadge: FC = () => {
+export const TechnicalPreviewBadge: FC<{ compressed?: boolean }> = ({ compressed = false }) => {
   return (
     <EuiBetaBadge
       label={i18n.translate('xpack.ml.navMenu.trainedModelsTabBetaLabel', {
         defaultMessage: 'Technical preview',
       })}
-      size="m"
+      size={compressed ? 's' : 'm'}
       color="hollow"
       tooltipContent={i18n.translate('xpack.ml.navMenu.trainedModelsTabBetaTooltipContent', {
         defaultMessage:
diff --git a/x-pack/plugins/ml/public/application/model_management/models_list.tsx b/x-pack/plugins/ml/public/application/model_management/models_list.tsx
index 391136f3f2ada..80c8bef6971f5 100644
--- a/x-pack/plugins/ml/public/application/model_management/models_list.tsx
+++ b/x-pack/plugins/ml/public/application/model_management/models_list.tsx
@@ -39,6 +39,7 @@ import {
   CURATED_MODEL_TYPE,
   MODEL_STATE,
 } from '@kbn/ml-trained-models-utils/src/constants/trained_models';
+import { TechnicalPreviewBadge } from '../components/technical_preview_badge';
 import { useModelActions } from './model_actions';
 import { ModelsTableToConfigMapping } from '.';
 import { ModelsBarStats, StatsBar } from '../components/stats_bar';
@@ -407,6 +408,16 @@ export const ModelsList: FC<Props> = ({
       sortable: false,
       truncateText: false,
       'data-test-subj': 'mlModelsTableColumnDescription',
+      render: (description: string) => {
+        if (!description) return null;
+        const isTechPreview = description.includes('(Tech Preview)');
+        return (
+          <>
+            {description.replace('(Tech Preview)', '')}
+            {isTechPreview ? <TechnicalPreviewBadge compressed /> : null}
+          </>
+        );
+      },
     },
     {
       field: ModelsTableToConfigMapping.type,